Your comments
Hello Jon!
You can disable the Acquire Wake Lock slider completely from your clients now by using the Advanced Configuration Editor extension. The setting for this is on the Admin page > Advanced tab > Disable Host Client Menu Items > Essentials > check the box for "Acquire Wake Lock", and save:
Once saved, the users' Host clients will need to be updated for the changes to take effect:
I'm sorry for the delay on this response!
When the Control agent auto-updates itself (or when someone issues the Reinstall command), we use the signed .exe version of the client installer, and it is sent to this folder on the Guest:
C:\Windows\Temp\ScreenConnect\<version>\ScreenConnect.ClientSetup.exe
The exe file then extracts/runs the unsigned msi from the Temp folder. If you are able to whitelist the developer cert that's used on the .exe to allow it to then run the msi, then that should help alleviate the Zero Trust issue with regular upgrades (and also would help with the file hash issue you mentioned, since the file hash changes every time the installer .exe is created).
This is all necessary to happen in the current iteration of the Guest client because the installer can be customized with different values, e.g. the Name, Company, Site, etc. information (CustomPropertyN values).
Hello Nathan,
The old bug forum was retired when we created our Known Issues page here:
https://home.connectwise.com/partnersupport/knownIssues/
If you are experiencing a bug, please submit a ticket to our support team so that it can be properly documented and registered as one from our side: https://www.connectwise.com/chat
Thank you!
-Michael
A bit late on my response, but the good news at least is that there is no way for the Guest client to gain access to the protected data of the server - so even with the agents popping up into the list, your data is safe. The Guest checks in and allows you access to that machine, but it's one way only. I definitely see how this situation could be an inconvenience and annoyance though!
Custom headers, including the CSP headers, can be defined within the Security Toolkit extension.
Hi Tom,
You can use FirstEventTime for this, I believe. This will show you machines that were created less than 24 hours ago (it is a sequential filter rather than a chronological one, so you need the greater than symbol rather than less than):
FirstEventTime > $1DAYSAGO
-Michael
Once you make the change, you would need to issue a Reinstall command to any of the Access agents under All Machines to see the changes. If you're testing a Support session, you would need to re-download/relaunch the session to see them.
You should be able to grant write access to that folder to the System account of the server where Control is installed - that would at least limit the ability to write in there to local admins of the server (though the request would still be good if you wanted to use other credentials instead)
While this wouldn't be a direct fix for what you're asking, one possible workaround would be if you edit your group, you can add a subgroup expression on with the following text:
GuestMachineDomain
This will break out the list by domain, and at least allow you to see a particular machine more easily if you know the domain you're looking for.
Customer support service by UserEcho
Hi Shayne! This is a pre-existing enhancement request for the Automate team to add that functionality into the integration, if you have a moment to vote+comment on it:
https://product.connectwise.com/communities/5/topics/12580-terminate-control-session-when-automate-agent-is-offboarded-or-retired