Pending Review

Disable backstage per machine

rbehnfeldt 2 years ago updated by madd4 11 months ago 3

I need to disable backstage mode per machine, as it is heavily used in our organization, but we don't want everyone to have access to backstage mode for some machines.

To clarify, it seems to be a big security hole, and while users should have some access in automate, they shouldn't have full access in backstage mode.

To clarify, you want to be able to say Machine A is unavailable for backstage connections, but Machine B is is not available for backstage connections?

We did add a new user role based permission: EnableBackstageLogonSession: https://docs.connectwise.com/ConnectWise_Control_Documentation/Get_started/Administration_page/Security_page/Define_user_roles_and_permissions/List_of_role-based_security_permissions

You could take "EnableBackstageLogonSession" off the groups you'd like to restrict.  Would this work for you?

We are requesting this as well. We require all users to connect with 2FA when logging into any server/machine, backstage does not prompt the user for it.

Forcing 2FA on connecting to backstage would solve this.  https://screenconnect.product.connectwise.com/communities/1/topics/3978-option-to-require-additional-2fa-for-backstage-or-running-commands