Remote Access Management at Scale: Managing Users, Computers, and Permissions Efficiently

Managing remote access for one person is easy. Managing it for a team is where things get complicated fast.

Someone leaves the company and their credentials are still active on six machines. A new technician needs access to the client environment, so you share computers with them one by one and hope you didn’t miss anything. A contractor gets broader access than they should because it was faster than setting it up properly. Six months later, nobody’s quite sure who can connect to what or who changed a setting and when.

This is the access management problem that shows up in every environment managing unattended remote access at scale. Without centralized control over computers, users, and permissions, access management quickly becomes both a security and operational problem. That’s what the Administration section in ISL Online is built to do.

What the Administration section is (and who can access it)

The Administration section lives in the ISL Online web portal and is only accessible to Domain Admin users. The Account Owner is a Domain Admin by default. You can promote other users by going to Administration > Users > [select user] > Settings > General and enabling Domain Admin.

Think of it as your control room: a centralized environment for organizing remote computers, managing user permissions, and enforcing security policies across your ISL Online domain.

There are six main areas:

• Computers,
• Computer Groups,
• Users,
• User Groups,
• Audit,
• Settings.

Each focuses on a different part of remote access administration, from device organization and permission management to auditing and domain-wide security controls.

Computers: centralized remote computer management and visibility

There’s a dedicated Computers tab in Administration that shows every remote computer linked to your ISL Online domain, including those registered by other users in your domain, not just your own.

The table of computers can include: Alias, Computer Name, Status, Last Online, Computer Group, Owner, Shares, Tags, Platform, Agent Version, IP Address, and MAC Address. If that’s more columns than you need, just tick the ones you want, the view is configurable. You can also export the full list to CSV at any time.

Click any row and a Quick view panel opens on the right, giving you fast access to that computer’s details and actions without leaving the list. From there you can:

• Change a computer’s group: move it into the right organizational bucket
• Reassign ownership: useful when someone leaves the team or you need to take over a machine
• Share a computer with specific users or user groups
• Add tags for categorizing by location, client, department, or whatever makes sense for your environment

The Administration > Computers view is built for centralized oversight and administrative control. It’s where Domain Admins can quickly review the environment, reorganize devices, manage sharing, and adjust ownership without digging through individual user accounts.

For operational tasks performed across multiple machines, such as bulk password changes or ISL AlwaysOn agent upgrades, you’ll still use the main Computers page in ISL Light or the web portal.

If you want certain admins to have full visibility into all managed devices without the ability to modify anything, you can make the Computers tab read-only for Domain Admins. You can configure this under Administration > Settings > General > Edit computers (domain admin only). When the Edit computers (domain admin only) setting is disabled, admins can still view all computers and their details, but they can no longer rename, reassign, tag, or share devices.

Read the Computers manual

Computer Groups: scalable remote access management for multiple computers

Sharing unattended remote access devices one by one works fine when you have five machines. It doesn’t work at all when you have 50.

Computer Groups let you bundle remote devices together and share the whole group with users or user groups in one step instead of configuring access for each computer individually. When a new computer gets added to an existing group, it’s automatically shared with everyone who already has access to that group. No manual re-sharing required.

You can create, delete, and filter Computer Groups directly from Administration > Computer Groups. Click any row to open Quick View, where you can easily add or remove computers from the group. Click into a specific group and you’ll find a Computers subtab showing the full list of machines assigned to it.

The Group Owner is the user who created the Computer Group and has full control over it. One practical detail worth knowing: when you add a computer to a group, ownership of that computer is automatically transferred to the Group Owner. If ownership assignment matters in your environment, it’s a good idea to plan your group structure before reorganizing machines.

When you add members to a Computer Group, you assign one of three permission levels:

• Connect Only: they can connect to computers in the group, nothing else
• Computers Manager: inherits Connect Only, plus can edit, delete, and run actions like agent upgrades or password changes
• Group Admin: inherits Computers Manager, plus can add or remove members and change their permissions

Read the Computer groups manual

Users: manage technician permissions and remote access right

The Users page is where you create ISL Online accounts for your technicians, set their passwords, and configure what they’re allowed to do.

Beyond the basics (create, edit, delete), you can use per-user settings to limit license usage, restrict session scheduling, enforce two-factor authentication, and control capabilities like file transfer, desktop control, and recording. You can also export the full user list to CSV or JSON, which is handy for audits or onboarding documentation.

Password management is built in: you can change a user’s password directly or send a reset link to their email.

