Advanced Remote

Guide

Published On: 20th July 2020 SummitAI Documentation Team

Confidential Information

This document contains confidential and proprietary data and unauthorized use and disclosure of such information may result in damage or considerable loss to Symphony SummitAI. The term “Confidential Information” denotes any and all technical and business information disclosed in any manner or form including, but not limited to, business strategies, methodologies, trade secrets, pricing, software programs, and relationships with third parties, client lists and related information, information pertaining to vendors, employees and affiliates. The Confidential Information shall be held in confidence and shall not be used other than for the purposes intended, and as specifically stated in the proposal. Further, the Confidential Information may only be released to employees and persons on a need to know basis, who shall be obliged to maintain the information confidential and the Confidential Information shall not be released or disclosed to any other third party without the prior written consent of Symphony SummitAI.

© 2020 Symphony SummitAI. All rights reserved.

Advanced Remote Desktop Sharing Guide version - 1

SUMMIT Advanced Remote Desktop Sharing Guide Version - 1 Classification: External Date: 20-07-2020 1 Table of Contents:

Advanced Remote Desktop Sharing ...... 4

Advantages of Remote Desktop Sharing ...... 4

Prerequisite ...... 4 Recommended System Requirements...... 4 Host Client Requirements ...... 4 Minimum System Requirements ...... 4 Recommended System Requirements...... 4 Supported Browsers ...... 5 Guest/End User Client Requirements ...... 5 Supported Operating Systems ...... 5 Network Requirements ...... 6 Setting up ScreenConnect with SUMMIT ...... 7

Downloading the ScreenConnect Setup ...... 7 Setting up ScreenConnect with SUMMIT Application ...... 7 Configuration ...... 8 Switching between existing RDS plugin and Screenconnect ...... 9 Configuring automatic session killing scheduler...... 9

Starting Remote Desktop Sharing ...... 11

Requesting Remote Desktop Sharing Session (Analyst)...... 11 Starting Remote Desktop Sharing session (End User)...... 13

Host client Toolbar (Features) ...... 14 View...... 14 Miscellaneous ...... 15 Toolbox ...... 16 File transfer ...... 19 Screen capture ...... 20 Sound ...... 20 Participants...... 21 Annotation...... 22 Messages ...... 24 Helper ...... 24 Status ...... 25

Security Feature of Advanced Remote Desktop Sharing ...... 27

Securing session traffic...... 27 SSL configurations ...... 27 Configuring access to your ConnectWise Control server...... 27 Blocking and restricting access to your ConnectWise Control site ...... 27 Automatically force a host to disconnect from a session ...... 27 Logging and auditing ...... 28 Guest security...... 28 Exiting a support session...... 28 Consent to control...... 28

Advanced Remote Desktop Sharing Guide version - 1

SUMMIT Advanced Remote Desktop Sharing Guide Version - 1 Classification: External Date: 20-07-2020 2 Regaining control of machine ...... 28 Ending a session ...... 28

Advanced Remote Desktop Sharing Guide version - 1

SUMMIT Advanced Remote Desktop Sharing Guide Version - 1 Classification: External Date: 20-07-2020 3 Advanced Remote Desktop Sharing You may need to take control of the End User’s system to analyze the issues. Using the Remote Desktop feature, you can take remote control of the End User’s system to perform the requested activities.

An e-mail is sent to the End User requesting for permission to access the computer. Once the End User gives permission, the Analyst can take control of the End User's desktop.

Advantages of Remote Desktop Sharing • Useful for Analysts when the End User is not able to follow the instructions. • Quicker resolution of the End User's issue with better user experience. • The Advanced Remote Desktop allows remote access by availing consent from the end user.

Prerequisite

Recommended System Requirements

• Windows Server 2003 • 1.5Ghz Pentium 4 processor • 2GB RAM • 10MB disk space • .NET Framework 3.5+ • Bandwidth for each active session varies greatly, but it is typically between 10-100kbps • 10 Terminal Server(MTS) license is required on which the screen connect is hosted.

