Remote support tools RMM

23rd August 2024

Uncategorised

Cold/1Off support: (requires someone on the far end to enter a Session# + password)
TeamViewer was the Go-To tool, but recently they have been putting short time limits on free sessions and their tools is seeing increasing use by bad actors. Our 1to1 replacement is RustDesk; free to use, don’t expect this to be as fast as paid TeamViewer. More than sufficient to setup your unattended support tools.

Unattended Support tools: (after setup, doesn’t require anyone at far end to remote control)
TeamViewer as mentioned has priced themselves out of contention
n-Able/n-Central is less expensive and has more functionality
NinjaOne recommended by Lawrence Systems, have not tested myself
RustDesk cheap and reliable, less functionality than more expensive options above. OR selfhost for free if you dare.

When you run commands on workstations thru a remote support tool most of the time they run under the System context so they don’t have a search path to find useful tools like winget. Below are commands with the path included.

“C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.23.1911.0_x64__8wekyb3d8bbwe\winget.exe” upgrade –all –accept-package-agreements –accept-source-agreements

“C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.23.1911.0_x64__8wekyb3d8bbwe\winget.exe” upgrade “VLC media player” –accept-package-agreements –accept-source-agreements

powershell
Invoke-WebRequest -Uri https://packages.wazuh.com/4.x/windows/wazuh-agent-4.8.2-1.msi -OutFile ${env.tmp}\wazuh-agent; msiexec.exe /i ${env.tmp}\wazuh-agent /q WAZUH_MANAGER=’wazuh-server.yourdomain.local’

NET START WazuhSvc

netsh advfirewall set allprofiles state off
just for testing of course

Powershell /c Test-NetConnection -Computername “whatever” -Port 3389
3389=RDP Remote Desktop

M$ OpenSSH Server for Win10+11 (Tested in Win10)

Start, Settings, System, Optional Features

Add a Feature (Add an Optional Feature,View Features in Win11)

Type SSH

checkmark next to OpenSSH Server, and click Add

sip ur coffee, takes about 3min

the SSH service will be disabled by default

Right click on the start menu and choose Computer Management. Services and Applications, Services, find OpenSSH SSH Server (ya i didn’t name it), set it to Automatic (Delayed Start), and start it.

I tested with the OpenSSH Authentication Agent NOT running and was still able to authenticate and start a session. even when using a domain logon.

The default Windows Firewall rules allow inbound connections to SSH but do NOT allow ping.
I would recommend you only make firewall exceptions for your jump-box and not the entire subnet

Note you can type powershell and get a powershell prompt, you are not limited to strictly cmd/dos.

This is a very Ram efficient method of remote management. Something like nAble takes 65mb