How to disable Random Password from installer command line

We use a custom Host module to deploy to headless PCs in the field. Below is the command line text we use to install the Host module on a new PC. I would like to add a flag that disables Random Password. Today, we have to install the Host module and then manually go into Options and disable Random Password.

msiexec.exe /i TeamViewer_IoT.msi /qn CUSTOMCONFIGID=xxxx APITOKEN=xxxx ASSIGNMENTOPTIONS="--grant-easy-access --group ""xxxx"""

Answers

  • JeanK
    JeanK Posts: 7,031 Community Manager 🌍
    edited June 2022

    Hello @gregC-IA,

    You can disable the Random Password via TeamViewer policy.

    The best way would be to deactivate the random password and enforce the parameter via policy (so no one can modify it via the client).

    How to proceed

    1) Create a policy and add the parameter Password strength

    2) As Value, select Disabled (no random password) and Enforce

    3) Apply the policy on your devices


    Let me know if you need any further help!

    /JeanK

    Community Manager

  • gregC-IA
    gregC-IA Posts: 3

    @JeanK - Thank you for your response! This is very close, but doesn't cover one of our use cases:

    • We'd like random password disabled by default or by policy.
    • However, sometimes we need to allow external people to remotely connect to the device to assist with our troubleshooting. Today, to enable this we manually, temporarily turn on random password. We then give them the ID and password. When their remote support is no longer needed, we then disable random password.

    So is there perhaps another way to temporarily invite external people without the need to enable random password? If so, then your policy enforcement would work.

    Thanks!

  • JeanK
    JeanK Posts: 7,031 Community Manager 🌍

    You're welcome, @gregC-IA.

    I see. What you could do to cover these use cases is the following:

    1) Set up a personal (fixed) password on your device (that you will communicate to your external users).

    2) Create a user within your company profile for all external users.

    3) Set up an allowlist via policy with all the users that are allowed to connect. Once the remote support of the external user is no longer needed, you can simply remove it from your allow list (from the policy). Even if the external user has the fixed password (that we set up in step 1, the user won't be able to connect as you removed it from the allowlist.

    So you would have two parameters in your policy. The one that removes the random password (as explained in my first reply) and the allowlist.

    This would be the best practice for these use cases.

    Let me know your thoughts.

    /JeanK

    Community Manager