phyndman's avatar
phyndman
New Member
5 months ago
Status:
Reviewed by moderator

Allow end-user to control remote access

As an MSP I used to rely on the lite licenses to provide the ability to monitor client PCs.

 

Now that we no longer have this option, I have a come across the situation where new clients are unwilling to have the pro agent installed as they consider it to be too much of a security risk with us being able to access their machines remotely at any time - this is especially true of clients that deal with sensitive data, such as financial advisers etc...

 

Would it be possible to add an option in the agent that would allow an end-user to disable/enable remote control? Or allow them to specify that they have to give explicit permission each time remote control is requested?

  • KateG's avatar
    KateG
    GoTo Moderator
    Status changed:
    New
    to
    Reviewed by moderator
  • Hi Daniel,

     

    Thanks for the info. - that does make sense.

     

    If you could add a feature that means the end-user could choose whether to lock out remote access without permission it would be 100%! 😁

     

    Regards,

     

    Paul

  • GoTo_DanielL's avatar
    GoTo_DanielL
    GoTo Contributor

    Hey Paul,

     

    I'm glad the suggestion solves the problem (mostly 😀).

     

    Regarding your follow-up question - those two settings (end user is logged in vs. not logged in) work independent of each other. That is, you can deny or allow access for both scenarios on a per agent level. The example you provided would result in the agent being able to connect to devices where no end user is present, and if there is an end user present, that end user would have to approve the remote session for the agent to connect to the device.

     

    So, you can realize pretty much any client requirement, I dare say. If you don't allow agents to connect for either attended or unattended situation, the connect button and all related buttons will appear as greyed out, as you can see in the screenshot below.

     

     

    Let me know if you need further assistance, happy to help.

     

    Best,
    Daniel

  • Hi GoTo_DanielL ,

     

    I learn something every day! That does mainly fix the problem - it would be helpful if this was driven at the user end so that I can't turn it back on (I'm guessing that if I turn the toggle back to on, I then get access again), but it's definitely much better.

     

    One quick question, with the 'Access unattended managed devices' turned on, but the 'access attended managed devices without end user consent' turned off, does this give me access to devices that aren't currently logged in? Or does the second option override, and prevent any remote access without consent?

     

    Thanks,

     

    Paul

  • GoTo_DanielL's avatar
    GoTo_DanielL
    GoTo Contributor

    Hi phyndman ,

     

    thank you for your suggestion.

     

    In fact, you can enforce that the end user HAS to accept a remote support session on their device by deactivating the toggle "Access attended managed devices without end user consent" (first screen shot) for any agent who should not be able to override end user consent. You can find this setting in the Admin Center, when you navigate to the specific agent and then hit the "Settings" tab at the top (Users > Settings). Note that agents may need to log out and in again for this change to become effective.

     

    Once the setting is stored, agents will see the screen as depicted in the second screen shot, missing the button to "Connect now". That should accomplish what you are asking for. Does this solve your problem?

     

    Happy to assist you further, if needed.

     

    Best,

    Daniel