Hi,
I'm working on a rollout of about 400+ PCs using TV's managed device feature and a customized host install. However, we noticed that if a device gets unmanaged, teamviewer immediately reverts to default, including the random password functionality, which would let anyone (hackers, scammers) connect to it. Additionally, it will also uncheck the option to require admin rights to make changes.
Is there a way to prevent this? I've communicated that there's only one way for a PC to get unmanaged, since we use best practices (using whitelist, requiring admin rights for software changes, etc.) but the decision makers aren't accepting that. They're worried about the very, very unlikely event that a machine could get unmanaged and allow the temporary password to be used.
Basically, what they're looking for is to restrict teamviewer unless it's managed by our corp. Has anyone found a way around this behavior? It really is a huge security hole in the way teamviewer works for corporations. One would think that if a corporation was using it, that there would be a "corporate" or "enterprise" version that doesn't utilize the temporary password at all, and require a company affiliation before it can be used. To me, that seems like a fix for this issue that could be easily implemented.
I did test this in a couple of ways. One thing I was looking into is to monitor the registry setting that disables the temporary password, and then have the AV block teamviewer if it was enabled, but In my testing, I noticed that if you unmanage teamviewer, it will revert the changes, but won't change registry settings, so the next time it gets restarted, it'll become managed again. Unless you unmanage it, then log out of windows, and log in using a different windows account, then it will stay unmanaged, and the registry settings will then be different. So it's very inconsistent behavior. Either way though, the only way we'd know if it became unmanaged is if the user notices it, and reports it, which is not feasible.
