Here is an idea I had but was wanting some feed back on if it will work.
We have the pcAnywhere Agent pushed out to all our computers here and the pcAnywhere Settings Policy has only a small group of admins in it. We currently allow a set of users to VNC into a select group of PCs for remote access. The question is:
Can I setup a couple 'pcAnyhere Settings" policies and then have computers in both policies? Then keep my main admins to the main policy and then a select group of users to just one policy which should give them pcAnywhere access to just the PCs that are in the one policy even though the computers are in both. This should deny access to any pc's not in the special policy for the select group of users but still allow the admins in with having to juggle moving pcs around from policy to policy.
The idea is that I have a couple of these select groups. I'd like to create a matching pcAnywhere Settings Policy and add an AD Group to the Policy. Then just add the users as needed to the AD Group. I realize I could just remove the computers from one policy to the other but I'd like to just add the computers as needed to the select policy instead of having to first remove it from the other.
My goal is to black list VNC through the company since I can't secure it. Any thoughts or suggests would be welcomed.
Thanks for the help and hopefully that's not to confusing.