Remote Support Center 2.5. Administrator's Guide

(1)

(2)

7,353,262 and 7,469,278 with other patents pending.

Portions Copyright (c) 2011, The Board of Trustees of the University of

Illinois.

Refer to http://www.quest.com/legal/third-party-licenses.aspx for

third party license and copyright information.

This publication is protected by copyright and all rights are reserved by

ScriptLogic Corporation. It may not, in whole or part, be copied, photocopied,

reproduced, translated, or reduced to any electronic medium or

machine-readable form without prior consent, in writing, from ScriptLogic Corporation.

This publication supports Remote Support Center (RSC), InstantAssist and

ExpertAssist. It is possible that it may contain technical or typographical errors.

ScriptLogic Corporation provides this publication “as is,” without warranty of

any kind, either expressed or implied.

ScriptLogic Corporation

6000 Broken Sound Parkway NW

Boca Raton, Florida 33487-2742

1.561.886.2400

www.scriptlogic.com

Trademark Acknowledgements:

Remote Support Center, InstantAssist, ExpertAssist, ScriptLogic and the

ScriptLogic logo are either registered trademarks or trademarks of ScriptLogic

Corporation in the United States and/or other countries. The names of other

companies and products mentioned herein may be the trademarks of their

respective owners.

(3)

iii

D

OCUMENTATION

C

ONVENTIONS

Typeface Conventions

Bold Indicates a button, menu selection, tab, dialog box title, text to type,

selections from drop-down lists, or prompts on a dialog box.

C

ONTACTING

S

CRIPT

L

OGIC

ScriptLogic may be contacted about any questions, problems or concerns you might have at:

ScriptLogic Corporation

6000 Broken Sound Parkway NW Boca Raton, Florida 33487-2742

561.886.2400 Sales and General Inquiries 561.886.2450 Technical Support

561.886.2499 Fax

www.scriptlogic.com

S

CRIPT

L

OGIC ON THE

W

EB

ScriptLogic can be found on the web at www.scriptlogic.com. Our web site offers customers a variety of information:

 Download product updates, patches and/or evaluation products.

 Locate product information and technical details.

 Find out about Product Pricing.

 Search the Knowledge Base for Technical Notes containing an extensive

collection of technical articles, troubleshooting tips and white papers.

 Search Frequently Asked Questions, for the answers to the most common

non-technical issues.

(4)

iv

Overview

Welcome to the Remote Support Center Administrator’s Guide. This guide will walk you through the product configuration steps and show you how to use it best based on your role. It provides all the necessary information to administer and configure a strong and secure RSC environment. This guide also outlines every feature that you may use when working with RSC environment, maintaining your remote management business

workflow and remotely managing computers.

Remote Support Center (RSC) is a comprehensive system designed to enable network administrators to remotely manage and control computers regardless of their location. ScriptLogic engineered RSC to allow you to remotely connect to any Microsoft

Windows-based computer be it in the LAN, WAN, or any external network supporting TCP/IP. The administrator does not have to worry about direct access to a remote computer from their current location. Once configured, the management product automatically takes the responsibility of routing your requests to a remote computer creating an experience of working on the remote computer interactively. Once logged into RSC, the administrator can remotely connect to a desired computer. RSC allows you to gain access to many of the helpful Remote Support Center Client tools such as desktop remote-control, file transfer protocol (FTP) for downloading and uploading files, configuration of the remote computer, remote-to-local printing, advanced

scripting, and dozens of other features. All communications are encrypted and all hosts are authenticated using x.509 digital certificates to ensure a secure environment for all remote management operations.

(7)

vii

Who Should Read This Guide

This guide is intended for Windows network administrators of small to enterprise sized businesses who are responsible for:

 Configuring Remote Support Center in the enterprise

 Defining RSC Helpdesk Administrators and other users that should be granted

access to RSC

 Setting the security area surface throughout RSC

Because of the broad use of remote management functionality implemented within this product, this guide is also aimed at helpdesk administrators. These users are

responsible for:

 Managing remote computers

 Organizing management facilities

 Taking care of end-users, guiding them through and preparing for remote

management

Note

ScriptLogic provides a companion Remote Support Center Installation Guide containing information about deploying this product. Please refer to this guide to find out more about installation aspects, available management models, and reconfiguring deployment for your current needs.

In addition, this guide can be useful for professionals who are evaluating the product or analyzing the business use of introducing a scalable remote management workflow into their organization.

(8)

viii

Document Summary

This document comprises several chapters, each discussing the steps necessary to estimate, plan, understand, and implement Remote Support Center.

Chapter 1, “The Remote Support Center Basics”. This chapter quickly outlines the main concepts of Remote Support Center allowing you evaluate its features and understand how you may best use it for your needs. It explains how the product works and why you can do things with Remote Support Center. We show you why Remote Support Center allows you to correctly manage your computers when and where you need it. We also explain how this solution protects your data and communications by organizing secure channel between you and the remote computer you are managing.

Chapter 2, “Using RSC Management Console”. Use the chapter to familiarize yourself with the RSC environment.

Chapter 3, “RSC Administrator Role”. This chapter discusses the role of a typical RSC administrator who will be organizing and configuring Remote Support Center.

Chapter 4, “RSC Helpdesk Specialist Role”. Users who will be using Remote Support Center to support their users will find this chapter useful. This chapter dives into the details of the powerful management features implemented in RSC allowing you reach a desired remote computer right from within the browser.

Chapter 5, “RSC Remote User Role”. This chapter discusses working with the product on the remote side, explaining how a remote user can allow the administrator or helpdesk specialist reach his computer and help resolve his problems in real time.

“Appendix” comprises of the For HDA Users and Troubleshooting subsections. The

quick reference info for the Help Desk Authority users of RSC is contained in For HDA

Users. The Troubleshooting will help you solve the issues an RSC novice may happen to face.

(9)

1

Chapter 1 Remote Support Center Basics

This section introduces terms and concepts used within RSC and throughout RSC

documentation. The introductory section also describes the components that comprise the RSC system and ensure secure intercommunication inside the system.

The chapter includes the following topics:

 The Remote Support Center User Roles and Concepts  Remote Support Center Architecture

(10)

2

R

EMOTE

S

UPPORT

C

ENTER

U

SER

R

OLES AND

C

ONCEPTS

The following notions – grouped into RSC user roles and RSC concepts - are essential for you to get started with Remote Support Center.

