Hi All,

I am trying to configure SMS Remote Tools for a group of users so they are able to connect to remote pcs and assist others. These users arent local administrators of the remote pc's but it looks like they might need to be. I'm hoping someone can confirm this. Alternatively, if someone could point out to me where i'm going wrong, that would be great. Here are the details.

Remote Tools
Using SMS 2003 with Remote Tools enabled. have created a group in AD, added users to this group, and add group to Permitted Viewers list in SMS. Have created a collection with pc's in it and granted Read and Use Remote Tools permissions to the AD group on the collection.

Users pc's are Windows XP SP2

I have also tried to configure Remote Assistance for these users to use and the only way i could get either to work is to give the user local admin access on the remote pc.

Is local admin access really required or is there an alternative.

0 Comments   [ - ] Hide Comments


Please log in to comment

Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.
Answer this question or Comment on this question for clarity


Jump on a machine, and add a non priv acct to the local user group:
remote desktop users.

Once you have confimed its all working then you can role out the change via.

Group Policy - Restricted Groups
Create a new group.
Specify the local machine group of: remote desktop users
And make the members the AD group you created.
This should work, let us know if u have a problem.
Answered 01/11/2006 by: rahvintzu
Orange Senior Belt

Please log in to comment
Hi Rahvintzu

I tried adding a non-privileged user account to the local remote desktop users group on the remote pc but that didnt work for Remote Assistance or SMS Remote Tools.

The only way i could get it to work was to add the non-priv user to the local admins group on the remote pc. What i did find though is if the user on the remote pc initiates a remote assistance session, the "expert" user does not need to have local admin access on the remote pc in order to provide assistance.

Any other ideas?

Thanks for the reply
Answered 01/12/2006 by: Scotty
Senior Yellow Belt

Please log in to comment
Ok dokies, i assume ur connecting to an XP client?
Can you please do the tst u did before but this time on the client.
Hold down windows button then press pause break.
Click on the remote tab -> tick the allow users to connect remotely to this computer.

[ensure ur non priv acct is part of the remote desktop users group (client side)]

Get back to me if you still have a problem.
Works fine on my sms 2003 box/client.
Answered 01/12/2006 by: rahvintzu
Orange Senior Belt

Please log in to comment