By default, when a NetSupport Manager Control attempts to connect to a Client after locating it either via a local browse of the network or the NetSupport Gateway, the Control will be able to connect without having to authenticate first.
You can prevent unauthorised connections to your Client machines by setting the User Validation settings in the Client configuration. These settings can either be configured locally at the Client machines or via Active Directory GPO using the ADMX templates that are provided.
Configuring user validation locally at the Client
- On the Client machine, open the NetSupport Manager Client Configurator located under Start > All Programs > NetSupport Manager – or run the pcicfgui.exe file located in C:\Program Files (x86)\NetSupport\NetSupport Manager.
- Select Advanced.
- Select Master Profile and then click Edit.
- Select Security – User Validation.
Under the User Validation section, there are three sections:
Note: All authentication is performed by the Client using the credentials supplied from the Control machine.
Clicking Change allows you to create a username and password that grants a connection to the Client machine. You can create multiple user names if you have multiple Control users and would like each user to have their own set of credentials.
When a Control attempts to connect, it will be prompted for a username and password before it’s granted access.
An asterisk denotes a wildcard, so a Control user can enter any username. If you want all connections to prompt for a username and password, ensure you remove the asterisk after entering your usernames and passwords.
Note: Removing the asterisk and not specifying any usernames and passwords means that no Control will be able to connect to the Client.
The NT authentication within NetSupport Manager prompts the Control user to enter valid NT account credentials when attempting to connect to the Client. The NT account credentials entered must be valid on the Client workstation.
You can further restrict access by specifying an NT group which restricts access to members of that group only. Selecting Browse will show the NT groups that are known to the workstation.
Active Directory Options
The Active Directory authentication within NetSupport Manager validates a connection against Active Directory. A Control is prompted to enter AD account credentials for a valid account which exists on the Active Directory that the Client machine is a member of.
As an additional level of security, you can also restrict access to members of specified AD security groups. Using this option, a Control can only connect if the AD credentials supplied are for a user account that is a member of the specified security group.
Applying user validation via Group Policy
The user validation settings can also be configured on your Client machines via Active Directory Group Policy.
The technical article below explains where to find the NetSupport Manager ADMX Templates files and how these can be imported in your Group Policy:
Once you have imported the ADMX Template files, you will find the settings in the following locations:
Computer Configuration > Policies > Administrative Templates > NetSupport Client Settings > Master Profile > Security > User Validation.
User Configuration > Policies > Administrative Templates > NetSupport Client Settings > Master Profile > Security > User Validation.
Note: If using the Usernames option, the password will need to be entered into the Group Policy using an encrypted value. You can generate encrypted values via the NetSupport Encryption utility, which can be requested from our Support team.
For further information about the Encryption utility, click here.
After following the steps above, you will have successfully configured your NetSupport Manager Clients to request user validation when a Control attempts to make a connection.