How to prevent unauthorized Remote Control (RC) sessions because of delay in policy deployments?

Document ID : KB000052371
Last Modified Date : 14/02/2018
Show Technical Document Details

Description

Because of security reasons every RC session may need to be confirmed by the logged on user.
When distributing the CA Remote Agent plugin using the Deployment Wizard, it may take some time until the configurations of the 'Default Computer Policy' is loaded on the agent. Until then, the machine is open for remote connection without user confirmation.

Solution

To ensure that the 'Default Computer Policy' is applied to the RC agent before any RC session is attempted; deploy only the SD agent, then use a software policy to deploy the AM and RC plugins. This will cause the configuration policy to be sent to the agent prior to the delivery of the RC agent. Even though the RC plugin is not installed right away, its policy settings are stored in the agent's comstore (configuration file).

If you are only deploying Remote Control, deploy only the Basic Hardware Inventory plugin at first; then a little later deploy RC plugin. Again this will cause the policy to be delivered to the agent prior to RC being installed so that when RC is enabled; it will already have the appropriate policy.