Under Review

Option to Auto-Consent if at the Lock/Login Screen

jeremy awecomm 6 years ago updated by Wil 8 months ago 9

We have the option enabled that allows us to bypass the consent requirement if there are no user processes running. This works as long as no one is logged in to the console session of the server. However, if anyone forgets to log off of a server and disconnects from the Control session, we have no way back into the server.

We would like an option to bypass the consent requirement for servers that are at the lock screen or login screen regardless of whether there are active RDP sessions or a locked console session still logged on.

In the future, if you release a feature allow us to create and connect to new RDP sessions, we would like this feature to extend to those disconnected RDP sessions as well so we can reconnect to them without being prompted for consent through Control (only needing to provide Windows credentials to log in).

I would also like this. Basicallly in my scenario, if the PC is locked, I couldn't access the files without the users Password, SO I would be able to login while a user was at lunch and do a quick update or other related task without intruding on any prevalent information that i'm not supposed to see.

We have AutoConsentAfterSeconds as an option in the app.config file.  Wouldn't that fulfill this request?  

AutoConsentAfterSecondsEnables a countdown (in seconds) before the consent-to-connect prompt automatically connects to a session 0 (Number of seconds for the countdown. 0 will disable the timer.)


Please let me know if I'm missing a detail.


Unfortunately not exactly the same thing. But it is very close.  There would have to be a way to determine that the machine was locked. Like allow consent if locked.  I'm not sure that would be an easy thing to determine.

With that policy, it could be my end user would ignore the prompt, and put Internet explorer in front of it for instance and keep working and allow me in when they didn't know I was there. I agree its their fault for ignoring the message, But auditors wouldn't agree. 

Where abouts along the road map to implementing this are we?


Is this planned on the roadmap? Not having a feature like this is very inconvenient for a lot of our accounts and it has been five years since this was proposed...

Here to request this as well, would like auto consent on the lock screen (same as the login screen) in case the user is afk or forgot to log off and we need to patch/resolve something. It would be the same thing as the login screen as we would need the password to get into the system anyways.