+154
Under Review

Be able to apply app.config settings per session group

Steven 9 years ago updated by Joshua A. Szántó 2 years ago 40 13 duplicates

Be able to apply App.Config files or settings based on the Session Group(s) a computer is in.

CW#7546987

Duplicates 13
+4

We are starting to use BGInfo and it would be nice to separate the workstations from servers for blacking out the wallpaper. Also, this would open up SO MANY other doors for managing settings and configurations.

Pending Review

YES!! Specifically for servers.

Thanks Kirsten

Thanks for your feedback. Is this because the banner is taking up real estate when viewing the remote machine in the host client?

+4

No. At the moment we can choose whether to contact a client silently or not. But this policy is set for the whole Screenconnect installation. I want to be able to choose the policy per session group.

+4

We too would like to separate servers from workstations so we can apply the "AccessLockMachineOnDisconnect" to servers but not to workstations when disconnecting. Ideally we'd like to add a value to custom property, as our servers are spread across several groups and applying the setting to just one group is not ideal, where as creating a custom property (for example IsServer : True / False) would be perfect.

Yeah, that's exactly what I'm looking for, too, Trevor! We're currently working around it with an LabTech/CW Automate script that swaps app.configs on servers, but would be nice to have it built in.

Would you be willing to share the script you have that swaps this?  We're trying to have AutoLockonDisconnect enabled on servers, but not on workstations.  Any help you could provide would be greatly appreciated.

I looked at this, you have to use a GPO/Script/Labtech/Automate anyways to deploy the system variable that plugin needs based on your criteria for which machines need which settings. I got that working and then realized it would be easier to just distribute the app.config files and restart the service so that's what I'm doing now until you guys can get this feature in place.

We would make use of this feature also. We have a single client with a single computer that displays graphics on an external touch screen. Sometimes they need remote assistance with that computer and having the station lock on a touch only screen causes a headache trying to get it back to the right view.

+1

We really need this functionality, please implement this ConnectWise!

+2
Considering for Future Release
+1

Get this cooking please!

I would like to see this available both ways.  Based on a custom property would be very useful for things like servers but I would also like to specify different app.config settings based on a group.  One example of this would be that we currently allow technicians in with no prompt for access as they are often remoting into machines that do not have someone at the box but we do not want this action for say a group that contains all of the VP's or HR's computers where they may have access to sensitive information.

The #1 use case for me is AccessLockonDisconnect.  We use that on servers and turn it off for workstations.  I have my servers and workstations in separate session groups and it is a pain when I go to update or install Access as I have to change the app.config depending on which it is.

+1

AutoLockonDisconnect, the extension isn't useful for us currently as we can't afford the time to manually go through the hundreds of servers to change this setting one at a time. 

HideWallpaper, ShowBalloon, Consent, BeeponConnect, etc are some others that make sense on workstations but not servers or vice versa.

I would really LOVE to see remote printing control moved to an app.config setting instead of system wide web.config, and this would be a great thing for that as well. We have to disable this system wide as im sure 99% of partners do because of the issues it causes but there are a few clients that use Control/Automate to connect back to their workstations at the office and would really like remote printing and I would like to give it to them but I can't currently. I would also like to disable toolbox and many other settings (most of the bitmask features) for these users.

Some settings that would be useful on a per session group basis:

  • AccessLockMachineOnDisconnect:  While we would like this on POS machines, servers and such, for user computers around the office this is generally not the way we want to leave a support session after helping someone.
  • AccessShowUnderControlBanner:  We would like this for personal computers for executives, corp office etc but would not like to have a store know if we are monitoring a POS or store device.
  • Change certain Commands:  On executive and corp employees we do not want a tech to have access to Block control or blank a users monitor, yet these can be essential when trouble shooting a POS or store computer.

Thanks


Two factor authentication for a group of users with sensitive data, so that remote access needs to be explicitly granted by them (they have the authentication codes).  This is the only solution where they can grant access without being present at the machine, but tech cannot access at will

Without digging to deap these are the 2 options that jump out at me as something we'd like to control at group level. Idealy we'd be able to to control all options that affect how the agent works/allows connections or responds to them from the group level.


Lock machines on disconnect: we have servers and workstations that are unattended no one uses them and we'd like to be able to lock these on disconnect.
Ask for Consent. - We have workstations and servers which are unattended and we'd like to be able to connect to these without consent but all users machines we want to default/continue to ask for consen.

Basically I want to say ditto to Keenan Wurth's post.  Though my main concern is AccesLockMachineOnDisconnect, as I have a need to separate functionality between what happens with my clients and what happens with my local users.

Hello guys. I was told this is where I should post this.  Basically i'm looking to set individual permissions for my users. Specifically myself and my supervisor prefer to connect as view only to machines first​ before we take control. Here is our scenario.