Read the Users manual

User Groups: simplify remote access permissions for teams

User Groups are the other half of the access management picture. Where Computer Groups organize machines, User Groups organize people.

Create a group for a department (say, “Tier 1 Support”), add your technicians to it, then share the relevant Computer Groups with that User Group. New team members get access to unattended remote devices automatically when you add them to the group. When someone moves to a different team or leaves, remove them and their access disappears with them.

One thing worth knowing: User Groups are an access-sharing mechanism, not a policy container. Settings are configured at the user level or domain level, not at the group level. It’s a limitation some teams run into, and worth planning around if you need different permission profiles for different departments.

Read the User groups manual

Audit: track remote access changes and administrator activity

When you’re managing remote access across a large environment, visibility into what’s happening is just as important as controlling it. The Audit log provides centralized visibility into administrative actions, permission changes, and security-related events across the environment.

Every action a Domain Admin takes is recorded in the Audit log. The log shows the timestamp, status, event type, the user who made the change, and a before/after data snapshot so you can see exactly what was modified. If you need more context, click Columns to add IP Address, User-Agent, and dynamically allocated data fields that reflect the specific content of each log entry.

Filtering is where the Audit log becomes genuinely useful for investigations. You can filter by:

• Event — for example, show only “user created” or “domain setting changed” entries
• User — isolate everything a specific admin did
• Status — surface only failed actions
• IP Address — useful if you suspect unauthorized access from a specific location
• Timestamp — narrow down to a specific time window using before, after, or between operators
• User-Agent — identify the browser or client used

The filtering is flexible: include/exclude values, stack multiple filters, and toggle them on and off without deleting them. If you need to investigate a specific incident or just verify a configuration change happened correctly, this is where you go.

In remote access environments, the Audit log functions as an operational and compliance record. It shows what happened, when, and who did it.

Read the Audit manual

Settings: enforce remote access policies across your organization

The Settings tab is where administrators define how ISL Online behaves across the domain, including remote access policies, security controls, session restrictions, and permission rules. Changes here apply to all users unless overridden at the user level and whether that override is allowed is itself something you control.

Most settings have three possible values:

• Enabled,
• Disabled (allow override),
• Disabled (deny override).

That third option is the important one. It locks a setting down so that no user or lower-level admin can change it regardless of their permissions. When you’re enforcing a security baseline across a large team, that distinction matters.

There’s a lot in here. Rather than walk through every option, here are the settings that tend to matter most in environments with multiple operators and a large number of remote computers:

Two-factor authentication. You can require 2FA for all users by disabling “Login without configured Two-Factor Authentication.” Users who haven’t set it up yet will be prompted on their next login. If you want to enforce this without exceptions, set it with deny override. It’s one of the higher-impact security controls available at the domain level.

Password policy. You can set minimum and maximum length, require uppercase, lowercase, digits, and special characters, enforce password history (the default stores the last 24 passwords), set a maximum password age, and block commonly used weak passwords. These rules apply on the next password change, they don’t retroactively invalidate existing passwords, so keep that in mind when rolling out a new policy.

Scheduled sessions. You can restrict when users are allowed to start sessions, down to specific days and time windows in UTC. Sessions outside the schedule are rejected at the start. You can also cap maximum session duration and decide whether active sessions get terminated when the schedule window closes. For environments where after-hours access should be the exception rather than the rule, this is worth setting up.

License limits. The “Max license usage” setting caps how many concurrent licenses an individual user can consume. In larger teams, a few heavy users can unintentionally crowd out everyone else. Setting a per-user limit keeps things predictable.

Remote desktop and file transfer controls. Under the ISL Light settings, you can control whether operators can view or control the remote desktop, share their own screen, transfer files in either direction, use the file manager, and record sessions. These can be set at the domain level and overridden per user where needed. It comes useful if most operators should have standard permissions but a subset needs more or less.

Unattended access limits. Under ISL AlwaysOn settings, you can cap the total number of unattended remote access devices per user and across the domain. You can also set scheduled access windows specifically for unattended connections, separate from the general session schedule.

This is a representative sample. The full Settings page also covers SSO username mapping (Premium Cloud License), guest operator permissions, RDP/SSH tunnel controls, and security session management for viewing and terminating active domain sessions. If you’re deploying ISL Online across a team or organization, it’s worth going through it section by section.

Read the full Settings manual

The Administration section doesn’t require much ongoing maintenance once it’s set up well. The payoff is that access control becomes predictable — new machines and new people slot into existing structure rather than requiring ad-hoc sharing every time.