Configuration Manager 中远程控制的安全和隐私Security and privacy for remote control in Configuration Manager

适用范围: Configuration Manager (Current Branch)Applies to: Configuration Manager (current branch)

本主题包括有关 Configuration Manager 中远程控制的安全和隐私信息。This topic contains security and privacy information for remote control in Configuration Manager.

远程控制安全最佳方案Security best practices for remote control

当使用远程控制来管理客户端计算机时使用下列最佳安全方案。Use the following security best practices when you manage client computers by using remote control.

最佳安全方案Security best practice 更多信息More information
连接到远程计算机时,如果使用 NTLM 而不是 Kerberos 身份验证,请不要继续操作。When you connect to a remote computer, do not continue if NTLM instead of Kerberos authentication is used. 当 Configuration Manager 检测到使用 NTLM 而非 Kerberos 对远程控制会话进行身份验证时,你会看到一个提示,警告无法验证远程计算机的标识。When Configuration Manager detects that the remote control session is authenticated by using NTLM instead of Kerberos, you see a prompt that warns you that the identity of the remote computer cannot be verified. 请勿继续使用远程控制会话。Do not continue with the remote control session. NTLM 身份验证是比 Kerberos 更弱的身份验证协议,容易遭受重播和模拟攻击。NTLM authentication is a weaker authentication protocol than Kerberos and is vulnerable to replay and impersonation.
请勿在远程控制查看器中启用剪贴板共享。Do not enable Clipboard sharing in the remote control viewer. 剪贴板支持诸如可执行文件和文本这类对象,可以由主计算机上的用户在远程控制会话期间用于对原始计算机运行程序。The Clipboard supports objects such as executable files and text and could be used by the user on the host computer during the remote control session to run a program on the originating computer.
在远程管理计算机时,请勿对特权帐户输入密码。Do not enter passwords for privileged accounts when remotely administering a computer. 监视键盘输入的软件可能捕获到该密码。Software that observes keyboard input could capture the password. 或者,如果在客户端计算机上运行的程序不是远程控制用户假定的程序,该程序也可能正在捕获密码。Or, if the program that is being run on the client computer is not the program that the remote control user assumes, the program might be capturing the password. 当要求输入帐户和密码时,应由最终用户输入。When accounts and passwords are required, the end user should enter them.
在远程控制会话过程中锁定键盘和鼠标。Lock the keyboard and mouse during a remote control session. 如果 Configuration Manager 检测到远程控制连接已终止,则 Configuration Manager 会自动锁定键盘和鼠标,以便用户无法控制打开的远程控制会话。If Configuration Manager detects that the remote control connection is terminated, Configuration Manager automatically locks the keyboard and mouse so that a user cannot take control of the open remote control session. 但是,此检测可能不会立即进行,因而不会在远程控制服务终止时进行。However, this detection might not occur immediately and does not occur if the remote control service is terminated.

在“ConfigMgr 远程控制” 窗口中选择操作“锁定远程键盘和鼠标” 。Select the action Lock Remote Keyboard and Mouse in the ConfigMgr Remote Control window.
请勿让用户在软件中心配置远程控制设置。Do not let users configure remote control settings in Software Center. 请勿启用客户端设置“用户可以在软件中心内更改策略或通知设置” 以帮助防止用户被窥探。Do not enable the client setting Users can change policy or notification settings in Software Center to help prevent users from being spied on. 如果某用户更改它,则允许远程查看相同计算机上的其他用户。If one user changes it, it can allow a different user on the same machine to be viewed remotely.