RSC User Roles

With respect to administering RSC, or managing remote computers via RSC, etc., the following general categories of users are defined within RSC.

RSC Administrator – is a user of Remote Support Center who is able to configure and manage the RSC Management Console and configure the users (RSC Helpdesk

Specialists) who have access to it. The RSC Administrator can also perform remote management tasks. (See Chapter 3 RSC Administrator Role for the whole list of RSC Administrator-specific tasks.)

RSC Helpdesk Specialist – is a user of Remote Support Center who is typically responsible for managing target computers. (See Chapter 4 RSC Helpdesk Specialist Role for the whole list of RSC Helpdesk Specialist-specific tasks.)

RSC User – implies both the RSC Administrator and RSC Helpdesk Specialist users. RSC Remote User – is the user of the target computer who in some use cases is responsible for downloading/installing and running RSC Clients. (See Chapter 5 RSC Remote User Role for the whole list of RSC Remote User-specific tasks.)

RSC Concepts

The following are terms and concepts used throughout the RSC graphical user interface and the RSC documentation.

RSC Server – is the corporate LAN server where the Remote Support Center software is installed to and running.

DMZ Server - is a server within the perimeter network that is exposed to both internal and external networks.

RSC Management Console (RSC Console) – is a web application component that implements both the RSC system’s main part and graphical user interface. It runs on IIS, communicates with other system components and provides for performing all the configuration and management operations.

RSC User’s Browser (Browser) – is the Internet Explorer browser enabled with Java Runtime Environment used to connect to RSC Console.

EA Client/IA Client (RSC Client) – RSC client software application (ExpertAssist – EA Client, InstantAssist – IA Client) that is required to be installed on the remote computer to administer it remotely.

EA Client Computer/IA Client Computer (RSC Client Computer) – is the computer deployed with RSC Client and ready to be managed via RSC.

(11)

3

R

EMOTE

S

UPPORT

C

ENTER

A

RCHITECTURE

Remote Support Center (RSC) is a comprehensive client-server system designed to enable designated network administrators and helpdesk specialists manage and control any Microsoft Windows-based remote computers installed with RSC client software regardless of the computers’ location. Designated network administrators and helpdesk specialists implement the remote computer administration by connecting to the RSC Console from Windows Internet Explorer web browser running Java Runtime

Environment (JRE). The browser can reside in any network. All RSC system component communications run via HTTPS secure channel and is additionally protected with x.509 self-signed SSL certificates.

Remote Support Center Components

Various components work together to comprise the RSC system. Server components work independently on separate servers and automatically stay connected to the system core which manages inter-system communications. The RSC system is comprised of the following components:

 RSC Management Console  RSC LAN Gateway

 RSC Client(s): ExpertAssist (EA) Client and InstantAssist (IA) Client  RSC Deployment Service

 RSC Maintenance Service

 RSC Internet Gateway (installs optionally)

The RSC Management Console (RSC Console) implements both the RSC system’s main component and graphical user interface. This component resides in the corporate LAN on a dedicated LAN server (RSC Server) and runs on IIS. It communicates with other system components and provides for performing all the configuration and management operations.

All configuration and security data created by RSC Users during their work with the system is stored on a dedicated SQL Server. The RSC Management Console

implements the RSC integration process on the Windows domain. When RSC Users log into RSC, the Management Console authenticates them within the Active Directory domain, automatically validating the provided credentials. This tight integration with Active Directory helps to protect RSC from unauthorized logons. It also allows the RSC User to always have the latest information about the domain computers thus allowing them to instantly reach any of the computers in the domain, even ones that are newly joined to the domain.

To implement a working process that is independent from the network type, all of the data channeled within the system is routed by dedicated RSC LANs and RSC Internet Gateways. Each Gateway runs according to its dedicated location.

(12)

4

 RSC Clients installed on remote LAN/WAN workstations and servers to the RSC

Management Console (provided that RSC Server is not shielded from the Internet in accordance with corporate standards and can freely accept connections from RSC Clients in the WAN);

 The RSC Internet Gateway that gathers information from the RSC Clients and

RSC User’s Browsers in the WAN to the RSC Management Console;

 The RSC Management Console to Active Directory when RSC queries for

information from directory services.

The RSC Internet Gateway enables access to the RSC Server that prohibits inbound connections from the Internet according to corporate security policies. RSC Internet Gateway is installed on a DMZ Server at any time after the main setup to implement

the Global Model. (See the Remote Support Center 2.5 Installation Guide for RSC

Internet Gateway installation and Global Model details.) RSC Internet Gateway routes traffic from:

 RSC User’s browsers in the WAN to the RSC LAN Gateway;

 RSC Clients installed on remote WAN workstations and servers to the RSC LAN

Gateway;

 RSC LAN Gateway to RSC Clients and RSC User’s browsers in the WAN.

Summarizing, this Gateway allows both the RSC Client Computers available for

management and RSC user’s browsers querying for management to communicate with RSC without having a direct inbound access to the LAN. This saves a network

administrator from exposing his or her LAN to external network.

Inbound network traffic is generally blocked by corporate and private firewalls. Likewise, NAT devices shield the non-routable private IP addresses of computers in corporate and private networks from the external public networks. ScriptLogic RSC enables remote administration in these environments by deploying a RSC LAN Gateway component and setting up a companion RSC Internet Gateway component in the DMZ. This component allows external and internal computers to become visible within RSC through the corporate firewall. RSC provides this level of one-way transparency without forcing the enterprise administrator to open “holes” in the firewall. This

eliminates risks of opening sensitive corporate resources that should be protected from unwanted access and external networks.

When there are many management sessions initiated from either LAN or WAN, the RSC LAN Gateway will also handle most of the load.

The RSC Client is either the ExpertAssist or InstantAssist client software that installs on remote computers to implement remote management. The Clients differ in functionality and the need for the Remote User intervention. Instant Assist Clients also require obtaining a special license.

ExpertAssist features the most powerful management functionality and can be installed on a remote computer via bulk deployment, pushed to a selected Active Directory computer(s), organizational unit or domain, or via a generated invitation.

InstantAssist is a lightweight client that enables a quick and easy on-demand

(13)

5 and can be run on the remote side by simply double-clicking the downloaded file. This streamlined client enables a remote computer for management even if the RSC User does not have administrative privileges on this computer.