Host Client Requirements Minimum System Requirements

▪ 800Mhz Pentium 3 processor ▪ 512 MB RAM ▪ .NET Framework 2.0+ Recommended System Requirements

▪ 1.5Ghz Pentium 4 processor ▪ 1GB RAM ▪ .NET Framework 2.0+ ▪ 10 Microsoft Terminal Server(MTS) license is required which the screen connect is hosted.

Advanced Remote Desktop Sharing Guide version - 1

SUMMIT Advanced Remote Desktop Sharing Guide Version - 1 Classification: External Date: 20-07-2020 4 Supported Browsers

▪ Internet Explorer 8+ ▪ Firefox 1.5+ ▪ Safari 3.0+ ▪ Chrome 1.0+ ▪ Opera 9.2 Guest/End User Client Requirements

Almost any guest system that can connect to the internet can be controlled remotely via ScreenConnect. The primary requirements for establishing the connection is the presence of either .NET 2.0+ or JRE 1.5+. Supported Operating Systems

▪ Windows XP (.NET Framework 2.0+ or JRE 1.5+) ▪ Windows Vista (.NET Framework 2.0+ or JRE 1.5+) ▪ Windows 7 32 & 64 bit(.NET Framework 2.0+ or JRE 1.5+) ▪ Windows 8 32 & 64 bit (.NET Framework 2.0+ or JRE 1.5+) ▪ Windows 8.1 32 & 64 bit (.NET Framework 2.0+ or JRE 1.5+) ▪ Windows Server 2003 (.NET Framework 2.0+ or JRE 1.5+) ▪ Windows Server 2008 (.NET Framework 2.0+ or JRE 1.5+) ▪ Windows Server 2012 (.NET Framework 2.0+ or JRE 1.5+) ▪ Windows 2000 Service Pack 3 (.NET Framework 2.0+ or JRE 1.5+) ▪ Windows 98, Windows 98 SE (.NET Framework 2.0+ or JRE 1.5+) ▪ Windows ME (.NET Framework 2.0+ or JRE 1.5+) ▪ OS X (JRE 1.5+) ▪ Solaris (JRE 1.5+) ▪ (JRE 1.5+) ▪ iOS (Version 4.3+) ▪ Android (Version 2.1+)

Both the exe files need to be whitelisted in the Group Policy (Proxy level) • Elsinore.ScreenConnect.Client.Client.exe • Elsinore.ScreenConnect.Client.ClientSetup.exe

Advanced Remote Desktop Sharing Guide version - 1

SUMMIT Advanced Remote Desktop Sharing Guide Version - 1 Classification: External Date: 20-07-2020 5 Network Requirements

Allow the following ports towards the DNS. • Webserver Listen: 8040 • Relay Listen: 8041

SUMMIT Role Ports Direction

Screen Connect (Internet based Webserver Listen: 8040 Inbound and Outbound RDP) Relay Listen: 8041

Advanced Remote Desktop Sharing Guide version - 1

SUMMIT Advanced Remote Desktop Sharing Guide Version - 1 Classification: External Date: 20-07-2020 6 Setting up ScreenConnect with SUMMIT

Downloading the ScreenConnect Setup

Download the ScreenConnect Setup and upgrade files from the below path: https://summitbuild.blob.core.windows.net/common/ScreenConnect_5.6_Release.zip

Setting up ScreenConnect with SUMMIT Application

1. Install the ScreenConnect Setup file (ScreenConnect_5.6.10957.6018_Release.msi) with Administration privileges. 2. On the Windows Services Explorer (Run > type in services.msc), search for ScreenConnect Web Server and stop it from the service.

Figure 1: Windows Services Explorer

Note: Make sure that the ScreenConnect Session Manager and ScreenConnect Relay services are stopped.

