Netop Remote Control Portal User’s Guide Remote Control Portal User’s Guide 22.04.2019 2 4.3...

NETOP REMOTE CONTROL PORTAL USER’S GUIDE

April 22, 2019

Netop Remote Control Portal User’s Guide

22.04.2019 1

CONTENTS

1 Overview ...................................................................................................................................... 3

1.1 Netop Remote Control Portal ................................................................................................ 3

1.2 Technical requirements – Netop Portal website .................................................................... 3

1.3 Technical requirements - OnDemand Sessions web client ................................................... 3

1.4 Technical requirements - OnDemand Sessions desktop application ..................................... 3

2 General ........................................................................................................................................ 4

2.1 Authentication ...................................................................................................................... 4

2.1.1 Forgot Password..................................................................................................... 5

2.2 User Interface ....................................................................................................................... 6

2.3 User Profile .......................................................................................................................... 6

2.3.1 Edit Profile Details .................................................................................................. 7

2.3.2 Change Your Password .......................................................................................... 7

2.3.3 Generate recovery codes ........................................................................................ 8

2.3.4 Filter Information ..................................................................................................... 9

3 How to remote control a device .................................................................................................. 10

3.1 Guest (Support Console) .................................................................................................... 10

3.1.1 Windows ............................................................................................................... 10

3.1.2 Linux ..................................................................................................................... 11

3.2 Browser Based Support Console – My devices .................................................................. 12

3.3 Browser Based Support Console – OnDemand Sessions .................................................. 14

3.3.1 Create a new OnDemand Session ........................................................................ 15

3.3.2 Start an OnDemand Session application on a Windows machine ......................... 16

3.3.3 Initiate an OnDemand Session remote connection ............................................... 17

4 How to manage your account ..................................................................................................... 21

4.1 Manage Users .................................................................................................................... 21

4.1.1 Create a new user ................................................................................................ 22

4.1.2 LDAP users - automatically added into the Portal at first login .............................. 23

4.1.3 View User Info ...................................................................................................... 23

4.1.4 Edit user ............................................................................................................... 25

4.1.5 Remove user ........................................................................................................ 26

4.1.6 Remove multiple users ......................................................................................... 27

4.2 Manage Groups .................................................................................................................. 27

4.2.1 Create a new group .............................................................................................. 28

4.2.2 Attach users to user groups .................................................................................. 28

4.2.3 LDAP user groups ................................................................................................ 28

4.2.4 Attach devices to device groups ........................................................................... 30

4.2.5 View group details ................................................................................................ 30

4.2.6 Edit Groups ........................................................................................................... 31

4.2.7 Remove groups .................................................................................................... 32


22.04.2019 2

4.3 Manage Devices ................................................................................................................. 32

4.3.1 Edit devices .......................................................................................................... 32

4.3.2 Remove devices ................................................................................................... 33

4.4 Applications ........................................................................................................................ 33

4.5 Roles and Role assignments .............................................................................................. 35

4.5.1 View Predefined Roles.......................................................................................... 36

4.5.2 Add role assignment ............................................................................................. 37

4.5.3 Edit role assignment ............................................................................................. 37

4.5.4 Remove role assignments .................................................................................... 38

4.5.5 Enable Confirm Access......................................................................................... 38

4.5.6 Enable whitelisted applications ............................................................................. 39

4.5.7 Check permissions ............................................................................................... 41

4.6 Downloads - using Deployment Packages .......................................................................... 42

4.6.1 Create a deployment package .............................................................................. 42

4.6.2 Download and install the Host using default configuration (Windows) ................... 44

4.6.3 Download and install online installer using custom Host configuration (Windows) 46

4.6.4 Mass deploy the Host (Windows) .......................................................................... 48

4.6.5 Install the Host on Mac & Linux ............................................................................. 48

4.6.6 Revoke deployment packages .............................................................................. 48

4.6.7 Remove deployment packages ............................................................................. 48

4.6.8 Pending state ........................................................................................................ 49

5 Security ...................................................................................................................................... 50

5.1 Enable Multi-Factor authentication ..................................................................................... 50

5.2 Authentication .................................................................................................................... 51

5.2.1 LDAP authentication ............................................................................................. 51

5.2.2 ADFS/Azure AD authentication ............................................................................. 52

5.3 Enable logging ................................................................................................................... 53

5.3.1 Enabling audit logging .......................................................................................... 54

5.3.2 Retrieve Audit Logs .............................................................................................. 54

6 Account Configuration ................................................................................................................ 57

6.1 Account details ................................................................................................................... 57

6.2 Change the account owner ................................................................................................. 57


22.04.2019 3

1 Overview

This guide explains how to use the Netop Remote Control Portal.

1.1 Netop Remote Control Portal

The Netop Remote Control Portal serves two primary functions:

1. Communication relay - the Portal acts as a secure relay service to connect Guest and Host

modules.

2. Management console - the Portal provides a browser based interface allowing users to manage

access control, view connected devices (Netop Hosts), view audit logs, create remote sessions

using a lightweight support console and other things.

1.2 Technical requirements – Netop Portal website

The Netop Portal provides a browser based interface. Here is a list of supported browsers and versions

based on the operating system.

1.3 Technical requirements - OnDemand Sessions web client

The OnDemand Sessions functionality in the Portal requires a web browser on the client side. Here is a

list of supported browsers and versions based on the operating system.

* Edge does not support the keyboard & mouse control functionality. This means that on Edge, all remote sessions will be view-only.

1.4 Technical requirements - OnDemand Sessions desktop application

The OnDemand Sessions functionality in the Portal requires an application to be executed on the

device to be controlled. Here is a list of supported operating systems and platforms for that application.

Operating System Supported Browser

Windows Chrome latest version, Firefox latest version, Microsoft Edge and Internet Explorer 11.

Mac OS Chrome latest version, Firefox latest version, and Safari latest version.

Linux Chrome latest version, Firefox latest version.


Windows Chrome latest version, Firefox latest version, Microsoft Edge*

Mac OS Chrome latest version, Firefox latest version.

Linux Chrome latest version, Firefox latest version.


