Remotely controlling an unmanaged device

Remote control of an end user's desktop usually requires that a BMC Client Management agent is installed on that desktop. With the Remote Control on Request feature, end users can allow a helpdesk agent to remotely control their desktop without installing an agent. There are some limitations to the Remote Control on Request feature. Refer to the following table for more information.

TaskRemote control with an agentRemote control without an agent without credentialsRemote control without an agent with credentials
Lock the keyboard and mouse(tick)(error)(tick)

Launch a program as administrator when the User Account Control Policy (UAC) is enabled

Use the CTRL+ALT+DEL button(tick)(error)(tick)
Accessible by any user with Remote Control Recording Capabilities(error)(tick)(tick)

Recordings for the devices with an agent installed can be accessed only by the users with access to those devices and with Remote Control Recording Capabilities.

Through the web console, a helpdesk agent can remotely control a device on which a BMC Client Management agent is not installed. The remote control feature is supported on Windows and macOS systems. To remotely control devices that do not have a BCM agent, BMC Client Management provides 3 rollout packages out of the box. You can use the out-of-the-box rollout package or create a new package that is appropriate for the operating system and architecture, and assign the package to a rollout server.

The end users need the rights to download and install the package. The administrators need the following capabilities and access rights to use the Remote Control on Request feature:  

  • Remote control capability: View and manage
  • Rollout view capability
  • Read and assign access rights on the rollout packages

Based on your organization's security policies, you can specify the download location in one of the following ways:

  • A URL and authentication token that can be sent by separate means
  • A URL containing the location and authentication token

The end user downloads and executes the package. Executing the package registers the end user's desktop computer with the BMC Client Management system and enables at helpdesk agent to initiate a remote control connection to the desktop computer. The URL created by the package can be used only once by the end user.


The package and the session are valid for 24 hours only.

This BMC Client Management video (7 mins 14 secs) describes how to remotely control an unmanaged device.

To create a rollout package for remotely controlling unmanaged devices

  1. Navigate to Global Settings > Rollouts.

  2. Right-click and select Create Rollout .

  3. In the Properties dialog box, enter the required details for the following fields:

    NameEnter a name for the rollout package.
    Auto-extractable NameEnter the name for the rollout package executable file which is the actual installation package of the agent as defined in the console. This entry is a direct link to the location of the package from which you can download or launch the package.
    Rollout TypeSelect the rollout type as Remote Control.
    Operating SystemEnter operating system type and version of the target devices.
    Rollout PasswordAdd a password to the rollout package to create a secured executable.
    NotesEnter any additional information that might be useful.
  4. Click OK.
    After you create the rollout package, you must assign the package to a rollout server.
  5. From the location where you have created the package, click the newly created rollout.
  6. Click Servers.
  7. Click Assign to Rollout Server .
  8. In the Assign to Rollout Server dialog box, click All.
  9. Select a rollout server for the rollout package.
  10. From the Network Interface list, select the desired option which is an entry point for the users to access the rollout package.
  11. In the Friendly Name field, enter a description for the rollout server.
    This friendly name is displayed on the Web Console.
  12. Click OK.
  13. To make the package available, click the newly assigned rollout package and then click Generate the executable file for the rollout .

To add account credentials to the rollouts

As an administrator, you can add specific accounts credentials to the remote control on request rollouts. The added credentials must have administrative privileges. Only these accounts can log on to the device to execute the rollout in the order in which they are defined. Once a login is successful, all further accounts are ignored. Adding account credentials to the remote control on request rollout packages gives you a fully functional remote control on request session that has all the privileges.

  1. On the BMC Client Management console, go to Global Settings > Rollouts > Your rollout > Servers.
  2. Select the target server where you want to add the new account credential and go to the User Accounts tab.
  3. Right-click and select Add Account.
  4. From the Add an account credentials window, select the accounts you want to add to the rollout.
  5. (Optional) Click Create New Credentials to create a new credential.
    The Properties window is displayed. Enter the required information as explained in the following table and click OK.


    The name of the object under which it is known in BCM. This name may be any combination of characters.

    DomainEnter the name of the domain without extension.
    LoginEnter the administrative login name.
    PasswordEnter the password of the above entered administrator.
    Confirm PasswordRetype the password to confirm it.
    Hide PasswordsClear this option to view password in the clear text format.

    The selected account credentials are added to the rollout.

    Adding account credentials is possible only for the Windows rollout packages.

To share the URL for remotely controlling an unmanaged device

  1. To open your web console, enter the agent's address in a browser window in the https://masterHostname:consolePort/webconsole format.
  2. Enter your credentials.
    The Remote Control page opens.
  3. Click Remote Control  tab.
  4. In the Generate Session section, select the operating system of the end user's device.
  5. From the Package list, select the rollout package.
  6. Click Generate.

  7. (Optional) In the Session Details dialog box, enter a session name.

  8. In the Session Sharing section, select one of the following options:
    • Download portal URL and authentication token: use this option to provide the portal URL to the end user via email and the authentication token separately via phone. The end user can connect to the portal and enter the authentication key. The package download is launched immediately. After the package is downloaded, the end user can execute it.
    • URL of the Remote Control package: use this option to provide the full package URL and the end user does not need to go to the download portal.
  9. Based on your preference, select one of the following options to share the URL with the end user.
    • To send the URL via email, click .
    • To copy the URL, click .

To install the package for remotely controlling an unmanaged Windows device

To enable an agent to remotely control your device, you must download and execute a Remote Control package. The administrator or a helpdesk agent will share the URL for the download package with you.

  1. (Only if the authentication token is enabled) To download the package, open the Remote Control on Request Download Portal URL.

  2. (Only if the authentication token is enabled) In the Authentication Token field, enter the token value shared by your administrator.
  3. Click Download.
  4. Execute the downloaded rollout package.

    The package is installed and a connection to the device is established.

To install the package for remotely controlling an unmanaged macOS device

  1. Open the Safari browser and open the URL given by your administrator.
  2. Click on the downloaded executable file to launch the remote control on request client.
    To execute a BMC Client Management Agent on a device with macOS, you must right-click the package and then open the package. This is because macOS doesn't allow to execute files that are downloaded from internet by double-clicking them. If you want to control a device with macOS Mojave, from the Accessibility settings, you must manually provide permission for the BMC Client Management Agent to control your device.
  3. Right-click the package and provide the permission.
  4. (Only if the authentication token is enabled) To download the package, open Remote Control on Request Download Portal URL.

  5. (Only if the authentication token is enabled) In the Authentication Token field, enter the token value shared by your administrator, and click Download.
  6. In the pop-up window, enter your username and password, and click OK.

    The package is installed and a connection to the device is established. After the remote control session is over, you must manually remove the permission.

To remotely control an unmanaged device

After the end user installs the package, helpdesk agent can remotely control the device. If the end user tries to provide access to a device with macOS Mojave, the help desk agent must accept to give control of your device in the pop-up window.

  1. Open your web console, enter the agent's address in a browser window in the https://<master hostname>:<console port>/webconsole format.
  2. Enter your credentials.
  3. In the Manage Session section, click  next to the device that you want to remotely control.
  4. After a connection is established, select a device control level:
    • Allow view only
    • Allow full control
  5. To terminate the remote control session, click End Session or close the pop-up window.

The CTRL+ALT+DEL button is not available for a remote control on request session.

Was this page helpful? Yes No Submitting... Thank you