此设置适用于计算机,而不适用于已登录用户This setting is for the computer, not for the logged-on user.
启用“域” Windows 防火墙配置文件。Enable the Domain Windows Firewall profile. 启用客户端设置“对客户端防火墙例外配置文件启用远程控制” ,然后为 intranet 计算机选择“域” Windows 防火墙。Enable the client setting Enable remote control on clients Firewall exception profiles and then select the Domain Windows Firewall for intranet computers.
如果在远程控制会话期间注销,然后以其他用户身份登录,请确保在断开远程控制会话连接之前注销。If you log off during a remote control session and log on as a different user, ensure that you log off before you disconnect the remote control session. 如果未在此情况下注销,则会话会保持打开状态。If you do not log off in this scenario, the session remains open.
请勿向用户授予本地管理员权限。Do not give users local administrator rights. 向用户提供本地管理员权限时,他们可能能够接管远程控制会话或损害你的凭据。When you give users local administrator rights, they might be able to take over your remote control session or compromise your credentials.
使用组策略或 Configuration Manager 来配置远程协助设置,但不要同时使用两者。Use either Group Policy or Configuration Manager to configure Remote Assistance settings, but not both. 可以使用 Configuration Manager 和组策略对远程协助设置进行配置更改。You can use Configuration Manager and Group Policy to make configuration changes to the Remote Assistance settings. 组策略在客户端上进行刷新时,默认情况下,它会通过仅更改在服务器上进行了更改的策略来优化该过程。When Group Policy is refreshed on the client, by default, it optimizes the process by changing only the policies that have changed on the server. Configuration Manager 会更改本地安全策略中的设置(除非强制进行组策略更新,否则无法覆盖这些设置)。Configuration Manager changes the settings in the local security policy, which might not be overwritten unless the Group Policy update is forced.

这两处的设置策略都可能导致结果不一致。Setting policy in both places might lead to inconsistent results. 选择这些方法之一来配置远程协助设置。Choose one of these methods to configure your Remote Assistance settings.
启用客户端设置“提示用户提供远程控制权限” 。Enable the client setting Prompt user for Remote Control permission. 虽然有方法可以解决提示用户确认远程控制会话的此客户端设置,不过启用此设置可减少用户在处理机密任务时被窥探的可能性。Although there are ways around this client setting that prompts a user to confirm a remote control session, enable this setting to reduce the chance of users being spied upon while working on confidential tasks.

此外,请培训用户验证在远程控制会话过程中显示的帐户名称,并在怀疑帐户未经授权时断开会话连接。In addition, educate users to verify the account name that is displayed during the remote control session and disconnect the session if they suspect that the account is unauthorized.
限制“允许的查看者”列表。Limit the Permitted Viewers list. 对于能够使用远程控制的用户,不要求具有本地管理员权限。Local administrator rights are not required for a user to be able to use remote control.

远程控制的安全问题Security issues for remote control

使用远程控制管理客户端计算机具有以下安全问题:Managing client computers by using remote control has the following security issues:

  • 不将远程控制审核消息视为可靠。Do not consider remote control audit messages to be reliable.

    如果启动远程控制会话,然后使用备用凭据登录,则原始帐户会发送审核消息,而不是使用备用凭据的帐户。If you start a remote control session and then log on by using alternative credentials, the original account sends the audit messages, not the account that used the alternative credentials.

    如果复制远程控制的二进制文件而不是安装 Configuration Manager 控制台,然后在命令提示符下运行远程控制,则不会发送审核消息。Audit messages are not sent if you copy the binary files for remote control rather than install the Configuration Manager console, and then run remote control at the command prompt.

远程控制的隐私信息Privacy information for remote control

远程控制允许查看 Configuration Manager 客户端计算机上的活动会话,可能也可以查看存储在这些计算机上的任何信息。Remote control lets you view active sessions on Configuration Manager client computers and potentially view any information stored on those computers. 默认情况下不启用远程控制。By default, remote control is not enabled.

虽然你可以将远程控制配置为提供明确通知,并在开始远程控制会话之前获得用户的同意,不过它还是可能在不经用户同意或用户不知情的情况下监视用户。Although you can configure remote control to provide prominent notice and get consent from a user before a remote control session begins, it can also monitor users without their permission or awareness. 可以配置“仅查看”访问级别以便无法对远程控制进行任何更改,也可以配置“完全控制”。You can configure View Only access level so that nothing can be changed on the remote control, or Full Control. 连接的管理员的帐户会显示在远程控制会话中,以帮助用户识别连接到其计算机的人员。The account of the connecting administrator is displayed in the remote control session, to help users identify who is connecting to their computer.

默认情况下,Configuration Manager 会向本地管理员组授予远程控制权限。By default, Configuration Manager grants the local Administrators group Remote Control permissions.

在配置远程控制之前,请考虑隐私要求。Before you configure remote control, consider your privacy requirements.