Figure 2: Windows Explorer

Advanced Remote Desktop Sharing Guide version - 1

SUMMIT Advanced Remote Desktop Sharing Guide Version - 1 Classification: External Date: 20-07-2020 7 3. Copy all the files from the ScreenConnectWeb directory (from the .zip file) to the ScreenConnect web server (usually located at C:\Program Files (x86)\ScreenConnect) except the App_Data folder. Note: Make sure that all files are copied successfully. 4. Start all the ScreenConnect Services. 5. Log in to the ScreenConnect web server (usually http://localhost:8040).

Note: The above-mentioned steps are applicable for both installation and upgradation of the SUMMIT Application.

Configuration

The Administrator can configure ScreenConnect in two ways.

Configuring ScreenConnect service from web.config Add the following keys in the Web.config file:

Alternate Configuration from application 1. Log into the SummitAI application. 2. Select Admin > Basic > Infrastructure > Application Settings. The APPLICATION SETTINGS page is displayed.

Figure 3: Application Settings - Advanced Remote Desktop Sharing section 3. Under the REMOTE DESKTOP SHARING section, select Enable Advanced Remote Desktop Sharing check box. Note:

Advanced Remote Desktop Sharing Guide version - 1

SUMMIT Advanced Remote Desktop Sharing Guide Version - 1 Classification: External Date: 20-07-2020 8 Select Enable Basic Remote Desktop Sharing check box to enable Basic Remote Desktop Sharing. If selected, the Analyst can view the Basic and Advanced toggle buttons on the REMOTE DESKTOP SHARING pop-up page.

4. Specify all the required information and click SUBMIT. • ScreenConnect URL: http://bl08821a:8040/ Note: Port Number is mandatory. • ScreenConnect Username: administrator • ScreenConnect Password: compaq1-2

5. Select Admin > Basic > Infrastructure > Tenant > Select the required Tenant form the list > Click CONFIGURE DETAILS on the ACTIONS panel > Select INCIDENT MANAGEMENT or SERVICE REQUEST from the MODULES. The TENANT page is displayed.

6. Under the REMOTE DESKTOP SHARING section, select the Configuration as Replicate Application Settings Configurations and click SUBMIT. For more information about the fields of the APPLICATION SETTINGS page and TENANT page, see the SummitAI Platform Online Help.

Switching between existing RDS plugin and Screenconnect

To enable ScreenConnect switching, configure the following in the web.config:

Configuring automatic session killing scheduler

Follow the below steps to configure the Automatic Session Killing.

Advanced Remote Desktop Sharing Guide version - 1

SUMMIT Advanced Remote Desktop Sharing Guide Version - 1 Classification: External Date: 20-07-2020 9 1. Configure the session expire time in the ScreenConnect Web server (web.config). key name: SupportSessionExpireSeconds - value in seconds. 2. Configure auto close remote session custom scheduler job.

Advanced Remote Desktop Sharing Guide version - 1

SUMMIT Advanced Remote Desktop Sharing Guide Version - 1 Classification: External Date: 20-07-2020 10 Starting Remote Desktop Sharing

Requesting Remote Desktop Sharing Session (Analyst)

1. On the INCIDENT ID page (Incident > User > Manage Incident > Incident List > Click Incident ID hyper link > Click REMOTE DESKTOP [ ] icon. The REMOTE DESKTOP SHARING page is displayed.

Figure 4: Remote Desktop Sharing page Note: • Only an Analyst can send the Remote Desktop Sharing Request. The Analyst can send Remote Desktop Sharing request from Service Request and Asset Management as well. 2. Click REQUEST. The Remote Desktop Sharing notification e-mail is sent to the End User’s e-mail ID with Session ID and Security Code. Once the invitation is sent, it is displayed in the Session History table.

Figure 5: Sending Remote Desktop Sharing request

Advanced Remote Desktop Sharing Guide version - 1

SUMMIT Advanced Remote Desktop Sharing Guide Version - 1 Classification: External Date: 20-07-2020 11 Note: • Specify another Customer E-mail ID to send a new invitation. • Once the User is available to share the screen, click Join to view the screen of the User. • Click End to end the Remote Desktop Sharing session.

