SOLVED Using Local Administrator for remote control

[ejameson91]

Hi Prajwal Desai community,

I was hoping someone could help me out with this problem I'm having. My configuration manager default client settings define the local administrators group to allow remote control access, seen below.



However, if I try to connect to a machine using the local administrator account (verified the password is correct), it does not let me in, saying this account does not have remote control rights.


What's even stranger is, in the cmrcservice log, it shows that the user is simultaneously granted and denied remote control rights.


I've tried to engage Microsoft support on this but they haven't been very helpful. They keep going around in circles, not understanding the problem. This is clearly a permissions issue within configuration manager, and not a network or firewall issue. I am able to remote control using my domain account, just not with the local admin account. Sometimes we need to remote into machines in a different region that have lost trust with the domain, so this is essential that we have this ability.

 

[ejameson91]

Update - problem has been resolved. Even though we have never had to do this in the past, Microsoft informed me that we need to add the local admin account to the list of permitted users for remote control. Basically that means that the field that says "grant remote control permission to local Administrators group" is completely useless. I'm thinking that a change was made at some point in time in one of the SCCM current branch upgrades.