Teamviewer in Intune

September 8, 2016


Since the beginning of the computer era , endusers require support, preferably on site with some coffee and chocolates to go. But reality is remote using some kind of tool that allows remote control.

Windows 8 and above lack that functionality with windows intune, not the fault of Intune but something proper to the OSE itself.

Now we can integrate cloud service 1 ( Intune ) with cloud service 2 ( Teamviewer ) for remote assistance. Great ! Let’s see how it goes.

First we need to activate the teamviewer functionality in Intune.

Check out Administrator -> Teamviewer -> Activate


Now follow the wizard as it will guide you through the creation of a user with the required service and allows the creation of a trial account for testing.


Now let’s pretend to be a needy user on a Windows 10 anniversary update build so he/she opens the intune portal and requests assistance


Now we ( the admin ) actually the same person 🙂 sees the alert in the intune admin console


Now we can immediately start the session from the console …


Teamviewer software is being downloaded and installed


And request validation is launched on the client machine


After installation connection is created automatically


The user grants access …


… Et voila we have client side to see who is taking control …


… And the admin side for helping out our customer.


You can perform some more advanced actions like blank screen on user side, block input, lock screen etc.


And you recieve a free word of advice from and a pat on the back from Teamviewer ! We (always) play it fair.

So there you have it, easy and simple but a world of difference for our connected enduser.


Gino D


RDS 2012 R2 Shadowing

June 24, 2015



I really like the rds 2012 session based environment. Recently we had to implement a way for a specific helpdesk group to be able to assist users in their rds sessions.

So, what are the possibilities for achieving this :

· Mstsc /shadow

· Server Manager

· Remote assistance

Option 1 : mstsc /shadow

You can use the default mstsc ( from windows 8.1 ) with the shadow option.

You have to supply servername and session id.

Log on to the server and query sessions using query session command, you’ll need the id.


Next up you can shadow a sessions using mstsc /v: servername /shadow:id /control


User will recieve a prompt and will accept or deny the request. ( This is Polish by the way, love multi language environments 🙂 )


So you need to be an admin on the rds host server in order to perform the shadowin or you can set the required remote control rights using a command prompt


This command will set them full control on rdp protocol.

wmic /namespace:\\root\CIMV2\TerminalServices PATH Win32_TSPermissionsSetting WHERE (TerminalName=”RDP-Tcp”) CALL AddAccount “domain\group”,2

Or by using the Terminal Services Configuration tool from a 2008 ( R2 ) server and connecting to your 2012 R2 rds hosts.


Grant required rights.


There are also some gpo’s to modify some of the security settings

<Computer Configuration> |<User Configuration>

\Administrative Templates\Windows Components\Remote Desktop Services

\Remote Desktop Session Host\Connections

\Set rules for remote control of Remote Desktop Services user sessions


Okay so much for option 1, but this is not really user friendly for our helpdesk users, they need to connect to all server individually , query for the id and start mstsc with specific options. Sure, you can script it ( like ) but I like to hold on standard options whenever possible.

Option 2 : Server manager

You basically go through the same steps but you present the helpdesk group the server manager executable. You add all the RDS session hosts and the session broker , you’ll see all connections and can shadow from the console.


You’ll see the sessions when selecting a collection, you can rightclick and shadow a session.


Perfect you might say , but … in order to achieve this the helpdesk user needs to be part of the local admin group on the session broker server and have the remote control and query right on the rds session host servers.

See and

So this is not ideal for delegation, I don’t want to give my helpdesk group local admin rights on the session broker server.

Option 3 : remote Assistance

Remote assistance ? Well yes why not ? It’s allready being used for taking control of physical machines , it can be delegated and you have view and control functionality.

First up , create a policy that configures the remote assistance settings :


And modify your auc settings in order to allow remote assistance to respond to uac prompts that normally appear in the secure desktop. ( otherwise your user will see the prompt, you’ll see a pause allways nice 🙂 )


Now I have noticed on the RDS2012 R2 session hosts that the group required for remote assistance users ( offer remote assistance helpers ) was not created automatically, if the group is not present your remote assistance will not work.


So the solution was to add the remote assistance feature to the server and then the group appeared after policy was recieved.


Then just connect to the server using msra /offerra and the remote assistance tool will query the available sessions and perform normal remote assistance behavior.


So there you have it, several possibilities to allow a helping hand to your users, my favorite is the remote assistance. Not as easy to use as the server manager but known technology that can be delegated using standard tools.


Gino D

Remote control in CM2012

June 9, 2012

Okay we have all heard it. Everybody loved it. Remote control without logged on user in CM2012. Let’s see remote control in action.
Let’s start with the remote choices :

-> Remote Desktop

-> Remote Assistance

-> Remote Control
First you define the settings by creating or modifying a client setting.

Set the desired options. Here we configured all remote control possibilities and we have defined a viewers remote control group.

We deploy the custom settings to all systems here.

Now in order to start the remote control we can use the cm console or the cmrcviewer.exe under cm_instal\AdminConsole\Bin\x64\CmRcViewer.exe

You see that we can log on to the console while at logon screen and we can send ctrl-alt-delete.

Notice that the user automatically sees who is taking control.

The user also has access to a sessions status screen where he / she can close the session.

If a user is logged on then control prompt is presented.

You can also lock kb and mouse in the remote session.

If we set the permissions to view only we immediately see the result

In order to use the remote assistance feature you need to install it first on the server where you will start the session.

Now what’s nice about the remote assistance feature is that the user gets a prompt for viewing only and then has to explicitly accept in order for the administrator to get remote control on his machine. I believe this offers nice granularity.
Step 1 Remote Viewing

Step 2 Remote Control