Review the followings sections:
When a remote operator launches the Remote Management Listener to listen to the remote session requests from the managed device user, ZENworks issues a ticket to enable the remote operator to authenticate to the managed device. The lifetime of this ticket is two days.
The Remote Management Listener continues to run even after the remote operator logs out or closes the ZENworks Control Center. If the ticket is still valid, any other remote operator might use the listener to listen to the remote session requests from the managed device users. For security purposes, you must close the Remote Management Listener before logging out or closing the browser.
To close the Remote Management Listener, right-click the
icon in the notification area, then click .By default, the Remote Management module runs as a service with system privileges on the managed device. Consequently, all the applications launched during the Remote Execute session also run with system privileges. For security reasons, we strongly recommend that you close the applications after use.
When a remote operator launches a remote session on a managed device through ZENworks Control Center, a certificate that helps the managed device to identify the remote operator is automatically generated by ZENworks if an internal CA is used. However, if an external CA is used, the remote operator needs to manually provide the certificate that is chained to the deployed external CA and is certified for SSL Client Authentication. For more information on using the external CA, see Section 2.1.5, Starting Remote Management Operations on a Windows Device.
inIf a remote operator launches a remote operation on a managed device without providing a certificate, the name of the remote operator is recorded as
in the audit logs, the Visible Signal and the Ask User Permission dialog box. To ensure that the remote operator provides the certificate, deselect in the Remote Management policy.To remotely control a device that is already connected using Remote Desktop Connection (RDP), ensure one of the following:
The RDP session is in progress on the managed device
The managed device was manually unlocked after the termination of the RDP session on the device.
If the
option is enabled in the Remote Management policy, the managed device attempts to determine the management console name at the start of a remote session. This might cause a significant delay in starting the remote session if the network does not have reverse DNS lookup enabled. To prevent the delay, disable in the policy.To enhance the performance of a remote session, Remote Management uses a mirror driver to detect the changes on the screen. If the mirror driver is not compatible with the Aero desktop theme, an attempt to load the mirror driver on a device that has the Aero theme enabled switches the device to the default desktop theme. This might affect the user experience, so it is not recommended to use Aero theme on a device that you want to remotely manage.
If you would like to retain the Aero theme during the remote session of the managed device, then disable the mirror driver on the device. To disable the mirror driver, deselect the Configuring the Remote Management Settings at the Zone Level of a Windows Device.
setting on the device. For more information on the Enable Optimization Driver setting, seeHowever, enabling the Aero theme on the managed device might degrade the performance of the remote session on the device.
To enable the (Ctrl+Alt+Del) icon in the Remote Management viewer toolbar when remotely controlling a Windows Vista or Windows Server 2008 device, ensure that the User Account Control (UAC) is enabled on the managed device.
The Remote Management performance during a remote session over a slow link or a fast link varies depending on the network traffic. For a better response time, see Section 3.1.6, Improving the Remote Management Performance on the Windows Managed Device.