Video Screencast Help

PcAnywhere and AD access

Created: 21 Feb 2011 • Updated: 01 Mar 2011 | 5 comments
This issue has been solved. See solution.

Hi there,

Our Altiris Deployment Console (6.9) and Web console (v 7.0.7) are joined to the Active Directory, PcAnywhere (v12.5) is installed in all the users machines

Problem: some support staff have access to remote user machines using pcA QuickConnect, but other support staff can not, considering that they are in the same groups in AD

I was viewing the Atiris Webconsole permission too, but I could not pick up where could be the difference...

By the way, I was told that pcA QuickConnect should not be affected by AD as it is connect direct from pc to pc, but it seem that in our case some how it is affected

I will appreciate your help or information how to manage permission, under active directory environment and Altris Webconsole environment

Thanks in advance

Mark

Comments 5 CommentsJump to latest comment

ICHCB's picture

Are you using the pcAnywhere box deployed out or the pcAnywhere solution?

If you are using the box product what caller files have you set up on the host that is installed?  Probably using packager to build and deploy a preconfigured package.

If you are using pcAnywhere solution what is set up under the pcAnywhere settings policy? If you are using the pcanywhere solution here is a kb that talks about adding users.

http://www.symantec.com/docs/TECH137456

cheers.

If you find this post helpful please give it a thumbs up!
If you find that this solves your problem please mark it as the solution! 

pragmmativco's picture

We are using the pcAnywhere Solution and authentication is configure for Active Directory (eg.  Active users: pca-support group)

I will review the the access for these users again to make they have only once authentication enabled as it is mentioned in KB137456

Thanks for your help ICHCB

ICHCB's picture

Make sure you don't have users in more than one group or groups that have the same users.

For example if you have the following groups pcagroup and admingroup,

domain\pcagroup has members
helpdesk a
helpdesk b
helpdesk c
admingroup (admin a, admin b admin c are all members)

domain\admingroup has members
admin a
admin b
admin c

My observation is that if you login with admin a because it is a member of the admingoup and a member of the pcagroup it will cause a loop and won't be able to login.  Helpdesk a-c will be fine but none of the admins will work. 

The way you will know this is happening is because you will only be prompted for credentials once, it will eventually time out and pcA quick connect will close. 

If your host machine doesn't think the users is in the list of users to connect it will ask 3 times before quick connect closes.

Hope that helps.

If you find this post helpful please give it a thumbs up!
If you find that this solves your problem please mark it as the solution! 

SOLUTION
pragmmativco's picture

I update the Group authentication and removed user that appeared in more than one group, that have allowed to remotely logon to workstation in the labs...Thanks for that tip ICHCB

Thanks for your help

 

ICHCB's picture

It was something I had recently gotten to the bottom of here so it was very fresh in my memory.   Thanks for reporting back the results and findings.

Cheers.

If you find this post helpful please give it a thumbs up!
If you find that this solves your problem please mark it as the solution!