Enhance the Agent's Security
To increase the global security of the Take Control infrastructure, create a Master Password on every computer where the Agent is installed. This feature diminishes security breaches related to misconfiguration or the leak of Take Control credentials. A master password is recommended for machines that perform key roles for their respective networks (e.g. domain controllers, database servers, web or mail servers).
Use this feature in conjunction with locking Windows at the end of each support session, and also with the option to Require local user authorization when starting a session, which requires the explicit permission of the local user before starting any session.
Add a master password to the Take Control Agent
Each master password must be set individually for each machine.
Although focused on the Windows version, the following steps can also be used for Mac OSX.
- Open the Take Control Agent configuration window on the remote machine by right clicking on the corresponding icon on the system tray and selecting Restore from the context menu.
If the Agent is not running with Administrator permissions (Windows Vista, Windows 7…), click the padlock in the upper-right corner of the window to enable the management of the Agent. This opens a dialogue box warning the user that the configuration program needs to be restarted with elevated privileges. Click Yes to restart.
- After restarting, navigate to Security, and in the new window select the correct authentication type for that specific computer.
None – disables authentication and by default the machine is accessible by all the technicians that have permission to access unattended computers. Take Control locks Windows at the end of each session to provide an additional layer of security.
Take Control Password – choose a password with at least 8 characters, including letters, numbers and symbols.
Windows Account – uses Windows authentication, and allows the session to be authorized using a valid local or domain-based Windows account. For security reasons, only accounts that already have a profile created on the local machine are authenticated.
Allow restricted accounts to login to this server – allows only local or domain administrators to log in to the computer.
Select Require local user authentication on starting a session, and click Apply.
Requiring local authorization disables the possibility of unattended setup. Please use this feature carefully as you may lose access to a computer.
- Before exiting the Agent, click on the padlock icon again (which should be open) in order to lower its privileges.