Late to the party here, but just to note that "Configuration Manager Remote Control" isn't quite like Remote Desktop. There's at least three parts to it:
- Actually connecting into the machine, which requires its own authentication and authorization, and
- If you happen to land on the login screen rather than an existing user session, authenticating to that login screen.
- Once you're in either your or the user's session, using smartcards to authenticate onwards to things.
The first part is actually the credentials prompt you get if there's no trust between your workstation and the client you're connecting to (or if that's password based, or you authenticated to your local workstation with a smartcard, or... yada yada). You can actually use runas /smartcard to supply credentials to run the process the configuration manager remote control client starts as, though with the same caveats as usual where runas will not let you specify a slot if you have more that one credential stashed on the key:
> runas /smartcard "C:\Program Files\CMRemoteControl\CmRcViewer.exe"
Reading smart cards........
Using the card in reader 1. Enter the PIN:
Attempting to start C:\Program Files\CMRemoteControl\CmRcViewer.exe as user "Jon Marnock (DOMAIN\user) - Internal CA" ...
If there's no trust though, you probably need to run the thing with /netonly so it gets a network session to use on the remote machine even though that user itself won't be able to own the process locally. The main issue with that is that when you do this you're not really using CmRcViewer to do the actual smartcard auth, and once you're in a different session, you probably won't be able to access the smartcard itself, so it's no longer available for example to log into the remote system with (#2 above). Either way, I wasn't able to get smartcards to show up for (#3) above via CmRcViewer and runas with or without netonly.
In any event, at this point if you've used runas or whatever to get it running, you'll be connected to whatever session is active using the smartcard. If it's a user session, you're in. If it's the login screen... sorry, you're out of luck, but try using remote desktop instead in that situation - that definitely supports smartcards.
Can't help you with #3 though if that's what you meant :)
Final note is that if runas /smartcard doesn't pick the right certificate by default, as far as I know you're out of luck. I wrote a replacement for runas that lets you specify a cert by UPN (and uses the standard windows auth GUI pin dialogue to enter the pin) and does an equivalent of /netonly for this exact reason, and it's a lot nicer, faster, and more flexible than runas. No, I don't have it open sourced yet, though that's planned eventually.