Tests ran through Acunetix come up with a result of 'Insecure CORS configuration' due to the issue mentioned in this post:

https://github.com/balderdashy/sails/issues/3862

I have worked with Control support, and they have confirmed that the POST is getting a 403/ forbidden error that is causing this issue. Contained in that link is an example of how the 403 error can be resolved to no longer show this vulnerability in Acunetix. Our auditors are unsatisfied with the results, so it would be great if we could get this resolved.

An easier way to setup a single user to access a single machine, without having to setup up a session group, role & user. Or at least a way to automatically create these and hide them away to save making the site wide setting messy.

A filter for session groups that uses "Company" to allow separation of machines by subsidiary or department in large deployments.

Would like to set the AccessTokenExpireSeconds so it does not expire when I create an exe. Currently does not work according to documentation.

At the moment, I have client workstations I need to access that MUST have the consent popup however the servers should not. We have a few servers that must start up to a user account automatically for some archaic software and I am unable to log into these systems because there is no physical user ready to hit consent. If we could either apply an app.config by a group or allow "SC user John Doe" = allowwithoutconsent for systems LIKE... that would be great! Right now I must log out of my normal user and into the admin account to reach these servers.

Hyper-V 2008R2 and Hyper-V 2012R2, along with Server Core installations apparently don't install MSCOREE.DLL when installing/updating .Net framework. Installation of ScreenConnectClient fails with: SFXCA: Failed to load mscoree.dll in the msiexec log. Requesting to have a workaround for installing on Hyper-V or Server Core hosts.

The Edit Web.Config AppSettings extension allows you to edit existing entries, but would be good to be able to add new entries via this screen. This would allow cloud partners to configure plugins like the "Expand Thumbnail Preview Image" plugin, which requires additional config entries in the web.config file.

Remove the "Guest" tab at top of web page for Access only customers. This option is only available only for self-hosted systems but not cloud customers. Confusing for my customers who get access to their PCs and are presented with a page with nothing on it and have to change to "Host"

Currently there is an option when in 'Access' to End a Session. Ending a session and ending an instance can be interpreted as one and the same. When a session is ended it actually deletes the access account from the access control panel. That is why i suggest changing the button to read 'Delete Account'.

Add ability for the access installer to pop up asking for custom properties upon installing on client.