Considering for Future Release

Allow Access EXE to Expire or Single Use Only

Skissors 7 years ago updated by Paul Wilson 4 years ago 2

Currently, the AccessTokenExpireSeconds controls both 'x' and 'y' seconds, where 'x' is the number of seconds an active session is open/connected, and 'y' is the number of seconds the Access screenconnect.client.exe is a valid link to open a session, making it active.

We would like to split this into two separate configuration settings, something as such:

AccessTokenExpireSeconds controls 'x', or the length of time an session is allowed to be active/usable

ClientExeExpireSeconds controls 'y', or the length of time the screenconnect.client.exe is allowed to join or create the session; an alternative is to allow single-use-only, or run once; another alternative is require to authenticate back use SC credentials each time the EXE is run

If the client EXE expires (based on 'y' amount of time), a user should be allowed to login to the SC server, and re-download it, thus, resetting the ClientExeExpireSeconds counter. Ideally, I would be setting this to something short, like 30 seconds. This reason for this is for security purposes. As of now, if a user is on a public computer using SC to login to their remote machine, that EXE will stay active 'x' amount of time, which is 24 hours by default, I believe. That user may only be in the active session for 10 minutes, but the EXE is available to other unknown people after the user has stopped using the computer, which can possibly gain unauthorized access.

Having the EXE itself expire quickly should remediate this.

Considering for Future Release

This is absolutely critical for my business. Someone could get one of the deployment files and install this on potentially thousands of PCs without being able to stop it. There needs to be an installer expiration option. If I had known that this option was not available I would have seriously considered other solutions before committing to Connectwise Control