Remotely connecting to the desktop of a client device
Oct 23, 2023
You can obtain remote access to the desktop of a client device through a Network Agent installed on the device. Remote connection to a device through the Network Agent is possible even if the TCP and UDP ports of the client device are closed.
Upon establishing the connection with the device, you gain full access to information stored on this device and can manage applications installed on it.
Remote connection must be allowed in the operating system settings of the target managed device. For example, in Windows 10, this option is called Allow Remote Assistance connections to this computer (you can find this option at Control Panel → System and Security → System → Remote settings). If you have a license for the Vulnerability and patch management feature, you can enable this option forcibly when you establish connection to a managed device. If you do not have the license, enable this option locally on the target managed device. If this option is disabled, remote connection is not possible.
To establish remote connection to a device, you must have two utilities:
- Kaspersky utility named klsctunnel. This utility must be stored on your workstation. You use this utility for tunneling the connection between a client device and the Administration Server.
Kaspersky Security Center Cloud Console allows tunneling TCP connections from Administration Console via the Administration Server and then via Network Agent to a specified port on a managed device. Tunneling is designed for connecting a client application on a device with Administration Console installed to a TCP port on a managed device—if no direct connection is possible between Administration Console and the target device.
Connection tunneling between a remote client device and Administration Server is required if the port used for connection to Administration Server is not available on the device. The port on the device may be unavailable in the following cases:
- The remote device is connected to a local network that uses the NAT mechanism.
- The remote device is part of the local network of Administration Server, but its port is closed by a firewall.
- Standard Microsoft Windows component named Remote Desktop Connection. Connection to a remote desktop is established through the standard Windows utility mstsc.exe in accordance with the utility's settings.
Connection to the current remote desktop session of the user is established without the user's knowledge. Once you connect to the session, the device user is disconnected from the session without an advance notification.
To connect to the desktop of a client device, one of the following conditions must be met:
- Client device is a member of an administration group that has a distribution point with the Do not disconnect from the Administration Server option enabled.
- In the client device settings, the Do not disconnect from the Administration Server option is enabled.
The maximum total number of client devices with the Do not disconnect from the Administration Server option enabled is 300.
To connect to the desktop of a client device:
- In the main menu, go to Devices → Managed devices.
- Select the check box next to the name of the device to which you want to obtain access.
- Click the Connect to Remote Desktop button.
The Remote Desktop (Windows only) window opens.
- Click the Download button to download the klsctunnel utility.
- Click the Copy to clipboard button to copy the text from the text field. This text is a Binary Large Object (BLOB) that contains settings required to establish connection between the Administration Server and the managed device.
A BLOB is valid for 3 minutes. If it has expired, reopen the Remote Desktop (Windows only) window to generate a new BLOB.
- Run the klsctunnel utility.
The utility window opens.
- Paste the copied text into the text field.
- If you use a proxy server, select the Use proxy server check box, and then specify the proxy server connection settings.
- Click the Open port button.
The Remote Desktop Connection login window opens.
- Specify the credentials of the account under which you are currently logged in to Kaspersky Security Center Cloud Console.
- Click the Connect button.
When connection to the device is established, the desktop is available in the Remote Desktop Connection window of Microsoft Windows.