How to Specify User Access Rights
User Access Controls apply to a Windows or Mac account, not a LogMeIn Central account. A user may be able to see a computer listed in his account, but still may not have permission at the operating system level to actually access the host.
- Access the host preferences:
- From the host computer, open the LogMeIn Control Panel and follow this path:
- From a client device, connect to the host Main Menu and follow this path:
- Under User Access Control, select from the following general options:
Option Description Allow full control to administrators Select this option to grant full permissions to anyone with administrative rights on the host computer. Hide list of domains on the Remote Access login screen
Available on Windows hosts only.Select this option to clear the list of active domains in the host authentication dialog box. This provides an extra layer of security by forcing the remote user to type the exact name of the chosen domain.
- Under User Access Control, click Show details.
Result: The User Access Controls dialog is displayed.
- In the Name field, type (or browse for) the name of the user for whom you want to set permissions.
- Set the user's permissions using the following options.
Some options are only available on computers running LogMeIn Central.
Option Description Full Control Give the user full control over all features. Compact view only Limit the host user to Main Menu view of the HTML interface (as opposed to the Dashboard). Use IP filter profile Use this drop-down list to apply an existing IT filter profile to this user. This allows you set the IP address (or range) from which the user can access the host. Login Allow the user to log into the host. By revoking this permission, you can temporarily disable a user's access to the host without having to clear any other permissions. Configuration Allow the user to read (view-only) or write (change) settings under the Preferences menu. Event Viewer Allow the user to read (R) or delete (D) Windows event logs. File System
- R: Allow the user to list drives, folders and files; read and download files; view file attributes, shared folder information and access control lists; and use File Manager
- W: Allow the user to copy, paste, rename and edit files; create and share folders; edit attributes and access control lists
- D: Allow the user to delete files; remove shares; and disconnect users from shared files
- R: Allow the user to view registry keys and values; list installed applications
- W: Allow the user to create and rename registry keys; add and change registry values
- D: Allow the user to delete registry keys and values
Performance Data Allow the user to view running processes/services/drivers, change process priorities and service startup parameters, and create/delete scheduled tasks. Reboot Allow the user to restart, initiate and schedule system reboots, and hard-reset the computer. Remote Control
- R: Allow the user to view and monitor the host desktop and chat with a host user
- W: Allow the user to view and control the remote desktop
- D: Allow the user to take control over the remote desktop without the interactive user's permission
Whiteboard Allow access to the Whiteboard feature during Remote Control. Chat Allow access to the Chat feature. User/Group Accounts
- R: Allow the user to see which Windows or Mac users and groups have access rights to the host
- W: Allow the user to grant access rights to Windows or Mac users and groups and to modify their access rights
- D: Allow the user to delete Windows or Mac users and groups from the list of users for the host
- R: Allow the user to list and view system configuration data, such as environment variables, virtual memory settings, drive and partition information and network adapters
- W: Allow the user to modify system configuration data, such as environment variables, virtual memory settings, drive and partition information and network adapters
- D: Allow the user to delete environmental variables
Command Prompt Allow access to the host Command Prompt feature. Processes
- R: Allow the user to view running processes, services and drivers; list DLLs and objects that these processes use; and view scheduled tasks
- W: Allow the user to change process priorities and service startup parameters; control services; create and modify scheduled tasks
- D: Allow the user to terminate running processes and services; delete scheduled tasks
Desktop Sharing Allow the user to use the Desktop Sharing feature.
- Click Add.
Result: The user is added to the User list.
- Click OK to exit the User Access Control dialog box.
- Click OK or Apply.
Result: Your settings are applied immediately to the host.
Tips for Securely Managing Secondary Users
Follow these tips to help ensure that your secondary users do not present a security risk to your organization.
- Regularly audit your Users list to remove terminated employees
- Do not give users access to all computers in your account unless absolutely necessary
- When adding users on the Invite users to access your computers page, be sure to Specify the groups and computers the selected user can access
- Do not give One2Many access to unless absolutely necessary (since, in the wrong hands, One2Many can be used to distribute harmful files)
- When adding users on the Invite users to access your computers page, be sure this option is NOT selected: Run One2Many tasks