Advanced Remote Desktop Sharing Guide version - 1

SUMMIT Advanced Remote Desktop Sharing Guide Version - 1 Classification: External Date: 20-07-2020 12 Starting Remote Desktop Sharing session (End User)

1. Copy the Security Code and click the hyperlink in the Remote Desktop Sharing notification e-mail. The Online remote support and collaboration portal is dispalyed.

Figure 6: Online remote support and collaboration portal Note: • Security Code is mandatory for the Remote Desktop connection. • If the ScreenConnect Client is not installed, the browser automatically downloads the application. Click the downloaded file at the bottom left corner of the browser to install the application. Click Run to launch the application. Once it is installed, the Online remote support and collaboration portal page is displayed. 2. Specify the Security Code and click the Start Session button to share the screen with the Analyst.

Figure 7: End User's screen

Note:

Advanced Remote Desktop Sharing Guide version - 1

SUMMIT Advanced Remote Desktop Sharing Guide Version - 1 Classification: External Date: 20-07-2020 13 • The Analyst should also click Join to view the screen. • During the session, the ScreenConnect Client is hidden in the system tray. Right click on the ScreenConnect Client icon and select Exit to end the session manually.

Host client Toolbar (Features) From the host client, the Analyst can interact with a remote machine. This section details the features of the ScreenConnect host client toolbar.

Figure 8: Host Client Toolbar

From left to right, the host client menu items on the toolbar are: • View • Miscellaneous • Toolbox • File Transfer • Screen Capture • Sound • Participants • Annotation • Messages • Helper • Status

View

The View menu contains features and functions that control the zoom, color quality, monitor selection, and more during a session.

Figure 9: View menu: For Mac

Figure 11: View menu: for Windows Figure 10: View menu: for Linux • Select Monitors: If the guest has multiple monitors, select a single monitor or all monitors to view. • Select Quality: Control the color depth of the remote session.

Advanced Remote Desktop Sharing Guide version - 1

SUMMIT Advanced Remote Desktop Sharing Guide Version - 1 Classification: External Date: 20-07-2020 14 ▪ High: This option provides a true-color representation of the guest machine. ▪ Medium: View the guest machine with, at most, 256 colors. ▪ Low: This option provides a grayscale representation of the guest machine. • Zoom: Enlarge or shrink the host client window. • Select Logon Session: Select which logon session to use during a session, or switch back to the console.

Miscellaneous

Figure 12: Miscellaneous tab: Figure 13: Miscellaneous tab: for Mac for Linux

Figure 14: Miscellaneous tab: for Windows

• Send Ctrl+Alt+Del: Send the Control+Alt+Delete command to the guest machine. Control+Alt+Delete serves two basic functions: ▪ It can act as a normal Control+Alt+Delete command when the client is running at an elevated level. ▪ If the client is not elevated, it prompts the user for elevation credentials to do so. After credentials are entered and the service is elevated, sending a Ctrl+Alt+Del command from the Miscellaneous menu behaves as normal. • Send Clipboard Keystrokes: Send any text that is copied to your clipboard as keystrokes to your session. This is useful for entering credentials on a remote machine without having to copy-and-paste text into the session. Send Clipboard Keystrokes data persists as long as your clipboard contains that data. • Reboot and Reconnect: Restart the guest machine. Once the reboot is completed, the session reconnects automatically. ▪ To Normal Mode: Reboots the guest machine normally. ▪ To Safe Mode: Reboots the guest machine in Safe Mode. Note: • Only Windows machines can be restarted in Safe mode. • Support sessions to OS X machines cannot be reconnected after a reboot. Only access sessions to OS X machines can be rebooted and reconnected.

