How to prevent interlopers from gaining access
When TeamViewer is running in the background with a little icon in the system tray area (as it normally is when logged into the Desktop on Windows), an easy way to break into that computer is to distract its user for just a few seconds while you click on the tray icon and quickly take a picture of the ID and password with your mobile phone; then at a later time use said credentials to access that computer with a TeamViewer client on another computer.
I have seen this happen already and would like to know how to stop it WITHOUT crippling the actual device administrator (aka me) from getting into the machine remotely.
For instance, I tried playing around with the Custom Permissions under Advanced Options / Access Control. I tried setting the "Connect" and "Control" options to "Confirm" instead of "Allowed", however, this prevents the device administrator from getting in as well (when no one is present to confirm). I would like to see anyone trying to get in with the temporary / generated password forced to wait for the physically present user to confirm they can Connect and Control, BUT, I would like the administrator or anyone possessing the master (unattended) password to just be able to get in without any further challenge.
Is this possible?
Best Answer
-
Hi @merwinsson
Thanks for your question.
Is it only you who need access to those devices or are there also other parties who should be able to have access?
What you could do, is disable the random password to avoid someone taking a picture of it and add a permanent password, which only you (and maybe your other admin colleagues) know.
- Read about the random/spontaneous password here: Password for spontaneous support
- Read about the permanent password here: Password for unattended access
You can save the password in the Computers & Contacts list for the device and share the group with the colleagues who should be able to access the device as well.
- Read about sharing groups here: Sharing groups
As an alternative, you can also set up a whitelist that defines who can access the devices in your company.
- Read about the Black and Whitelist here.
In general, I recommend you this article that talks about How can I restrict access for TeamViewer connections to my computer?
I hope the info helps you.
Best,
Esther
Former Community Manager
5
Answers
-
Hi @merwinsson
Thanks for your question.
Is it only you who need access to those devices or are there also other parties who should be able to have access?
What you could do, is disable the random password to avoid someone taking a picture of it and add a permanent password, which only you (and maybe your other admin colleagues) know.
- Read about the random/spontaneous password here: Password for spontaneous support
- Read about the permanent password here: Password for unattended access
You can save the password in the Computers & Contacts list for the device and share the group with the colleagues who should be able to access the device as well.
- Read about sharing groups here: Sharing groups
As an alternative, you can also set up a whitelist that defines who can access the devices in your company.
- Read about the Black and Whitelist here.
In general, I recommend you this article that talks about How can I restrict access for TeamViewer connections to my computer?
I hope the info helps you.
Best,
Esther
Former Community Manager
5 -
Thank you Esther, this was helpful.
I will indeed disable the session password, as it's not really needed in this case.
But there are other computers I manage where the session password will probably be needed.
In those cases, it would be nice to have additional permissions to govern access based on whether the session password is used, or the unattended password is used, or--now that I think of it--easy access (the third option) is used.
In other words, the Custom Permissions should have 3 sets of permissions - one for each of the above mentioned access methods.
Or this idea could also be accomplished in a somewhat less complex way, like making checkbox options very similar to the one that says:
"Full Access Control when a partner connects to the Welcome Screen"
So you would add these:
"Full Access when Unattended Password used"
and
"Full Access when Easy Access used"
Like that.
This way the administrator can get the uninhibited access required, while an interloper using the session password MUST be given explicit physically granted access by the logged in user for Connect and Control.
This would be an enhancement, of course, that I'd like to see.
Where does one post such suggestions?0 -
Hi @merwinsson
You can always post your ideas and suggestions for product enhancements in our Ideas board, which our Product Management team reviews:
https://community.teamviewer.com/t5/Ideas/bd-p/Feature_Requests
Best,
Esther
Former Community Manager
0
