Diffrent security-settings when connection to other computer

nztgnk
nztgnk Posts: 2 ✭✭

Hi Guys.

Unfortunately I could not find an answer to my question yet.

Here's the situation:
Our supporters are not allowed to automatically take over remote control when connecting to customers.
Therefore, the local settings on the devices are 'confirm all' when connecting to other devices.

But now there are internal unattended devices on which TeamViewer Host is installed, where our supporters should have direct 'full access'.

The TeamViewer Host is configured with full access and our company pool is entered on the whitelist. A company member is also registered there.

>> When you connect to the host, you don't have full access, but the 'confirm all' settings of the client are applied.

Is there a clean solution for this? Possibly via policies/groups? Several policies, depending on whether you are operating within the company pool?

Thanks for the answers!

Comments

  • JeanK
    JeanK Posts: 6,973 Community Manager 🌍

    Hello @nztgnk,

    Thank you for your message and welcome in the TeamViewer Community! ?

    Please note that if you have two contradictory rules applied on a device, the most restrictive rule will apply. Therefore, it is normal that the setting confirm all dominates full access in your scenario.

    I recommend you to put the devices that need full access in a separate group and apply a strategy (with your whitelisting) to enforce full access on this group (group A)

    The other devices that need confirm all will stay in a different group with the confirm all strategy (+whitelisting) (group B).

    In this scenario, your users will have confirm all when connecting to devices of group A and full access when connecting to devices of group B.

    I hope this could help. ?

    If not, do not hesitate to ask your questions here. ?

    Best,

    Jean

    Community Manager

  • nztgnk
    nztgnk Posts: 2 ✭✭

    Hi @JeanK 

    Thank you for welcoming and your competent answer.

    So if i get you.. you mean I should create two groups with two diffrent policies (incoming rules) and apply them to groups.

    In my situation that would work for group A (internal Hosts) but not for "group B".

    My problem is we don't know the computers in group B. We connect to any computer of our customers to support our software... The customer uses maybe the FullClient (whitout any connection to our pool) or maybe our QuickSupport.

    That's the reason why we apply the Access Controll (outgoing connections) 'confirm all' to all of our clients. And this setting dominates the full access incoming rule on group A..

    So.. is it possible to combine the incoming rule (on internal clients in group A / whitelisting..) and the outgoing restrictive rule (to any TeamViewer-Client on this world)?

    Thank you in advance!

     

  • JeanK
    JeanK Posts: 6,973 Community Manager 🌍

    Hello @nztgnk,

    This is correct. If you want to have

    • full access for device group A
    • confirm all for device group B

    when connecting, you will need to install the full client (or the TeamViewer Host) on these devices.

    You can apply policy A with full access (incoming connections) for group A and policy B with confirm all (incoming connections) for group B

    Unfortunately, you cannot have this granularity while using QuickSupport.

    You can easily mass deploy the Host and the full client on your infrastructure. We explain how to proceed in this Knowledge Base article right here: Mass deployment improvements 

    If you need any further information, please let me know. ?

    Best,

    Jean

    Community Manager