Remote Control client settings in Configuration Manager 2012

In an earlier blog about the Remote Control CEP session I explained the rebuild and secure remote control feature in Configuration Manager 2012. Today I want to look at the Client Settings that are related to Remote Control.

You are able to find the Remote Control settings in the Remote Tools section of the Client Device settings.

Remote Control settings

When enabling the remote control feature you are able to configure configuration Manager to be able to configure the firewall settings for the domain, private and public firewall profiles. You need to ensure that Configuration Manager is able reach the destination computer. When enabling a firewall profile, the remote control port and program exceptions are automatically created at the client.

Enable Remote Control and enable creation firewall rules

When you look at the local firewall on a Configuration Manage client, you will see that the firewall exceptions are created like shown below.

Created firewall rule
Configuration Manager firewall rule
Exception program CMRcService.exe
Firewall rule created for profiles

By default users cannot manage their remote control settings via the Software Center. By enabling the setting, which you don’t want if you ask me, you will be allowing users to for instance disallow remote access of their client.

Let the users control their remote control settings

Back again is the ability to send the Ctrl+Alt+Del key key sequence and logon at clients that are unattended.  You will have the option to disable this feature. When you connect with the Configuration Manager Remote Control tool to a Configuration Manager Client you will have the option to send the Ctrl+Alt+Del key.

Control unattended client

In most situations your users will get a notification when you want to connect to their computer, you are able to disable this notification. When the notification is on, you will see the following message.

Waiting for user
Approve or deny remote control

When you choose to grant the remote control permission to local administrators, all members of that group are able to remotely control that workstation. You are able to disable this option, but you than need to configure which (groups of) users are able to connect via remote control or remote assistance.  Personally I think this is the preferred way of giving remote control and remote assistance access.

Define which user or group of users are allowed to remotely control clients

Notification of for when remotely controlling or assisting a client can be enabled of disabled. By default this notification via sound, a session connection bar and a session notification icon on the taskbar is enabled.

Session connection bar
Session connection icon on the taskbar


Las but not least you are also able to manage unsolicited, solicited Remote Assistance and Remote Desktop settings with Configuration Manager 2012.This way you are able to use remote assistance and remote desktop from the Configuration Manager 2012 console.


  1. Hi Peter,
    Thanks for the explanation.
    If Windows Firewall is Disabled on client computer, what will be the behavior of process which enables Ports and Program rule automatically.
    In my environment we have disabled Firewall via GPO, and XP clients are showing a weird behavior, Remote control does not works, and on checking ConfigMgr client / Components / Remote Tools Agent is “Disabled” and Config Mgr Remote Tool Service is also in “Disabled” State. If I enable the service startup Type manual or automatic and start the service, immediately the services goes back to “Disabled” state.
    I couldn’t find any issues with Win7 clients.
    Your comments will be helpful.


  2. I have run into an issue where the ctrl+alt+del action will not work when remoting to a system with touch screen capabilities, win7 or win8 makes no difference. So far I can repeat the issue on a Lenovo thinkpad S1 Yoga and a Lenovo Thinkcentre M93z All-In-One..

    Ever run in to that before???

  3. Is there a way to disable the remote control feature on the client side permanently without uninstalling the sccm client?

    1. Hi,

      Yeah, you can disable the RC feature with the Client settings.


  4. We have the option to “Allow Remote Control of an unattended computer” configured in the client settings and it works however the session connection bar, which we also have enabled in the client settings, does not display until someone actually logs onto the computer. Is there any way to make this appear on the lock screen?


  5. Hi for our enterprise we want to request permission from users before we connect remotely but if there are a selected machines we want to connect automatically. Is there a way we can configure for these clients? We dont want to set it for all clients, just a few. Thanks

  6. Hi

    Is there a way I can bypass the permission screen on selective workstations so that I can automatically connect without requiring user permission in SCCM2012. I know how we could do in 2007 but cannot find the setting in 2012.

    On the client machine when I go to software center, options, remote control I am not able to adjust the settings individually on the client so assume this is set centrally, is there a way some machines can be excluded from this rule?

    Many Thanks

  7. I’m just curious if there’s a way to automate the Approval or Denial of the RC request on a client system. I’ve devised a VBScript to listen for SCCMRDPUser.exe and have tried to use sendkeys to pass on the approval keystrokes but to no avail. Just wondering if you know if this is possible.


  8. i have created a group in AD called SCCM-Remote operators and in that AD group is all my help desk users. in SCCM 2012 R2 i added the AD group to the administrative users group and gave the group the security roles to allows users to use Remote Assistance and Remote Control. i modified the client settings to allow them both as well. here is the issue…. One single user that is in the SCCM-remote operators group when right clicking a device and clicking start their Remote control is greyed out but their Remote Assistance is not. it only affects one user that is in the group, all other users in the same group have both available to them. why is this one users RC greyed out when it shouldn’t be??

  9. Great explanation Peter! I had so many questions you helped clear up Thanks! Only two still stand out. Can you explain in more detail what the “Manage unsolicited Remote Assistance settings” and “Manage solicited Remote Assistance settings” do? I mean, what do these settings cause a client/server/console to start doing or stop doing. It sounds like the remote assistance requests will somehow show up now on anyone who has the console open? I’m very confused on this one.

    And the other one is, if we create client setting policy that have AD group A with View Only remote control, and a separate Client settings policy with AD group B with Full Control, will it merge to have A with View Only and B with Full Control at the final client setting policy applied? And how do we remove a client setting policy from a collection after having already deployed it without deleting the client settings policy. Lots of questions sorry.

  10. When I configured the configuration Manager Remote (Automatic, Delayed Start) the service up, but it’s disbled againt.
    This is te log

Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

Configuration Manager 2012 Client Upgrade Settings

Next Post

Windows 8 and capturing it for SCCM 2012…

Related Posts