To enable Goverlan Reach’s remote control user acceptance prompt before giving the admins the right to access their computer, you have three options. You can configure the remote control/ access policy in:
- The Goverlan administrative GPO
- The Goverlan Central Server
- Direct Registry Modification (should be used for testing purposes only)
You can find the Goverlan administrative GPO template in C:\Program Files (x86)\GoverLAN v8\GPO Templates.
You can import the ADMX files for domain controllers that are Server 2008 and above.
The GPO that you create must be linked to the OU that your user workstations and tech workstations are a member of.
Once you have the administrative template installed, create a GPO and configure the following setting.
Once this GPO has been created and linked to the proper OUs, RC will begin to require user acceptance before initiating connections.
Goverlan Central Server Option
You can Install the Central Server on any Windows based server on you network.
After you install the GCS, you will need to configure the following DNS entry on your DNS Server.
- Download and install the Goverlan Central Server on any server you wish on you network.
- After it is installed create a DNS SRV record on your DNS Server.
- In DNS go to Forward Lookup Zones
- Locate your domain zone
- Go to the _tcp folder
- Right click and select “Other New Records”
- Go to Service Locator (SRV)
- Create a record that looks like the following. NOTE: there is a “.” At the end of the FQDN in the host field.
After this record is created and DNS gets a chance to populate, the agents will begin reporting in to this server for settings.
Be sure the Windows Firewall is not blocking port 21160.
Enabling the policy in the GCS console
- Go to the Universal Settings Distribution tab
- Enable Universal Settings Distribution
- Locate the following setting and click the Modify Settings link
- Click the “…”
- Use the following value: \\Server\Share where Server is your server name and share is your share name.
- Click OK, then click Publish Settings.
As the agents check in, the will take policy and begin to enforce User Acceptance.
Direct Registry Modification
Use this method to test the User Acceptance prompt or if you cannot use the GCS or GPO methods.
Add the following registry key and value to the target machine
HKEY_LOCAL_MACHINE\Software\Policies\PJ Technologies\Goverlan Universal Settings\GRMS
DWORD VALUE: PreSessionAction
Set PreSessionAction to one of the following: In this case, set the value to 2
1 => No Action (default)
2 => Prompt Local User
3 => Disable Remote Control
4 => Lock Computer
5 => Log out local user