We are looking for when a SC session ends or we exit, that the Windows session also get logged off. There are too many times where a SC session disconnects, and the next day someone goes to log into the server, everything is left off where the previous tech was. We need this to be clear when a user logs into the system.
Question from the product/engineering team:
How does logoff on disconnect provide more security than implementing the already present feature to Lock on Disconnect?
Thanks!
Sean
Mimikatz is often used by threat actors to capture the credentials of current sessions (active or disconnected), which can then be used for lateral movement through an environment.
Every ransomware event we've seen in recent times has made use of Mimikatz.
Question from the product/engineering team:
How does logoff on disconnect provide more security than implementing the already present feature to Lock on Disconnect?
Thanks!
Sean
Logoff will close any user spawned processes, while locking will keep them active.
This presents a potential security risk, depending on the environment.
Question from the product/engineering team:
How does logoff on disconnect provide more security than implementing the already present feature to Lock on Disconnect?
Thanks!
Sean
The following should help. - https://forums.mspgeek.org/topic/6856-lock-server-on-connect-lock-server-on-disconnect-triggers/#comment-38028
You may just need to change the batch that gets executed which can call one of the following commands.
logoff or shutdown -l
Another vote for this, especially with the constant threat of Mimikatz these days.
For our use case, we'd nee a GUI option to opt out of this for a connection to a session. For example tech is starting a process in user space on a server that will run for 14 hours, and tech needs to disconnect and reconnect tomorrow to check on it. If there's no option to opt out of this when they disconnect it would log them off and kill their task. This would make this useless to us as we couldn't enable it.
We've implemented "Lock session" upon disconnected sessions and "Limit Idle Sessions" through the Advanced Configuration Editor. This request has been much requested from our internal security team. Managing several customer environments, this feature (auto logoff windows session on disconnect/exit) would be a huge security feature!
When closing a ScreenConnect session on a server using the X in the top right hand corner it keeps a user logged in via a console session.
For security purposes, would it be possible to have another option next to the X to disconnect and log the user off?
Reason for the additional option is that sometimes you will need to have a session open to run tasks but other times you would prefer to log off completely.
I have reviewed https://docs.connectwise.com/ConnectWise_Control_Documentation/Get_started/Knowledge_base/Disconnect_an_idle_host_from_a_session and https://docs.connectwise.com/ConnectWise_Control_Documentation/Get_started/Knowledge_base/Disconnect_a_participant_from_a_session and they do not cover having both options when disconnecting.
This feature would be greatly appreciated.