Disable backstage per machine
I need to disable backstage mode per machine, as it is heavily used in our organization, but we don't want everyone to have access to backstage mode for some machines.
Welcome to our community!
Replies 3
Mike Bannerman Team Member
To clarify, you want to be able to say Machine A is unavailable for backstage connections, but Machine B is is not available for backstage connections?
We did add a new user role based permission: EnableBackstageLogonSession: https://docs.connectwise.com/ConnectWise_Control_Documentation/Get_started/Administration_page/Security_page/Define_user_roles_and_permissions/List_of_role-based_security_permissions.
You could take "EnableBackstageLogonSession" off the groups you'd like to restrict. Would this work for you?
We are requesting this as well. We require all users to connect with 2FA when logging into any server/machine, backstage does not prompt the user for it.
Forcing 2FA on connecting to backstage would solve this. https://screenconnect.product.connectwise.com/communities/1/topics/3978-option-to-require-additional-2fa-for-backstage-or-running-commands
To clarify, it seems to be a big security hole, and while users should have some access in automate, they shouldn't have full access in backstage mode.