Advanced Remote Desktop Sharing Guide version - 1

SUMMIT Advanced Remote Desktop Sharing Guide Version - 1 Classification: External Date: 20-07-2020 15 • Support sessions to Linux machines cannot be reconnected after a reboot. Only access sessions to Linux machines can be rebooted and reconnected. • Manage Credentials: This feature prompts the guest to enter credentials so the technician can log back in at a later time. ▪ Prompt For Storage: Enter the credentials for storage. ▪ Send To Screen: Send credentials to the remote machine. • Share My Desktop: Share your screen with the guest. If there are multiple monitors, you can select which one to share with the guest, or you can share the entire desktop. ▪ For Mac: When you share your screen, the ScreenConnect Control Client icon is minimized to the OS X Dock. To unshare your screen, select the ScreenConnect Control Client icon from the Dock. • Suspend My Input: Disables your keyboard and mouse control. This also suspends clipboard syncing with the remote machine. • Block Guest Control: Removes the guest's keyboard and mouse control. • Blank Guest Monitor: Obscures the guest's monitor(s), showing only a solid background with the name of the company. • Beep on connect (only for Mac and Linux): Gives an audible indication when the guest connects to a session. • Acquire Wake Lock: Prevents a remote machine from automatically-locking, going to sleep, playing a screensaver, or hibernating. If you forget to select the Release button, the wake lock is automatically released when you close the host client window. Note: • This feature cannot prevent the Mac from going into sleep under certain conditions, including if the battery is too low, if a user selects the sleep option on the Mac, or if the user closes the laptop lid. • This feature is available for mac in 6.1 and above.

Toolbox

During a session, hosts can access the Toolbox menu to run small scripts and executable on a remote machine. Toolbox items can be retrieved from a host's machine (creating a "personal" toolbox) or from the Screenconnect server itself (a "shared" or "server" toolbox). Self-contained executables (like PuTTY) can be added to your personal toolbox by copying them to your toolbox folder. You can open your toolbox folder, or change its location, straight from the ScreenConnect Control client. Personal vs. shared toolboxes • Personal : The personal toolbox stores files, which are managed and used by just a single host. This way, each host can have their own tools to use during a session.

Advanced Remote Desktop Sharing Guide version - 1

SUMMIT Advanced Remote Desktop Sharing Guide Version - 1 Classification: External Date: 20-07-2020 16 The personal toolbox allows the host to store self-contained executables or batch files and run them from the Toolbox menu within a Remote Desktop session. Unlike the shared toolbox, the personal toolbox is stored only on host's own computer. This way, a host can keep their own set of tools handy. Windows: A host's personal toolbox folder is located at: C:\Users\USERNAME\Documents\ConnectWiseControl\Toolbox Note: the folder does not initially exist until someone clicks on the Toolbox menu during a session.

After you placed the desired tool into the folder, it should appear in the Toolbox menu. You can also open your toolbox folder, or change its location, straight from the ScreenConnect Control client.

Figure 15: Toolbar: for Windows

Mac OS & Mac OS X A host's personal toolbox folder is located at: /Users/username/ConnectWiseControl/Toolbox Note: It is not possible to change the location of the personal toolbox at this time. Click the Open Folder option from the Toolbox menu. The folder opens with your file manager program. You can then add files to this folder, and they automatically appears under the Toolbox menu.

Advanced Remote Desktop Sharing Guide version - 1

SUMMIT Advanced Remote Desktop Sharing Guide Version - 1 Classification: External Date: 20-07-2020 17

Figure 16: Toolbox: for Mac

Linux A host's personal toolbox folder is located at: /home/username/ConnectWiseControl/Toolbox Note: It is not possible to change the location of the personal toolbox at this time. Click the Open Folder option from the Toolbox menu. The folder opens with your file manager program. You can then add files to this folder, and they will automatically appear under the Toolbox menu.

