Checklist for small teams

Here is a checklist designed to help IT administrators install and configure Remote Desktop Manager for the first time when working in a small team of at most 15 users using SQL Server.

First download and install Remote Desktop Manager before proceeding.

CHECKLIST FOR SMALL TEAMS DESCRIPTION
Step 1 - Configure and create the SQL data source Upon first launch, Remote Desktop Manager prompts you to select a data source. Devolutions integrates the following data source types for small team environments:
You need to enter general data source information such as the name and the host.

For the first database user, create a SQL administrator account with the Database login mode. Then, create the database and set up initial parameters for the default vault.
Overview of authentication and login types Users will authenticate using the method of your choosing:
  • Database login: Uses a SQL login to directly access the SQL server. The first database administrative user is created using this method.
  • Integrated Security (Active Directory): Recommended for Azure SQL data sources. Uses the active user’s Microsoft AD account.
  • Custom login: Recommended for SQL Server data sources. Allows for the creation of Remote Desktop Manager accounts for users to authenticate with, but prevents them from having direct access to the SQL database through an external tool.
Step 2 - Register your license Add your license to the data source.A Remote Desktop Manager Team Edition 30-day trial is available upon request.

You can enable the option to have licenses auto-assigned, so that when new users are created they automatically receive a license.

Assign a license to the administrator account previously created so that you can create more administrative accounts. This license can be freed up later on.
Step 3 - Create the "custom login" Remote Desktop Manager and SQL account Create a new administrative SQL user with just enough read/write permissions on the SQL side to accomplish what they need to do in Remote Desktop Manager without having complete control over the SQL server itself. Use the Database Authentication type for this account so it can create both a Remote Desktop Manager login and a SQL account login.
Step 4 - Create the administrator user account Create the account that the administrator will use daily to access Remote Desktop Manager. Use the Custom (Devolutions) Authentication type for this account.

Once this daily account is created, you can update the data source with the correct login information to reflect that this new administrative account is used instead of the first account.

It is now safe to delete the first database account and to unassign the license of the administrative SQL user.
Step 5 - Create remaining user accounts Add all other users one by one using the Authentication type of your choice. See the Overview of Authentication and Login Types or User Management for more information.
Step 6 - Create user groups Create user groups and assign previously created users to those groups. Each user can be part of predefined permissions in user groups, which helps you manage who has access to which resources and what they can do with them without having to individually manage them.
Step 7 - Create vaults In Remote Desktop Manager, data is stored in a hierarchy of folders and entries all within vaults. The number of vaults created and the way they are categorized is completely up to you, but we have seen great success in teams separating their content by departments, locations, and customer accounts.

All users have access to the default vault created after installing Remote Desktop Manager. You can change its configuration as well as create other vaults, then assign them users and user groups.

Access all vaults using the vault selector in the Navigation pane. Each user can also access their own user vault. This vault is only accessible to them and is a great place to store business-related entries for the user, such as alarm codes, user credentials, websites, documents, etc.
Step 8 - Assign permissions Permissions can be granted to users and user groups. They are set on the vault, folder, and entry levels.

The permissions granted on the folder can be inherited by each entry set under that folder.

It is possible to batch grant access permissions and permission sets to users and user groups.
Step 9 - Add a security provider for encryption Remote Desktop Manager encrypts all passwords and sensitive information with AES-256 encryption, but some organizations may require for the whole database to be encrypted.

The Security Provider is an additional level of encryption to the already-encrypted passwords and sensitive information. It can be configured using a passphrase, a certificate, or a keyfile. See our Security providers best practices.
Step 10 - Deploy to workstations Deploy Remote Desktop Manager to your end users using the Custom installer service, which creates a customized MSI package that can be installed or deployed. It contains a fully packaged version of Remote Desktop Manager along with all of the data source information required for a user to access the database.

The MSI can then be manually installed or silently pushed to workstations using a deployment tool.
CHECKLIST FOR SMALL TEAMS DESCRIPTION
Step 1 - Configure and create the SQL data source Upon first launch, Remote Desktop Manager prompts you to select a data source. Devolutions integrates the following data source types for small team environments:
You need to enter general data source information such as the name and the host.

For the first database user, create a SQL administrator account with the Database login mode. Then, create the database and set up initial parameters for the default vault.
Overview of authentication and login types Users will authenticate using the method of your choosing:
  • Database login: Uses a SQL login to directly access the SQL server. The first database administrative user is created using this method.
  • Integrated Security (Active Directory): Recommended for Azure SQL data sources. Uses the active user’s Microsoft AD account.
  • Custom login: Recommended for SQL Server data sources. Allows for the creation of Remote Desktop Manager accounts for users to authenticate with, but prevents them from having direct access to the SQL database through an external tool.
Step 2 - Register your license Add your license to the data source.A Remote Desktop Manager Team Edition 30-day trial is available upon request.

You can enable the option to have licenses auto-assigned, so that when new users are created they automatically receive a license.

Assign a license to the administrator account previously created so that you can create more administrative accounts. This license can be freed up later on.
Step 3 - Create the "custom login" Remote Desktop Manager and SQL account Create a new administrative SQL user with just enough read/write permissions on the SQL side to accomplish what they need to do in Remote Desktop Manager without having complete control over the SQL server itself. Use the Database Authentication type for this account so it can create both a Remote Desktop Manager login and a SQL account login.
Step 4 - Create the administrator user account Create the account that the administrator will use daily to access Remote Desktop Manager. Use the Custom (Devolutions) Authentication type for this account.

Once this daily account is created, you can update the data source with the correct login information to reflect that this new administrative account is used instead of the first account.

It is now safe to delete the first database account and to unassign the license of the administrative SQL user.
Step 5 - Create remaining user accounts Add all other users one by one using the Authentication type of your choice. See the Overview of Authentication and Login Types or User Management for more information.
Step 6 - Create user groups Create user groups and assign previously created users to those groups. Each user can be part of predefined permissions in user groups, which helps you manage who has access to which resources and what they can do with them without having to individually manage them.
Step 7 - Create vaults In Remote Desktop Manager, data is stored in a hierarchy of folders and entries all within vaults. The number of vaults created and the way they are categorized is completely up to you, but we have seen great success in teams separating their content by departments, locations, and customer accounts.

All users have access to the default vault created after installing Remote Desktop Manager. You can change its configuration as well as create other vaults, then assign them users and user groups.

Access all vaults using the vault selector in the Navigation pane. Each user can also access their own user vault. This vault is only accessible to them and is a great place to store business-related entries for the user, such as alarm codes, user credentials, websites, documents, etc.
Step 8 - Assign permissions Permissions can be granted to users and user groups. They are set on the vault, folder, and entry levels.

The permissions granted on the folder can be inherited by each entry set under that folder.

It is possible to batch grant access permissions and permission sets to users and user groups.
Step 9 - Add a security provider for encryption Remote Desktop Manager encrypts all passwords and sensitive information with AES-256 encryption, but some organizations may require for the whole database to be encrypted.

The Security Provider is an additional level of encryption to the already-encrypted passwords and sensitive information. It can be configured using a passphrase, a certificate, or a keyfile. See our Security providers best practices.
Step 10 - Deploy to workstations Deploy Remote Desktop Manager to your end users using the Custom installer service, which creates a customized MSI package that can be installed or deployed. It contains a fully packaged version of Remote Desktop Manager along with all of the data source information required for a user to access the database.

The MSI can then be manually installed or silently pushed to workstations using a deployment tool.
Devolutions Forum logo Give us Feedback