How to configure both "Full Control" and "View Only" settings for pcAnywhere Solution
Last Updated November 04, 2011
The pcAnywhere Settings - Windows policy offers "Full Control" and "View Only" settings. Unfortunately, it is not possible to set both "Full Control" and "View Only" settings within the same pcAnywhere Settings policy—either one or the other may be selected. In addition, the architecture of pcAnywhere Solution allows only one policy per target computer, not per-user. Therefore, if the "View Only" setting is applied, it will be applied to all remote users who initiate a remote control session rather than a select group of remote users.
A work-around to the limitations imposed by pcAnywhere Solution is the use of the pcA QuickConnect program. There are two ways to connect to a host computer in a pcAnywhere Solution environment:
Through the Symantec Management Console (SMC)
Through the pcA QuickConnect program
The pcA QuickConnect program is found on the Notification Server, all managed computers which have the pcAnywhere Agent installed, and all non-managed computers which have installed the ActiveX control when initiating the Remote Control option within the SMC. The pcA QuickConnect program overrides the "View Only" mode which is set on a host computer via the pcA Settings policy. For example, if a managed computer with the pcAnywhere Agent is set by policy to "View only" mode, and a Remote Control session is opened in the SMC, the remote user who is connected through the SMC will be in "View only" mode. On the other hand, if the remote user were to use pcA QuickConnect, he/she will have Full Control over the keyboard and mouse of the host computer.
To implement this work-around for the situation where you want to allow some users to only have "View only" and other to have "Full Control" access of a computer:
Set the option "View only" in the pcAnywhere Settings - Windows policy and assign the policy to the desired computers
Perform the following actions on the computers of the users you want to deny the full control access: a. Delete the pcA QuickConnect program file, which is C:\Program Files\Symantec\pcAnywhere\pcAQuickConnect.exe; and b. Delete the shortcut to pcA QuickConnect from the Start menu, under All Programs > Symantec > Symantec pcAnywhere > pcA QuickConnect; and c. Delete other shortcuts to PCAQuickConnect.exe if they exist (shortcuts are not created anywhere else by default).
Attached is an XML file, which you can import as a Task and modify to suit your needs to delete pcAQuickConnect.exe and its shortcuts.
Only the users with the pcA QuickConnect program will have Full Control. However, this work-around is not without its limitations. If users share computers, then the possibility exists that a user who should have "View Only" permissions can run pcA QuickConnect, open a remote control session, authenticate, and gain Full Control access over the mouse and keyboard.