I thought i would post an update on this. Last week I had recommended turning off the audio feature but I'm now recommending to leave it enabled but to just disable the select mode. Last week I was too focused on just turning it off and ensuring compliancy.

By doing the following, you will ensure that existing users will be able to mute their microphones while users that use the clickonce run won't have the old settings cached along with the users that not have reinstalled since they will still have the ability to change the microphone settings. This also helps allow the users to mute incase someone bypasses the app.config since it's optional. 

1.) Make sure your default Sound Mode is set to Silent.

2.) Disable the Sound Capture Mode.

3.) Force all users to reinstall the ScreenConnect Client and also clear out their clickonce run app cache. (good luck)

4.) Restart all the screenconnect services at your customers sites to force reset the All Mics to Silent. 

In the end it should look something like this. Select Mode is grayed out but the Microphone Mute button is still clickable. 

Here's a better diagram of what happened.

I guess our biggest concern was not realizing that users did not have to explicitly share their MICs and also not realizing that the toggle switch stays active until someone restarts the screenconnect service at the customers site. In our case, a prior support session had left the MICs active.  

Hope this helps others learn from what we encountered. I'm also hoping that we'll be able to turn this feature back on in the future once there is a setting to mute the microphones on connect (by default). 

I think the part that bothers me the most is that the bitmask settings are optional. Meaning they are controlled on the client end not the server end.. These are not really permissions and seem optional at best. 

What's worse is that a tech savvy user could just reenable the any bitmask settings they want if they found the app.config file..

bingo everyone gets access to the audio and any other features you turned off.. NICE.. 

We just tried changing the bitmask settings and every thing looked fine but users that used the clickoncerun app will have the bitmask settings cached meaning they can still access the microphone and users that have not reinstalled the screenconnect client can still access the microphone... 😕  while other users won't be able see or mute their microphone. 

Here's an example of what most of the redhad systems we connect to look like.... big black nothing. 😥

So, we control into a windows box and then SSH into these machines and or control them from vsphere (if possible). Now once someone has connected to vsphere and pressed the ctrl+alt+F2 then anyone can remote into the server again until its next reboot.

Would be cool if we could go direct and send the CTRL+ALT+FUNC key. 

I know some of you (like me) are just looking for progress or maybe a hint of progress. I wanted to give you some insight on this as CW had posted on a forum a couple months back asking for feedback on setting the resolution from control. I was going to post the URL but it has already expired. 

This may or may not relate to the following post but i hope it helps. 
 

That was super helpful. - Thank you!

I've made other tweaks to the appearance in the past and never thought about altering the password appearance. This won't tell our users specifically what the cause is but hopefully will get them much closer. 
 

I also altered what happens when the tokens stops working. This better aligns with what is really happening. 

I'm going to add a note to this since connectwise spent the time building the security alerts but didn't provide a way to reference the users email in the alert. 

I stand by my comment above. What is the purpose of notifying just the admin?

I agree on account lockouts but in reality you want to notify the end user in some of these instances. i.e  

Example -

System: hey user, your password was changed. 

User: Wait, i didn't change my password... Hey admin, what's going on?

System: Hey user, new login detected...

User: Wait, i didn't login.... Hey admin, what's going on?

Let the end users be our eyes and ears.. I don't mind CC'ing the admins but let the end user assist us in detected malicious activity. 

https://docs.connectwise.com/ConnectWise_Control_Documentation/ConnectWise_Control_release_notes/ConnectWise_Control_2021.15_Release_notes

Sorry if I didn't fully read your comment.  It seems as if you were asking for it in the thick client and not the Automate web interface? 

I know this doesn't help, but i think their plan is to decommission the thick client once all the features have been implemented into the web. Sorry if I led you down a rabbit hole.  

From the automate thick client. 

This is customizable in the web. You could probably set it super high if you wanted. 

But it's up to your admin to configure. 

Advanced > System Options