Process for pcAnywhere Agent registration and application of the pcAnywhere Settings - Windows policy
|Article:TECH164883|||||Created: 2011-07-18|||||Updated: 2011-08-29|||||Article URL http://www.symantec.com/docs/TECH164883|
The design of pcAnywhere Solution is such that when the pcAnywhere Agent is deployed to managed computers, it runs default pcAnywhere host settings, which include:
- listen on TCP port 5631
- “Require user to approve connection" option is enabled
- only the local "Administrators" group caller is available for authentication
- “Support global NT users and groups” option is disabled, so only accounts directly in the local “Administrators” group will authenticate.
- “Hide host tray icon” is disabled
The following message appears on the remote computer if pcAnywhere cannot successfully validate the credentials provided, or if the credentials are not found in the settings applied to the pcAnywhere host program:
Invalid Login. Please try again.
Those default settings remain in place until the pcAnywhere Settings policy is applied to the managed computer.
Assuming that the pcAnywhere Settings – Windows policy is enabled (On), the computers running the pcAnywhere plug-in will not have those settings applied until a few steps are complete:
1. The Symantec Management Agent on each managed computer communicates the results of a basic inventory back to the Notification Server, which includes the presence of the Symantec pcAnywhere Agent.
2. The Notification Server processes the inventory and the computer appears in the filter for the pcAnywhere Settings – Windows policy (Windows Computers with pcAnywhere plug-in Installed).
3. The Symantec Management Agent retrieves the pcAnywhere Settings – Windows policy once it has been applied to the computer.
Until the process described above is complete, the Symantec pcAnywhere Host Service will be installed and running, but not configured as the Settings policy defines. This is important to remember in case a remote control session is attempted before the pcAnywhere Settings policy is applied and the "Invalid login" error appears. In that case, the local administrator credentials (not domain credentials) should succeed, as log as an end-user accepts the connection.
Ideally, the pcAnywhere Settings policy will be applied to each computer in a reasonable timeframe, so that the behavior described above will not be an issue. The time intervals between inventory updates and policy refreshes are defined in the Symantec Management Console by the policies located under Settings > Agents/Plug-ins > Symantec Management Agent > Settings > Symantec Management Agent Settings - Targeted.
The basic inventory schedule can be manually overridden with these steps: right-click the Symantec Management Agent icon > click Symantec Management Agent Settings > click Send.
Similarly, the agent configuration update schedule can be can be manually overridden with these steps: right-click the Symantec Management Agent icon > click Symantec Management Agent Settings > click Update.
To force both the basic inventory and agent update processes to occur within a shorter interval than the policies define, it is possible to target managed computers with corresponding tasks from the Symantec Management Console.
Article URL http://www.symantec.com/docs/TECH164883