Security Settings
Authentication
In order to access a remote Host you must authenticate on that Host, i.e. provide your access credentials in a security prompt window when you start a remote session.
Remote Utilities supports different authentication methods. You can enable multiple methods on the Host and use either of those to authenticate on that Host.
Single password
This is the simplest way to log in on a remote Host. Only a single password is used to authenticate. You can create access password during Host installation or later in the Host settings.
Enabling Single password authentication
Navigate to Authentication, select Single password checkbox, then enter and confirm a new password and click OK:
Changing existing password
- Navigate to Authentication and click Change password...:
- Click Yes in the warning message:
- Enter and confirm a new password and click OK:
Removing existing password
- Navigate to Authentication and click Remove:
- Click Yes in the warning message:
Important!
For security reasons, there are no technical, blank or default passwords. If no authentication method is enabled, you will NOT be able to connect to this Host. Make sure that you enable at least one authentication method.
Remote Utilities security
Use this authentication method if you want to create multiple user accounts with different permissions for each account.
To enable this method select the Remote Utilities security check box. Make sure that you created user/users and set access permissions for them (see below).
Creating users and setting access permissions
Accounts that you create in this dialog apply to this specific Host only. They are not centrally stored anywhere. If you want to create same accounts for multiple Host installations, use the MSI Configurator to pre-configure your custom Host installer with the necessary accounts.
- Navigate to Authentication and click Users and access control...:
- Click Add...:
- Create a user and password. You can optionally enable Ask user permission option for this user. Click OK:
- In the Rights box set permissions for this user and click OK:
- All access — allow all connection modes
- Full Control — allow the Full Control connection mode
- View only — allow the View Only connection mode
- File Transfer — allow the File Transfer connection mode
- Redirect — allow connecting through Host
- Remote Access Features — allow Terminal, Task Manager, Remote registry, Execute, Inventory manager, RDP and Screen recorder connection modes
- Communication Features — allow Text chat, Voice and Video chat and Send message connection modes
- Power Control — allow the Power Control connection mode
- Remote Upgrade — allow using the Remote Install tool for remotely upgrading the Host
- Remote Settings — allow running the Remote Settings mode
Important!
The selected connection mode must also be allowed in the global permission settings in the Modes tab, see below.
Editing user
- Navigate to Authentication and click Users and access control...:
- Select a user in the list and click Edit...:
- Make the necessary edits and click OK:
Removing user
To remove a user, select the user in the list and click Remove:
Windows security
With this authentication method you can use Windows accounts to authenticate on a remote Host. To enable this method select the Windows security check box and set permissions as described below.
To add a Windows user and set access permissions:
- Navigate to Authentication and under "Windows security" checkbox click Permissions...:
- Click Add...
- Select Windows accounts that you want to grant or deny access to this Host and click OK.
- Select an account in the list, set permissions for this account and click OK:
- All access — allow all connection modes
- Full Control — allow the Full Control connection mode
- View only — allow the View Only connection mode
- File Transfer — allow the File Transfer connection mode
- Redirect — allow connecting through Host
- Remote Access Features — allow Terminal, Task Manager, Remote registry, Execute, Inventory manager, RDP and Screen recorder connection modes
- Communication Features — allow Text chat, Voice and Video chat and Send message connection modes
- Power Control — allow the Power Control connection mode
- Remote Upgrade — allow using the Remote Install tool for remotely upgrading the Host
- Remote Settings — allow running the Remote Settings mode
- To apply the settings click OK in the main Host settings window:
Custom server security
Custom server security allows you to use Remote Utilities self-hosted server as your authentication server/hub. Please refer to setting up authentication server guide.
Two-step verification
Two-step verification (also known as two-factor authentication, or 2FA) adds another layer of security and guarantees that your Hosts are well protected from unauthorized access even if someone guessed your access password.
Here is how to enable 2-step verification on a single Host:
- In Host configuration window navigate to 2-step verification and select Activate two factor authentication checkbox:
- Use a mobile authenticator app to scan the QR code shown in window. We recommend using Google Authenticator app or Microsoft Authenticator app for smartphones:
- Enter the numeric code shown in your authenticator app:
- Click OK. You have now set up the Host to use 2-step verification. When you connect in to this Host from the Viewer, you will need to enter a one-time password (OTP) in addition to the credentials for the authentication method that you use.
When you configure a custom build using the MSI Configurator, you are essentially creating a “master" installer file that you deploy on multiple remote computers. If you enable 2-step verification during MSI configuration you’ll be using the same security code for all the Hosts that you deployed using your custom build.
Confirmation
In the Confirmation dialog you can enable Ask user permission:
IP-filter
Use IP-filtering to restrict access to this Host for a specific IP address or IP address range:
- Allow everyone, except – add an IP address or range to the white list
- Deny everyone, except – add an IP address or range to the black list
- Edit – click to specify an IP address or a range
Modes
Use Modes to globally allow or deny specific connection modes for any user who connects in to this Host. To further fine tune access permissions for specific users use the respective authentication method permissions dialog.
For example, to quickly deny File Transfer mode on this Host to all users uncheck File Transfer in the Modes tab and click OK.
Host identity
Remote Utilities has a certificate-based Host identity check mechanism. This mechanism doesn't require any configuration and works automatically.
The first time you connect to a remote Host the Host’s public key (certificate) is fetched and stored on the Viewer side. The next time you connect in to the same Host the certificate is used to verify Host's identity.
The Host certificate is automatically generated for you in Host identity tab:
You can re-issue a certificate manually if needed by clicking on Generate new.
If the Host certificate differs from the one stored by the Viewer, a warning message appears on the Viewer side:
If you believe that this is the same Host installation that you previously connected to (e.g. you re-installed the Host and certificate was reset), click Yes. This will update the certificate cache on the Viewer side. Otherwise click No.