Windows Platform: 64-bit

Windows 10: Home, Pro, Enterprise and Education, IoT

Windows 8.1: Professional, Enterprise

Windows 8: Professional, Enterprise

Windows 7: Starter, Home Basic, Home Premium, Professional, Ultimate, Enterprise (SP 0,1)

Windows Server 2016: Standard, Datacenter

Windows Server 2012 R2: Foundation, Essentials, Standard, Datacenter

Windows Server 2012: Foundation, Essentials, Standard, Datacenter


22.04.2019 4

2 General

2.1 Authentication

To log into the Netop Remote Control Portal use the link and the credentials you used for setting up the

trial:

Enter the username and click Next.

Enter the password and click Next.

If multi-factor authentication is enabled for your account, you will be required to enter the code sent to

you by email as second factor of authentication into the Netop Portal:

If you do not have access to your e-mail account, you can use recovery codes to sign in.


22.04.2019 5

For details on how to generate recovery codes, see Generate recovery codes.

If LDAP authentication has been set up for your account, authenticate in the Portal using this username

format: domain identifier\LDAP username and the domain password:

If ADFS/Azure AD has been setup, the steps are as for LDAP authentication, the only difference being

that the authentication is done on the customers ADFS/Azure AD authentication page.

2.1.1 Forgot Password

To reset your password, on the login page fill in your username and then click Forgot your password?

In the Recover password screen, enter the email address associated with your portal account and click

Send.

You will receive an email with instruction on how to change your password.


22.04.2019 6

Note: The forgot password functionality does not work for LDAP, ADFS or Azure AD authentication. If you forgot your domain password, contact your system administrator to reset it.

2.2 User Interface

The graphical interface has three main areas:

• Menu bar (on the left). Allows you to navigate through the Netop Portal.

• Title bar (on the upper side). Allows you to perform general actions like contacting support, my

profile and log off.

• Content area (right of the menu bar). Displays information based on where you are in the

Netop Portal.

2.3 User Profile

You can view your Netop Portal profile details by clicking the Username link on the title bar.

The My Profile page displays information on the profile of the user currently logged in.


22.04.2019 7

2.3.1 Edit Profile Details

You can change your profile details by clicking the Edit profile button. The profile details become

editable, except for the username which is non-editable.

Note: LDAP, ADFS and Azure AD users cannot edit their Portal profile.

Field Description

First Name User’s first name.

Last Name User’s last name.

Email The email address to which the user will receive notifications from the Netop Portal and the multi-factor authentication code(if enabled).

Make the desired profile updates and click Save in order to store the updates.

2.3.2 Change Your Password

To change your password, go to your profile and click Change password.

Note: LDAP, ADFS and Azure AD users cannot change their password from within the Netop Portal, but they should contact their system administrator.

Enter and confirm a new password for your account. The password may be set to whatever you

choose, if the string complies with these rules:

• minimum 8 characters,

• at least one uppercase letter,

• at least one lowercase letter,

• at least one numeric character.


22.04.2019 8

Once you created and confirmed a new password, click Save for the updates to take effect.

2.3.3 Generate recovery codes

Recovery codes are used to log into the Netop Portal when you have multi-factor authentication

enabled, but no access to your e-mail.

To generate recovery codes, log into the Netop Portal, go to your profile and click Generate new

codes:

The codes come in sets of 10, and you can generate a new set at any point, automatically making the

old set inactive. In addition, after you’ve used a recovery code to sign in, it will become inactive.


22.04.2019 9

You can print the codes or download them on your computer. We recommend you keep the recovery

codes safe because they are sensitive information.

2.3.4 Filter Information

You can filter the information displayed in the content area by using the filters available on each column

header (in case a listing is displayed).

Using the filter will also improve the ability to locate specific items within the listings.

Clicking the Filter icon on a column header will display an advanced filter, which allows you to select

the filter criteria.

2.3.4.1 Multiple filters

You can set multiple filters to a listing:

2.3.4.2 Reload listing and clear filters

To remove a filter, from above the current listing click the filter to remove. You can also reload the

current listing and clear all filters.


22.04.2019 10

3 How to remote control a device

The My devices and My sessions pages lists the online devices for which you have access

permissions as defined by the applied role assignment(s). For more information, see Assign Roles.

If there is no device attached to the account, there will be options displayed for installing the Host. More

information in the Netop Portal Quick Start Guide.

To remote control a device, users can either:

• Use My devices to connect to an installed Host from an installed Guest (Support Console) or

from the Browser-based Support Console

• Use My sessions to connect to an OnDemand Session from a Browser-based Support Console

3.1 Guest (Support Console)

Depending on the operating system from where you want to connect to, there are the following options.

3.1.1 Windows

3.1.1.1 Guest (Support Console) install

1. Click on the Download Guest (Support Console) to download.

Notes:

- Supported Windows versions: Windows 7 & higher

- Administrator permissions are required for the installation

- No license is required for the Guest (this is a Portal only installation)

- When the Guest is installed, any previous Guest installations will be removed from

the machine together with their corresponding settings

2. Install the Windows Guest.

http://www.netop.com/fileadmin/netop/resources/products/administration/remote_control/manuals/NetopRemoteControlPortal_QuickIGuide_EN.pdf


22.04.2019 11

3.1.1.2 Connect to the device

1. From the My devices page, you can click on the actions next to the online device in order to

initiate the corresponding action.

2. The installed Guest application will be launched and the required action will be performed

(e.g. opening up the file transfer window). If the Host is configured to use Netop Portal

access rights, no other authentication will be requested from the user. For more information

on the specific actions, check the Netop Remote Control Users Guide.

Supported actions depending on the Host

Host operating system Actions

Windows - Remote Control - File transfer - Remote management (*) - Chat (*)

Linux & Mac - Remote Control - File transfer

* Guest version 12.70 or later is required

3.1.2 Linux

3.1.2.1 Guest (Support Console) install

1. Download and install the Guest (Support Console) from here.

2. When launching the Guest, set up the Netop Portal communication profile by clicking Yes on the

Portal prompt and using the trial username & password.

https://www.netop.com/fileadmin/netop/resources/products/administration/remote_control/manuals/NetopRemoteControl_UsersGuide_EN.pdf

https://www.netop.com/remotesupport/product/downloads.htm


22.04.2019 12

3.1.2.2 Connect to the device

1. You can connect directly from the installed Guest (Support Console) to the device or by going

back to the Portal and clicking one of the following actions: Remote Control or File transfer. that

will launch the Linux Guest.