Installed on a remote computer, these software programs enable the computer for anywhere management via RSC. The client software automatically makes RSC aware of the computer availability as soon as it reaches one of the RSC Gateways (LAN or RSC Internet Gateways). This approach mitigates roaming problems allowing the remote computer to easily notify RSC about its presence regardless of its current location. Thus, the RSC Client automatically keeps track of the connection with RSC Gateways thereby making management tolerant to network changes. The RSC Client running on a remote user’s computer will automatically restore the connection to RSC once the user is able to join the WAN that has access to a particular RSC Gateway. Once connected to an RSC Gateway, the RSC Client will immediately become visible to the RSC Management Console and display the remote computer status in the RSC

Management Console

The RSC Deployment Service provides functionality for “push” - rapid EA Client

installation on computers within the Active Directory domain. These quick installations allow an RSC User to provision a desired computer, a set of selected computers, a computer organizational unit, a whole domain or Active Directory forest with EA Client in a single click. Once configured by the RSC Administrator, the EA Client can be automatically pushed by an RSC User directly from the browser without the need to drill into the peculiarities of particular domain configurations.

The RSC Maintenance Service is a vital service for the RSC Administrator Account used to authorize any remote installation (“push”) or management (“manage”) operations (when the latter runs under the account of RSC Administrator or RSC Helpdesk

Specialist with the Full Control permission) initiated from within the RSC Console on an Active Directory computer. The service validates the Administrator account credentials and then applies them to the RSC system, if the Administrator account is modified via RSC Management Console.

(14)

6 RSC workflow general conceptual schema

Security Measures

A multi-tier security model is used to provide for strong protection and security control across all of the RSC components and all of the computers involved in the management process. In general, it can be split into two levels of security, based on the entity it is applied to:

 Computer

 RSC User

The “computer” security level applies security policies and filters to a computer object.

This enables RSC to verify a particular computer that is trying to connect to RSC against the security settings specified by RSC administrator.

By default, the RSC Management Console is granted access only by the RSC Server loopback IP address.

All other IP addresses used to connect to RSC Console should be explicitly granted access by IP address within RSC. Configuration rights are also bound to IP addresses. This enables RSC to automatically block unwanted access and exclude accidental or unauthorized configuration in the RSC Management Console.

Meanwhile, IP addresses from which the browsers are started do not require any software to be installed. They may access RSC and perform remote administration of RSC Clients from any Java-enabled web browser.

The “RSC user” security level checks to verify the user that is attempting to

authenticate within RSC against the security policies for a user defined in RSC.

All RSC users are verified upon their login against Active Directory of the RSC Server. By default, only the domain users having interactive access to the RSC Server are

(15)

7 granted login capability to RSC. Even though a user is able to read the RSC Server via a network connection, they will not be able to log into the RSC Management Console unless specific permission is granted within RSC.

RSC features a sophisticated permission management handling system that guarantees nobody is able to push the RSC Client unless permitted within the RSC Management Console. The permissions can be configured by a designated RSC User. (See Granting User Access Permissions to RSC Helpdesk Specialists, Defining the Active Directory Groups Permissions, Setting/Modifying User Access Permissions).

Summarizing, every data flow within the RSC is available within RSC, only to authorized users or computers.

Security is provisioned with x.509 self-signed SSL server certificates installed on every computer hosting an RSC system component.

All of the components comprising RSC are deployed with x.509 certificates that make them unique and secure. All the components are authenticated within the RSC built-in OpenSSL Certification Authority for a valid x.509 certificate before they can join a virtual RSC network. This provides an integrated self-defense protection with on-the-fly verification of component integration. Components not signed with a valid RSC

certificate are prohibited and will not be able to join the RSC network and compromise system security.

All communications are automatically signed and performed via an SSL channel as soon as you deploy RSC in your environment. Browsers connect to RSC Console via HTTPS protocol.

RSC Components Default Port Usage

Below you can find a table summarizing the network configurations used by RSC components. This outlines which ports are used by a particular RSC component and what the component uses them for, according to default settings which are

(16)

8

Component Listen Port Waits for Connection from/to

Local Remote Inbound Outbound

RSC Management Console Defined in IIS Manager

Any Client

Browser

N/A

Used to accept browser connections and allow the RSC User to access the RSC Management Console from a computer in the LAN. If the Direct management model is used, and IIS is open for incoming connections from WAN, this port can be used by browsers in the WAN.

Defined in IIS Manager

Any RSC LAN

Gateway

N/A

Used to send to RSC information about available RSC Client Computers and other information specific to RSC

configuration and management. RSC LAN

Gateway 1529 Any RSC Client Computer

in LAN

N/A

Used to accept connections from RSC Client Computers (usually in the LAN). If the inbound connection can be installed from the WAN to the RSC Server, this port can be used by RSC Client Computers in the WAN.

1753 Any RSC Console N/A

Used to accept transfer of the RSC Management Console requests to Active Directory. This connection is established locally on the RSC Server only.

Any 1528 N/A RSC Internet

Gateway Used to establish an outbound connection to the RSC Internet Gateway in the perimeter network when RSC is configured with the Global Model.

RSC Internet Gateway

443 Any RSC Client

Computers in WAN

N/A

Used to accept connections from RSC Client Computers in the WAN.

443 Any RSC User’s

Browser

N/A

(17)

9

Component Listen Port Waits for Connection from/to

to access the RSC Management Console from a computer in the WAN.

1528 Any RSC LAN

Gateway N/A

Used to accept inbound connections from the RSC LAN Gateway and make the RSC Management Console aware of the RSC Client Computers’ connections in the WAN.

RSC Components Default Port Usage

Note

When deploying either the RSC Management Console or the RSC Internet Gateway to computers with Windows Firewall turned on, the Windows Firewall is automatically configured to allow connections via the specified ports. If the automated process fails, you’ll be asked to perform this manually.

(18)

10

G

ETTING

S

TARTED

The RSC Management Console provides the ability for authorized users to manage remote workstations or servers inside the organization or anywhere in the world. Once the RSC installation is complete, you can use RSC only locally:

Installing Remote Support Center Clients to Remote Computers Managing Remote Computer via ExpertAssist

Managing Remote Computer via InstantAssist

In order to allow users to start using RSC from computers other than the RSC Server localhost address, the RSC administrator must perform some initial configurations.

 To perform the initial configurations to grant remote access to the RSC Console, launch the RSC Management Console via the Start Menu on the RSC Server, and then:

 Configure the Application Security Settings.

