When you RDP into a server as TestUser and then login to ScreenConnect to get access when you at Monitor\Select Login Session it initially shows TestUser but when TestUser is looking at his RDP session he doesn't see the consent screen after the latest update. You have to select console and then select TestUser again before it will show.
I have not personally tried this. I was going thru the new features and saw this option so I started chatting (Ticket 11475408). I told him that our banks have to give us consent to access their servers and did this option require consent and I was told No.
If it does require consent does it show the user the screen that is being used for the Powershell and CMD window?
As far as the other issue of not seeing the consent screen if the user used RDP to access their server the normal consent screen isn't seen. The person on our side has to select the Logon Session for RDP not Console.
But still the Backstage option should be able to be turned off because financial institutions do not like it if they can't control who has access to their server.
They don't want any active connections coming from the outside. They would consider an active connect something that could be hacked. I sure you read about TeamViewer just having to issue an emergency fix for a desktop access vulnerability. (http://www.zdnet.com/article/teamviewer-issues-emergency-fix-for-remote-access-vulnerability/)
We have a few exceptions but most of our banks shut the service off.
I was answering your question without looking at my request. I am aware that the software already has 2-factor authentication.
The feature I am looking for is to give the Host user the ability to enable/disable the service thru the ScreenConnect tray icon. There again we deal with financial institutions and they want extra control on who can access their systems. Currently we are using LogMeIn which has that option to enable and disable the service and since I am going to replace it with ConnectWise I was looking for the same behavior.
The 2-factor authentication needs to be done on the initial connection to screenconnect.com. After that the user clicks on the system they want which in this case is Windows and then they have to login to the PC with the PC's user name and password. I have the option set to force a PC lock so we are forced to login to the PC.
In our case to get PCI DSS Compliance requires 2-Factor authentication when logging into companies that process credit card transactions.
Customer support service by UserEcho