As already discussed in the previous chapter it is in general only possible to make a connection to a device
- if the TeamViewer ID and the associated password is known or
- if the access is confirmed via Easy Access or
- the connection partner confirmed the access manually.
If non of the above points is given, it is not possible to access a device.
Via your Company Profile, you have even other options than discussed to manage and restrict access for users in your company.
What is the Company Profile?
Within the TeamViewer Management Console, it is possible to create an online company which allows you to use additional features to manage your license, groups, modules, user etc. in an easy and secure environment.
Benefits of a company profile
You can
- change user permissions centrally.
- add users to your license (Premium, Corporate or Tensor) and
- create TeamViewer accounts to give the users the ability to log into any TeamViewer application and be working under the license.
Managing users as a company administrator in your company Profile also gives you access to:
- Connection reports (reports of user connections including date, time and frequency)
- Ability to deactivate or remove a user
- Ability to create channel groups
- Ability to share groups of contacts and devices and to manage group permissions
- Ability to change user account passwords
- Ability to change user permissions
Once you have activated your license on your TeamViewer account you can create your company profile and begin to add users.
Deploy TeamViewer with your specified settings
Export a settings file from a TeamViewer client. Since version 15.4, you will receive a *.tvopt file. In previous versions TeamViewer exported a *.reg file. For the import, you can use both file types, but we recommend you to use the *.tvopt file.
While deploying it in your network, your selected settings like restrict access control for incoming connections, LAN connections and other settings.
Find a detailed description about TeamViewer Deployment and more information here:
Deploy and enforce settings via policy
You can deploy all TeamViewer settings centrally via the Management Console for devices inside your domain and outside:
Settings policies provide you with the ability to set options for all your installed TeamViewer clients centrally via the TeamViewer Management Console. This way, you can deploy and enforce the same settings to all your clients.
Below please find a list of recommendations to enforce to your users:
- Access control (incoming connections) → depending on your requirements
- Access control (outgoing connections) → depending on your requirements
- Block and Allowlist
- Changes require administrative rights on this computer → enabled
- Check for new version → Weekly
- Enable blackscreen if partner input is disabled → Home Office setup
- Enable logging
- Incoming LAN connections → depending on your requirements
- Install new versions automatically → All updates (includes new major versions)
- Log incoming connections → enabled
- Log outgoing connections → enabled
- Password strength → depending on your requirements 8 or more characters or disabled
- Random Password after each session → Generate new
- Report connections to this device → enabled
- Temporarily save connection passwords → disabled
- Timing out inactive session → 1 hour or less
Find a detailed description of how to add TeamViewer Setting Policies and more information about it here:
Conditional Access
With Conditional Access, you can enforce Remote Access Rights to prevent unauthorized activities and align with security policies
Control TeamViewer usage and access rights throughout your organization using a rules engine you configure within the Management Console. This conditional access provides an additional layer of security for your corporate network.
TeamViewer customers with a TeamViewer Enterprise/Tensor license and Conditional Access AddOn can use the Conditional access feature. Read more here: