Remote Desktop allows you to support your users anywhere in the world on both Desktops and mobiles. It comes with dashboard-to-device and device-to-device capabilities, support for Windows Servers, Windows Desktops, Android, and macOS, secure connections with 2-Factor Authentication, and content sharing. Remote Desktop can be used stand-alone or with any other HEIMDAL product component, as part of our UEM solution (Unified Endpoint Management), to achieve remote support anytime, anywhere in the world.
Remote Desktop is a secure and reliable remote desktop application that allows you to support your customers or access unattended computers. It's affordable and it just works. You can configure your office computer for telework in less than a minute and you can securely access your office computer from home, or while you are on the go. Screen sharing technology enables you to efficiently work remotely at any time, from anywhere in the world.
HOW DOES REMOTE DESKTOP WORK?
Remote Desktop allows you to remotely access and control computers to provide on-demand IT support. Remote Desktop supports Windows OS (other operating systems could be supported in the future) and uses ports 80, 443, or 7615 and you can configure it to work with many external services such as NTP, SMTP, and LDAP.
In general, the first thing to consider when dealing with a proxy environment is to check with the system/network administrator if it is possible to make an exception. This does not mean that you completely disable the proxy, just let the ISL Online traffic through directly and keep filtering the rest. If the proxy supports DNS name exceptions, then allow direct outgoing TCP connection for port 7615 to *.islonline.net. Direct connection offers the best performance and minimum delays. In an ideal world of direct connections and flexible security policies, the story would end here, but since there are many customers behind corporate firewalls/proxies where only HTTP and HTTPS traffic is allowed (so, port 80 and/or 443) and system/network administrators do not want or are not allowed to add exceptions, we also support that and our applications try to find a working transport even in those situations (detect proxy settings, use wininet, create a tunnel, make use of the wildcard DNS - helps with some proxies, etc.). In order for HEIMDAL Remote Desktop module to work, you need to make sure that 18.104.22.168 (heimdalrd.islonline.net) and 22.214.171.124 (*.islonline.net) are excluded in your Firewall and that the following paths are excluded from your Antivirus product: C:\Program Files (x86)\Heimdal\, %localappdata%\ISL Online Cache\, %programdata%\ISL Online Cache\.
Once the Remote Desktop module is enabled on a computer, the HEIMDAL RD Agent is installed to allow the incoming connections. To connect to another computer you have to download and install the HEIMDAL RD Viewer app (which is automatically installed when your computer is assigned the Supporter role or can be downloaded from the HEIMDAL Dashboard -> Guide section -> Download and install tab) is used to connect from the outbound computer to the inbound computer. The HEIMDAL RD Viewer works only if you remote to another computer from the HEIMDAL Dashboard or from the HEIMDAL Agent (Supporter role required) and it does NOT work as a standalone tool.
The Remote Desktop module can be used in 3 ways:
A. Connecting remotely from the HEIMDAL Dashboard to any HEIMDAL Agent Enduser (with Remote Desktop enabled)
The HEIMDAL Dashboard administrator can connect to any of the computers that have the Remote Desktop module enabled by navigating the Products -> Remote Desktop -> Remote Desktop view and by clicking the Connect icon in the Actions column:
This will display a pop-up that notifies the user to continue to connect to the inbound computer or to get the HEIMDAL RD Viewer application downloaded and installed (if not present on the computer). If HEIMDAL RD Viewer is installed, the user can press the Yes button and the application will connect you to the selected computer. The end-user that you are connecting to needs to allow the remote session if the Unattended Remote Desktop session option is not enabled in the Group Policy applying to that computer. In case you are trying to connect remotely using the HEIMDAL Dashboard from a computer that already has the HEIMDAL Agent installed, you will need the Supporter role assigned to the current computer in order to be able to connect.
Here is a short tutorial:
B. Connecting remotely from the HEIMDAL Agent (Supporter role needed) to any HEIMDAL Agent Enduser (with Remote Desktop enabled)
The HEIMDAL Dashboard administrator can assign the Supporter role to a hostname to allow any user on that specific computer to connect to any of the computers that are applying one or multiple Group Policies where the Supporter is assigned the Supporter role. Assigning/Unassigning the Supporter role is done by the HEIMDAL Dashboard administrator from the Products -> Remote Desktop -> Remote Desktop view by selecting the hostname and by selecting the actions from the dropdown menu:
Once a computer gets the Supporter role, any user on that computer can start a Remote Desktop session from the HEIMDAL Agent (using the right-click function -> Start RD Session on the Heimdal icon located in the System Tray).
Clicking the Connect button will start the HEIMDAL RD Viewer and will connect the user to the end-user. Remote Desktop allows you to invite one or more Supporters to the same remote session, but you can also transfer the remote session to another Supporter device. The Transfer URL column is used for the transfer, while the Invite URL column is used for the invite.
