- Print
- DarkLight
- PDF
Remote Control and Shadow
- Print
- DarkLight
- PDF
You can use Edge DX to remotely control or shadow a device.
Permissions
- To start a Remote Control session, you need the permission Allow Remote Control.
- To start a Remote Shadow session, you need the permission Allow Remote Shadow
- To start a Remote Control or Remote Shadow session without requiring consent from the end user of the device, you need the permission Allow Remote Control and Remote Shadow without End User Consent.
- To transfer files during a Remote Control session, you need the permission Allow File Transfer.
- To open an elevated cmd prompt during a Remote Control session, you need the permission Allow Elevated Command Shell.
- To configure automatic reconnection settings for Remote Control or Remote Shadow sessions, you need the permission Manage Remote Control Settings.
You can set the scope of a permission so that it applies only to certain devices. For example, you can give a user permission to perform an action (such as remote control) only on devices used by the Finance department. Learn more.
Prerequisites
- For macOS devices, the device user might need to configure device settings to allow Remote Control. Learn how to allow Remote Control on macOS devices..
- For Linux devices, the x11vnc package must be installed and running on the device. Remote control is supported only when using the Xorg display manager.
End user consent requirement
When you start a remote control or shadow session, you can select whether to ask for consent from the end user of the device.
If you select Ask for user consent, then the remote session starts only if the end user agrees to the following prompt:
An Edge DX user can start a remote session without end user consent only if they have the permission Allow Remote Control and Remote Shadow without End User Consent.
To remotely access a device with no active users, you can start a remote control session as the CONSOLE user without requesting end user consent. To do this, your Edge DX user account must have the permission Allow Remote Control and Remote Shadow without End User Consent for the targeted device.
Start a Remote Control session
To start a Remote Control session on a device:
Open the Actions menu for a device and select Assist > Remote Control.
Select the user session to Remote Control.
- For Windows devices, select an active user session or the console session. If you select the console, you can access the device as a user of your choice, or as a new user (for a multi-session Windows OS), if nobody is currently signed in to the device.
- For Linux devices, select an active user session. You can use remote control on Linux devices only if a user is currently signed in to the device.
- For macOS devices, select an active user session or Login Screen. If you select Login Screen, you can sign in as any valid user on the macOS device. Note that remote control performance is generally better if you select an active user session than if you select Login Screen.
Select whether you want to ask for user consent before starting the Remote Control session.
Click Start Remote Control. If you have selected to Ask for user consent, then the Remote Control session starts only if the user agrees to the request.
While the Remote Control session is active, an icon appears on the end user's device:
If the end user clicks on the icon, they can see who initiated the Remote Control session and they have the option to end the session. Note that end user can end the Remote Control session even if the session was initiated without asking for their consent.
Start a Remote Shadow session
To start a Remote Shadow session on a device:
Open the Actions menu for a device and select Assist > Remote Shadow.
Select the user session to Remote Shadow.
Select whether you want ask for user consent before starting the Remote Shadow session. If you select Ask for user consent, then the Remote Shadow session begins only if the end user agrees to the prompt on their screen.
Click Start Remote Shadow. The Remote Control either starts or sends the consent request to the end user of the device, depending on whether you selected Ask for user consent.
While the Remote Shadow session is active, an icon appears on the end user's device to let them know that they are being shadowed. The end user has the option to end the Remote Shadow session.
File transfer
During a Remote Control session, you can transfer files up to 100MB between your device and the end user's device.
To retrieve a file from a device:
- During a Remote Control session, click Retrieve Files.
- Navigate to and select the files you want to retrieve.
- Click Retrieve. A progress bar appears at the top of the Remote Control session to show the progress of the file transfer.
The retrieved files are saved to your local Downloads folder.
To send files to a device:
- During a Remote Control session, click Send Files and select whether you want to send Files or entire Folders.
- Navigate to and select the file or folder you want to send.
- Click Upload or Open. A progress bar appears at the top of the Remote Control session to show the progress of the file transfer.
The sent files are saved to the device in the \Downloads\EdgeDX folder.
Open an elevated command prompt
During a Remote Control session, click Elevated Cmd to open an Elevated Command Prompt, which gives you admin privileges. The Elevated Command Prompt automatically closes at the end of the remote control session so that the device user does not have admin access.
Note that this option is available only when you are controlling a Windows device.
Multi-monitor support
During a Remote Control or Shadow session, you can select which display to control If the remote device has multiple monitors (displays). Select All Displays to view and control all displays at the same time.
Copy and paste between devices
During a Remote Control session, enable the Clipboard to copy and paste between your local device and the remote device.
If you are remotely controlling a macOS device from a Windows device, you must press Alt-c and Alt-v to copy or paste within the remote session. If you are remotely controlling a Windows device from a macOS device, you must press Control-c and Control-v to copy or paste within the remote session.
Take a screenshot
During a Remote Control or Shadow session, click Screenshot to take a screenshot of the remote display. The screenshot is saved to your local Downloads folder.
Zoom in
During a Remote Control or Shadow session, click Zoom to zoom in on the remote display.
After you zoom in, you can select which part of the screen to view by clicking on the screen area map at the top right corner.
Remote control/shadow connection flow
A remote control or shadow session is established with the following steps:
- A user requests to start a remote session on a device from the Edge DX console. Read above for details on this step.
- A remote session window opens in the Edge DX user's browser and connects to your Edge DX tenant over a websocket.
- Your Edge DX tenant sends an action to the device via the operations websocket (this websocket is initiated by the device to the tenant).
- The Edge DX Agent opens a new websocket connection to the tenant, and then launches cu_rc.exe and routes traffic to it over a local TCP port.
- The websocket connections opened in steps 2 (from the remote session browser window to the tenant) and 4 (from the Agent to the tenant) are joined through the tenant to connect the remote session browser window to the Agent.
- An app (RCNotifications.exe) displays a notification to the end user to let them know that a remote session is in progress, and allows them to end the remote session.
Note that all communications are outbound from the device to the tenant, and the cu_rc.exe component will not accept connections from any other source.
Automatic reconnect
Automatic reconnect requires Windows Agent 2.15 Beta 4 or higher
If Automatic Reconnect after network change or error is enabled, remote control/shadow sessions on Windows devices automatically reconnect if the remote device's network connection is interrupted (for example, if the WiFi signal drops or switches to a new network). The session times out if it is unable to reconnect after 6 minutes. If the session times out, then you must initiate a new remote session. This feature is enabled by deafult. You can disable it by going to Configuration > Settings > Remote Control.
A message appears for users on both ends of the remote session to let them know when the session is disconnected and reconnected.
Automatic reconnect after device reboot
If Automatic Reconnect after reboot is enabled, remote control/shadow sessions on Windows devices automatically reconnect if the remote device reboots. This feature is disabled by default. You can enable it by going to Configuration > Settings > Remote Control.
If the remote session was initiated for a specific user session, then the remote session reconnects after the end user signs into their device.
If the remote session was initiated for the console session, then the remote session reconnects at the login screen only if the following policy settings are enabled on the remote device. If these settings aren't enabled, then the remote session reconnects after an end user signs into the device. Note that if you use BitLocker, these settings are automatically enabled unless they have been explicitly disabled by a policy. Read Microsoft's documentation about these settings.
Note that automatic reconnect after reboot currently doesn't work if you initiate a remote session for the console session and then switch user sessions before rebooting.
Auditing
The Edge DX System Events log stores the following details related to Remote Control or Shadow:
- When the session started and ended.
- Who initiated the session.
- Whether the session was initiated with or without asking for user consent.
- What device was controlled/shadowed.
- What files were transferred.
- When an Elevated Command Prompt was opened.
Known issues
- If you reboot a macOS device and the device is at the FileVault unlock screen, Remote Control can't be initiated. This is because the Agent isn't running but Edge DX has not yet registered that the device isn't connected to your environment.