This step allows the administrator to specify remote computer IP addresses, which will authorize RSC Administrators or RSC Helpdesk Specialists to connect to the RSC Management Console. This step also allows the default RSC Administrator to select Active Directory users and groups who will have administrative permissions in RSC when accessed remotely.

 Set granular Access Permissions on computers and groups.

By default, RSC Administrators will have access to all computers and groups. The Administrators can set up more granular access and/or give additional users permission to access the RSC Management Console.

When the initial configuration is performed, an RSC User can connect remotely to the RSC Console by entering the RSC (or DMZ) Server IP address or domain name (either short (NetBIOS) or long (FQDN) DNS name) into the browser address bar.

For example, https://192.168.22.33/rsc

Note

The RSC Administrator may consider installing RSC Internet Gateway if the RSC Server does not allow inbound connections from the Internet. See the

Global Model subsection of the Management Models section within the Remote Support Center 2.5 Installation Guide.

 To start the management of a remote computer, the Remote Support Center Client (RSC Client: ExpertAssist or InstantAssist) must be running on the remote computer. This can be accomplished by:

 pushing ExpertAssist to selected Active Directory computers or computer

(19)

11

 installing the ExpertAssist Deployment Package in bulk, via Group Policy or

Desktop Authority.

 sending ExpertAssist or InstantAssist (requires special InstantAssist

Technician License) invitations to computers outside of the Active Directory domain.

Once the RSC Clients are installed, see how you can start managing your remote computers:

 Managing Remote Computer via ExpertAssist  Managing Remote Computer via InstantAssist

If, as an RSC novice, you encounter any problems working with RSC or its clients, address the Troubleshooting section before contacting the Technical Support Service at

(20)

12

Chapter 2 Using the RSC Management Console

Once you’ve logged into the RSC Management Console, either as an RSC Administrator or RSC Helpdesk Specialist, familiarize yourself with the RSC Management Console – the tool to perform remote management via RSC.

The chapter describes the RSC Management Console workspace, its controls and elements and provides guidance on the following how-tos:

Displaying the Remote Support Center Environment Using the Active Directory Node

Using the Remote Computer Groups Node Using the InstantAssist Clients Node Using the Error Log Node

Using the Grid and its Fields Using the Grid Toolbar Buttons

Locating the Desired Machine/Container Using the Remote Computer Properties Page Searching across your RSC Environment Organizing into the Favorites Container

(21)

13

D

ISPLAYING THE

R

EMOTE

S

UPPORT

C

ENTER

E

NVIRONMENT

With the Remote Support Center Management Console, you 1) make remote

computers available for remote management by deploying them with RSC Clients and 2) define users permitted to perform remote management through RSC. The remote computer can be a computer from an Active Directory forest or any computer either currently not an Active Directory member or residing in the Internet, etc.

The full scope of the RSC environment is always available for the RSC Administrator. The amount of data the RSC Helpdesk Specialist can view via the RSC Management Console depends on configurations made by RSC Administrator and can vary from one folder with RSC Client Computers to the whole RSC framework with the Active

Directory forest (see figures below).

The Tree pane available for the RSC Administrator.

The Tree pane is tuned to display only Remote Computers Groups for the RSC Helpdesk Specialist. The Remote Support Center environment is organized:

 into two panes - the left Tree pane with the main environmental tree nodes and

the right Grid pane presenting the selected object contents.

 The most of the RSC functionality is also available through the Grid pane: its toolbar, tabs, and links.

(22)

14 RSC Management Console

The Tree pane will display your RSC environment in:

 the Active Directory,

 Remote Computer Groups,

 and InstantAssist Clients node(s)

 as well as two functional nodes - Search and Favorites - to quickly locate the desired object among the environment.

 The Error Log node stores all the errors that occurred during the push or uninstall

operations and is available only for RSC Administrators.

Depending on your role and access permissions, the availability and contents of nodes vary. Refer to the corresponding node description for details on each.

When a container is selected in the Tree pane, the Grid lists the child objects of this container on the Computers tab and displays the objects location path (or just the node’s name) at the top of the pane. From within the Grid, you will reach the most of the RSC functionality (see Using the Grid and its Fields for reference).

 By switching from the Computers tab to the Users and Permissions tab, the designated RSC User can assign or view users with permissions on a domain, organizational unit or remote computer (sub)groups (for details, RSC

Administrators can refer to Granting User Access Permissions to RSC Helpdesk Specialists and Defining the Active Directory Groups Permissions and RSC Helpdesk Specialists – to Setting/Modifying User Access Permissions).

 Within the InstantAssist Clients node, one can regulate the scope of computers to display within the node by blocking/unblocking the IA Client Computers. The blocked computer then will show on the Blocked Computer tab of the

InstantAssist Clients node.

In case you encounter a problem logging into or starting the RSC Console, consult the Troubleshooting section to detail the error messages and solve the issue.

(23)

15

Using the Active Directory Node

Viewing the organizational unit content within the Active Directory node

The Active Directory node lists the domain(s), organizational unit(s), container(s) and computer(s) of Active Directory that the RSC Server is part of.

This is the RSC Administrator who defines the number of domains (or even certain computer objects) available for RSC Helpdesk Specialists. Thus, address your RSC Administrators if you cannot find the desired object within your RSC environment.

RSC Helpdesk Specialists with the Delegate permission can also assign permissions to

other users on the objects they are responsible for.

The RSC Console displays only those containers that store at least one computer inside.

Since RSC installs to a LAN server, RSC reads from and tracks all Active Directory changes in order to display the most recent state of the Active Directory framework upon RSC Console automatic refreshes.

Note

The Active Directory computer deployed via an EA Deployment Package will display in Remote Computer Groups just in case it is no longer the member of Active Directory domain.

The “No domains are available” message that appears on expanding Active Directory indicates your Active Directory user account is granted no permissions on any of the domains within the RSC security settings (see Troubleshooting).

(24)

16  For the icons displayed next to computer/containers, see Using the Grid and Its

Fields.

 For guidance on how to push to the Active Directory remote computers to make them available for management, see Pushing ExpertAssist Client to a Remote

Computer(s).

 For remote management operations available within the node and their routine,

see RSC Helpdesk Specialist Role.

 For using the Users and Permissions tab, see Granting User Access Permissions to RSC Helpdesk Specialists.

