I have installed the CRA software to two test PCs to see if it can replace AnyDesk for me. It looks great, guys - thank you.
I have a bit of a show-stopper, though. Every time I log on to an Unattended Access session I am asked for the local machine's User name and Password. When I first read the documentation I assumed that the custom password setting was going to be authentication enough, and I've just spent 4 hours testing and reading, and everywhere tells me this is the requirement, and adds '...for security reasons', and '...it is a limitation of the Windows OS'.
Hmm... I don't buy either of those. When I need unattended access to someone's machine, then by definition they are not there. The only way I can get access would be for them to tell me their username and password - and I don't want to know that. Even from an administration point of view I would have to keep records of the details for each machine.
I would have thought it is more than sufficiently secure for the remote machine-owner to set a CRA custom password and let me know what it is. If they are not at their machine and it is locked then of course I would need their log-in details to be able to access it fully. That is an additional security level that is under their control.
Often people leave their machine unlocked for me (it would be in a secure office) and they ask me to do something out-of-hours for them - but I can't (unless they tell me their login details).
Or a low-skilled user phones and asks me to share their screen to explain something - and the first thing that happens is the screen locks up on them, and they sometimes have to go and find someone who knows the username and password to pass on to me.
Also, AnyDesk and Splashtop (and TV?) will both establish a connection to the current screen - there is no need to know the local user's log-in, so it is not a Windows OS restriction.
It looks like a great product, and I am really keen to change, but I cannot see any way to let me truly achieve unattended access without knowing the users' credentials, and I do not think that is practical for me or secure for them. It would be great if you could make the connection work straight away, like others.
The second point was just that AnyDesk have a really useful, easy way to file-transfer: you just copy the file on one PC and paste it to the other PC. It is a brilliant feature.
Thanks for the really fast response. I believe I had already read this article, and it describes exactly the problem:
"...you simply enter the remote machine's Remote Assistant ID, enter the remote host user's Windows credentials"
I don't want to know the Remote User's credentials, and they may not want to tell me them. In order for me to have access to their machine, they will have to have already complied with some or all of:
- installing the software
- setting various security settings
- providing me with their ID
- given me their PIN
- given me their public Encryption Key
Even when I write that I'm thinking it would sound deeply suspicious to them if I then ask them additionally for their username and password - their final line of defense. (Now I can access their machine if I'm on-site, and they're not even there.)
The other remote access programs I have used all allow me to join the remote screen exactly as it is currently running. That works well for the inexperienced remote person, obviously. And for the experienced local user it allows them to have their screen unlocked, and I join them seamlessly as intended; or they can leave their screen locked and have complete assurance that I cannot access their data in their absence. It works perfectly - from complete unhindered access to total lock-down and all points in between.
This afternoon I have read the documentation and forum postings, and many people seem to have the same issue as me - it just doesn't provide 'Unattended Access' the way I expected, and the way other apps do. You guys are clearly really capable, and I believe could provide it in a flash, so I think there is some reason why you don't want to, and I can't follow the logic of what that might be.
The program, for me, is 99.9% there - the hard graft is all done, and really well. Make the connection join the remote machine 'as is' at that moment, and I'd be very happy.
Hi Alan, I am guessing that no one has resolved the issue, I have the same problem.
I'm a little surprised that there are so few requests to avoid needing Windows authentication.
Literally no other remote support application besides MS Remote Desktop and MSP360 requires one to enter Windows credentials.
In a similar boat as yourself, I can't guarantee the person I am assisting even knows their Windows credentials. Many times I am supporting some system that does an auto-logon that the technically incompetent remote user does not know (nor do they know how to look it up in the registry).
Does anyone have a solution to this? Some setting somewhere?
...and I'm guessing that no-one has answered because they are hung up on having that obstacle in place, and don't want to explain why. These are clever people. They could do it, no problem (I'm guessing).
For me, I sometimes see a benefit when things go wrong. Stuff isn't perfect: that's life. It's sometimes re-assuring when your favourite, formerly-perfect, supplier gets a delivery wrong, because then you get to see how they will handle the (inevitable) problem. In this case, Cloudberry don't even seem to accept there is another view, never mind a problem, so I have to draw my conclusions about their support.
Maybe it's me. But I think we've both described real-world, very common scenarios that mean that needing to know the user's local log-on credentials is much worse than not requiring them.
Thank you for your description of the use case for this feature. We have deliberately removed this feature for security reasons, we do not want to be responsible for your Windows Credentials and pass them via our protocol. You can join the session via Attended Access by connecting to a person using the machine and jumping straight into the session, however, if you want to use Unattended Access you will need to provide the credentials to the machine you are connecting to, this is simply an additional layer of security which is much more important in our opinion. We are currently considering a togglable option to have an ability to join the active session but I doubt we will implement it soon.
Thank you, Sergey. But I cannot understand how making a user give their log-on credentials to someone else is in any way a 'security' feature. Exactly the opposite. But I can see that no-one in CloudBerry agrees with me, so I have to just accept that and move on.
It is related to the recent TeamViewer attack and Splashtop vulnerabilities. Please keep in mind that we do not reject this way of connecting to your clients, we are working on a bit different approach that will allow you to jump into the session of the current user.
I am interested to learn more about this different approach, Sergey. True unattended access to a session in progress is something we view as a requirement as well.