Remote control security

I have a customer who is concerned about privacy as he is in the financial industry. He is not comfortable with always on remote access so I suggested the “Client Permission” option and demonstrated it for him. However, since I have the ability to turn off the permission requirement he doesn’t feel that this really addresses his privacy concerns. I don’t blame him either! Even turning off remote access in the policy does not really fix the issue because I can always just turn it back on!

In addition to this, the screen thumbnails that are visible on an asset overview page are concerning too. I know I can disable those per technician but it seems like there should be an option to disable them for a customer instead. However, even that option could be overridden by changing the policy.

So my question is whether or not there is a way to have the Syncro agent installed for a customer with remote access curtailed and thumbnails removed also preventing agents or admins on our side from enabling those features?

Is this possible? If not, could it be? It seems we could do this by installing a specific agent version on the customer machines that applies a profile that has static settings for remote access. That way the only method for changing those parts of the policy would be to reinstall a different agent on the system.

Currently not possible. I agree being able to manage some of those settings per client would make sense for situations like this.

This has come up before and my memory in previous conversations was that Syncro didn’t really see this as a likely feature to build.

Unfortunately, w/o disabling ALL remote scripting capabilities there is no way for policies in the RMM to prevent you or one of your techs from installing some sort of remote access tool. And is the ability to access the desktop or the files on the computers a bigger concern because the remote access capabilities of pretty much any RMM will allow you to copy data back locally etc.

So basically, while your clients’ concerns are valid, and while it would be a really good idea for Syncro to add the ability for an Admin to disable any number of things on a given client by policy. If your client cannot trust you to have remote access you cannot use an RMM.

How I covered this topic with a client with similar concerns was to schedule a custom monthly report that listed all remote screen sessions.

I explain to clients that there’s an audit trial for remote access that I am unable to edit and they are welcome to view the remote access records for any asset at any time.

I do wish there was better reporting on this, like a section in report builder or a canned report that combines both splashtop and backgrounding tools record though, with a way to auto-generate and email the report at certain intervals.

Backing up what Jordan says! I will also point out that Backgrounding Tools gives you remote access as well as the CMD and PowerShell terminal. So that may be something you’ll want to turn off via Admin > Security Groups.

Yeah, I realize there are other remote tools that give me access, but he is mostly concerned about screen viewing so that is my focus.

@jeff How detailed is your report? I see that I can create a report that reveals remote sessions but it is super basic. It literally just says “All Active Remote Sessions” and lists the quantity. No indication of which computer was accessed, by which tech or for how long!

Try the Asset Activity Audit. Search for ‘remote’

Yes that’s better. Thanks!