Remote Control

NAVIGATION   Modules > Devices > Device List > select a device > Manage > Remote Control

PERMISSIONS  Remote Control > Use IT Glue Passwords

PERMISSIONS  Remote Control > Allow 1-Click access

Remote Control enables you to connect to any monitored Windows device, and to any monitored macOS device without locally logged-in users. Remote Control allows you to control any console or remote session. This article describes the process.

BEFORE YOU BEGIN  For this feature to be available, the managed device must be powered on and checking in to your VSA 10 platform.

NOTE  Devices hosted on Azure Cloud may experience issues with the remote control tools; this is currently not a supported environment.

Overview

VSA 10 supports two different methods by which you can connect to a target device: 

  • Console sessions:  Take control of the computer as if you were sitting in front of it.
  • Remote Desktop:  Collaborate with users currently active on the machine. While connected, you can also transfer files to and from the device.

Remote Control on Demand

Remote Control on Demand (RCoD) enables VSA 10 technicians to gain temporary remote desktop access to a computer without an agent installed, even if the user does not have Administrator-level permissions.

For details, refer to Remote Control on Demand.

Prerequisites

Before you can remotely control an endpoint, both the managed device and the computer you'll be using to control it must meet the following requirements:

  • On your local computer: Download and install the Remote Desktop Client application from Onboarding > Downloads in VSA 10.

    • NOTE  The first time you use the Remote Control Client (whether RCoD or standard Remote Control), it will automatically detect and install updates. When this happens, a message will appear stating that a new update is available and the update process has begun; the session will continue without interruption.

  • On the managed device: The device must have remote control enabled. Refer to the Enable Remote Control on a managed device section of this article for further details
  • Windows systems: Must be able to reach CRL (Certificate Revocation Lists) and OCSP (Online Certificate Status Protocol) endpoints to validate SSL/TLS certificates. These checks are performed by Windows itself and not by Kaseya.
    • When VSA Remote Control establishes a TLS/SSL connection, Windows attempts to validate the certificate chain. As part of this validation process, Windows must contact the CRL/OCSP distribution points embedded in the certificate. These URLs are almost always HTTP endpoints published by the certificate authorities (CAs).
    • If the system cannot reach the following URLs, certificate validation will fail, and the connection will fail or time out.
      • http://crl.usertrust.com/TrustedSecureCertificateAuthorityDV.crl
      • http://crt.usertrust.com/TrustedSecureCertificateAuthorityDV.crt
      • http://ocsp.usertrust.com

NOTE  Remote Desktop does not support the remote takeover of headless devices (physical devices with no attached monitor) unless the device has an active virtual monitor. In these cases, third-party video adapters or other software typically can be used to generate a virtual display, however devices that are truly headless (no GPU, no display driver, no desktop context) will not be able to accept control via Remote Desktop.

How to...

You can enable remote access to a device at the agent or policy level. Policy settings will always take precedence over individual agent settings and are more convenient, as you can apply them to multiple machines at once.

To learn how to permit VSA 10 remote control access to an endpoint, choose a workflow to continue.

  1. Create a Remote Desktop Device Configuration profile with Enable Remote Desktop selected.
  2. From the left navigation menu, navigate to Configuration > Policies.
  3. Select or create a Device Management policy and assign the Remote Desktop profile you created to that policy.
  4. Target that policy against all applicable devices.
  5. Proceed to the Remote Control section of this article to continue.
  1. On the device you'd like to control, launch the VSA X Manager application.
  2. Navigate to System > Remote Control.
  3. Select the Enable Remote Control option.
  4. In the Remote Control Settings section, configure the agent's response to remote control requests.

  5. Click Apply.
  6. Proceed to the Remote Control section of this article to continue.

Establishing the connection

You can launch a remote control session for a managed device from the Device List page. To do so, perform the following steps.

  1. In VSA 10, navigate to Devices > Device List.
  2. View your managed endpoints, grouped by organization.
  1. Enter all or some of a device name in the search bar to filter results. The list of devices will begin to filter the results as you type. You can apply additional criteria to your search by selecting options from the Filter by list.
  2. Click any search result to populate the endpoint's extended details and management options in the device details pane.
  3. Scroll down to the Manage section and click the Remote Control option.
  4. The device details pane will pivot to the Remote Control launchpad for the selected device. Select the connection method you'd like to use. Refer to Remote Control connection options for definitions.

You can use the following connection methods to reach a managed device via Remote Control.

NOTE  Availability of connection options may vary depending on your VSA 10 permissions and current remote activity on the target endpoint.

Feature Definition
Share the Console Session Connects to a console session already established by another system administrator.

