Currently (as of 6.2), the only way to prevent a user from using "Install Access" on an existing support session--which converts it from a Support Session to an Access Session--is by removing the Security permission "RunCommandOutsideSession".
Given the fact that you have a security option for "BuildAccessInstaller", which can prevent a user from creating an access session installer, it only makes sense that you have the ability to revoke access to convert a session as well
The problem is, the ability to do this is currently coupled to other features, which isn't good.
Please add a new Security permission such as "ConvertSupportToAccess" or "InstallAccess" that can be granularly enabled/disabled.
Customer support service by UserEcho