logo
Welcome Guest! To enable all features please Login or Register.

Notification

Icon
Error

Options
Go to last post Go to first unread
KeeganJacobsonStryker  
#1 Posted : Tuesday, July 24, 2018 5:47:12 PM(UTC)
KeeganJacobsonStryker


Rank: Guest

Joined: 7/19/2018(UTC)
Posts: 5
United States
Location: Duluth, MN

Hello!

Looking for assistance in crafting a Session Group Filter based on the following configuration.

We are using LDAP to define user Roles that match Active Directory groups. I am creating Session Groups that I want to have display all sessions for users that a based on that Role / Group they are part of. Really what I am trying to achieve here is implement group based management / organization, so that when I add new users to our environment, I simply need to put them in the proper matching AD Group for that Role, and their session automatically gets listed under the proper session group.

Thank you!
chriscamp  
#2 Posted : Wednesday, July 25, 2018 4:20:23 AM(UTC)
chriscamp


Rank: Newbie

Joined: 1/28/2016(UTC)
Posts: 32

Was thanked: 5 time(s) in 5 post(s)
We have something similar setup. We configured AD Groups and separated the users based on needed access. We then configured roles in ScreenConnect with names that match the AD Group names. The session groups are then controlled by role. We also use this to control Admin access to ScreenConnect.

Thanks,
Chris
KeeganJacobsonStryker  
#3 Posted : Wednesday, July 25, 2018 4:36:30 AM(UTC)
KeeganJacobsonStryker


Rank: Guest

Joined: 7/19/2018(UTC)
Posts: 5
United States
Location: Duluth, MN

Hi Chris, thanks for the reply! It does sound like we are both trying to accomplish very similar things here.

Would you mind sharing the Session Group Filter you're using as an example so I can see it - go ahead and remove group names or anything relating to your configuration to make it generic.

Anyways I do appreciate your response and it's good to know I'm not the only one with a config like this!
chriscamp  
#4 Posted : Wednesday, July 25, 2018 2:50:04 PM(UTC)
chriscamp


Rank: Newbie

Joined: 1/28/2016(UTC)
Posts: 32

Was thanked: 5 time(s) in 5 post(s)
We have some complex filters for sorting things, but the ones related to access just use GuestMachineDomain='DomainA' or GuestMachineDomain='DomainB'. I am guessing yours would be different based around how you logically want to separate things. It is possible to use CustomProperty1, CustomProperty2, etc, but this leaves the management of the groups a manual process. If you can elaborate on what you are trying to do, I can offer some suggestions.

Thanks,
Chris
KeeganJacobsonStryker  
#5 Posted : Wednesday, July 25, 2018 3:10:47 PM(UTC)
KeeganJacobsonStryker


Rank: Guest

Joined: 7/19/2018(UTC)
Posts: 5
United States
Location: Duluth, MN

Gotcha, here's what we are trying to accomplish:

We have Roles created in Screenconnect to assign permissions to our Active Directory users. We are making sure the name of the Role matches the name of the Group in Active Directory, and that part actually works great. LDAP and the permissions from Screenconnect Roles are being assigned to our users just as they should.

So here's where we want Session Filters to come into play-

We are trying to organize Session Groups organize sessions based on Roles that are assigned. Here's an example


Roles:
Screenconnect-Marketing
Screenconnect-HR
Screenconnect-ProductManagers
Screenconnect-Development

Session Groups:
Marketing
HR
Product Managers
Development


I want to make it so that all sessions started from users that have the Screenconnect-Marketing role assigned to them, automatically get put into the Marketing Session Group. What I will do from there (I know how to do this piece because it's pretty easy from the GUI) is to configure it so that only each role can see their associated Session Group. So if you're a member of the Screenconnect-Marketing Role and nothing else, you can only see the Marketing Session Group and cannot see HR, Product Managers, and Development.

So again where I'm struggling to get this all organized, is the Filter on each of these Session Groups. I've tried a number of things with the $USERROLES variable with no such luck. Ultimately my goal is to manage new user setups entirely through Active Directory - say a new user starts, their configuration can be done all from group based management rights.

Hope this explains a bit more on what we are trying to accomplish, and thanks for taking the time to help out!
chriscamp  
#6 Posted : Thursday, July 26, 2018 7:20:25 PM(UTC)
chriscamp


Rank: Newbie

Joined: 1/28/2016(UTC)
Posts: 32

Was thanked: 5 time(s) in 5 post(s)
Ok. So you need a way of sorting the clients based on the groupings below. You can manually accomplish this by creating session groups for each grouping, then use something like CustomProperty2 ='HR' for the HR Session Group, CustomProperty2 ='Marketing' for the Marketing Session Group, etc. You could somewhat automate this by creating install exe's with the CustomProperty defined ahead of time. i.e. An exe that installs the client and sets CustomProperty2 field to 'HR' then another that sets CustomProperty2 to 'Marketing'.

To approach this from an automated perspective, you will likely have to do some updating somewhere. Here is a link to the Session Group filter reference: https://docs.connectwise...groups_filter_reference. We use GuestMachineDomain, but that may not be an option for you. Looking at the other options, I would think GuestMachineName may be the best option, but this would require you to name computers with something to indicate the department. (Still somewhat manual). Your session filter could be something like "GuestMachineName LIKE 'HR-*'".

Another option would be to use the Update Properties From Variables Extension to set the CustomProperty2 and setup like mentioned above. I have had mixed results with the Update Properties From Variables Extension. The results vary based on OS and Powershell versions.

I'm guessing others in the forum are more versed than I am and may be able to offer other ideas as well.

Thanks,
Chris
Users browsing this topic
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.