Observe users desktop with their knowledge

Version 2

    Note:  This is a topic brought over from DameWare Forums which has been closed.  If you wish to engage in this discussion, just comment on this document.


    Observe user's desktop with their knowledge?

    by lizard90048 on Wed Aug 08, 2007 2:28 pm

     

    Hello,

    I'm an administrator in a environment with both Macs and PCs.

    On the Mac side, we use a great program called Apple Remote Desktop which allows us toobserve a user's screen without them knowing - Nothing pops up on their screen telling them they're being watched.
    This comes in handy when we're doing HR and network abuse investigations.

    Is there any way to accomplish the same thing with Dameware for the PCs (running XP)?
    For reference, I'm running Mini Remote 6.4.0.1.

    Thanks!
    -Ian, Los Angeles


    Re: Observe user's desktop with thier knowledge?

    by bryan on Wed Aug 08, 2007 2:39 pm

     

    Hi IAN,
    I guess you meant to say "without" their knowledge, right ? 

    Yes, our software can be configured to not show the SysTray icon and not notify the user upon connection, provided you have already registered your installation of the Mini Remote Control software on your local machine. Because disabling those notification features is the only limitation while the software is still running in Evaluation Mode. So you can disable these notifications, but only after your local copy of the MRC software has been registered properly.

    Therefore, even if you disable these settings when you deploy the Client Agent Service to your remote machines, these Notification settings will be ignored when you connect until your local copy of the Mini Remote Control software is properly registered. Once your local copy of the software has been properly registered (i.e. you purchase a license and enter that information into the MRC software) you will be able to suppress these notification features.

    Basically, the only limitations in Eval Mode are:

    1. Notify Dialog displays the text "Evaluation" when you connect, and cannot be closed.
    2. SysTray icon cannot be hidden.
    3. All options are made available on the SysTray icon's right-click context menu.

    ===========================

    Outside of the software not being registered locally, you just have to configure the MRC Client Agent Service properly to not show these Notification features during the install the Service on the remote machine, because the default settings are to notify the user when someone connects. So I suggest you try this out on a test machine so you can become familiar with how these features operates, before you use it in a production environment.

    Settings within the MRC Client Agent on the Remote Machine:

    These settings are stored in the DWRCS.INI configuration file by default, but there is also an option to store these settings in the Registry instead.

    1. To not show the SysTray icon, disable the "Enable SysTray icon" setting on the Additional Options Tab.
    2. To not show the Notify dialog during a connection, disable the "Notify on Connection" setting on the Notify Dialog Tab.
    3. To not show the File Transfer Menu when someone right-clicks on a file or folder, disable the "Enable Simple File Transfer (SFT)" setting on the Simple File Transfer Tab.

    Also, just FYI, the DWRCS.INI file is not copied to the remote machine each time you make a connection to that remote machine, only during service installation, and then only if you enabled the "Copy configuration file DWRCS.INI" setting during the install process. Whenever you are prompted to install the Client Agent on a remote machine, you will always have either a "Settings" or "Install Options" button on the dialog. Clicking this button will allow you to configure the Settings that will be sent within the DWRCS.INI file to the remote machine. However, also make sure you enable the "Copy configuration file DWRCS.INI" setting as well. Otherwise the DWRCS.INI file will not be sent to the remote machine and the Service will start with a set of default settings (or possibly a previous DWRCS.INI file from a previous connection), not with your custom settings that you just defined.

    Please also keep in mind that the DWRCS.INI configuration file is never copied to the remote machine during an upgrade or downgrade of the Client Agent. Once again, the DWRCS.INI file is only copied to the remote machine during Service installation, and then only if you have the "Copy configuration file DWRCS.INI" setting enabled. This functionality also requires full Administrator rights on the remote machine, because full Administrator rights are required to install, start, stop, remove, or even upgrade/downgrade the Mini Remote Client Agent Service.

    Therefore, once the Client Agent is already installed & running on the remote machine, in order to change the settings you will either have to:

    1. Remove & Reinstall the Client Agent with the correct settings, and also enable the "Copy configuration file DWRCS.INI" setting during the reinstall.
    -OR-
    2. Manually copy over a new DWRCS.INI file to the remote machine, then stop & restart the Service for the new settings to take effect.
    -OR-
    3. Connect to the remote machine, then select View / Remote Server Settings and make any necessary changes.
    -OR-
    4. Use the NT utilities software's Services View to batch remove & reinstall the Client Agent on your remote machines.

