Remote Tools and Grant Remote Control permission to local Administrators group

Vid3al 181 Reputation points
2023-07-06T10:42:11.22+00:00

We noticed an anomaly for the configuration of the Client Settings "Remote Tools" .

We have detected the same behavior in three different infrastructures, and all updated to version 2303 .

The input option is as follows:

"Grant Remote Control permission to local Administrators group"

If you start with the "YES" option, and later change to "NO", this change is not implemented or applied on the systems that are receiving the Client Settings.

We noticed that the following registry key changes only when configuring with the "YES" parameter:

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS\Client\Client Components\Remote Control

"Allow Local Administrators to do Remote Control"

The value of this key actually changes the behavior as per the documentation.

Note: It is also true that the documentation was not written clearly. In reality, the reference is to the local administrators group of the system you want to control.

After many tests we noticed the following:

If the system to be checked, receives only the client settings "Default Settings", the changes to the section "Grant Remote Control permission to local Administrators group" (YES or NO trying to change many times) are received and applied.

When another higher priority client settings is applied, the latter is applied and digested only the first time by the computer to be controlled. If you later change the value in the settings client, the problem arises, that is, the YES or NO value is no longer changed on the computer to be checked. If we disable this Client Settings, the "Default Settings" is then received and applied correctly as many times as we want on the computer to be controlled.

It is not a problem of receiving or applying the client settings, but it seems to be a problem related to priority.

Has anyone detected the same anomaly? Can anyone give it a try?

Do not test with users belonging to the group defined in the configuration "Permitted viewers of Remote Control and Remote Assistance" of the client settings, but obviously with users belonging to the local administrators group of the system you want to control.

Is this a known bug? or has no one ever noticed it because it only uses the configuration group "Permitted viewers of Remote Control and Remote Assistance" ?

If you answer that this is the case, then why is there the configuration "Grant Remote Control permission to local Administrators group" ? What is it for?

Thank you all for your patience and support.

Microsoft Configuration Manager
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. AllenLiu-MSFT 47,886 Reputation points Microsoft Vendor
    2023-07-07T08:16:55.6766667+00:00

    Hi, @Vid3al

    Thank you for posting in Microsoft Q&A forum.

    I did a test in my lab, if I only change "Grant Remote Control permission to local Administrators group" in the higher priority client setting, the value will not change after the second modify of the custom client setting like you said.

    However, if I change two or more settings in Client Settings "Remote Tools" including the setting "Grant Remote Control permission to local Administrators group", the value will change as expected.

    It is possible that this is a bug or a known issue with the Remote Tools client settings. However, it is not clear if this is a widespread issue or if it has been reported to Microsoft's support team.

    You may try to send a frown in the upper-right corner of the Configuration Manager console:

    https://learn.microsoft.com/en-us/mem/configmgr/core/understand/product-feedback#send-a-frown


    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Add comment".


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.