Remote Access Support Tool available through SCCM’s Software Center!

Have there been times where a 3rd party service provider requires remote access to an Application Server (or any server) to work on an upgrade or to diagnose an issue?

Because we’re all security conscious System Admins (right?), we DO NOT want to install any ‘remote application’ that could potentially expose/compromise the environment, let alone that server.

To reduce the surface attack space on our servers, we (Vigilant.IT) have verified remote applications that we have published to our Software Center. This doesn’t mean that we are installing as soon as it’s available in Software Center; we are simply making the remote application available should we need it.

Our primary remote application we use with our many 3rd party service providers is TeamViewer. In this instance we have used GmbH’s Quick Support version of TeamViewer which is ideal in terms of security and minimal surface attack space. We want to install the application on the server, but simply run the executable from the Software Center.

Let’s start off with identifying the process –

What: Make TeamViewer QS available within Software Center.

When: ASAP.

Why: To have available should a 3rd party service provider require remote access to a server in your environment.

How: SCCM’s Application Deployment.

Prerequisites; We’ve created a custom TeamViewer Quick Support application using the TeamViewer website creation portal. Browse here to create your own customised version of TeamViewer Quick Support.

Ours look like below (obviously with an ID and Password);

TV_App_Dep001

Here’s how we’ve done it!

Creating the Application

Browse to Software Library and Select Overview > Application Management > Applications.

App_Deployment_001

Right click on the clear space in the middle panel and select Create Application.

App_Dep001

Select ‘Manually specify the application information‘ radio button and select Next >

App_Dep002

Fill in the information below. If you are deploying TeamViewer QS or another remote application, update the form as you see fit relating to your choice of application. Once updated, select Next >

App_Dep004

In the Application Catalog, fill in the details as below.

The Application Name is standard to our naming convention here, but, should you not have one, simply name the application as you see fit.

App_Dep005

Under Localized Description, I’ve added a little insight on what we are wanting to achieve. Add in the Keywords respective to the application we’re/you’re building.

(Note: In this example, I have pre-installed TeamViewer (unattended support) to be able to select the icon. If you already use TeamViewer, continue on. If not, simply download and install to collect the appropriate icon/image).

Once updated, we are now going to add a little icon image to our application. Select Browse…

App_Dep007

Browse to location of the executable for TeamViewer. Once identified select it and select Open.

App_Dep006

Once selected you should be now, able to select the TeamViewer Icon. Select the icon and select OK.

App_Dep008

Your Application Catalog should look like below, if you’re deploying TeamViewer. If not, do a quick review and make sure all information is correct.

Select Next >

App_Dep009

Once selected we are now going to create a Deployment Type for our TeamViewer Application. Because we are going to use a script based installer select Script Installer and select ‘Manually specify the deployment type of information’. Select Next >

App_Dep010

Fill in the details below and select Next >

App_Dep011

Fill in the information below as you would according to the way you’ve setup your SCCM environment.

App_Dep012

Content Location: (would be the repository where you would keep your applications, i.e. Primary Site Server, Management or Distribution Point Servers).

Select the folder the TeamViewer executable is located on your specific server and hit Select Folder. (as you can see, we have other Applications available)

App_Dep013

Now under Specify the command used to install this content, browse to the TeamViewer executable and Select Open.

App_Dep015

Once selected hit Next >

Under Detection Method, we’re going to create a rule which will determine whether or not the application is applicable to the server we’re going to deploy against. Select Add Clause…

App_Dep016

As we’re deploying the Quick Support version of TeamViewer, we’ll need to find the location in which the application is ‘installed’.

We’re going to use the Setting Type; as File System. Remember, we’re going to interrogate the location in which the application is installed.

With the QS version of TeamViewer, we know that the installation file path is as follows; %AppData%\Local\Temp\TeamViewer. We’re going to look for a folder called ‘Version9’ (or whatever version you’re using at the time).

Leave the first radio button selected. Select Ok.

App_Dep017

Now that we’ve got a detection method, select Next >

App_Dep018

Under User Experience, select the following and then select Next >;

Installation behavior; Install for user

Installation program visibility; Normal

I’ve left the Maximum allowed run time (minutes); 15

Estimated installation time (minutes); 0

App_Dep019

Under Requirements, select Add..

App_Dep020

Select Operator; Equals and Value; False. Select Ok.

App_Dep021

Select Next > as we’re not configuring any dependencies.

App_Dep022

Review the Summary information and select Next >

App_Dep023

It should complete successfully.

App_Dep024

 

 

Distributing Application to Distribution Point Servers

Now that we’ve created the Application within the SCCM Application section, we now need to Distribute the Application to our Distribution Point servers.

Right Click on the Application that we’ve just created and select Distribute Content in the dropdown menu.

App_Dep039

Leave the following tick box ‘Detect associated content dependencies and add them to this distributionenabled and select Next >

App_Dep030

Select Next >

App_Dep031

Here I’m going to select the Distribution Point Group.

App_Dep032

Because I want the Application to be available to all our Distribution Groups, I’ve selected ALL DP Groups within our environment.

App_Dep033

Select Next >

App_Dep034

Review the summary of the distribution deployment and select Next > once you’re happy.

App_Dep035

App_Dep037

You can review the status of the distribute content process by selecting the TeamViewer QS Application and reviewing the Content Status section (i.e. pie graph).

App_Dep038

 

 

Deploying /Making Available the Application to Collection Groups.

We’ve distributed the application to the appropriate Distribution Point servers, we can now start pushing it out /deploying it to our respective collection groups.

Right click on the Application and select Deploy.

App_Dep040

Select the Browse… button and select the collection you would like to deploy to.

App_Dep041

Select your collection group you would like to push out to.

App_Dep042

Once selected hit the Next > button.

App_Dep043

In the Distribution Points section, you should see that your DPs and/or Distribution Point Groups are pre-selected. If they’re not, select the appropriate DPs or Distribution Point Groups.

Once completed, select Next >

App_Dep044

Under Deployment Settings, we’ll leave the action and purchase as default (below). Remember, we want this application to be ‘available’, not ‘required’.

Select Next >

App_Dep045

Under Scheduling leave it as default, hit Next >

App_Dep046

Again, you can leave this section, User Experience as default and select Next >

App_Dep047

Leave the Alerts section as Default as well, and select Next >

App_Dep048

Review the Summary section and make sure you’re happy with the information. Once reviewed, select Next >

App_Dep049

You should see the deployment to the collection group, successful.

App_Dep050

 

 

 Test Deployment Phrase

We will now look at installing this onto one of the servers that is in the Test Collection Group.

One the server in question, browse to ‘Software Center‘.

App_Dep051

Generally, you should give the server a minute or two prior to seeing the application appear within the Software Center.

App_Dep052

You should see the below image state that the application is available to Install. As you can see, I have initiated the installation.

App_Dep052

Once installed, you should see your customised remote application, appear and ready for your 3rd party service company to connect.

App_Dep053

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s