    How to Install the Mini Remote Client Agent Service on Several Machines at the Same Time
    http://www.dameware.com/support/kb/article.aspx?ID=100002

    If the Client Agent Service is not installed on the remote machine, then when you connect you should be prompted with a dialog stating "The Mini Remote Client Agent is not installed on the remote machine. Would you like to install it?". At this point you can select the Install Options button and make sure the "Copy configuration file DWRCS.INI" setting is enabled". Otherwise the DWRCS.INI file will not be copied to the remote machine and the Service could startup using old settings from a left-over DWRCS.INI file. The "Permission Required" setting is located on the Additional Options Tab.

    Settings within the MRC Application on your local machine:

    1. You can enable the View Only feature so no cursor or mouse movements are sent to the remote machine accidentally.
    2. By default, for performance reasons, all desktop effects (i.e. Wallpaper, Font Smoothing, etc...) will be turned off when you connect. So you probably want to turn off these features as well.

    Both of these settings are unique to each individual Saved Host Entry (select a Host Entry and click the Settings button), so they can be different for every machine in your host list. But I suggest you also modify these same settings on the Default Host Properties dialog (View / Default Host Properties). This way when you create a new Saved Host Entry, all these settings will be inherited automatically by default.

    However, one other thing to note is when the remote machine is running multiple monitors. Because Microsoft actually has some issues with multi-monitors, mirror drivers, & bitmaps (wallpaper) in Operating Systems prior to Vista. So the wallpaper will always be disabled when connecting to a remote machine with multiple monitors using the Mirror Driver. Microsoft has corrected these issues in the Vista O/S, but more than likely will never be fixed in XP and prior. However, if this is the case, then simply disable the “Use MRC Mirror Driver” checkbox on this Saved Host Entry before you click on Connect.

    So again I suggest you try this out on a test machine so you can become familiar with how the software operates, before you use it in a production environment.

    I hope this information helps.

    Bryan Brinkman
    Support Engineer
    DameWare Development, LLC.
    http://www.dameware.com

    Re: Observe user's desktop with their knowledge?

    by YNHH on Fri Aug 24, 2007 10:30 am

     

    I'd like to turn this around and ask for just the opposite.

    I need to make sure that if a remote user connects, then they cannot do a stealth connection. That is, there is no real way that a remote support person can make a connection without the MRC notification. This is a privacy policy driven need.

    Ideally there would be the capability to do a challenge/response. That is, the remote user attempts to make a connection and the remote PC user has to approve it.

    Then in the case where a machine does not have the agent deployed, can I set it up and then lock down the feature set so the technician cannot set the deployed ini file

    Also, as to licensing cost, do we pay for the user tool, or for the agent. That is, if I pre deploy the agent to all 4,000 PCs do I need to pay separately for those agents or I just pay for the MRC licenses?

    Please feel free to have one of your licensing specialists contact me via e-mail.

    Thanks
    Al


    Re: Observe user's desktop with their knowledge?

    by bryan on Tue Sep 11, 2007 3:05 pm

    Hi YNHH,

    The only way to truly lock this down is to not grant these users Administrator rights within the O/S security on that remote machine.

    Just FYI, we are also investigating what it will take to add "Server Side configuration" functionality within a future version the software. What I mean is that you would have the ability to store the settings for your Client Agents on a completely separate machine, a sort of "configuration server". That way, you would have greater flexibility to lock down the settings, because even though someone may have local Admin rights on this specific machine, they may not have Admin rights on the configuration server, hence they could not make changes to the config. Unfortunately, I just cannot make you any promises when this functionality may be available.