2. The installed Guest application will be launched and the required action will be performed (e.g.

opening up the file transfer window). You will be required to re-authenticate on in the Guest on

every connection. For more information on the specific supported actions, check the Netop

Remote Control Users Guide (Linux and Mac).

3.2 Browser Based Support Console – My devices

1. From the My devices page, you can click on the actions menu next to the online device and

choose Browser Based Support Console.

https://www.netop.com/fileadmin/netop/resources/products/administration/remote_control/manuals/NetopRemoteControlUsersGuidelLinuxandMac_EN.pdf

https://www.netop.com/fileadmin/netop/resources/products/administration/remote_control/manuals/NetopRemoteControlUsersGuidelLinuxandMac_EN.pdf


22.04.2019 13

2. If the Host is configured to use Netop Portal access rights, no other authentication will be

requested from the user and the user will be starting the remote control session.

Once logged in, the remote support session will provide the access permissions as defined by the role

assigned in the Netop Portal.

Keys not captured by the operating system or the browser have been added to the top menu. These

include: System key, CTRL, ALT and SHIFT.

Selecting one of the keys within the console, and then pressing any key on your keyboard, will trigger

the combination of those keys to be sent to the target device. Once the keyboard key has been

released, the button in browser menu will be unclicked.


22.04.2019 14

To use a key (e.g., ALT) multiple times, simply double-click the button and the key will stay engaged.

Click the button again to release the command.

Using the console, you can send a variety of Windows commands using the power button options.

These include: Logout, Lock, Restart, Shut-down and CTRL + ALT + DEL.

If the Host has multiple monitors, while in a remote control session, you can dynamically change the

host monitor to be displayed on the screen by clicking the Monitors icon from the main menu and

selecting the desired monitor.

Other options that are available include:

• Toolbar minimization

• Close session button.

For more information on the Browser Based Support Console, check Browser-based Support Console User's Guide.

3.3 Browser Based Support Console – OnDemand Sessions

In many environments, end-user computers have no administrative or organizational relationship with

the help desk center from which they are requiring help. The help desk centers are facing three major

challenges to offer service to these end-user computers: connectivity problems through end-user

firewalls, software maintenance and licensing issues.

Netop Portal includes OnDemand Sessions, that offer help desk centers remote control of Windows-

based computers across the Internet without pre-installing software or configuring firewalls.

Furthermore, licensing depends solely on the number of help desk employees or supporters - not the

number of end-users. OnDemand Sessions consists of a Browser Based Support Console, a

downloadable Netop OnDemand Remote Control application, and the connectivity and role-based

access provided by the Netop Portal.

OnDemand Sessions are therefore well-suited to the vast and fast-growing market of Internet Service

Providers, telephone companies, outsourced help desks and call-centers.

Netop Portal allows a support technician to define OnDemand Sessions and to share the session

details with someone else, in order to view or control their device. This can be done without installing

anything on the remote device, by running a single-use-and-dispose OnDemand Remote Control

application on the device, when needed. The OnDemand Sessions are only valid for one remote

connection from the support technician to the device and are automatically deleted after the connection

is closed.

http://www.netop.com/fileadmin/netop/resources/products/administration/remote_control/manuals/NetopRemoteControl_BrowserBasedSupportConsole_UG_EN.pdf

http://www.netop.com/fileadmin/netop/resources/products/administration/remote_control/manuals/NetopRemoteControl_BrowserBasedSupportConsole_UG_EN.pdf


22.04.2019 15

3.3.1 Create a new OnDemand Session

1. Access My sessions from the menu on the left.

2. Click on Create session

This will automatically create a one-time session key and will provide you with several ways of

sharing the session details with another user.


22.04.2019 16

3. Once the remote user accesses the link received from the support technician, a custom

download page will be shown, similar with the one below:

The remote user will first need to acknowledge that the link was provided by a thrustworthy

source before being allowed to download the OnDemand application.

3.3.2 Start an OnDemand Session application on a Windows machine

1. Once the OnDemand application is executed, an UAC prompt is shown, asking the user to

elevate the application.

If elevation is granted, the support technician will be able to fully control other elevated

applications (like the Task Manager, for instance) and the required Firewall exceptions are


22.04.2019 17

automatically added.

If elevation is not granted, the OnDemand application will run non-elevated, the support

technician will be able to connect, but elevated applications will not be controllable with

keyboard and mouse.

Note: Please note that while an elevated application is in the foreground, if the OnDemand application was not elevated, keyboard and mouse control will be lost, until the user on the controlled machine will switch to a non-elevated application.

2. After the elevation is granted or denied, the OnDemand application starts and waits for a

support technician to connect.

3.3.3 Initiate an OnDemand Session remote connection

1. Within the Netop Portal, go to My Sessions

The displayed queue includes all OnDemand Sessions started by remote users and the time

since they are waiting for a connection. Please note that only the running OnDemand Sessions

can be seen in the queue.

Note: The Session key column includes icons for the permissions when connecting to that device, as granted by the role assignments for the current user. Please see the 4.5Roles and Role assignments chapter for more information.


22.04.2019 18

Note: Only the running OnDemand Session can be seen in the queue and that they will wait for at most 1h in the queue before being automatically disconnected. An OnDemand session key is valid for at most 24h since it was created.

2. Click on Start session. The Browser Based Support Console is started in a new tab.

Note: As an alternative to starting the session, the support technician can reject any session in the queue. This will automatically disconnect the OnDemand application and disable the OnDemand Session. A new OnDemand Session will need to be created and sent to the remote user in order for a new remote session to be initiated.

3. The remote user will have to allow the support technician access to the device, before the

remote session actually starts.


22.04.2019 19

4. Once access is granted, the remote session starts.

The Browser Based Support Console toolbar includes virtual key modifiers to be used during the

remote session. Each of the 4 key modifiers have 3 possible states: off, on, always on (use it by

double clicking on the key modifier). These key modifiers are helpful for sending various key

combinations to the remote machine, whenever the physical keyboard cannot be used for this.