Figure 17: Toolbox: for Linux

• Shared toolbox With the shared toolbox, the administrator can upload self-contained executables to their ConnectWise Control server. Unlike the personal toolbox, tools that are uploaded to the shared toolbox are available to use by any host, in any location. This can be handy if the administrator knows there are certain tools technicians want to use. The administrator has two ways to add files to the shared toolbox. One, by adding files to the default shared toolbox folder, which on Windows is at: C:\Program Files (x86)\ScreenConnect\App_Data\Toolbox and on Linux/Mac it is located at /opt/screenconnect/App_Data/Toolbox Two, the admin can also upload new tools via the Manage button on the Toolbox menu item during a session on Windows machines. Locations of downloaded tools from the shared toolbox When you run a tool from the shared toolbox, the tool is downloaded to a temporary folder on the guest's machine. Temporary folder locations for shared toolbox items Windows: C:\Users\username\Documents\ConnectWiseControl\Temp Mac OS X: Users/username/ScreenConnect/Temp

Advanced Remote Desktop Sharing Guide version - 1

SUMMIT Advanced Remote Desktop Sharing Guide Version - 1 Classification: External Date: 20-07-2020 18 Linux: /tmp/screenconnect-xxxxxxxxxxxxx/Temp

File transfer

The File Transfer menu facilitates sending files to and from a remote machine during a session. Note: • Hidden files and folders cannot be transferred. • On Windows machines, files are transferred by default to the C:\Documents and Settings\UserName\My Documents\ConnectWiseControl directory. • On Mac machines, files are transferred by default to the ~/Users/{logged in UserID}/ConnectWiseControl/ directory. • On Linux, files are transferred by default to the ./{logged in UserID}/ConnectWiseControl/Files OR ./tmp/screenconnect-xxxxxxxxxxx/directory.

Figure 18: File Transfer: for Mac

Figure 20: File Transfer menu: for Windows Figure 19: File Transfer: for Linux

• Send File / Send Folder Transfer files or folders to the guest machine. The Send Files or Browse for Folder dialog opens, and you can select which file or folder to send. On the guest machine, an explorer window opens and the file or folder is saved to the default file transfer directory. • Receive Files Receive files from the guest machine. The Send Files dialog opens on the guest machine, and either the guest or the host can navigate to the desired file. When the file is selected, click Open to receive the file. An explorer window opens on your machine, and the file is saved to your default file transfer directory. • Manage Receive Folder (only for Windows) Change where received files and folders to be stored on the host's machine. • Receive Folder (for Mac and Linux) Select a folder to transfer from Guest to Host machine.

Drag-and-drop file transfer You can send and receive files and folders by dragging and dropping them into the client window.

Copy and paste file transfer (in Windows)

Advanced Remote Desktop Sharing Guide version - 1

SUMMIT Advanced Remote Desktop Sharing Guide Version - 1 Classification: External Date: 20-07-2020 19 Use the right-click Copy and Paste commands to transfer files from one specific location to another. You can also use the keyboard shortcuts CTRL+C and CTRL+V.

Screen capture

The Screen Capture menu contains tools for taking screenshots and recording videos of Remote Desktop sessions. Note: • Currently sound is not included in recordings. • Turn on extended auditing to automatically create video recordings of all sessions.

Figure 21: Screen Capture: Figure 22: Screen Capture: for Mac for Linux

Figure 23: Screen Capture: for Windows

• Take Screenshot ▪ To Clipboard: Copy the guest machine screen to the clipboard. It can then be pasted as an image. ▪ To File Save the screenshot as a file (in PNG format). • Recode Video (only for Windows) ▪ Record: Begins recording the session. ▪ Pause: Suspends recording until Record is selected again. ▪ Stop: Stops recording the session. • Manage Capture Folder (only for Windows) Open the capture folder or change the location where screenshots and videos are stored.

Sound

The sound menu provides controls for the VOIP feature of Remote Desktop sessions. Guests can adjust their microphone and the volume of the sound, while hosts can toggle the sound mode of the session or meeting.