 For info on the page you are brought to if following the link on the computer name, see Using the Remote Computer Properties Page.

Using the Remote Computer Groups Node

Viewing the contents of the Default folder within Remote Computer Groups.

The Remote Computer Groups node stores container(s) of remote computer(s) (either in the LAN or Internet) deployed with ExpertAssist client software via invitation or non-Active Directory computers installed with the ExpertAssist Deployment Package.

Note

The ExpertAssist Deployment Package feature is only available for RSC Administrators (consult Using an ExpertAssist Deployment Package).

These are the RSC Administrators who can regulate the number of remote computer(s) or remote computer group(s) RSC Helpdesk Specialists can view or manage. Thus, address your RSC Administrator(s) in case you cannot find the desired object within your RSC environment.

RSC Helpdesk Specialists with the Delegate permission can also assign permissions to

other users on the objects they are responsible for.

The Grid pane that displays when the Remote Computer Groups node is selected in the left is headed with the name of the selected remote computer group.

(25)

17  the computer will display within the Remote Computer Groups node in the

Default or the custom folder defined as the computer store during the creation of the invitation;

 the EA Client Computer will be listed in the Grid with the custom name entered in the Remote Computer Name field of the Inviting New Remote Computer page;  the computer is appended with the icon until the RSC Remote User deploys

the computer with EA Client and the computer connects to and registers with RSC;

 the icon will change to indicating the EA Client Computer is available for management.

 ExpertAssist can be automatically removed when necessary.

 the computer will display in the Default folder (once the EA Deployment Package installs to the non-Active Directory computer,) and normally will be immediately available for management (signaled by the icon). The EA Client Computer will be listed in the Grid by its NetBIOS computer name.

 if the Active Directory computer deployed via the EA Deployment Package may happen to get unjoined, the computer will display in Remote Computer Groups.

To organize your EA Client Computers deployed via invitation (ExpertAssist Deployment Package), use the Grid toolbar buttons:

 to create new group folder(s)

 to move either the group folder(s) or EA Client Computer(s) within the Remote Computer Groups node

 to add it to the Favorites container.

If you fail to expand the Remote Computer Groups node, your Active Directory user account has been granted no permissions on any of the node’s object (see

Troubleshooting). What’s next:

 For guidance on how to invite remote computers for management, see Inviting Remote Computer(s) for Management with ExpertAssist.

 For info on how to automatically uninstall the ExpertAssist Client from the remote computer, see Centralized Uninstallation of ExpertAssist Client(s).

 Understanding the icons displayed next to computers/containers, see Using the

Grid and its Fields.

 For tips on how to organize within the Remote Computer Groups node, see Using the Grid Toolbar Buttons.

 For remote management operations available within the node and the operation routine, see RSC Helpdesk Specialist Role.

(26)

18  For using the Users and Permissions tab, see Granting User Access

Permissions to RSC Helpdesk Specialists.

 For information on the page you are brought to if following the link on the computer name, see Using the Remote Computer Properties Page.

Using the InstantAssist Clients Node

The InstantAssist Clients node is available only for RSC Administrators and those RSC Helpdesk Specialists who are issued with an InstantAssist Technician License.

Management of InstantAssist Clients is available only for RSC Users issued with an InstantAssist Technician License.

If you are an RSC Administrator accessing the RSC Console from someplace other than the localhost address and the InstantAssist Clients node does not show in the Tree pane, ensure that you start your browser from the IP address granted configuration rights.

The node stores the computers deployed with the InstantAssist client software. Once the target computer you invited for management with InstantAssist connects to and registers with RSC, it displays on the Grid pane and is available for remote

administration. The computer will disappear from the Grid as soon as the RSC Remote User exits the InstantAssist client software or computer disconnects from RSC.

Viewing the InstantAssist Clients node with IA Client Computer available for management

The IA Client Computers that have been blocked from displaying in the node are stored on the Blocked Computer tab.

What’s next:

 Deploy a remote computer with InstantAssist (refer to Deploying Remote

Computer with InstantAssist).

 Block the computer(s) to be displayed in RSC Console.

 Unblock the blocked computers to show them in RSC Console.

 For the icons displayed next to computers/containers, see Using the Grid Toolbar

(27)

19

Using the Error Log Node

Viewing the Error Log data

Within the Error Log node of the RSC Console, the RSC Administrator can view all the EA Client “push”- and/or automatic removal errors published by the RSC application. The Error Log page presents the error event data in a grid with the columns described in the table below.

Column Name Description

Date/Time Displays the date and time the error event took place (according to the regional and local system settings of the RSC User Browser).

Computer The DOMAIN\Computer Name format is used to designate the remote computer on which the push/uninstall operation was initiated and successively fired an error.

User The DOMAIN\User Name format is used to designate the user who initiated the operation.

Error ID Displays the error event number that identifies the event type.

Details Shows the error message. The Error Log grid description.

 Click the column header to sort the column data alphabetically or numerically.  For your convenience, all new error logs are displayed in bold. When necessary,

you can select one or more entries, and then click Mark Selected as Read to mark the selected entries as read. You may also use the Mark All as Read

button.

Using the Grid and its Fields

By accessing the Grid and its fields, you can view contents of the container selected in the Tree pane as well as be aware of the computers that have been successfully installed with RSC Clients and are currently available for management; or install the RSC Client; or initiate the remote management session, etc. The Grid fields are as

(28)

20 follows: Type, Name, Operation, User Name, Operating System. Their values are

detailed below.

To filter the listed objects of the selected container with the Grid fields:

 In the desired Grid field, expand the drop-down list and select from the available items. The displayed list will change accordingly.

Use the Name or User Name filter boxes to search/sort out within the listed objects:  type the desired object name or part of its name in the filter boxes, and then

click . The objects matching your search parameters will show.

Type

This column allows you filter the displayed objects according to the status of the RSC Client hosted on the remote computer. By default, the value is set to All to display items within the selected container in alphabetic order starting with folders names. The available Type values are represented with icons which indicate the following:

The Type field icons Icon description

Containers (for

Active Directory)

Groups (for Remote Computer Groups)

Active Directory organizational units and containers.

Groups within the Remote Computer Groups.

Client is not

installed (for the Active Directory node)

The remote computer is not installed with EA Client. (If you were installing EA Client to the target

computer,consult Troubleshooting for possible problems.)

