Your comments

A bit late on my response, but the good news at least is that there is no way for the Guest client to gain access to the protected data of the server - so even with the agents popping up into the list, your data is safe. The Guest checks in and allows you access to that machine, but it's one way only. I definitely see how this situation could be an inconvenience and annoyance though!

Custom headers, including the CSP headers, can be defined within the Security Toolkit extension.

Hi Tom,

You can use FirstEventTime for this, I believe. This will show you machines that were created less than 24 hours ago (it is a sequential filter rather than a chronological one, so you need the greater than symbol rather than less than):

FirstEventTime > $1DAYSAGO

-Michael

Once you make the change, you would need to issue a Reinstall command to any of the Access agents under All Machines to see the changes. If you're testing a Support session, you would need to re-download/relaunch the session to see them.

You should be able to grant write access to that folder to the System account of the server where Control is installed - that would at least limit the ability to write in there to local admins of the server (though the request would still be good if you wanted to use other credentials instead)

While this wouldn't be a direct fix for what you're asking, one possible workaround would be if you edit your group, you can add a subgroup expression on with the following text:


GuestMachineDomain


This will break out the list by domain, and at least allow you to see a particular machine more easily if you know the domain you're looking for.

Make that the second IP address, sorry about that - just re-read this and noted there might be some confusion. The URL won't change when load balanced.

Hi Joe,


You're welcome, and yes - the address instance-xat0wr-relay.screenconnect.com is the right address. If you're ever load balanced onto a different server in our cloud, the second URL you posted should change (most of the servers are in Amazon's cloud but we have some in other networks as well). You could potentially whitelist all of our server IPs, but there are around 50 of them, and the list is growing - so it's probably not going to be scalable or easily maintained in your router. If you want to see the full, up to date list, the command is:


nslookup servers.screenconnect.com screenconnect.trafficmanager.net


-Michael

Just FYI in the interim - your relay/session URL does not change. If you're able to whitelist a specific URL, you can find out what the address is by opening up your installed ScreenConnect client and looking at the Relay Server field. If the IP does change, you can do an nslookup for that URL to get the new IP.

This field can be customized by setting up the LDAP user source method instead of Active Directory:

https://help.screenconnect.com/Windows_Active_Directory_and_LDAP_authentication#LDAP


Specifically, you would specify it under the UserPasswordQuestionAttribute field.