A user can establish a remote control session when the host computer is at the CTRL+ALT+DEL screen or is locked, behavior for Standard user vs. Superuser

Article:TECH138171  |  Created: 2010-08-20  |  Updated: 2013-12-23  |  Article URL http://www.symantec.com/docs/TECH138171
Article Type
Technical Solution

Product(s)

Environment

Issue



It is possible for a user to establish a remote control session when the "host" computer is at the CTRL+ALT+DEL screen or is locked.


Environment



pcAnywhere Solution 12.5 with SP2
pcAnywhere Solution 12.6


Cause



This behavior is by design. 


Solution



This issue has been resolved in pcAnywhere Solution 12.6.7.  Please see the release notes for pcAnywhere 12.6.7: http://www.symantec.com/docs/DOC5350 
 

Previously, Symantec published the following article to explain the behavior and some advice on configuration:
"How can I configure pcAnywhere Solution to prevent eavesdropping?" (HOWTO21510)

Symantec has released a patch for the version 12.5 sp2 Windows "host" computers (those running the Symantec pcA Agent)  which changes the behavior to the following.  The behavior in 12.6.7 is the same as the behavior noted below under the "Behavior after patch is applied" 

User Type Machine State Behavior before patch is applied

Behavior after patch is applied (12.6.7 Behavior by default)

StandardUser Ctrl + Alt + Del Display message box with the ability for end user to only accept connection. After timeout connection is established. Display message box should have the ability for end user to accept/deny connection. After timeout, connection should be terminated.
StandardUser Machine locked Display message box with the ability for end user to only accept connection. After timeout connection is established. Display message box should have the ability for end user to accept/deny connection. After timeout, connection should be terminated.
StandardUser Logged-in Display message box with the ability for end user to either accept /deny connection. After timeout connection is terminated. Display message box should have the ability for end user to accept/deny connection. After timeout, connection should be terminated.
SuperUser Ctrl + Alt + Del Display message box with the ability for end user to only accept connection. After timeout connection is established. Display message box with the ability for end user to only accept connection. After timeout, connection should be established.
SuperUser Machine locked Display message box with the ability for end user to only accept connection. After timeout connection is established. Display message box with the ability for end user to only accept connection. After timeout, connection should be established.
SuperUser Logged-in Display message box with the ability for end user to only accept connection. After timeout connection is established. Display message box with the ability for end user to only accept connection. After timeout, connection should be established.


The patch for pcAnywhere 12.5 sp2 is attached to this article and the files must be replaced on the host computers. 

 


Attachments

pcAnywhere solution 12.5 sp2 patch
pcA_Solution_12.5_SP2_privacy_patch.zip (81 kBytes)
pcAnywhere solution 12.6 patch Not 12.6.7 This patch is not needed in 12.6.7 as it has the ability to protect privacy by default.
2368402_-_Add_ability_to_remote_connect_only_if_user_on_the_host_accepts.zip (75 kBytes)





Article URL http://www.symantec.com/docs/TECH138171


Terms of use for this information are found in Legal Notices