Invited (n/a for InstantAssist Clients)

An invitation for the remote computer was generated but the computer has either not installed the EA Client or connected to RSC. (Refer to Troubleshooting for possible errors.)

Installation is in progress (for the Active Directory node)

The target computer is currently being “pushed” with the EA Client.

Available for management

The target computer has the EA/IA Client installed and running and is currently available for management.

In management session

The target computer is currently being managed.

Client is inactive

(n/a for IA Client Computers)

The remote computer has been deployed with the EA Client but management is impossible. (See the Troubleshooting section for possible causes and

(29)

21 solutions.)

Pending for uninstallation (for ExpertAssist Client Computers)

The EA Client Computer is in the client software queue. You can cancel the uninstallation if desired.

Not supported client (n/a for

InstantAssist Clients)

The remote computer is running an EA Client version that is no longer supported by RSC. To make the computer available for management, upgrade to the latest the client version via Push or Invitation.

All with warnings

(n/a for InstantAssist Clients)

Appends a computer to indicate the computer failed to be installed/uninstalled with the EA Client.

 To view the error message, hover the pointer over the icon.

 Follow the link on the corresponding computer name to navigate to the Error Log section. (The icon disappears once the Error Log tab is opened to view the error message.)

To resolve the installation problem, consult the Troubleshooting section.

The Type field icons

Name

This column displays the NetBIOS names of Active Directory objects or remote computers deployed with the ExpertAssist Deployment Package, and the custom names used to invite computers into the Remote Computer Groups.

 Click the link on the computer name to navigate to the Remote Computer

Properties page, and on the container – to display the container contents.

Operation

This column lists the operations that can be performed on the corresponding remote computer or container-like object.

The Operation field items Item description

Push (available for objects within the Active

Directory node)

The object can be deployed with ExpertAssist to start the remote management session on it. If pushing to a container, EA Clients will install recursively.

Manage (for computers) The remote computer is deployed with the RSC Client and is available for management. Click the Manage

button to launch the management window and start remote administration.

(30)

22

Pending for

uninstallation computers)

the computer that is in the Pending for uninstallation.

Regenerate (for

computers within Remote Computer Groups)

Regenerates invitation for the remote computer to be deployed with the EA Client. (Follow the link to learn about the operation details.)

Unblock (for Blocked

Computers) Makes the computer available for management by placing it back to the Grid within the InstantAssist Clients node. (Follow the link for details of the

Unblock operation.)

The Operation field icons

User Name (not available for Blocked Computers)

Displays the name (in the DOMAIN\Username format) of the user being logged on to the RSC Client Computer interactively, for the Available for management or In management session statuses.

Operating System (not available for Blocked Computers)

This column displays the operating system running on the RSC Client Computer that is in the Available for management or In management session statuses.

Using the Grid Toolbar Buttons

The Grid pane contains the toolbar. The range of available toolbar buttons differs for

Active Directory, Remote Computer Groups and InstantAssist Clients nodes. The icons are referenced in the table below.

To make use of the toolbar buttons:

 select an object within the Grid, and then click on the activated button to take advantage of its functionality.

The Grid toolbar buttons Button function

Refresh Displays the most recent information

about available computers and their statuses. (To refresh, use this application button instead of the browser one.)

Add to favorites Add the selected object to the Favorites container. (For details on

adding to favorites, follow the link).

Remove from Favorites (in the Favorites node)

Removes the selected object from display in the Favorites node.

Push (for the Active Select any available Active Directory object or set of objects, and then click

(31)

23 Directory node) _{on the} _Push_{button to deploy it}

with ExpertAssist in order to start the remote management session. If pushing to a container, the EA Clients will install recursively.

Uninstall (for any but IA Client Computers)

Uninstalls the EA Client from the

selected EA Client Computer(s) within the Active Directory or Remote Computer Groups nodes.

Invite (for the Remote Computer Groups node)

(Activated if any child Remote Computer Groups folder is selected) Creates an invitation for the remote computer to be installed with the ExpertAssist Client.

New Subgroup (for the Remote Computer Groups node)

Creates a new custom group folder within Remote Computer Groups.

Move to (for the Remote Computer Groups node)

Moves the selected EA Client

Computer(s) or group folder(s) within

Remote Computer Groups from the current group to the newly selected one.

Remove (for the Remote Computer Groups node)

Removes the selected EA Client group folder(s) and all its contents.

Block Computer(s) (for the InstantAssist Client node)

Blocks the selected IA Client

Computers and hides them from the

Instant Assist Clients Grid and show on the neighboring Blocked Computer(s) tab. (See

Blocking/Unblocking InstantAssist

Client Computers.)

Unblock Computer(s) (for the InstantAssist Client node)

Makes the selected blocked IA Client Computers appear and be available for management within the Instant Assist Clients Grid. (See

Blocking/Unblocking InstantAssist

Client Computers.)

(32)

24

L

OCATING THE

D

ESIRED

M

ACHINE

/C

ONTAINER

To locate the desired computer or any container within your RSC environment, perform the steps below:

 (For available nodes) In the Tree pane, expand the Active Directory node to list the discovered Active Directory domain(s); expand the Remote Computer Groups node – to view the Default and other group(s) of computers deployed (or just invited to be deployed) with the ExpertAssist client software via invitation or the ExpertAssist Deployment Package; click the InstantAssist Clients node – for InstantAssist Client Computers installed with the InstantAssist client software.  Click the desired node folder to display its contents - computers or subfolders - in

the Grid pane to the right.

 Use the Grid fields to sort within the listed objects or perform available operations on the desired object.

 (If necessary) Search within the listed objects by typing the desired computer or user name or part of the name in the Name filter box and click . The objects matching your search parameters will be displayed.

Or,

you may just use the Search tool to quickly navigate to the Active Directory or

Remote Computer Groups object.

 To vary the amount of items displayed on a single page, use the pagination control at the bottom of the Grid.

 To get the most recent information about available computers and their statuses, click the Refresh button. By default, the page contents update once per minute. Once you’ve located the computer or other object in the Grid, use the available Grid

functionality or refer to the RSC Helpdesk Specialist Role chapter for guidance on

remote management.

(33)

25

U

SING

T

HE

R

EMOTE

C

OMPUTER

P

ROPERTIES

P

AGE

The Remote Computer Properties page is available for computers within the Active Directory node and Remote Computer Groups node.

The Remote Computer Properties page

To view the Remote Computer Properties page:

 Locate the desired remote computer in the Grid and then click the link on its name in the Name column. The Remote Computer Properties page entitled with the remote computer name will open.

