logo

The ConnectWise Control forum has moved to ConnectWise University! This forum has been locked and is in read-only mode. Click here for instructions on how to access the new forum.

Welcome Guest! You can not login or register.

Notification

Icon
Error

Options
Go to last post Go to first unread
stromb0li  
#1 Posted : Thursday, December 18, 2014 4:43:39 PM(UTC)
stromb0li


Rank: Newbie

Joined: 12/18/2014(UTC)
Posts: 4
United States

Thanks: 1 times
This is a similar request to limit sessions by security group, but would it also be possible to add another variable to the Session Manager that looks for if the user has a designated security group assigned to them?

I.e. I could make a group called Private Sessions in AD and then inside of session manager/filter put SecurityGroup contains 'Private Sessions'

Thanks in advance!

Jeff  
#2 Posted : Thursday, December 18, 2014 8:09:11 PM(UTC)
Jeff


Rank: Administration

Medals: Level 4: Wise Old Owl! Received 100 Thanks!

Joined: 4/14/2010(UTC)
Posts: 1,785
Man
Location: Raleigh, NC

Thanks: 8 times
Was thanked: 156 time(s) in 122 post(s)
So I read this as a bit of 180 of what we do today. Today you can limit at the security area what sessions someone can see. Here you want to define what security groups can see the session group inside the manage session area? I am going to assume that is it and get this submitted. I mentioned this somewhere a few weeks back that security and manage session groups was on our task list to review to update the UI. Now part of that would probably mean improving things a bit to help with certain customer feedback. I will make sure this is submitted but if I misunderstood please let me know.
ScreenConnect Team
stromb0li  
#3 Posted : Thursday, December 18, 2014 8:32:32 PM(UTC)
stromb0li


Rank: Newbie

Joined: 12/18/2014(UTC)
Posts: 4
United States

Thanks: 1 times
We use screenconnect to manage a lot of our clients via unattended installs. The problem is I haven't quite found a way to prevent visibility between a group of managed sessions and security roles.

So for example, let's say our Managed Sessions look like this.

Access
-All Machines - 55 Machines
-Client 1 - 15 Machines
-Client 2 - 30 Machines
-Client 3 - 10 Machines

I would like to hide all of the machines and groups by default for all users (except Admins). Then I would like to create a group inside of AD called Client 1, and then any AD user inside of the Client 1 security group, could see all of the machines in Client 1, but not clients 2 and 3. Maybe this is possible already since you can designate access on a per session base, but when you start dealing with a large amount of machines, this process seems like it could become fairly laborous.

Hope this helps!

Edited by user Thursday, December 18, 2014 8:33:53 PM(UTC)  | Reason: Not specified

Jeff  
#4 Posted : Thursday, December 18, 2014 9:58:24 PM(UTC)
Jeff


Rank: Administration

Medals: Level 4: Wise Old Owl! Received 100 Thanks!

Joined: 4/14/2010(UTC)
Posts: 1,785
Man
Location: Raleigh, NC

Thanks: 8 times
Was thanked: 156 time(s) in 122 post(s)
I think what you need is this: http://help.screenconnec...er_roles_and_permissions

So each AD group is matching up to a role in ScreenConnect. Under the permissions for each role is a permission 'ViewSessionGroup'. By default that is usually set to View all machines. You could delete that permission and then add in a few specific session group permissions such as ViewSessionGroup - SpecificSessionGroup - Client1 and then they would only be able to see that session group. You could then add another and choose Client 2, etc.

I think that will get you what you want, but let me know.
ScreenConnect Team
thanks 1 user thanked Jeff for this useful post.
stromb0li on 12/19/2014(UTC)
stromb0li  
#5 Posted : Friday, December 19, 2014 6:45:27 PM(UTC)
stromb0li


Rank: Newbie

Joined: 12/18/2014(UTC)
Posts: 4
United States

Thanks: 1 times
Awesome! That is what I was looking for! Thank you! :)
CCWTech  
#6 Posted : Tuesday, December 30, 2014 5:08:37 PM(UTC)
CCWTech


Rank: Member

Joined: 5/31/2014(UTC)
Posts: 31
United States
Location: Salt Lake City UT

Thanks: 4 times
Originally Posted by: Jeff Go to Quoted Post
I think what you need is this: http://help.screenconnec...er_roles_and_permissions

So each AD group is matching up to a role in ScreenConnect. Under the permissions for each role is a permission 'ViewSessionGroup'. By default that is usually set to View all machines. You could delete that permission and then add in a few specific session group permissions such as ViewSessionGroup - SpecificSessionGroup - Client1 and then they would only be able to see that session group. You could then add another and choose Client 2, etc.

I think that will get you what you want, but let me know.


Is there any way to set it for All Session Groups Except (Define Exception)

I'd like them to have access to all of them except internal company machines.
Jeff  
#7 Posted : Tuesday, January 6, 2015 6:01:20 PM(UTC)
Jeff


Rank: Administration

Medals: Level 4: Wise Old Owl! Received 100 Thanks!

Joined: 4/14/2010(UTC)
Posts: 1,785
Man
Location: Raleigh, NC

Thanks: 8 times
Was thanked: 156 time(s) in 122 post(s)
We don't mix security we work currently off that you have no access to anything unless it is allowed. We didn't want to potentially create issues of allow and deny as that can get very confusing. That said I do realize that creating access permissions just to prevent access to 1 deny is time consuming and not ideal. In the past a deny could have been manually added to installation files manually and that sort of worked but its my understanding it creates a crash or some sort of problem. It was never something really designed into the application it just worked somehow. I will check on this today as I am pretty sure we had someone assigned a task to test this and confirm. Development thought we could probably make that work and if not they wanted to revisit security and manage session stuff soon anyway.
ScreenConnect Team
Jeff  
#8 Posted : Tuesday, January 6, 2015 6:03:07 PM(UTC)
Jeff


Rank: Administration

Medals: Level 4: Wise Old Owl! Received 100 Thanks!

Joined: 4/14/2010(UTC)
Posts: 1,785
Man
Location: Raleigh, NC

Thanks: 8 times
Was thanked: 156 time(s) in 122 post(s)
Quick update it looks like perhaps something was put in place for 5.1 to make this work but its in QA now to confirm.
ScreenConnect Team
Users browsing this topic
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.