How to Specify User Access Rights in RemotelyAnywhere
Follow this procedure to make sure that users can access your RemotelyAnywhere host computers.
- Click Preferences to access the host preferences.
- Under Security > Access Control, select from the following general options:
Option Description Allow full control to administrators Select this option to grant full permissions to anyone with administrative rights on the host computer. NT LAN Manager authentication RemotelyAnywhere supports Windows Challenge/Response type authentication. You must use Internet Explorer to take advantage of this feature. You need not worry about exposing your password to eavesdroppers if you are using HTTPS to secure all communications between your browser and RemotelyAnywhere. Save user name in a cookie You can configure RemotelyAnywhere to remember your user name in a cookie. Do not list domains on logon screen Select this option to clear the list of active domains in the host authentication dialog box. This provides an extra layer of security by forcing the remote user to type the exact name of the chosen domain in the Log on to field. Display "Enable/Disable RemotelyAnywhere" option on the system tray menu Select this option to be able to enable or disable RemotelyAnywhere from the system tray. - Click Add to define the access rights of a new user.
Result: The Access Control dialog is displayed.
- In the User name field, type the name of the user for whom you want to set permissions. Alternatively, click List users and groups to browse for a user.
- Set the user's permissions using the following options:
Permission R(ead) W(rite) D(elete) Login Allows the user to log into RemotelyAnywhere. By revoking this permission you can temporarily disable a user’s access to RemotelyAnywhere without having to clear any other permission. Configuration Allows the user to view RemotelyAnywhere Preferences. You must be an Administrator to change this setting. Allows the user to change RemotelyAnywhere Preferences. You must be an Administrator to change this setting. Scripts Allows the user to view and execute monitoring and maintenance scripts. Allows the user to edit, compile, enable and disable monitoring and maintenance scripts Allows the user to delete monitoring and maintenance scripts. Event Viewer Allows the user to read event log entries. Allows the user to clear and backup event logs. File System Allows the user to list drives, folders and files; read and download files; view file attributes; shared folder information and access control lists; and use File Manager. Allows the user to copy, paste, rename and edit files; create and share folders; edit attributes and access control lists Allows the user to delete files; remove shares; and disconnect users from shared files. Registry Allows the user to view the registry keys and values; and list installed applications. Allows the user to create and rename registry keys; add and change registry values Allows the user to delete registry keys and values Performance Data Allows the user to view system performance data, graphs and detailed hardware information. Processes Allows the user to view running processes, services and drivers; list DLLs and objects that these processes use; and view scheduled tasks. Allows the user to change process priorities and service startup parameters; control services; create and modify scheduled tasks Allows the user to kill running processes and services; delete scheduled tasks Reboot Allows the user to restart the RemotelyAnywhere service; initiate and schedule system reboots; and hardreset the computer. Remote Control Allows the user to view and monitor the remote desktop; and use the chat applet. Allows the user to view and interact with the remote desktop. Allows the user to take control over the remote desktop without the interactive user’s permission. Whiteboard Allows use of the Whiteboard during remote control Chat Allows the user to chat with the person in front of the computer User / Group Accounts Allows the user to list and view user groups and accounts. Allows the user to create new user groups and accounts; and modify their details. Allows the user to delete user groups and accounts. System Configuration Allows the user to list and view system configuration data, such as environment variables, virtual memory settings, drive and partition information and network adapters. Allows the user to modify system configuration data, such as environment variables, virtual memory settings, drive and partition information and network adapters. Allows the user to delete environmental variables. SSH Shell Allows the user to use a command prompt via SSH. SSH Port Forward Allows the user to use port forwarding via SSH. SSH Port Forward without restrictions Allow port forwarding through SSH secure shell without any restriction. SSH Port Forward restrictions Click to set up SSH port forwarding rules. When you add a rule, under In fill in the Destination host and Destination port number fields with the details of the target computer, and ensure that the rule is Enabled. Note: These restrictions are only applied if you select the SSH Port Forward option and clear the SSH Port Forward without restrictions option on the Access Control page.
SSH Privileged Port Forward Allows the user to use port forwarding for ports below 1024 via SSH. SCP Allows the user to use SFC (Secure File Copy) via SSH. SFTP Allows the user to use SFTP (Secure File Transfer) via SSH. Command Prompt Allows the user to use the secure RemotelyAnywhere Telnet applet to open a remote command prompt. Telnet Allows the user to use any unsecured Telnet client to open a remote command prompt. Desktop Sharing Allows the user to create and delete Desktop Sharing invitations. Option Description Full Control Give the user full control over all features of RemotelyAnywhere. It is the equivalent of checking all other options (other than Compact View only). Force Basic Interface Limit the host user to the Compact HTML view of the RemotelyAnywhere HTML interface (the "Main Menu"). SSH Does Not Emulate Stream Mode Set this flag to disable emulated stream mode for the SSH Server. The option is helpful if you want SSH to execute non-interactive shell scripts which must not include terminal emulation. SSH uses an emulated stream mode when the command shell is cmd.exe. Emulation is turned off by setting this flag, and this allows you to use an alternate shell (such as bash.exe) in stream mode. (You can control the shell interpreter used by changing the ComSpec environment variable for this user.) This flag, when set, overrides the system-wide Console Mode parameter under Telnet Server and will enable Stream Mode for this user.
By default, stream mode in RA SSH is emulated, meaning that it does not directly relay I/O between the shell and the SSH client, but does some pre-processing in order to properly display the original command-line shell of Windows (cmd.exe).
IP filter Use this drop-down list to apply an existing IT filter profile to this user. This allows you set the IP address (or range) from which the user can access the host. - Click Add.
Result: The user is added to the User list.
- Click OK to exit the User Access Control dialog box.
- Click Apply.
Result: Your settings are applied immediately to the host.