The Remote Computer Properties page displays various details about the remote computer.

It also allows running commands applicable for this computer by making use of the activated links:

 Invite Remote Computer;

 (For computers within the Active Directory node) Push the ExpertAssist client software. (The EA Client status is referenced with an icon. Refer to the Remote

(34)

26  (n/a for IA Clients) Uninstall ExpertAssist Client Software;

 Manage Remote Computer(activates only if the remote computer is both

deployed with EA Client and connected to the RSC Console).

If you are not sure why the operation link is not activated, switch to the Grid view to find out if the remote computer type and reference the status icon in the Using the

Grid Toolbar Buttons and Troubleshooting sections (if necessary).

RSC Administrators and Helpdesk Specialists with sufficient permissions can also use the Remote Computer User Access Permissions window to modify user access

rights on the computer.

The Error Log tab stores all error events the remote computer encountered during EA

Client deployment/uninstallation.

Remote Computer Info

The Remote Computer Info section stores the following information about the

remote computers deployed with EA Client and registered with RSC (otherwise all fields will show Not available or Unknown, except for the Operating System field). The Remote Computer information includes:

Entry Description

Remote Computer Status

Displays the status of the EA Client Computer and corresponds to the one shown within the Type Column of the Grid.

Session Status

Informs about the management session status: Available –the remote computer can be managed, Not Available – the EA Client is currently not available for management, In Management Session – the remote computer is currently being managed.

User Logged

in Locally Displays the name (in the DOMAIN\Username format) of the user being logged on to the RSC Client interactively.

Remote Computer IP Address

The IP address of the EA Client Computer used by the current management session.

Operating System

Shows the remote computer’s operating system retrieved from Active Directory.

Client Version EA Client version number The Remote Computer Info items description

The availability of the EA Client on the remote computer is referenced with an icon. See the table below to know the icon definitions.

(35)

27

Entry Description

The remote computer is not installed with EA Client. The EA Client is currently being installed on the remote computer.

The remote computer has been successfully deployed with the EA Client and is available for management.

The remote computer has been deployed with the EA Client but management is not possible.

The EA Client could not successfully be installed on the remote computer.

The Remote Computer Properties Page icons

The Error Log Tab

The push/uninstall error event(s) that occurred on the remote computer display(s) on the Error Log tab within the Remote Computer Properties page of the corresponding computer. The error logs are accumulated in a grid that informs you on:

 the date and time the error occurred (according to the EA Client Computer) (in the Event Date/Time field),

 the RSC User who initiated the operation (in the User field),

 the error identification number to reference the error (in the Error ID field),  the full error message (in the Details field).

Once you open the tab, the warning in the Grid view appending the last initiated and failed operation will be removed.

(36)

28

S

EARCHING ACROSS YOUR

RSC

E

NVIRONMENT

RSC features a searching mechanism that allows finding the necessary computer within the Active Directory node items or your Remote Computer Groups, or define the computer the Remote User is currently logged in.

Note

The search is performed by the NetBIOS computer name.

To perform the search:

1. Use the Search container shown on the figure below. 2. To build the search query:

a. Enter the full-matching computer name in the Name field. You may also use the “*” wildcard symbol at the beginning or end of the search string to represent any characters in the beginning or ending of the name being searched. Leave the search string blank to display all available objects in the Search results.

AND/OR,

Enter the full-matching user name (in the DOMAIN\Username format) into the User Name field to look for the Remote User currently logged into the EA Client Computer. The “*” wildcard search is also supported (see the paragraph above).

b. Select the desired domain or Remote Computer Groups in the

Container drop-down menu. Set the All option, if not sure about the location the desired computer resolves in (but it may take time to perform the search through numerous domains).

3. Click Find.

The search results will display in the table below the Search options section. Use the

(37)

29 The Search results window displays all the computers starting with “Te” and residing in the dawn.local domain.

Tip

The search string should not start with characters disallowed by the Naming conventions in Active Directory (refer to

(38)

30

O

RGANIZING INTO THE

F

AVORITES

C

ONTAINER

For your convenience, you may organize the computer(s) and/or group(s) you administer most often in the Favorites container.

You may perform any of the available operations (Push, Manage, Regenerate, Uninstall) from the Favorites node as well as access the Remote Computer Properties page.

You can add to favorites any Active Directory computer or group (except domains), or any computer or group from Remote Computer Groups.

To add a computer to the Favorites container:

1. In the right window with the list of computers and groups, select the desired one(s) by checking the neighboring box.

2. Click the button on the toolbar above the list.

Select the computer and click the Add to favorites button to organize it under the Favorites node.

Viewing the Favorites container content.

The selected item will be added to the Favorites container. To view the container, click the Favorites folder in the left pane.

(39)

31

Adding to the Favorites container is not available for items within the InstantAssist container.

(40)

32

Chapter 3 RSC Administrator Role

The RSC Administrator is typically responsible for configuring and managing the RSC Management Console as well as designating RSC Helpdesk Specialists for Remote Management purposes. The RSC Administrator can also remotely manage remote computers via RSC.

The RSC Administrator can always view the whole scope of the RSC workspace (the

Active Directory, Remote Computer Groups, InstantAssist Clients, and the Error Log node). Only RSC Administrators can access the Security Settings menu, manage

InstantAssist Technician Licenses, or prepare the ExpertAssist Client package for mass deployment (via the Client Deployment menu).

The RSC Administrator is a user that is granted RSC administrative rights and rights to launch the RSC Console from the IP address allowed to perform configurations of Remote Support Center. By default, RSC administrative rights are granted to the user logged into the RSC Server. Only the RSC Server localhost, IP address 127.0.0.1/8, is the default IP address that is allowed to perform configurations of RSC.

The default RSC Administrator is responsible for initial security settings and access permission configuration in RSC, assigning other domain users with RSC Administrator and Helpdesk Specialist rights so they can perform RSC and remote computer

administration regardless of the location of RSC User, RSC Server, or remote computer.

Initial RSC Console Startup

To log into the RSC Console for either initial configuration or remote management purposes:

1. Log into the RSC Server, and then, from the Start menu, start the RSC Console by selecting All Programs-> ScriptLogic Corporation-> Remote Support Center-> RSC Management Console. The RSC Login page will open.

