- Azure AD without on-prem Windows Active Directory? - Mon, Oct 25 2021
- An overview of Azure security - Mon, Mar 29 2021
- An introduction to Azure AD administrative units - Wed, Jan 6 2021
The rules of corporate computing have changed. Long gone is the strict control over the type of device a user is permitted to use and the well-defined boundaries between corporate and public networks. Increasingly, corporate data is moving to public clouds such as O365 and Google, where it is available on a wide range of internet-connected devices. Modern computing has a significant advantage for end-user productivity, but presents challenges in supporting the myriad of devices.
The challenges in moving to the public cloud are not limited to end-users. Hybrid and multicloud strategies have moved from the fringe to the mainstream. Administrating servers across these environments typically involves a mix of administration tools, portals, and login IDs.
Dameware Remote Support installs on a server, making it an excellent option for environments where compliance requirements prevent a cloud-based solution. Smartcard support is an option for organizations that require advanced authentication methods. Functionally, the products are securely extended outside the internal network with an internet proxy. The Dameware Internet Proxy Server provides a self-hosted platform to make remote control sessions on computers outside of your firewall. For added security, the Internet Proxy can be installed and configured on a server in the DMZ.
Installation is a straightforward process. There is an option for a standalone server installation or a centralized version. The standalone installation is sufficient for small deployments or testing but does not support sessions with users outside the network. The centralized version of Remote Support is used in this example to support external clients. The installation offers an Express mode, installing all options on a single server. For production environments, I suggest configuring multiple servers and hosting the internet proxy in a DMZ.
Once the installation is finished, it's time to move on to configuring the internet proxy component. The internet proxy facilitates support with clients outside the network. Setting up the proxy requires modifications to the firewall to allow ports 80, 443, 6129, 6130, 6132, and 6133. These ports are configurable, should you require other port numbers.
Managing Dameware groups ^
Dameware uses groups to manage collections of computers. These groups can be personal, which are only available to an individual user, or global, which are available to all Dameware Remote Support users. You can add folders to the groups to further organize the contents. In the example below, start at the Dameware Server Administration Console. Next, create a folder for all computers in the cirtalos.com domain by right-clicking Global Host List and selecting Add > Add Folder.
After that, give the folder a name and select Add New Folder.
There is an option to add a host by right-clicking the host list and selecting Add Host. Adding a single host works well for individual computers. Additionally, there are options to import from a list of computers in CSV format or import computers from Active Directory. To start the import from Active Directory, click the Import From AD button at the top of the menu.
Click Browse to select the servers to import. The Active Directory Import Wizard starts with the option to use the local domain or connect to another domain controller. This option is helpful for multidomain environments or if the Dameware Server is not on the domain. This example uses the local domain.
The next screen lists AD groups to use as the source for the import. The example below imports from the Domain Computers and Domain Controller groups.
Click Import to finish the AD import process.
Servers from the domain now populate the Global Host list.
Managing remote servers ^
Servers added to the global group are now available for management in the Dameware Remote Support console. Open the console and go to the folder that was created in the previous step under the Global Host List. There are many administration tools available for servers in the list. These tools range from a simple event log and properties explorer to more advanced tools, such as registry editing and Intel AMT. The image below shows a list of processes.
Managing Active Directory ^
Dameware Remote Support tools are not limited to server management. Technicians can also manage Windows Active Directory from Dameware Remote Support. A list of familiar tools is available to manage servers, computers, users, and OUs in Active Directory. This provides a handy location for common management tasks.
The ability to manage users is available directly from Dameware Remote Support. Simple tasks such as resetting passwords and disabling accounts are available with a right-click. The Properties option brings up advanced management tasks, such as configuring address information and organization settings.
Remote sessions ^
Dameware Remote Support offers two options to connect to computers outside the local network. An attended session connects the technician to a remote computer for a limited amount of time. Users download the client and establish the support session from a shared URL. The session lasts only as long as the connection lasts. Once that connection ends, it cannot be re-established.
Alternatively, users can download a client to establish an unattended session. The user installs a persistent client that allows an administrator to log in and manage the computer on-demand. Unattended sessions are ideal for remote data centers, branch offices, or cloud-hosted computers that require remote management.
Both options are available by default with Dameware Remote Support. The Dameware Internet Proxy supports connections outside the network. The Internet Proxy runs on the same server as the Central Server when it is installed with Express mode. A multiserver option is also available to install the Internet Proxy on a separate server, such as in a DMZ.
Attended sessions start from the Dameware Mini Remote Control, part of the Centralized Server installation. From Dameware Mini Remote Control, go to File > Invite user to join remote session.
The Internet Session window displays the new session name. Click Create Session to start a session.
Next, a window appears with the connection status and instructions for the person requesting remote support. There are options to email the details or copy to the clipboard. The link can also be read to the remote user and entered manually. Notice the IP address instead of a hostname for the connection. A public IP address or public hostname are options for remote sessions. This example uses an IP address. Use a hostname instead of an IP address in production to avoid certificate errors.
Once the user goes to the link, they will see a web page with instructions to run the client and a prompt to run or save the executable. Run the executable to start the session.
A security warning appears, asking to allow the program to run on the computer. Click Allow to continue.
Dameware displays the remote desktop after the user allows the program to run. This remote desktop is accessible until the session is disconnected. The only way to re-establish a connection is to start the process again.
An unattended session utilizes an agent to create a persistent connection to Dameware Remote Control. This is useful if frequent support sessions are required, or if the computer needs to be remotely managed and is outside the network.
Start by going to the Dameware Server Administrative Console. Click Settings under Internet Proxy. From there, click Edit in the Deployment link column.
Click Copy to clipboard to copy the deployment link. The deployment link is the URL of the unattended session agent the user will download.
Next, enter this link into a web browser on the client computer. Selects the relevant version of the computer operating system and click the Download link to download the agent.
Running the application installs the Mini Remote Control Servers. Follow the instructions to install the agent.
Once installed, the server is displayed as a remote computer in the Server Administration Console.
The server also appears as a resource for a remote desktop connection.
Overall the product was easy to install and configure. The installation documentation is readily available and accurate. Knowledge of networking and access is required to configure the firewall if using the internet proxy. I was able to test internet-based connections with a public IP address successfully. Production environments should plan to add a hostname to DNS and obtain a valid SSL certificate so that users do not get a certificate warning when running the client.
Subscribe to 4sysops newsletter!
Dameware Remote Support offers a wide variety of tools to manage servers and Active Directory in one location. The on-premises installation makes it an excellent option for organizations that can't use cloud solutions due to regulatory requirements or who don't want a hosted solution. The product is licensed based on the number of technicians, not managed endpoints. Pricing is publicly available and relatively inexpensive compared to similar products.