The View menu allows the support technician to switch between Fit To Screen and Actual Size

for the displayed image.

5. The remote user will see a notification that the session have started, along with information

about the support technician’s name and the granted permissions. The remote user will be able

to close the session at any moment, either by clicking on the Disconnect session button, or by

using the keyboard hotkey (CTRL + SHIFT + X).


22.04.2019 20

Note: Using the disconnect hotkey will close the session immediately, without any confirmation. This is done to make sure the remote user have an unobstructed method of closing an ongoing session.

6. Once the remote session is closed, the support technician is notified about it in the Browser

Based Support Console.


22.04.2019 21

4 How to manage your account

The Netop Portal provides a central place for managing users, devices, security settings, role based

access and a variety of options. It also provides access to the audit logs.

If the logged in user has a Group Manager role or higher, a settings menu entry will be available.

This provides access to the management area. The homepage for the management area is the

Dashboard with various information including account information, activity information, video tutorials

and recent updates.

Note: Based on the user’s role, the user’s access within the management area varies.

4.1 Manage Users

The Netop Portal allows you to centrally manage users within your organization. This can be done by

one or several users with administrative privileges.

Example: You are the administrator of a company account. To avoid having to manage all users one by

one, you can adjust the permissions of individual users so that they may manage other users as well.

The portal interface provides easy access for managing the users. There are four user types:


22.04.2019 22

• User - view assigned devices and manage own profile

• Group manager – all the permissions of the User, plus the ability to manage users and devices,

view roles and role assignments, view and generate log reports

• Account administrator – manage users, devices, groups, roles and role assignments,

authentication methods, plus the ability to view account details and manage deployment

packages

• Account owner – all the permissions of the Account Administrator plus the ability to manage

the Account configuration

To view information about all users who have access in the Netop Portal, on the menu bar click Users.

The list of users will be displayed.

For the detailed list of access privileges, please refer to the Netop Portal user privileges.

4.1.1 Create a new user

As a Group manager or higher, you have access to create new users for your portal organization

account.

You should create a user for each person who remotely supports devices within your network or

administrators in charge of users and devices management.

To create a new user:

1. Go to the Users section and click Add user.

2. Provide the user’s first and last name, the user credentials (username and password), confirm

password and provide the email address. Optionally, choose a group the user will belong to.

Note: The username should have the following format: username@domain

3. Enable or disable the user with the User status toggle button.

4. From the User type drop-down, select a type in order to assign the user a specific set of

permissions.

5. Click Save. The user is successfully created and it appears in the Users list.

http://kb.netop.com/article/netop-remote-control-portal-user-privileges-en-446.html


22.04.2019 23

Note:

If you are using Windows Hosts (below version 12.65) or Linux and Mac Hosts (below version 12.75), please check the following.

If you enable multi-factor authentication for a user, make sure those user credentials are not used as device credentials in the definition of the Guest or Host communication profile (Netop Portal communication device). If credentials from a user with multi-factor authentication enabled are used, the Guest or the Host will not be able to make a connection to the Portal.

Recommendation: User credentials are used to configure the communication profile on both Guest and Host; therefore, for security reasons, we strongly recommend creating dedicated users assigned to enroll devices in the Netop Portal.

4.1.2 LDAP users - automatically added into the Portal at first login

This only applies if you are using LDAP authentication.

On first login using the LDAP credentials (username: domain identifier\LDAP username , password:

the domain password), the user will be added to the Netop Portal.

The user type will be User (more information on the user types here).

Note: The user will not be attached to a group by default, but if there is a role assignment in the Portal which allows all users to access all devices (User: everyone, Devices: everything), the LDAP user will also have access to all devices. In order to attach the User to a Group on login, check LDAP user groups

4.1.3 View User Info

To view user information, in the Users list click on the desired username. Specific information from the

user’s profile will be displayed.

http://kb.netop.com/article/netop-remote-control-portal-user-privileges-en-446.html


22.04.2019 24

Field Description

Username Unique identifier used to login.

Status Indicates whether the user can log in the Netop Portal (is Active) or not (Inactive).

First Name User’s first name.

Last Name User’s last name.

Email The email address to which the user will receive notifications from the Netop Portal and the multi-factor authentication code, should it be enabled.

Group The group the user belongs to.

Authentication method Internal (username or password) or the name of the authentication method defined under Account > Authentication.

Multifactor authentication Indicates if multi-factor authentication is enabled for the user or not.

Type Indicates the type of the account: Account Owner, Account Administrator, Group manager or User.

Created The date and time when the user account has been created.

Created by The first and last name of the user who created the user account.

Modified The date and time when the user account was last modified.

Modified by The first and last name of the user who last modified the user account.


22.04.2019 25

4.1.4 Edit user

Note: If you toggle off the Active button, it disables the user so they can no longer log in to the Netop Portal. Disabling does NOT remove the user from your portal organization account.

To edit an existing user, in the Users area click on the username of the user you want to modify and in

the upper right-corner of the page click Edit. The Edit User window will be displayed.

Depending on the authentication method of the user, edit user will be as follows:

• For Internal authentication. You can modify basic profile information (such as: First Name, Last

Name and Email), access permissions (toggle on or off the Active button and select the user type

to give specific access permissions within the Netop Portal) select the groups the user belongs to

and whether the user will authenticate using multi-factor authentication or not.

Notes:

You are not allowed to edit the username.

You are not allowed to edit the user whose role is higher then the user you are logged in as. You are not allowed to change the role from an account owner from here. Use the account configuration area instead.

• For ADFS/Azure AD based authentication. You can modify the role (toggle on or off the Active

button and select the user type to give specific access permissions within the Netop Portal), select

the groups the user belongs to and whether the user will authenticate using multi-factor

authentication or not.


22.04.2019 26

Once you have finished updating user information and access permissions, click Save and the user

updates are saved.

4.1.5 Remove user

Note: Only an account owner, account admin or group manager can remove users. The logged in user can only remove users with roles below their role.