2. Type in your Active Directory credentials and click Login. The RSC Management Console will show.

Alternatively, on the RSC Server, start the browser, and then type

https://localhost/RSC (If necessary, replace RSC with the virtual directory name specified during the installation. See the description of the RSC Server Installation Procedure section in the Remote Support Center 2.5 Installation Guide).

Starting the RSC Console by typing its IP address or computer name before creating IP filter rules for this IP address will render an unauthorized access error. (See

(41)

33 ONCE the RSC Management Console has launched, perform the RSC Administrator tasks:

 Configure RSC to allow remote access to the RSC Console by:

1. managing Security Settings (setting IP filter rules and designating RSC Administrators , the latter is optional);

2. granting user access permissions on certain domains or Remote

Computer Groups.

 Provision the user with an InstantAssist Technician License to implement remote management via InstantAssist. (If applicable or necessary.)

 When necessary, install the RSC Internet Gateway if planning to access Remote Support Center from the Internet and your RSC Server is shielded from

unauthorized access with firewall or NAT devices.

 When necessary, configure invitation settings to invite remote computers to be deployed with the EA Client.

 When necessary, modify the Administrator Account that authorizes the RSC Client installation on remote computers.

(42)

34

G

RANTING

R

EMOTE

A

CCESS TO

RSC

C

ONSOLE

To provide remote access to the RSC Console from other than the RSC Server localhost address, either for RSC Console monitoring, administrating, or remote control

purposes, the RSC Administrator has to configure the Remote Support Center Security Settings page first. By configuring the settings, you define the range of IP addresses trusted to access RSC and (if specially tuned) administer the RSC Console from remote browsers. You can also create a list of users with RSC Administrator privileges to allow them perform RSC management.

When remote access to RSC Management Console is configured, the RSC Administrator should provide the RSC Console URL to the potential remote RSC Users (refer to

Connecting to the RSC Console Remotely).

The common routine to grant remote access to the RSC Console is as follows:

1. Configure the Security Settings page by defining IP Filter rules, designating RSC

Administrators and Active Directory group permissions (if the latter is necessary)).

2. Define Users and Permissions.

(43)

35

Defining IP Filter Rules and Designating RSC Administrators

Defining IP Filter Rules

Computer IP address filtering is used to allow/deny access to the RSC Console for remote control or RSC Console configuration purposes.

By submitting entries and managing the IP Filter table, you permit/prohibit access to users from certain computer IP addresses to the RSC Console and thus define the RSC Console security settings.

Note

If implementing the Global Model, consider adding the DMZ server IP address to the RSC IP Filter.

According to the default security settings of the IP Filter table, the loopback address, 127.0.0.1 by IP and 255.255.255.255 by subnet mask, is allowed administrative access to the RSC Console; the rest IP addresses in the range of 0.0.0.0. -

255.255.255.255 are prohibited access. Since the loopback address holds the first row in the table, connections from any IP addresses are first filtered according to this filter. The first-order filter is restricted for editing.

Note

When done with setting the IP Filter rules, grant user permissions, RSC

Administrator rights or InstantAssist Technician Licenses, otherwise the "User does not have required permissions" login error will show when connecting to the RSC Console from the specified addresses.

 To refer to the IP address range, the filter applies, move the cursor over the Info

icon and read the tooltip in blue.

The default IP Filter settings with the first-order loopback IP filter referenced.

To set the filter according to your needs, modify the default IP Filter table settings by:

1. adding new IP filter,

(44)

36 3. (if necessary) removing/editing the existing IP filter.

Adding a New IP Filter Rule

To allow/prohibit access to the RSC Console from any other than the localhost address of the computer hosting RSC, add the respective IP filter by adding and reordering records in the IP Filter table.

Adding a new record to the IP Filter table

To add a new IP filter:

1. Click Add New Filter to add the new IP filter entry and fill in the fields. (See IP Filter to see the tips on how to set the IP and Subnet

entries.)

IP

Enter the IP address of a single computer or a group. Specify a group of computers by entering zero(s) for the last octet(s).

Subnet

Enter the subnet mask that will be used to identify the computer. Specify a group of computers by entering the first three octets in the mask and 0 for the last octet if you want to lease 24 bits for network IP address part leaving another 8 bits for the host part. Thus you will specify a range of 254 computers.

Allow Access to RSC

Set this checkbox to allow access from the specified IP address(es).

Allow Configuration of RSC

Check this box to carry out the RSC Administrator role from this IP

address. (To ensure configuration of RSC remotely, the user must be also assigned RSC Administrator rights.)

Remote Support Center 2.5. Administrator's Guide

7,353,262 and 7,469,278 with other patents pending.

Portions Copyright (c) 2011, The Board of Trustees of the University of

Illinois.

Refer to http://www.quest.com/legal/third-party-licenses.aspx for

third party license and copyright information.

This publication is protected by copyright and all rights are reserved by

ScriptLogic Corporation. It may not, in whole or part, be copied, photocopied,

reproduced, translated, or reduced to any electronic medium or

machine-readable form without prior consent, in writing, from ScriptLogic Corporation.

This publication supports Remote Support Center (RSC), InstantAssist and

ExpertAssist. It is possible that it may contain technical or typographical errors.

ScriptLogic Corporation provides this publication “as is,” without warranty of

any kind, either expressed or implied.

ScriptLogic Corporation

6000 Broken Sound Parkway NW

Boca Raton, Florida 33487-2742

1.561.886.2400

www.scriptlogic.com

Trademark Acknowledgements:

Remote Support Center, InstantAssist, ExpertAssist, ScriptLogic and the

ScriptLogic logo are either registered trademarks or trademarks of ScriptLogic

Corporation in the United States and/or other countries. The names of other

companies and products mentioned herein may be the trademarks of their

respective owners.

D

C

C

S

L

S

L

W

Table of Contents

Overview

Who Should Read This Guide

Note

Document Summary

Chapter 1

Remote Support Center Basics

R

S

C

U

R

C

RSC User Roles

RSC Concepts

R

S

C

A

Remote Support Center Components

Security Measures

RSC Components Default Port Usage

Note

G

S

Note

Chapter 2

Using the RSC Management Console

D

R

S

C

E

Using the Active Directory Node

Note

Using the Remote Computer Groups Node

Note

Using the InstantAssist Clients Node

Using the Error Log Node

Using the Grid and its Fields

Using the Grid Toolbar Buttons

L

D

M

/C

U

T