    But in the meantime, as a possible work-around the MRC Client Agent Service also has the ability to store it's settings in the Registry on the remote machine instead of the DWRCS.INI file. Therefore, once any settings have been enabled on the remote machine, removing & reinstalling the Service or copying a new version of the DWRCS.INI file will have no affect on the settings.[HKEY_LOCAL_MACHINE\Software\DameWare Development]

    The easiest way I can think of to easily implement the "Use Registry for all Settings" key across several machines is to use the new MRC Client Agent Service MSI Builder to build you a Microsoft Installer Package (MSI). The DameWare MRC Client Agent MSI builder allows you to build custom MSI packages (including all settings, INI or Registry) to deploy the MRC Client Agent in your environment. These MSI packages can then be sent to your clients (or even distributed via Group Policies within Corporate Environments, etc...) via any of your existing distribution methods.

    I hope this helps.

     

    Bryan Brinkman
    Support Engineer
    DameWare Development, LLC.
    http://www.dameware.com


    Re: Observe user's desktop with their knowledge?

    by pverdieu007 on Fri Jan 16, 2009 6:28 pm

     

    Hello Brian

    Any update on that "Server side config" ? Can it work with several versions of dameware? Any idea of an ETA?

    Tkx & Regards,

    Pascal


    Re: Observe user's desktop with their knowledge?

    by Marty on Tue Jan 20, 2009 11:07 am

    Hi Pascal,

    Thanks for the post.

    Unfortunately we can't provide any type of ETA for the many new features we are currently working on for future releases. We apologize for any inconvenience.

    Marty Bonvillain
    Support Staff
    DameWare Development, LLC.
    http://www.dameware.com


    Re: Observe user's desktop with their knowledge?

    by Ghostantin on Mon Jun 22, 2009 4:45 am

     

    I had made all the setings explained in this topic about "invisible" connection to users , but everytime i connect the screen blinks once ( and when i disconnect it also blinks ). Is it any posibility to remove that blink so it can be 100% invisible connection ?

    Thanks.

    PS We are not trying to spy on users but it is handy for network abuse investigations. I am currently the sys admin of a company with ~200 domain users.

     

    Later Edit : If i deselect the "Use MRC`s Mirror Driver if avaible" in the remote connect menu when i connect to the client the screen doesn't blink but the mouse cursor is continuously blinking. Any solutions ? Thanks in advance.


    Re: Observe user's desktop with their knowledge?

    by bryan on Mon Jun 22, 2009 9:44 am

     

    Sounds like the O/S is doing this when the Mirror Driver is enabled/disabled.

    Try turning off Mirror Driver (uncheck use MRC Mirror Driver checkbox, before clicking on Connect).

    Also toggle "Disable Show Transparent Windows" toobar button (4th from the end), which is only available when not using the Mirror Driver.

    Bryan Brinkman
    Support Engineer
    DameWare Development, LLC.
    http://www.dameware.com

     

    Re: Observe user's desktop with their knowledge?

    by Ghostantin on Wed Jun 24, 2009 6:08 am

     

    Yes . when i turn off the MRC Mirror Driver and i toggle Disable Show Transparent Windows it makes no blinks , and it is 100% invisible.

    Thanks for help. 

    P.S. If you ever come in Romania you have a beer from me 

     

    Re: Observe user's desktop with their knowledge?

    by ironmountain on Fri May 07, 2010 1:59 pm

     

    This a very nice write up! Just have one question though, is there a way to rename the process and/or service that shows up in the Remote User's Task Manager? I would like it to be hidden or renamed. The user would still have the ability to Stop the Process and thus break the connection.

    We have some users that are "Mal-ware Paranoid" and stop processes that they don't recognize. So if it does not show, or if it can be renamed to something else, that would be wonderful.

    I went under program files where the Dameware Application lives, and tried renaming the dwrcc.exe to something else in hopes that when it was copied over the file(s) would use the "new" name. I was thinking it would still pick up that file regardless of the file name, it did not work. I was thinking it was looking at the file contents itself, but in actuality it was referencing the file name and when it was not found it aborted the process during mini remote installation.
    Lance


    Re: Observe user's desktop with their knowledge?

    by flowlineadmin on Tue Oct 04, 2011 8:39 am

     

    I followed the instructions but I seem to have one issue. When I connect to a Windows 7 computer, the client's desktop turns black. Is there a way I can connect without affecting theirdesktop?
    Also, is there a way for me to move a mouse pointer on their desktop without them seeing theirpointer move?

    Thank you!