To remove an existing user, in the Users area click on the username of the user you want to remove

and in the upper right-corner of the page click Remove.

You can also remove an existing user, from the Users area by selecting the desired user and above the

content area clicking Remove.


22.04.2019 27

A confirmation dialog will be displayed. Click Yes and the selected user will be removed.

4.1.6 Remove multiple users

To remove multiple users at once, in the Users area, select the users you want to remove and above

the content area click Remove. A confirmation dialog will be displayed. Click Yes and the selected

users will be removed.

Note: If you remove an LDAP, ADFS or Azure AD user it does not mean that the user will not be able to login again. On next login it will be created again. In order to disable the user, edit the user and set the status to inactive.

4.2 Manage Groups

The Netop Portal allows you to group users and devices. Using these groups, role based access can be

aplied:

1. Create a user group and attach users to the group or add a LDAP group (LDAP authentication

method required).

2. Create a device group and attach devices to the group.

3. Add role assignment to define permissions for a user group when connecting to a device group.

For more information see Add role assignment.


22.04.2019 28

4.2.1 Create a new group

1. From Manage > Groups click the corresponding Add group button to create a device group, an

LDAP user group or a user group.

2. Provide the group name and group description and select whether the group is Active or not.

3. Click Save. The group is successfully created.

4.2.2 Attach users to user groups

Note: You can attach a user to multiple groups.

To attach users to a user group:

1. Go to the Users section, select the desired user(s) and above the content area, click Attach to

group. A window will be displayed.

2. Select the group to which the user(s) will belong to and click Save. The selected user(s)

belong(s) now to this user group as well.

4.2.3 LDAP user groups

Note: You can attach a LDAP user to Portal groups but no user can be attached though to an LDAP group.

In order to maintain the same group membership in the Netop Portal as you have in your LDAP

directory, you need to add (import) the corresponding LDAP groups.

Every time a new employee comes and needs to be added to one of the groups, or an employee leaves

the company or changes groups, the user can be managed (added/removed/disabled) directly in the

company’s LDAP directory (instead of having to manage the user in both the LDAP and the Netop

Portal).

In order to achieve this, the following steps need be taken:

1. Add the LDAP authentication

2. Add LDAP user groups

By adding an LDAP user group, a special group is created in the Netop Portal with the same name as

in the LDAP directory. This special type of group works as follows:


22.04.2019 29

• no users can be manually attached to the group

• the only way the users will be associated to the group is to add them in the LDAP directory and

on next login of the user, that will automatically be synced with the Portal

• the only things that can be edited/changed in the group are the status (active/inactive) and the

description

To add a LDAP group in the Portal, follow these steps:

1. Go to Manage > Groups and in the upper-rigtht corner of the page click Add LDAP Group. The

Add LDAP Group prompt will be displayed.

2. From the drop-down select the LDAP authentication method from which groups will be imported.

The drop-down lists all the LDAP authentication methods you added from Account >

Authentication. For information on how to add a LDAP authentication method, see Enable

LDAP authentication.

3. Select the user groups to be imported. The groups that were imported in the Portal are marked

in grey.

4. Click Add and the selected group will be imported in the Portal. The users will not be synced at

this stage.

On every use login, the group membership is verified, and if the user belongs to any of the LDAP

groups added to the Portal, the group membership will be also updated in the portal.

Other data that is being synced on user login: name and email.


22.04.2019 30

4.2.4 Attach devices to device groups

To attach devices to a device group:

1. Go to the Devices section, select the desired device(s) and above the content area, click the

Attach to group button. A window will be displayed.

2. Select the group to which the device(s) will belong to and click Save. The selected device(s)

belong now to this device group as well.

You can also attach a device to groups by editing the device and specifying the corresponding device

groups.

4.2.5 View group details

To view the details of a user group, go to Groups and click the desired group in the Name column.


22.04.2019 31

The group details will be displayed.

From the user group details page, you can:

• View the users/devices who belong to the group.

• Edit group details, such as the group name, group status and description (LDAP group allow

editing of status and description only).

• Remove the group

4.2.6 Edit Groups

To edit group details, go to Manage > Groups, click on the specific Group.

Above the content area click Edit. The Edit Group window will be displayed:


22.04.2019 32

Change the group details, such as the group name, group status or description and click Save.

Notes: For LDAP groups you can only change the description and the status. If you toggle off the Active button, it disables the group so that role assignments no longer apply. Disabling does NOT remove the group.

4.2.7 Remove groups

To remove a group go to the specific group in Manage > Groups.

Above the content area click Remove. A confirmation window will be displayed. Click Yes.

Note: By removing the group, the users/devices which are members of that specific group will not be removed.

4.3 Manage Devices

Once a device has been configured with the Netop Portal profile and is online, it will automatically show

up in the Netop Portal interface, Devices section.

4.3.1 Edit devices

To edit a device, go to Manage > Devices, select the specific device and click Edit.

You can also edit the device by clicking on the device and clicking Edit in top right menu.


22.04.2019 33

Setting Description

Alias An internal name that could help supporters and administrators to identify faster the device.

Group The Device group(s) that the device is attached to. A device can be attached to any number of device groups.

Description An extended description for the device.

4.3.2 Remove devices

Note: You have to be an Account Administrator or higher to remove a device.

To remove devices go to the Devices area, select the devices you want to remove and above the

content area click Remove. A confirmation dialog will be displayed. Click Yes and the selected devices

will be removed from the Netop Portal.

This is useful for devices that are not online anymore (e.g. devices that are not used any longer or that

do not have a Host installed). For the devices that have a Host installed on them and are connected to

the Portal, they will be re-enrolled on next Host restart (they will show up again in the device list).

Please check Revoke deployment packages section for understanding how to disable devices

associated to a deployment package.

4.4 Applications

With whitelisted applications, account administrators can restrict remote control sessions to a single

application (or list of applications) on the Host device. This includes viewing of the screen and using

keyboard and mouse for those applications (more information on how to enable them is availble under

Enable whitelisted applications).

