Submit a ticketCall us

Quickly Address Software Vulnerabilities
Patch Manager is an intuitive patch management software which extends the capabilities of WSUS and SCCM to not only patch Windows® servers and workstations, and Microsoft® applications, but also other 3rd-party applications which are commonly exploited by hackers. Learn more about our patch management solution.

 

Home > Success Center > DameWare Remote Support & Mini Remote Control > DameWare Mini Remote Control User Guide > Application properties and dialogs > Authentication requirements and types

Authentication requirements and types

Created by Anthony.Rinaldi, last modified by Anthony.Rinaldi on Jul 11, 2016

Views: 37 Votes: 0 Revisions: 3

The DameWare Mini Remote Control program always authenticates locally to remote systems. Even if the Mini Remote Control client agent service is installed and running on the remote system, the Mini Remote Control application user must be able to authenticate locally to that system. If a user does not have sufficient rights to log onto a system interactively, that user will not be able to log onto that system using Mini Remote Control either.

Authentication Requirements

The Mini Remote Control program uses the remote operating system's built-in security. Windows requires Local Administrator rights to install, remove, start, stop, or upgrade the Mini Remote Control client agent service. However, Windows does not require Administrator rights to make a connection, provided the client agent service is installed and running on the remote system.

To connect to a remote system, the user must be a member of one of the following groups on the remote system:

  • Administrators

  • Power Users

  • Users

  • Server Operators

  • Account Operators

  • Backup Operators

  • Print Operators

Authentication Type Options

The Mini Remote Control program provides four methods of authentication, three of which are integrated into the Operating System's built-in security. These are detailed below:

Note: Unattended Remote Control Over the Internet only supports Proprietary Challenge/Response and Encrypted Windows Logon authentication type.

Proprietary Challenge/Response

This authentication method works by having a custom proprietary User Name and Password defined in the settings of the Mini Remote Control client agent service on the remote system. The User Name and Password are stored in encrypted format in the Registry of the remote system.

To connect to a remote system using this authentication method, enter the following information in the Remote Connect dialog or Mini Remote Control host properties:

  • User Name: Enter the pre-defined proprietary User Name.

  • Password: Enter the pre-defined proprietary Password.

This authentication method does not use Windows operating system security.

Windows NT Challenge/Response

This authentication method uses the integrated security of the Windows operating system to connect to a remote system.

To connect to a remote system using this authentication method, enter the following information in the Remote Connect dialog or Mini Remote Controlhost properties:

  • Use Current Logon Credentials: This option enables NT Pass-Through authentication for the Mini Remote Control connection. NT Pass-Through authentication passes the credentials of the account currently logged into the local machine to the remote machine.

  • User Name: A valid account that has sufficient rights to login to the Operating System of the remote machine.

  • Password: A valid Password to an account that has sufficient rights to login to the Operating System of the remote machine.

  • Domain Name: The Domain of the remote machine. ***When using local credentials instead of domain credentials, leave this field blank.

Encrypted Windows Logon

The Encrypted Windows Logon is similar to the Windows NT Challenge/Response authentication method except that it sends the User Name and Password to the remote system in an encrypted format. This authentication method is designed primarily for situations where NT Challenge/Response authentication is not possible, or fails. Examples of these situations include when Domain Controllers have been configured to disallow anonymous connections, NT Challenge/Response has been disabled, or when using any of the Home versions of Windows Operating Systems.

To connect to a remote system using this authentication method, enter the following information in the Remote Connect dialog or Mini Remote Control host properties:

  • User Name: A valid account that has sufficient rights to login to the Operating System of the remote machine.

  • Password: A valid Password to an account that has sufficient rights to login to the Operating System of the remote machine.

  • Domain Name: The Domain of thee remote machine. ***When using local credentials instead of Domain credentials, leave this field blank.

Smart Card Logon

The Smart Card Logon authentication method allows theMini Remote Control user to authenticate to a remote system using a Smart Card and PIN at the local system without requiring a Smart Card reader at the remote system. This option works in conjunction with the Smart Card network implementation.

To connect to a remote system using this authentication method, enter the following information in the Remote Connect dialog or Mini Remote Control host properties:

  • PIN: The PIN associated with the Smart Card.

  • Shared Secret: A security feature that allows a Mini Remote Control user to predefine an additional password within the Mini Remote Control Client Agent Service.

Known Issues with Smart Card Authentication

DameWare has identified the following known issues with Smart Card authentication.

Smart Card Authentication Fails Immediately After Startup

Smart Card authentication fails immediately after the remote system starts up because the remote system has not yet started the TCP service. Similarly, if the remote system has not started any of the following services, Smart Card authentication may fail:

  • Smart Card Services (SCardSvr)

  • Server Service

  • NetLogon Service

To resolve this issue, give remote systems a short period to start the requisite services before you try to connect using Smart Card authentication. If you are trying to connect after sending a Mini Remote Control ping to the remote system, enter an appropriate value in the Connect Delay field on the Mini Remote Control Ping dialog. For additional information, see MRC Ping dialog.

Last modified
14:05, 11 Jul 2016

Tags

Classifications

Public