Checking through my stats, I’ve seen alot of hits from Google related to TeamViewer. I’m going to attempt to answer a few questions that I have seen results for, purely for traffic purposes 😛
Authenticating with Windows Username/Password
I actually had to use this last week, cause for some odd reason, the password we configured for our custom TeamViewer app wouldn’t work for this particular client… Odd…
Firstly, this only appears to be available on Windows – I tried doing this on my Mac TeamViewer client but it wouldn’t work… Booooo. Might just be an old version, I couldn’t be stuffed checking right now…
That said, on your Windows TeamViewer client, after entering the Client ID and connecting, click the “Advanced” button on the Authorization screen to bring up a bunch more options. You should now have a “Authentication” drop down box, with TeamViewer and Windows as your options. Selecting Windows gives you a familiar, “Username, Password, Domain” style screen. Simple. Enter the details and click Log On. You’re done!
Blocking TeamViewer Access
This is probably something I’d not ever want to touch, purely because I have clients I NEED to connect to, but I understand that some systems administrators might feel the need to block their employees from setting up TeamViewer on their machines for remote access purposes, or just to stop outside parties from soliciting internal users into starting TeamViewer sessions…
The first way I can think of to block TeamViewer access, is by using Local Security Policies, or Group Policies. There is a nasty little policy option that enables you to block an application from running, if it matches a certain filename – obviously, use this with care!
The option you want to look for is located in User Configuration -> Administrative Templates -> System -> Don’t run specified Windows applications.
Enable this policy, and simply add the TeamViewer executables (TeamViewer.exe, TeamViewer_Setup.exe, etc etc) to the “List of disallowed applications”.
Obviously, renaming the files is going to circumvent this… So moving on…
A quick NetStat on my Vista machine with the full TeamViewer client installed yielded the following result:
TCPÂ Â Â 192.168.1.10:53039Â Â Â Â server904:5938Â Â Â Â Â Â Â Â ESTABLISHED
[TeamViewer.exe]
The answer is quite simple – block outgoing connections to TCP port 5938… This will stop the TeamViewer client from connecting back to TeamViewer’s central servers, which is necessary to generate the client ID, and to punch a hole through the firewall to allow people to connect in the first place.
You could probably set this on the local firewall, using Windows Firewall or perhaps by using your chosen centrally managed endpoint security package (Trend/Sophos/Symantec etc all have firewall options with their antivirus clients).