To add an application:


22.04.2019 34

1. Click on Add application

2. Fill in the required information and click Save

Setting Description

Name A name for the application

Path Path for the application, including system environment variables (E.g. %windir%\system32)

Executable name Executable name (E.g. notepad.exe)

Description Description of the application


22.04.2019 35

Notes: The role assignment will automatically become disabled if the applications set as part of whitelisted applications are disabled.

More information on whitelisting applications is available here.

4.5 Roles and Role assignments

Roles are a set of permissions which can be applied to a group of users through Role Assignments.

A role assignment is comprised of a role, a group of users, and a group of devices. User groups

(including LDAP user groups) and device groups must be created before adding new role assignments.

These are used for defining the permissions for the users in the Portal and for remote accessing a

device.

Notes: The Devices listed in the Portal under My devices will be only the devices that the user is allowed to connect to (at least one Role assignment needs to exist containing a User group with that User and a Device group with that Device).

In the installed Guest, all devices from the account will be listed in the Browse list. This cannot be configured differently.

In order for a user to be allowed to create (and use) OnDemand Sessions under My Sessions, you will need to create role assignments for that user with an OnDemand - type role.

https://kb.netop.com/article/whitelisting-applications-en-485.html


22.04.2019 36

4.5.1 View Predefined Roles

Note: You have to be an Account Administrator or higher to view the Roles.

The page provides a listing of the available roles, their type, name and a short description.

Two role types have been implemented, each representing a specific set of permissions:

• The Enroll type is limited to registering or unregistering devices within the Portal. This includes

the Add Devices role. Only users who have been assigned an Enroll role type have the ability to

enroll devices in the Netop Portal with their Portal credentials. This only applies to Windows

Hosts (below version 12.65), Linux and Mac Hosts (below version 12.75). Deployment packages

are used for enrollment for Hosts and have replaced used based enrollment (no Add Devices

role needed).

• The Device role type includes a set of permissions related to remote control sessions. This

includes all roles except the Add Devices one. By clicking on the name of a specific role from

the roles page, the user is provided information about the role and the full list of associated

permissions.

Role Description

Add Devices Allows users to enroll devices in the Netop Portal. It does not grant any access permissions to devices. Users who have multi-factor authentication enabled are not allowed to enroll devices.

Administrator Provides full access to the remote device when using the Browser Based Support Console or an installed Guest.

Engineer Provides keyboard, video and mouse control through the Browser Based Support Console or an installed Guest. In addition, those with an installed Guest have Get Inventory, Chat and File Transfer permissions enabled.

Manager Provides keyboard, video and mouse control through the Browser Based Support Console or an installed Guest. In addition, those with an installed Guest have Get Inventory, Chat, File Transfer and Remote Management permissions enabled.

Technician Provides keyboard, video and mouse control through the Browser Based Support Console or an installed Guest. In addition, those with an installed Guest have Get Inventory and Chat permissions enabled.

View Only Allows the Guest user to view the screen of the Host from the installed Guest software or from the Browser Based Support Console. Permissions are restricted to viewing the screen only, no additional permissions are provided.

Web Support Provides full access to the Browser Based Support Console. Access from an installed Guest is not allowed.

• The OnDemand role type includes a set of permissions related to OnDemand Sessions. By

clicking on the name of a specific role from the roles page, the user is provided information

about the role and the full list of associated permissions.

Role Description

Full Access (OnDemand Sessions)

Provides full access to the remote device when using the OnDemand Session. This role does not apply to regular Guests and Hosts.

View Only (OnDemand Sessions)

Allows the Portal user to view the screen of the remote device from within the Portal. Permissions are restricted to viewing the screen only. Note that this role does not apply to regular Guests and Hosts.


22.04.2019 37

4.5.2 Add role assignment

1. Go to the Role assignments section and click Add role assignment.

2. Provide the role name and make sure that the assignment is enabled.

3. From the appropriate drop-down lists, select the role, user group and device group.

4. Click Save.

Notes: In order for a role assignment to govern the permissions of a remote user, the Netop Host’s Guest Access Security settings must be configured to Use Netop Portal access rights. For additional information on Guest Access Security settings within the Netop Remote Control Host, please refer to the Netop Remote Control User’s Guide.

For the OnDemand – type roles, device groups cannot be selected, as these role assignments do not apply to regular devices. Also, the confirm access and whitelisted applications are disabled and cannot be enabled, as this functionality belongs only to Netop Host devices.

4.5.3 Edit role assignment

Note: Disabling the role assignment does not remove it from the Netop Portal.

To edit a role assignment:

1. Go to the Role assignments section, select the role assignment you want to edit and above the

content area click Edit. The Edit Role Assignment window will be displayed.

2. Make the desired changes and click Save.


22.04.2019 38

4.5.4 Remove role assignments

To remove role assignments, go to the Role assignments section, select the items you want to remove

and above the content area click Remove. A confirmation dialogue will be displayed. Click Yes and the

selected role assignments are removed from the Netop Portal.

4.5.5 Enable Confirm Access

Starting with Netop Remote Control version 12.67 for Windows Hosts and 12.70 for Linux and Mac

Hosts, the confirm access functionality has been added. It provides improved security by adding a

confirmation dialog on the end user side (Host side).

To enable confirm access when adding or editing role assignments make sure to expand the Confirm

access is disabled area and enable it using the toggle button.

Note: The Confirm Access functionality works only on Hosts and Guests v12.67 or later. For older Guests and Hosts, the connection between them will be denied if Confirm Access is enabled in any of their role assignments.

Once the confirm access has been enabled, on the next remote session between the Guest and Host, a

confirm access prompt will be displayed to the end user on the Host side.

There are two extra exceptions when the confirm access can be set to be overruled even though it is

enabled:

• Except when computer is locked - if the computer is in the locked screen.

• Except when no user is logged in - if no user is logged into the system.


22.04.2019 39

Once confirmed the remote session will be initiated. If denied, the confirm session will not be in intiated.

4.5.6 Enable whitelisted applications

Starting with Netop Remote Control version 12.74 for Windows Hosts, the capability of whitelisting

applications is available. With whitelisted applications, users can restrict remote control sessions to a

single application (or list of applications) on the Host device. This includes viewing of the screen and

using keyboard and mouse for those applications.

