Welcome to our community!

Upgrades to Host Pass

Avatar
anonymous
  • updated
  • Completed

Parneters would like additional options for the host pass feature. Capturing suggestions in this ticket.


1. Expand the Lifetime of the host pass or make it configurable. There are times when you'll have extended engagements with vendors and need more than a day for them to complete work.

2. For the permissions, allow the host to pick from a list of existing roles to further limit the permission of hosts using the Host Pass feature.

3. Restrict the ability to use the host pass feature based on role (role-based permission)


Duplicates 4
Ability to customize "Get Host Pass" time

It would be great to have the ability to customize "Get Host Pass" time to a sepcific limit.

Get Host Pass Permission

Is a Big Security Issue if any Hosts can give Host Password to external Tech ! It is a must that one need to restrict with permission who can see and use this feature.

The ability to Allow and control based on Roles who can use the "Get Host Pass" function.

Hi,


Currently the "Get Host Pass" is available to any user that has permission to connect to an Access machine, there is no way to turn this off or control which users are allowed to do this or not. This means potentially someone of basic access to a remote machine can invite and give access to someone that hasn't been authenticated onto the machine.


What I would like to be able to do is control the "Get Host Pass" availability the same way we control other permissions/functions based on Roles similar to Addnotetosession or Removenotefromsession


An extra permission under security like AllowGetHostPass which then makes the function available to users that match that Role.


Regards,

Restrictions for Get Host Pass feature

It's not secure to allow for any user to grant acces to some host for third party. It must be controlled feature because any company has a lot of controls and policies for protection corporate resources (even with ScreenConnect I can apply 2FA) but someone (any SC user) accidentaly or intentionally can send regular link by e-mail and I can't restrict it.

Replies 28
Avatar
0
Mike Bannerman Team Member
  • Pending Review
Avatar
0
mhighsmith

also with the feature set ShouldRevalidateAccessToken to True


unless there is another fix.

Avatar
6
Tony

1. I would like to see a GetSessionHostPass permission to only allow certain security roles to use the Get Host Pass command.


2. I agree that there should be an interface to enumerate, configure, and/or revoke existing host passes, both at a session level or across the entire SC system.


3. A nice security feature would be to have the ability to require MFA or at least specify password protection for the host pass URL at the time of creation. Anything is better than a free-for-all URL.

Avatar
1
Torri

Partners should be able to set the duration of host pass. As long as we also have the option to end the pass early if needed.

Avatar
5
mhighsmith

Would like it to be a security feature. not all users should be able to create / send out a Host Pass.

Avatar
0
anonymous
  • Pending Review
Avatar
3
Francois Kenney

Add fields to Get Host Pass for audit purposes. Our company is SOX compliant and we need to be able to track activities from the host passes but also why they were awarded, so when creating a host pass the user could have a few custom questions added to the host pass creation such as: Name, Company, Reason for the pass, etc.

Avatar
2
Francois Kenney

Add the possibility to globally deactivate features in host passes such as but not limited to:
- Block guest input
- Blank screen
- Reboot computer in safe mode
- Reboot computer in Normal mode
- Prompt / Store for credentials

- Disable Toolbox

- Screenshots and videos


Also need the possibility to revoke any Host pass without killing the session




Avatar
0
cmz

I found that the name of the host doesn't change on the console, logs etc even if the user who got the host past link add his own name when he launch the link. Is that possible to solve that too ?

Avatar
0
anonymous
  • Under Review


Top contributors
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar