Allow guests to elevate sessions during support-/access sessions
Currently guests are not able to elevate sessions on the host (i.e. after the host allows control to the guest). It would be usefull to also allow the guest to elevate sessions, not only the host.
Answer
Could you please explain how this feature would be useful? We just came out with the get host pass feature. Will this fit your need?
https://help.screenconnect.com/Creating_a_temporary_host_pass_to_join_a_session
We use screenconnect basically "the other way around". Our internal users are known users (authenticated via LDAP), and external users are basically unknown to the system. But, usually we need the external users to give our internal users support, which also includes installing software and gain elevated privileges. Once I change the direction of viewing within the support session (so the external user has control over my PC instead of me controlling the external PC) the external user can neither enter credentials when being asked for them by UAC, nor can he say "yes" when being asked if it is OK for a software to change system settings (in case the session is allready elevated). I can either see the input window, but my key strokes do not get transmitted, or I can't see the UAC window at all. Being able to do something with those windows - without having to have someone sitting in front of the remote machine to do that - would be very usefull.
I tried the feature you mentioned, but even when using a Host pass, after changing the viewing direction I can still not enter any credentials into the UAC window.
Thanks
This happens because the credentials used to install screenconnect do not have sufficient privileges. Try logging in as a domain admin or some udf group with the right local admin privileges.
Sorry for the late reply - Corys comment notification seems to have been missed. IMHO no, this is not enough. The local user is logged on as a user with administrative priviliges. He also starts IE (and thus screenconnect) with that user. Even if he does not get asked for credentials for an elevated user, he still gets a UAC windows asking if changes to the system should be allowed.
@Christoph - The Host Pass feature is the fix for your issue. The host pass should be generated for the machine being serviced and passed to your external user. The Host (external user) when connected to a session with a Guest(internal user) without Admin permissions would need to send a CAD at the beginning of the session to elevate: https://help.screenconnect.com/Controlling_Windows_UAC_dialogs. Any UAC prompt that appears before this happens would have to be cleared by the Guest or the Host would have to wait for UAC to timeout (120s, i think). Your suggested method technically skirts our licensing model, so it is doubtful that we'd give host privileges to guests in a reverse screenshare.
Hi Michael,
thank you for your answer concerning my request. I will try the way that is suggested in that help article tomorrow to check if i just didn't try enough :)
all the best
Christoph
Customer support service by UserEcho
@Christoph - The Host Pass feature is the fix for your issue. The host pass should be generated for the machine being serviced and passed to your external user. The Host (external user) when connected to a session with a Guest(internal user) without Admin permissions would need to send a CAD at the beginning of the session to elevate: https://help.screenconnect.com/Controlling_Windows_UAC_dialogs. Any UAC prompt that appears before this happens would have to be cleared by the Guest or the Host would have to wait for UAC to timeout (120s, i think). Your suggested method technically skirts our licensing model, so it is doubtful that we'd give host privileges to guests in a reverse screenshare.