In this article we’ll cover how to configure group security settings, such as password-protected remote access. Group security settings are inherited by agents belonging to the group.
For details on how security options may be set on the remote computer itself, please see the article “Password Protecting Remote Access“.
To get started, open group settings by clicking on the desired group (1), then the gear icon (2) in the top-right of the page.
When groups in HeartbeatRM are nested, their settings cascade. This means parent group settings also apply to their children. However, it is possible to override parent settings at the child level.
From the group settings page, you may configure two security-related options.
Temporary Passcode (1)
This option controls whether a temporary passcode is required for a remote access session. There are three settings available:
- Required: require a passcode, and prevent this from being changed from the remote computer (shown in the screenshot above).
- Optional: don’t require a passscode, but allow this to be changed from the remote computer.
- Disabled: don’t require a passcode, and prevent this from being changed from the remote computer.
Disable Password (2)
This option controls whether permanent passwords can be set on remote computers. Some admins may wish to disable permanent passwords, as end-users could lock them out from remote access, even by accident.
By default, “Disable Passwords” is set to “Off”.
How do these settings affect the remote computer?
Users won’t be able to set a passcode or password on the remote computer when those options are disabled. When a passcode is required it can’t be removed. In either of these cases, users will see a message in the settings of the “Ask for Help” app that the policy is enforced and may not be changed.
The screenshot below shows temporary passcodes are required for remote access and cannot be disabled.
How and when are these settings applied?
Agents receive security settings from their parent group when they connect to HeartbeatRM for the first time. By having agents join specific groups, you can control their default security settings. This is determined by the key embedded in the agent installer program. For details on how this is configured, see the article “Creating and Configuring Access Keys and Installers“.
When group security settings change, any agents that are online will receive those updates soon after. Offline agents will receive updated settings the next time they connect.
It is important to note, changes to group security settings always affect new agents, but may not affect existing agents. The same is true when moving agents to other groups with different security settings. The reason for this, is so that passwords cannot be easily removed or accidentally applied.
If you wish to remove or set a passcode/password for an existing agent, you must do so directly from the remote computer. For details, please see the article “Password Protecting Remote Access“.