Digitally sign the installers with YOUR certifictae
As a software vendor you need to digitally sign the installers for your product. Every other remote support vendor does this. You should not be making your clients pay for their own certificates to sign your installers, they will always have issues with reputation and being blocked by endpoint security. It is simple common sense to make a trusted installer (exe and msi), sign it yourself with your own certificate. Do not allow clients (i mean connectwise customers) the ability to edit this installer, but do provide install options by switches to specify server, clientname, groups etc to target it. Then provide further options by policy from the server to assign branding, hide the icon, hide the banner, etc etc.
This exactly. The relay server URL should be configurable as an installation switch.
I think the point of the other information being baked into the installer (the various custom values) is so persons with access to the given installer can't manually change those values, which may affect how much access they have to the resulting session within ScreenConnect. Despite this, however, we as administrators should be free to pass out the stock installer (signed by ConnectWise) as we see fit, and then manually assign the various other values within ScreenConnect. If customers want to be able to bake these values into the installer and then sign it themselves, that should be optional. But for customers who can't get a code signing certificate (or are uncomfortable with the cert's private key living on the ScreenConnect server...), a stock installer should always be an option.
As for my organization, we've literally never customized the installer. The only distinct thing about our installer is the relay URL...