NOTE  In Console Session sharing, the Allow/Deny prompt is tied to the physical console session’s secure desktop. When a user connects via RDP, Windows disconnects the console and spawns a new RDP session for that user. Because of this, if Remote Desktop Session Confirmation is enabled, the Allow/Deny pop-up to appear only on the console’s locked screen, not inside the RDP desktop.
Launch a new VSA X RDP Session

Initiates a Remote Desktop session via the VSA X Agent using local or stored 1-Click credentials.
Launch a new Session using the Microsoft RDP Client

Launches Microsoft's Remote Desktop Connection app to connect to the selected device; requires local credentials and the local or external IP address of the target endpoint.
Share Other Active Sessions

Join a remote session already underway; connection protocols vary depending on the type of session in progress.
View Recorded Sessions Folder

View and download Remote Desktop sessions that were automatically or manually recorded on the device.

IMPORTANT  If you do not receive any prompts from your browser or remote control window does not appear after selecting a connection method, ensure that both the managed device and your local computer meet the requirements described in the Prerequisites section of this article.

  1. VSA 10 will launch the remote control session and connect to the managed device via the selected method.
    • If you connected to the endpoint via a VSA X protocol, a remote control window will open on your computer, providing access to management tools and a condensed view of the target device's desktop. Refer to Remote session tools.

    • If you connected via Microsoft RDP, you'll have access to the Remote Desktop user experience. Refer to Microsoft's How to use Remote Desktop article.

Peer-to-peer connection

A direct peer-to-peer (P2P) connection will now be established during remote desktop sessions between Windows machines where network conditions allow it, to reduce latency and improve responsiveness.

After initial relay connectivity is established, P2P connectivity will be attempted automatically using industry standard protocols. If successful, the session will automatically switch from relay to P2P connection mode.

Network requirements for a successful P2P connection:

  • On-prem customers should enable UDP port 443 inbound connectivity to the VSA server.
  • Endpoints and technician machines require outbound connectivity to the VSA server (on-prem) or Kaseya's cloud infrastructure (cloud customers) on UDP port 443.
  • Neither endpoint or technician machine should be behind a firewall with application layer rules blocking P2P traffic.
  • Neither endpoint or technician machine should be behind a network device with "symmetric NAT" or "double NAT" configurations.
  • Technician machines with firewall rules should be open to all ports as the P2P connection will use temporarily use a random high-numbered port (called an "ephemeral port") as the source port.

NOTE  Technicians can view the P2P connection state and performance metrics by enabling Session Health in the Settings menu of the Remote Desktop client, or manually disable P2P connectivity.

Remote session tools

When you connect to a session established via a VSA X protocol, you'll notice a toolbar that appears at the top of the remote control window. This toolbar provides you with quick access to the following session management features:

Menu Option Definition
Record Session

Records any supported Remote Control session if session recordings have been enabled for the device via a Device Configuration: Remote Desktop Profile. Both shared and private sessions are supported.

NOTE  This feature is available only when using a Windows machine to control a remote Windows agent.

NOTE  A protection mechanism will ensure that recordings do not result in the total consumption of disk space on the local device. Recordings will not start if less than 10% of free disk space is available on the target agent. If a recording has started, and the target agent available disk space falls below 10%, the recording will immediately stop.
Commands Ctrl+Alt+Del Inject the Windows Ctrl+Alt+Del keyboard command into supported operating systems.
Paste as Keystrokes Injects the current contents of the local clipboard into the remote session as keystrokes.
Input as Keystrokes Opens a modal on your local machine that enables you to construct a custom string to be sent to the remote session as keystrokes.
Secure Paste When clicked, securely pastes the content of a technician's clipboard to the remote device.

NOTE  This option is disabled by default, refer to Remote Desktop Secure Clipboard.
Chat Launches a chat window on your local computer and the remote machine to facilitate communication with other active users.
Settings Smart Sizing Automatically scales the viewport to an optimal resolution for viewing the remote content.
Disable Wallpaper Hides the wallpaper on the target device for the duration of the session.
Input Restrictions Provides options for blocking the remote user's keyboard and mouse input and blanking the remote display.
Session health Displays real-time information about the session's round-trip time (RTT).
Use hardware acceleration Leverage hardware acceleration, if available, to render the content in the remote control window.
Screen options Enables you to throttle the remote control window's rendering engine between Best quality, Balanced, and Best speed.
Screen Scaling Provides management options for upscaling the view of the remote computer's desktop in the remote control window.
1-Click Injects saved 1-Click credentials into the current session.
Feedback Opens a feedback survey enabling you to rate the quality of the session connection and provide comments for the VSA product management team.
Collapses the management toolbar.
Expands the viewport to the dimensions of the current display.
Closes the management toolbar.

If you are having issues with connecting via Remote Control, or just want to review detailed logs for your own purposes, the process for enabling logging on the source and destination machines will vary based on the OS of both the source and the destination machine. For details on how to enable and gather these, refer to Remote Control log files.