To add whitelisted applications to a role assignment, expand the Whitelisted applications are

disabled area, enable it using the toggle button and select one or more applications (more information

on how to manage the applications is available here).


22.04.2019 40

Once the whitelisted applications have been enabled, on the next remote session between the Guest

and Host, only these apps will be visible to the user.


22.04.2019 41

There are two extra exceptions when the whitelisted application can be set to be overruled even though

it is enabled:

• Except when computer is locked - if the computer is in the locked screen.

• Except when no user is logged in - if no user is logged into the system.

In either of the these exceptions, the whitelisting applications will not be enabled throughout the

session.

Notes: The role assignment will automatically become disabled if the applications set as part of whitelisted applications become all disabled.

More information on whitelisting applications is available here.

4.5.7 Check permissions

In order to verify the actual permissions of a User on a certain Device, you can use Check

permissions.

1. Click on the Check permissions button. It is availble in different areas of the Portal (Role

assignments, Device view, User view).

2. Choose the User and the Device.

https://kb.netop.com/article/whitelisting-applications-en-485.html


22.04.2019 42

3. Click Check permissions.This will provide an overview on exact permissions of the User on the

Device, plus an overview of the Role assigments that involve the both (User groups containing

the user and Device groups containing the Device).

4.6 Downloads - using Deployment Packages

The deployment package represents a way of enrolling the devices into the Portal. The deployment

package describes among other things the interval in which the Host can be installed, for how many

installations or what device group it will belong to on enrollment.

Prerequisites for deployment packages:

- Windows Host running version 12.65 or later

- Linux & Mac Host version 12.75 or later

For versions earlier than the above, check Role assignments for how to enroll them.

The Manage > Downloads section allows the management of deployment packages.

Note: Account administrators or higher can manage deployment packages.

4.6.1 Create a deployment package

To create a deployment package, click Add deployment package in the upper-right corner of the

Deployment packages page. The Add deployment package window will be displayed:


22.04.2019 43

Enter the deployment package details:

Setting Description

Name The name of the deployment package.

Description Optional description of the deployment package.

Valid from The Host can be installed using this Enrollment key only when starting with this date (the time is UTC based).

Valid to The Host can be installed using this Enrollment key only before this date (the time is UTC based). If no date is selected, the enrollment key has no expiration date.

Number of devices The number of devices, which can be enrolled using this Enrollment key.

Package status Indicates whether the Enrollment key can be used or not. If disabled, new device enrollments will not work, but already enrolled devices will continue working.

License key This is the license key that will be applied to the Host. If empty, the Host will be set to Trial mode. If Trial mode has expired, the Host will be converted to a Portal Only mode, which allows only the Netop Portal communication profile (only works with a Portal account).

Move to device group The group to which the device will automatically belong to on enrollment.

Enrollment state Specifies if an administrator needs to review the status of the device (Pending) or not (Enrolled) before the device is enrolled.Check Pending state for how to enroll pending devices.


22.04.2019 44

Once you’ve entered all the mandatory details, click Save. The deployment package will be created.

Upon creation, a unique Enrollment key and Online installers will be generated.

To view the enrollment key, from the Deployment packages list, click on the name of the deployment

package.

4.6.2 Download and install the Host using default configuration (Windows)

When a deployment package is created, an online installer is also generated. The online installer uses

a default configuration for setting up the latest version of the Windows Host. When installing the Host

using an Online installer, an internet connection needs to be available as the files are retrieved from

online.

4.6.2.1 Download and install the Host using an Online installer (.exe file)

1. Go to Downloads and click the deployment package you want to install. The Deployment

package details page will be displayed.

2. Download the Online installer available in the Download Installers section:


22.04.2019 45

Note: Do not change the name of the online installer, otherwise the deployment package installation will fail.

3. Install the deployment package by double-clicking the downloaded installer (admin righs

required on the device).

4. Read and accept the Netop License Agreement and click Next:

The Netop Host is installed and automatically configured to connect to the associated Portal account.

No need for further configuration.


22.04.2019 46

4.6.2.2 Share the Online installer link

1. If you would like to share a unique link with the online installer, click on Copy link to copy it into

the clipboard or Send link to open your email client with the shareable link.

2. On the target device, the user can open the link. By clicking on I understand, the user will be

able to download and install the Host.

3. Install the Online installer as described above.

4.6.3 Download and install online installer using custom Host configuration (Windows)

If you want to use a custom Host configuration, create the configuration file (MST file). For information

on how to create custom Host configuration files using Netop Remote Control, see the Pack’n Deploy

User’s Guide.

Once you created the custom Host configuration file, go to the deployment package details page and

click the Upload button. Upload the MSI and the MST files:

https://www.netop.com/fileadmin/netop/resources/products/administration/remote_control/manuals/NetopRemoteControlPacknDeploy_EN.pdf

https://www.netop.com/fileadmin/netop/resources/products/administration/remote_control/manuals/NetopRemoteControlPacknDeploy_EN.pdf


22.04.2019 47

After uploading an MSI or an MST file, the date and time when the file is uploaded will be displayed

under the corresponding upload buttons. This will allow you to easily identify if the deployment package

contains a custom Host configuration or if the default online installer will be used for deployment.

On next installation using the online installer, the custom files will be used.

Note: If you want to revert to the default files, you will need to create a new deployment package.


22.04.2019 48

4.6.4 Mass deploy the Host (Windows)

For instructions on how to mass deploy the Host on Windows, check Mass deploy Portal components.

4.6.5 Install the Host on Mac & Linux

For instructions on how to install & configure the Host on Mac & Linux, check Netop Portal Quick Start Guide.

4.6.6 Revoke deployment packages

You can revoke deployment packages by clicking the Revoke button in the upper-left corner of the

Deployment package details page.

Revoking deployment packages means that:

• You will no longer be able to install devices using that enrollment package

• Devices enrolled using this deployment package will stop being enrolled to the device.

Therefore, make sure you double-check before revoking deployment packages.

• Devices that have been revoked will still show up in the device list but with a state name

Revoked.

The revoked deployment package will be marked with a red sign:

In order to re-enroll these devices into the Portal, you need to create another deployment package and

configure the Netop Host on the devices to use the new enrollment key.

