Challenges with Unattended Access

Ok found another post on here that described trying to remote into machines using unattanded access...

Secure Remote Delegation Login problem - Devolutions Forum

For now this may be a deal breaker for us: From what I can see, you either require a local account on the target machine, a remote access password for the agent on the device or permission to be granted at the console by the user. Does this sound correct? If so, will true unattended access be part of the development of this? We love the idea of hosting our own remote access solution but need the ability to remote into agents without a local account on the machine.

Ideally we would install the agent and it would just give us straight up console access. If a user was logged on, we see that. If it was at the windows logon screen, we get that. For MSPs, I am thinking of ways we could make this work without compromising security or being a maintenance nightmare.

Hi,

True unattended access is with Secure Remote Delegation (SRD), and it requires system user credentials to connect. However, this account *does not* need to be usable for a regular system logon, it only has to exist and be part of the "wayk-users" group. This will give you "console access" where you always get to see whatever is currently visible on the remote computer (winlogon, or the current user session). You can see it as a special account created only for Wayk unattended access.

If the target machine is on a Windows domain and Wayk Bastion uses the Active Directory integration, it is possible to automatically allow the same domain account when connecting with SRD, but you still need to use your credentials when connecting.

Best regards,

Thanks for the reply! That is good to know. Ideally console access would not require a local account at all, but I totally get how things work in their current state. From an MSP perspective, supporting multiple orgs and individuals, what would you recommend best practice be to deploy for unattended access?