Security

Show me content for:

The Security section in the Host settings is where you can choose the authorization method — i.e. specify how exactly you are going to log in to this Host from the Viewer. You can also enable other security options, such as Ask user permission, IP filtering, etc.

  1. Right-click the Host icon in the system tray and select Settings for Host: Host menu - Settings for Host
  2. Navigate to the Security section: Security settings

Authorization

Starting version 6.9 you can enable multiple Host authorization methods in any combination. To enable an authorization method select Authorization on the left in the Host settings window and select the corresponding checkbox on the right.

Single password

This is the simplest authorization method used in Remote Utilities. There is no login or username, just the password. You are asked to create a password during Host installation. If you didn't set the password during installation you can always set it afterwards in the Host settings or skip creating a password and use another authorization method instead.

To enable singe password authorization select the Single password check box. Make sure that the password is actually set (see below).

Setting new password

Navigate to Authorization, select Single password checkbox, then enter and confirm a new password and click OK:

Set single password

Changing existing password

  1. Navigate to Authorization and click Change password...: Change single password
  2. Click Yes in the warning message: Confirm changing single password
  3. Enter and confirm a new password and click OK: Set and confirm single password

Removing existing password

  1. Navigate to Authorization and click Remove: Remove single password
  2. Click Yes in the warning message: Confirm single password removal

Important!

For security reasons, there are no technical, blank or default passwords. If no authorization method is enabled, you will NOT be able to connect to this Host. Make sure that you enable at least one authorization method.

Remote Utilities security

Use this authorization method if you want to create multilple user accounts with different permissions for each account.

To enable this method select the Remote Utilities security check box. Make sure that you created user/users and set access permissions for them (see below).

Creating users and setting access permissions

Accounts that you create in this dialog apply to this specific Host only. They are not centrally stored anywhere. If you want to create same accounts for multiple Host installations, use the MSI Configurator to pre-configure your custom Host installer with the necessary accounts.

  1. Navigate to Authorization and click Users and access control...: Users and access control
  2. Click Add...: Add user
  3. Create a user and password. You can optinally enable Ask user permission option for this user. Click OK: Enter user details
  4. In the Rights box set permissions for this user and click OK: Set permissions

    Important!

    A connection mode must also be allowed in the global permission settings in the Modes tab, see below.

Editing user

  1. Navigate to Authorization and click Users and access control...: Users and access control
  2. Select a user in the list and click Edit...: Edit button
  3. Make the necessary edits and click OK: Editing user dialog

Removing user

To remove a user, select the user in the list and click Remove:

Removing user

Windows security

With this authorization method you can use Windows accounts to authorize on a remote Host. To enable this method select the Windows security check box and set permissions as described below.

To add a Windows user and set access permissions:

  1. Navigate to Authorization and under "Windows security" checkbox click Permissions...: Windows Security
  2. Click Add... Windows Security - Adding user
  3. Select Windows accounts which you want to grant or deny access to the Host and click OK. Windows Security - Select account
  4. Select an account in the list, set permissions for this account and click OK: Windows Security - Setting permissions
  5. To apply the settings click OK in the main Host settings window: Windows Security - Main window

Custom server security

Custom server security allows you to use Remote Utilities self-hosted server as your authorization server/hub. For a comprehensive guide on how to set up Custom Server Security please refer to this article.

2-step verification

2-step verification adds another layer of security and guarantees that your Hosts are well protected from unauthorized access even if someone guessed or otherwise got possession of your access password.

Here is how to enable 2-step verification on a single Host:

  1. In Host configuration window navigate to 2-step verification and select Activate two factor authentication checkbox: Enable 2 factor
  2. Use a mobile authenticator app to scan the QR code shown in window. We recommend using Google Authenticator app or Microsoft Authenticator app for smartphones: Scan QR code
  3. Enter the numeric code shown in your authenticator app: Enter code
  4. Click OK. You have now set up the Host to use 2-step verification. When you connect in to this Host from the Viewer, you will need to enter a one-time password (OTP) in addition to the credentials for the authentication method that you use.

When you build a custom Host installer using the MSI Configurator, you are essentially creating a “master installer” (a template) from which to deploy your Hosts. If you enable 2-step verification during MSI configuration you’ll be using the same security code for all the Hosts that you deployed using your custom installer.

Confirmation

In the Confirmation dialog you can enable Ask user permission:

Confirmation tab

IP-filter

Use IP-filtering to restrict access to this Host for a specific IP address or IP address range:

IP filter
  • Allow everyone, except – add an IP address or range to the white list
  • Deny everyone, except – add an IP address or range to the black list
  • Edit – click to specify an IP address or a range

Modes

Use Modes to globally allow or deny specific connection modes for any user who connects in to this Host. To further fine tune access permissions for specific users use the respective authorization method permissions dialog.