Advanced Remote Desktop Sharing Guide version - 1

SUMMIT Advanced Remote Desktop Sharing Guide Version - 1 Classification: External Date: 20-07-2020 20 Figure 25: Sound: for Mac Figure 24: Sound: for Linux

Figure 26: Sound menu: for Windows

• Select Mode ▪ Silent: Do not capture any sound. ▪ Speakers: Capture the sound that is played through the speakers of the machine. ▪ Host Mic: Listen to the microphone of the host. ▪ All Mics: Listen to all microphones. • Select Microphone: Choose a specific microphone to use during the session. • Select Speakers: Select the device to output the sound during the session. • Mute Microphone: Turn off your microphone. • Set Speakers Volume: Adjust the volume for your speakers.

Participants

The Participants menu lists all the hosts and guests who are currently connected to a Remote Desktop session. Icons in the Participants menu designate if a participant is sharing their screen, whether sound is enabled, and more. From the Participants menu, the Host can terminate or disconnect a participant from the session. For Windows The Participants menu uses the following icons:

The host of the session.

A guest or non-host participant.

The participant who is sharing their screen.

This is for the meeting sessions only. The participant who is prompted by the host to share the screen.

The participant who is currently speaking into a microphone.

Participants can control the desktop that is being shared.

The color a participant is using for annotations.

Advanced Remote Desktop Sharing Guide version - 1

SUMMIT Advanced Remote Desktop Sharing Guide Version - 1 Classification: External Date: 20-07-2020 21 Regenerate an annotation color

A host can manage guests or participants in a meeting by hovering over their name. A host can:

This is for meeting sessions only. Send a request to a selected participant to share their desktop. The participant views the same Share My Desktop dialog box and can select their screen sharing options.

Disconnect a participant from the session.

For Mac

Figure 27: Participants menu: for Mac By hovering over the name of the participant in the menu, the host can disconnect a participant from the session.

For Linux

Figure 28: Participants menu: for Linux By hovering over the name of the participant in the menu, the host can disconnect a participant from the session.

Annotation

When a participant in a session and is not sharing their screen, they can use the annotation tools to mark up the screen. A host in the session can control drawing privileges and can clear annotations from the screen.

Advanced Remote Desktop Sharing Guide version - 1

SUMMIT Advanced Remote Desktop Sharing Guide Version - 1 Classification: External Date: 20-07-2020 22

Figure 29: Sharing screen For the host client, the Annotation menu contains the following features:

Figure 31: Annotation: for Mac

Figure 30: Annotation: for Linux

Figure 32: Annotation: for Windows

• Select Mode: Choose the annotation mode for the session. ▪ Invisible: No annotations is displayed on the screen. ▪ View Only: Disables annotation tools. Any existing annotations remains on the screen. ▪ Host Draw: The host of the session can use the annotation tools to draw on the screen. ▪ All Draw: All participants in the session can draw on the screen. This is most useful when in a meeting. • Select Tool: Choose the annotation tool (Pen, Line, Rectangle, and Ellipse) for you to draw on the screen. • Select Stroke Thickness: Choose the annotation stroke thickness (Thin, Medium, and Thick) for you to draw on the screen.

Advanced Remote Desktop Sharing Guide version - 1

SUMMIT Advanced Remote Desktop Sharing Guide Version - 1 Classification: External Date: 20-07-2020 23 • Clear Annotations: Clear everyone's annotations on the screen. • Regenerate Annotation Color: Annotation colors are randomly generated for each participant. Hosts can generate a new random color for annotating a shared screen. ▪ In the Windows client, hover over a participant's name and click the Regenerate Color icon. ▪ In the host client, go to Participants, then to a participant's name, and click, Regenerate Color.

