Policy Question - Hide the Remote Control ID and Password from the User (Host)

Testing TeamViewer Tensor. What TeamViewer policy could we implement that would prevent our users from (viewing or) providing their Host's Remote control ID and Password (from being displayed) on their devices? My concern is that a scammer could contact them, convince them to provide that, and they would have instant access to their machine.

The internal IT team will be managing these devices and requesting connection to them through the TeamViewer management console, and would not need that ID and Password. It should be masked from the user.

This is an attempt to reduce a potential attack surface.

Please advise if that's possible or not.

Thank you!

Answers

  • JenW
    JenW Posts: 1,221 Senior Moderator

    Hi @ctalton_14

    Happy to read your new post in the Community! 🙌

    When you install your custom Host module, you can set up several policies to avoid any scammer attempt to access the devices of the users, thus reducing the potential attack surface.


    • Password strength policy:

    It determines how strong (complex) the random password for spontaneous access should be. In your use case, we recommend you choose Disabled (no random password), knowing that the internal IT team has Easy Access to those devices.






    • Block and Allow list policy:

    It sets up access for which TeamViewer accounts/IDs can connect to the device. In your use case, you can add all the TeamViewer accounts of the internal IT team to the Allow list.


    ⚠ Please keep in mind that if you add TeamViewer accounts to the Allowlist, only these accounts will be able to connect to the remote devices. The possibility of a connection to the devices through other TeamViewer accounts or TeamViewer IDs will be denied.







    💡 We recommend you Enforce (as shown in the screenshots) all the policies you set up to prevent the remote users from changing them.

    Last but not least, we invite you to take a look at our Security Handbook and learn about the best practices for a secure setup!

    If you have any questions, please post them below! We will be happy to answer them 🤠

    Best,

    Jen

    Modératrice Communauté Francophone / French Community Moderator

  • @JenW Thank you for the response. That's very helpful! Does making a change to this policy in "Design & Deploy" require that I download/re-deploy the custom module installer to all my devices? Or should the changes be reflected on the managed devices immediately? I've notice on one machine at least that the ID and Password still appear in the client though I've made the changes to the policy as suggested above.

    Thanks again!

  • JenW
    JenW Posts: 1,221 Senior Moderator

    Hi @ctalton_14,

    Thanks for coming back to us.

    If you have followed the process Assign a settings policy to your devices, you don't need to download/re-deploy the custom module.

    Also, we invite you to check if the policy is correctly applied to the device.

    On the Management Console, select the device then click on the pen to access the Properties ➜ Policy tab.

    If the selected option is Inherit from group, we invite you to check the policy at the group level.

    Let us know how it goes,

    Jen

    Modératrice Communauté Francophone / French Community Moderator

  • @JenW Thank you. That appears to have done the job.