1st, Employee places a helpdesk case on an issue.
2nd, We connect within 5 minutes of the case being opened as view only.
3rd, We evaluate if the user is still on the stuck page they opened the case on or if the user is working feverishly.
4th, If the user is on the page, we switch to take control and start fixing the issue,
5th, If the user is busy, locked or away from the desk, we then contact the user to find out more information.


View only allows us as technicians to get an in depth look into the problem before we connect to see what is actually going on and how we need to actually fix the issue.


However not everyone in our organization needs this permission.  What I want is a choice to startup in view only or control mode. and I want to lock this down by not allowing everyone to have view only permissions.  My other 15 techs will not need that view only permission.  I'm told right now that Suspend Control At Startup is the only way to accomplish this. But it affects everyone, not just myself and my supervisor, So we need a way to set this just for us since that is how 99% of the time we connect is view only and everyone else is 100% connecting by control.


Also as a side case, When my current solution switches between view only and Control, I can tell at a glance which way my session is. In my current solution the menu bar at the top of a control session turns red if it is view only and the mouse pointer turns to a red circle with a line through it to further indicate it is view only, If in Control mode it stays a grey color. I typically work on up to 15 machines at a time in different sessions, So being able to tell which one is view only and which one is in control is a huge deal for us. 


Also View only allows for us to allow a 3rd party tech into our systems and allows us to go view only so we can work with the tech via phone calls and not disturb his mouse movements. So being able to see that as red as an indicator it is view only is a huge help is us not making a mental mistake and messing up a tech working for us.

Just wondering if this suggestion would work for your suggestion if ever implemented:

https://control.product.connectwise.com/communities/1/topics/1-be-able-to-apply-appconfig-settings-per-session-group


If so, give it a thumbs up and maybe we can get movement on it with the ConnectWise team.

I want to confirm that this feature request, if/when implemented, will also allow for a custom app.config at the user level in addition to at the group level? Or should I create a new feature request, or should I decouple the existing per-user request in the duplicates listed on this FR?

+1

Please get this rolling. Thanks.

Any updates about this? With different session groups for both end users and employee's this is required.

We would like to see this so we can present different features, icon, banner etc to different clients and different options to servers vs workstations

+2

Come on, this has been promised already years ago. Put it on the road-map instead of just considering it.

This really makes the product so much more useful and sell-able (the last both for you and us)

We have several different views from customers on Control. Those who want the icon to show those who dont. Those who want to allow remote control consent and those who dont mind.This would fix those issues and o so many more.

Couldn't agree more....  Have been actively considering other products because of this

We are also looking for a solution for this issue. Our use case is slightly different, but the need to customize the session by computer or user is there.

We want Administrators (supervisors or management) to be able to connect "incognito", meaning no banner, pop up notification, suspended input, etc.

We do not want all Hosts (technicians) to have this ability.

If setting it up per group is too hard, having the option to have multiple app.config sets,  and than per agent assign which app.config to use would also work.(Naming or Numbering the App.config sets)

Groups can overlap, per agent would take care of that problem.

This is SO needed. Can y'all please make this happen? Please and thank you!

Please make this happen! Thank you!

+2

This feature would elevate control in my opinion more than any other feature request. I do however think that this issue touches on several other issues. We need the ability to manage app.config settings on a session group basis but also, the application server should automatically send an updated app.config to the corresponding agents anytime there is a change to the settings. It is not feasible and is irresponsible from a network utilization standpoint to require the agent be re-installed just to get the current settings. When you have hundreds or thousands of machines, and you multiply that by 2-4MB, the bandwidth required to handle these requests is immense. Alternately, an app.config file may only be 2KB, this is a huge difference. The alternative is an extremely clunky solution to manually manage app.config files on machines and hope that the agent doesn't get re-installed. In addition I think it would be helpful if the app.config file had a switch where we could specify commands that would be executed automatically upon connection for example, blank guest screen and block input. I envision managing servers where the screens blank and input is blocked upon connection and the session is locked upon disconnection. If we control these items at a session group level, much like the security role hierarchy allowing for inheritance etc, ConnectWise Control would gain so much functionality and be far superior that it is today.

This is desperately needed!  Like 10 years ago.  Some clients require servers to be locked on disconnect for security reasons (enforce), but not on workstations (for obvious reasons). I mean best practice would be to enforce lock on disconnect on servers anyway, and you would not want to inconvenience a user by locking their workstations every time you disconnected after helping them.  Also Law Enforcement clients (LEADS compliancy), as one example, require the consent when accessing their workstations, but not all clients require this consent. Nor would servers, obviously.

Please bring this to CWC ASAP. Example real world scenario: "lock on disconnect" (an important security feature) prevents digital signage display machines from fulfilling their role.

Michael Legato (CW) linked me to this enhancement request.