Modes

For example, to quickly deny File Transfer mode on this Host to all users uncheck File Transfer in the Modes tab and click OK.

Host identity

Starting version 6.9 Remote Utilities has a certificate-based Host identity check mechanism. This mechanism doesn't require any configuration and works automatically.

The first time you connect to a remote Host the Viewer will fetch information about Host’s public key (certificate). From then on, each time you connect to that Host the Viewer will run a verification process to ensure that you connect to the same Host as you intended.

The Host certificate is automatically generated for you in Host identity:

Host identity tab

You can re-issue a certificate manually if needed by clicking on Generate new.

If the Host certificate was changed and is different from the one remembered by the Viewer, a warning message appears on the Viewer side:

Host identity warning in Viewer
  1. Right-click the Host icon in the system tray and select Settings for Host: Host context menu
  2. Click Settings for host and select Security from the menu: Security menu
  3. The Security dialog will open: Select authorization method for the Host

Authorization methods

Remote Utilities offers three authorization methods:

  • Remote Utilities security. This is Remote Utilities own authorization system enabled by default. It consists of two subsystems which can work simultaneously (i.e. you can connect in to the same Host using either way):
    • Single-password authorization. A single (master) password is used to authorize on the Host.
    • Users and access control. A "username/password" pair is used to authorize on the Host. Different accounts with different access permissions can be created.
  • Windows security. This is Windows authorization/authentication scheme. You can use Windows credentials to authorize on the remote Host.
  • Custom server security. This method requires using a self-hosted server for authorization.

See below how to set up each authorization method.

Remote Utilities Security

Single password

The simplest authorization system used in Remote Utilities is single password security. You set one master password for a given Host with which to connect in to this Host. You do not have to use a login or username, just the password.

You are asked to create a master password during Host installation:

Host installation

If you didn't create the master password during Host installation you can set or change it later:

  1. In the Security window click Change password: Change password
  2. Set a new password and click OK: Change password

Important!

For security reasons, there is no technical, blank or default password. If you have Remote Utilities security selected as your authorization method but you neither set a master password nor created a user account in Users and Access Control (see below), you will NOT be able to connect to this Host. Make sure that you set your master password either when prompted during installation, or immediately after the installation.

Users and access control

Use this security subsystem if you want different people to connect in to this Host and you still don't want to use Windows authentication scheme. Each user will have their own login and password and an associated set of permissions.

To create a user:

  1. In the Security window, click Users and access control link: Users and access control link
  2. Click Add and enter a user name and password. Adding new user
  3. (Optional) Enable the Ask user permission option for this user if necessary.
  4. Click OK. The newly-created user will appear in the user list: Setting permissions for new user
  5. Set access permissions for the selected user. In this example the user "John" is allowed to connect to this Host using the View Only and File Transfer connection modes. Other modes will not be available for this user.

    Important!

    A connection mode must also be allowed in the global permission settings on the Modes tab.

  6. Click OK to save the settings.

Windows Security

Instead of using the Remote Utilities default authorization method, you can utilize existing Windows and/or Active Directory accounts to authorize on this Host.

  1. In the main security settings window, select the WinNT security radio button and click Permissions: WinNT Security permissions button
  2. Click Add... Permissions for Remote Utilities
  3. Select Windows accounts which you want to grant or deny access to the Host and click OK. Select users or groups
  4. Select an account in the list and set permissions for this account below. Select an account and set permissions
  5. Click OK to save the settings.

Custom Server Security

For a comprehensive guide on how to set up Custom Server Security please refer to this article.

Advanced settings

Click the Advanced button to access additional security settings.

Advanced button

Confirmation tab

Confirmation tab

Use the Confirmation tab to enable the Ask user permission option.

IP-Filter tab

IP Filter tab

Restrict access to this Host for a specific IP address or IP address range.

  • Allow everyone, except – add an IP address or range to the white list
  • Deny everyone, except – add an IP address or range to the black list
  • Edit – click to specify an IP address or a range

Host authority tab

Host authority tab

In the Host authority tab you can set a shared secret that provides the means of verifying identity of the Host.

A shared secret is an alphanumeric code that you can generate on the Host and then add to the corresponding Viewer connection properties. Every time a remote session is about to start, Remote Utilities will check the shared secrets on both ends. If they are not identical, the connection will be refused.

Modes tab

Modes tab

Use the Modes tab to globally allow or deny specific connection modes when connecting to this Host.

Custom server security tab

CSS tab
  • Use custom server security – select to enable Custom Server Security authorization method on this Host
  • Servers... – add and select a server through which to authorize
  • User access... – set user access permissions

Learn more about using a self-hosted server for authorization and setting up custom server security in this article.

This website uses cookies to improve user experience. By using this website you agree to our Terms of Service and Privacy Policy.