Here is a short tutorial:
C. Connecting remotely from the HEIMDAL Dashboard/HEIMDAL Agent to an end-user (without the HEIMDAL Agent) using the invitation link
The HEIMDAL Dashboard administrator can connect remotely from the HEIMDAL Dashboard to any end-user that does not have the HEIMDAL Agent installed by pressing the Invite to remote session button from the Products -> Remote Desktop -> Remote Desktop view:
The Supporter can use the HEIMDAL Agent to remote to any end-user that does not have the HEIMDAL Agent installed by pressing the Invite button in the HEIMDAL Agent:
To allow the Supporter to send an invitation to a remote session, he needs to be allowed to do that in the HEIMDAL Dashboard -> Products -> Remote Desktop -> Remote Desktop by selecting the Supporter and by setting the Supporter role to Allow for Invite to remote sessions:
Using the invite functionality will run the HEIMDAL RD Viewer and will generate a session code for the end-user:
The next step is to press the Invite button and insert the email address of the end-user to send him the session code URL:
After receiving the invitation link, the end-user can click on the invitation link and download the HEIMDAL RD Client application that should allow the HEIMDAL Dashboard administrator to connect to the remote session. HEIMDAL RD Client does not require Administrator permissions to be run and works only with the session code provided by the HEIMDAL Dashboard administrator. Once the session has ended, the HEIMDAL RD Client will not work anymore.
For cases where the remote user cannot receive the email or link, they can download the Heimdal RD Client from the below link and type in the session code to start a RD connection with the supporter:
Here is a short tutorial:
HEIMDAL Agent & HEIMDAL RD Viewer
The HEIMDAL Agent is used in the Agent-to-Agent scenario, where the Supporter can connect to any computer that is applying the same Group Policy as the Supporter or other Group Policies where the Supporter is assigned with the Support Role. The Remote Desktop view below displays a list of all the hostnames of the computers from all the Group Policies where the computer is assigned as a Supporter.
The HEIMDAL RD Viewer is used in every scenario where the administrator starts a remote session and connects to another computer within the company or outside the company. The HEIMDAL RD Viewer does not require the input of any login credentials or passwords because it is managed by the HEIMDAL Agent or by the HEIMDAL Dashboard.
The options on top of the HEIMDAL RD Viewer app allow you to perform different actions or to get additional information about the computer to which you are connected.
Remote Desktop recordings
Every remote session can be recorded manually (by the operator) by pressing the Record button in the HEIMDAL RD Viewer. After pressing the Record button, the HEIMDAL RD Viewer will ask you where to save the recording. Remote sessions can be recorded automatically (on the remote computer) by enabling Automatically record Remote Desktop sessions and made available in the HEIMDAL Dashboard (under Recordings view). The recordings are available only in the scenarios where the HEIMDAL Agent is involved (the Invite to remote session / non-Heimdal agent scenarios do not support recordings). Recordings are saved in the C:\ProgramData\Heimdal Security\RemoteDesktop\Recordings path as *.isr files and are archived and uploaded to the HEIMDAL storage, indefinitely (no storage size limit). The recordings are stored for 3 months. A recording can be played with the HEIMDAL Remote Desktop Player (available in the Guide -> Download and install section).
REMOTE DESKTOP view
The Remote Desktop view displays all the computers running on Windows OS that are visible in the Management -> Active Clients view. The collected information is placed in four views: Standard, History, and Recordings. On the top, you see a statistic regarding the number of Attended sessions and the number of Unattended sessions.
This view displays a table with all the endpoints in your environment and the following details: Hostname, Username, Supporter, Non Agent Connections, IP Address, Version, Last Seen, and Actions.
The Filters button allows you to filter All entries, by Endpoint, by Supporter with invite permissions, or by Supporter without invite permissions.
This view displays a table of all the remote sessions performed in your environment and the following details: From (Hostname), To (Hostname), To (Username), Session Duration, Start Time, and Session Type. The sessions displayed in this view are HEIMDAL Dashboard to HEIMDAL Agent, HEIMDAL Agent to HEIMDAL Agent and HEIMDAL Dashboard to the non-HEIMDAL end-user (with the available information).
This view refreshes and populates with new information every 24 hours.
This view displays a table of the recordings saved to the HEIMDAL storage and the following details: Recorded on (Hostname), Filename, Timestamp, Password, and Action.
The Show Only Supporters radio button allows you to filter only the hostnames that have been assigned the Supporter role. The Invite to remote session button allows the administrator to invite another user to a private remote session by sending a session code that the user can use to download the HEIMDAL RD Client and join the remote session. The Download CSV functionality allows you to generate and download a CSV report that includes all the information corresponding to each view.
REMOTE DESKTOP settings
By enabling the Remote Desktop, the HEIMDAL Agent will enable the network filter that will protect the computer from accessing malicious domains or URLs.
Remote Desktop - turn ON/OFF the Remote Desktop and allow Supporters from your organization to connect remotely to other computers;
Unattended Remote Desktop session - allows the Supporter to automatically connect remotely to any endpoint in your organization without needing the end user's approval. When connecting to an attended remote session, the end-user will get a pop-up to Accept or Reject the incoming connection;
Automatically record Record Desktop sessions - allows the remote computer (applying this Group Policy) to record the remote session and makes it available to be downloaded from the HEIMDAL Dashboard.
The Supporters section allows you to see a list of all devices & usernames that are assigned the Supporter role to be able to perform an unattended remote session on the computers applying the specified Group Policy/Group Policies. The bin button allows you to remove any Supporter from the Supporter list.
The recordings are stored for 3 months.
The RD agent can be deployed through Infinity Management.