4.6.7 Remove deployment packages

You can remove deployment packages by clicking the Remove button in the upper-left corner of the

Deployment package details page.

http://kb.netop.com/article.php?id=390




22.04.2019 49

Note: You can only remove deployment packages which have no devices associated or which are revoked.

4.6.8 Pending state

For devices in the Pending state, the account administrator needs to go under Manage > Devices,

look for the Pending device and enroll it by clicking on the Enroll button.


22.04.2019 50

5 Security

This section provides various options for overall account security.

5.1 Enable Multi-Factor authentication

Note: Account administrators or higher can manage Account security.

The authentication can be configured to use two factors: the first authentication factor is the username

and password (something the user knows), the second factor is a passcode received by email

(something the user has).

In order to enable it, go to Security > Account security area click Edit. Set Multi-factor

authentication to Enabled.

Click Save.

Once email based multi-factor authentication has been enabled for your account, you are able to

enable the use of multi-factor authentication on individual users. When editing the users, you can now

enable multi-factor authentication as well.

Go to the Manage > Users, select the desired user and in the upper-left corner of the page, click Edit.


22.04.2019 51

Enable multi-factor authentication and click Save.

Note: User credentials are used to configure the communication profile on both Guest and Host; therefore, for security reasons, we strongly recommend creating dedicated users assigned to enroll devices in the Netop Portal.

If you enable multi-factor authentication for a user, make sure those user credentials are not used in the definition of the Guest or Host communication profile (Netop Portal communication device). If credentials from a user with multi-factor authentication enabled are used, the Guest or the Host will not be able to make a connection to the Portal. Starting with NRC 12.65 (on Windows 7 and later) and NRC 12.75 (Linux & Mac) enrollment keys are used for the Netop Portal communication profile. Therefore, the above note does not apply anymore.

5.2 Authentication

The Netop Portal provides the following authentication methods:

- Internal (username & password saved in the Portal database)

- ADFS (Active Directory Federation Services)/Azure AD

- LDAP (Lightweight Directory Access Protocol)

5.2.1 LDAP authentication

With the integration to Lightweight Directory Access Protocol (LDAP), the Netop Portal provides another

way of integration into the company’s central user directory. This enables administrators to manage

users and users’ permissions from only one place – the company’s user directory. The integration with

LDAP has been done in such a manner that no passwords are stored in the Netop Portal – the

credentials will be checked on every login.

Note: Account administrators or higher can manage Authentication.

5.2.1.1 Enabling LDAP authentication

1. Go to the Security > Authentication page and in the upper-left corner of the page click Add

LDAP. The Add LDAP authentication method page will be displayed.

2. Enable the LDAP authentication and fill-in the information for setting up the LDAP connection.


22.04.2019 52

3. Save the authentication settings by clicking Save LDAP authentication method.

4. Once you’ve enabled the LDAP autehntication, you can import LDAP groups in the Portal and

create role assignments for each of the groups to associate with the corresponding role.

Note: When logging in using LDAP credentials, make sure to login using domain identifier\username There can be multiple LDAP authentication methods added

5.2.2 ADFS/Azure AD authentication

5.2.2.1 Enabling ADFS/Azure AD authentication

1. Go to the Security > Authentication page and in the upper-left corner of the page click Add

ADFS/Azure AD. The Add authentication method page will be displayed.


22.04.2019 53

2. Fill in the information required for the ADFS/Azure AD authentication method (more information

available here).

3. Click Save to add the ADFS/Azure AD authentication method.

Notes: When logging in using ADFS/Azure AD credentials, make sure to login using domain identifier\username There can be multiple ADFS/Azure AD authentication methods added

5.3 Enable logging

The Netop Portal offers thorough audit logs (audit trails).The logs contain security-relevant data like: the

date, time and activity of each user, including sign in events, user creation and removal, role

assignments, account configuration, remote control sessions, file transfers and others.

Audit logs help you monitor data for any potential security breaches or internal misuses of information.

Moreover, the audit logs available in the Netop Portal provide an insight on how various parties are

using the Netop Portal.

Note: Audit logs containing information regarding connections between a Guest or Browser bases support console and a Host are sent only by Windows Hosts version 12.67 or later.

https://kb.netop.com/article/netop-remote-control-portal-adfs-and-azure-ad-integration-456.html


22.04.2019 54

5.3.1 Enabling audit logging

Note: Account administrators or higher can manage logging.

Audit logging is enabled by default within the Netop Portal. If for any reason it has been disabled for

your account, go to the Security > Account security page and click Edit and enable it:

5.3.2 Retrieve Audit Logs

The audit logs provide valuable information about users activity in the Netop Portal.

Note: Account managers or higher can view and generate log reports. Account administrator or higer is required to delete a log report.

To retrieve the audit logs, go to Security > Logs and click Generate report:


22.04.2019 55

Choose the date interval:

Click Generate report. A new report is created as a .CSV file containing all events logged within the

selected date interval and it will be dispalyed as a new log entry in the Logs page.

Once you generate a log report, from the Status column click the corresponding Download link. On

download, choose to save the report on the disk.

To make the report readable, open a blank workbook in Microsoft Excel and import the .csv file by

connecting to it (from the Data tab and from the Get and Transform Data toolbar, click From


22.04.2019 56

Text/CVS). Make sure that you use the comma (,) as column delimiter and the apostrophe (’) as the

text qualifier.

Information on understanding the report is available here.

http://kb.netop.com/article/netop-portal-audit-logging-events-464.html


22.04.2019 57

6 Account Configuration

The Account > Configuration section allows the configuration of the Account details and the Account

owner.

Note: Account owner can manage Account configuration.

6.1 Account details

The account details contain information on the actual Portal account. In order to edit them, click on

Edit.

6.2 Change the account owner

1. Click on Change owner.


22.04.2019 58

2. Select a user to become the new Account owner and click Save.

Netop Remote Control Portal User’s Guide Remote Control Portal User’s Guide 22.04.2019 2 4.3...

Documents

Transcript of Netop Remote Control Portal User’s Guide Remote Control Portal User’s Guide 22.04.2019 2 4.3...