Connecting to devices through Windows Desktop Sharing

December 9, 2024

ID 198907

You can obtain remote access to the desktop of a client device through a Network Agent installed on the device. Remote connection to a device through the Network Agent is possible even if the TCP and UDP ports of the client device are closed.

You can connect to an existing session on a client device without disconnecting the user in this session. In this case, you and the session user on the device share access to the desktop.

To establish remote connection to a device, you must have two utilities:

  • Kaspersky utility named klsctunnel. This utility must be stored on your workstation. You use this utility for tunneling the connection between a client device and the Administration Server.

    Kaspersky Security Center Cloud Console allows tunneling TCP connections from Administration Console via the Administration Server and then via Network Agent to a specified port on a managed device. Tunneling is designed for connecting a client application on a device with Administration Console installed to a TCP port on a managed device—if no direct connection is possible between Administration Console and the target device.

    Connection tunneling between a remote client device and Administration Server is required if the port used for connection to Administration Server is not available on the device. The port on the device may be unavailable in the following cases:

    • The remote device is connected to a local network that uses the NAT mechanism.
    • The remote device is part of the local network of Administration Server, but its port is closed by a firewall.
  • Windows Desktop Sharing. When connecting to an existing session of the remote desktop, the session user on the device receives a connection request from you. No information about remote activity on the device and its results will be saved in reports created by Kaspersky Security Center Cloud Console.

    You can configure an audit of user activity on a remote client device. During the audit, the application saves information about files on the client device that have been opened and/or modified by the administrator.

To connect to the desktop of a client device through Windows Desktop Sharing, the following conditions must be met:

  • Microsoft Windows Vista or later is installed on your workstation.

    To check whether the Windows Desktop Sharing feature is included in your Windows edition, make sure that CLSID {32BE5ED2-5C86-480F-A914-0FF8885A1B3F} is included in the 32-bit registry.

  • Microsoft Windows Vista or later is installed on the client device.
  • Kaspersky Security Center Cloud Console uses a license for Vulnerability and patch management.
  • The client device is a member of an administration group that has a distribution point with the Do not disconnect from the Administration Server option enabled, or this option is enabled in the client device settings.

    Note that the maximum total number of client devices with the Do not disconnect from the Administration Server option enabled is 300.

To connect to the desktop of a client device through Windows Desktop Sharing:

  1. In the main menu, go to Assets (Devices) → Managed devices.
  2. Select the check box next to the name of the device to which you want to obtain access.
  3. Click the Windows Desktop Sharing button.

    The Windows Desktop Sharing wizard opens.

  4. Click the Download button to download the klsctunnel utility, and wait for the download process to complete.

    If you already have the klsctunnel utility, skip this step.

  5. Click the Next button.
  6. Select the session on the device to which you want to connect, and then click the Next button.
  7. On the target device, in the dialog box that opens, the user must allow a desktop sharing session. Otherwise, the session is not possible.

    After the device user confirms the desktop sharing session, the next page of the wizard opens.

  8. Click the Copy to clipboard button to copy the text from the text field. This text is a Binary Large Object (BLOB) that contains settings required to establish connection between the Administration Server and the managed device.

    A BLOB is valid for 3 minutes. If it has expired, generate a new BLOB.

  9. Run the klsctunnel utility.

    The utility window opens.

  10. Paste the copied text into the text field.
  11. If you use a proxy server, select the Use proxy server check box, and then specify the proxy server connection settings.
  12. Click the Open port button.

Desktop sharing starts in a new window. If you want to interact with the device, click the menu icon () in the upper-left corner of the window, and then select Interactive mode.

See also:

Managing client devices

Ports used by Kaspersky Security Center Cloud Console

Scenario: Configuring network protection

');
Kaspersky Endpoint Security for Business Advanced: Adaptive security of your company
Web and device controls. Data encryption. Centralized and convenient management from a single console.
');
Kaspersky Premium Support (MSA): High‑priority incident processing
Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).