Messages

The messages menu adds the ability to chat with a guest during a Remote Desktop session. Messages menu features From the Messages menu, the host can chat with the guest. The host is identified by their login name or display name (if defined), while the guest is identified as Guest. Additional features: ▪ Timestamps is generated for each message. ▪ Any fully-qualified URLs pasted into the chat box is clickable. ▪ Chat messages can be reviewed and responded from the Host page. ▪ Prompt the Guest to enter their name at the beginning of a session by editing resource strings. ▪ The recorded message logs can be set to be automatically deleted with a database maintenance plan. The Messages menu is accessible by clicking the chat balloon icon on the host client toolbar.

Figure 33: Messages: for Mac Figure 34: Messages: for Linux

Figure 35: Messages: for Windows

Helper

The ScreenConnect Helper allows a host to select text and search for it via Google or Bing, all within the host client. Since the Helper is OCR capable, the host can even select text from alert boxes, images, and other interfaces. Helper requirements For OCR support, Helper requires Windows TIFF IFilter to be enabled on the host’s machine. If the Windows TIFF IFilter is not enabled on your machine, you are prompted to install it. Note:

Advanced Remote Desktop Sharing Guide version - 1

SUMMIT Advanced Remote Desktop Sharing Guide Version - 1 Classification: External Date: 20-07-2020 24 If you do not install the Windows TIFF IFilter feature, you can still use the Clipboard Help function to automatically look up for any text that is in your clipboard.

Figure 36: Enabling Windows TIFF IFilter For Windows • Enable Clipboard Help: Automatically searches for what is in your clipboard. Useful for error messages and error codes when fixing a machine. • Select Tool: The options for this feature are: ▪ Off: Do not use the Select Tool. ▪ Lasso: Drag the lasso to select an object. ▪ Cross: Draw a rectangular selection. • Select Provider: Choose between Bing and Google for your search provider.

Figure 37: Helper Status

The Status menu provides information on a session's connection status. This menu shows the version of the ScreenConnect client and the last received error message, both which can be helpful when troubleshooting issues with our support team.

Figure 38: Status: for Linux Figure 39: Status: for Mac Figure 40: Status: for Windows

Advanced Remote Desktop Sharing Guide version - 1

SUMMIT Advanced Remote Desktop Sharing Guide Version - 1 Classification: External Date: 20-07-2020 25 The Status menu contains the following information: • Connection Status: Displays the current state of the connection between the client and the ScreenConnect Control server. • Relay Server: Displays the callback URI of the client. • Time Connected: Displays the amount of time the client is connected to the server. • Messages Sent: Displays the amount of traffic data sent to the server. • Messages Received: Displays the amount of traffic data received from the server. • Software Version: Displays the client's current version of ScreenConnect. • Last Error Message: Displays the more relevant error message, if applicable.

Advanced Remote Desktop Sharing Guide version - 1

SUMMIT Advanced Remote Desktop Sharing Guide Version - 1 Classification: External Date: 20-07-2020 26 Security Feature of Advanced Remote Desktop Sharing This section describes the security designs and features of Advanced Remote Desktop Sharing.

Securing session traffic

Advanced Remote Desktop Sharing is FIPS-compliant but not FIPS-certified. The Relay service is responsible for handling traffic to and from your ConnectWise Control server. All traffic is automatically encrypted with AES-256 block encryption and RSA provided by the Microsoft RSA/Schannel Cryptographic Provider. These implementations of the AES-256 and RSA algorithms have been designated as FIPS compliant for ConnectWise Control servers on Windows. For more information, see Microsoft's documentation on FIPS 140 Validation.

SSL configurations

Cloud instances are automatically secured with a SSL certificate and enabled with a HTTP-to-HTTPS redirect.

Configuring access to your ConnectWise Control server Blocking and restricting access to your ConnectWise Control site

You can control access of the Host page and the Administration page by enabling the advanced settings in the edit Web.Config AppSetting extension. These settings are available for both the Host and the Administration page: • MaxLongestTicketReissueIntervalSeconds: If a user remains idle on the Host and/or Admin page for a certain amount of seconds, then they will be logged out of the ScreenConnect site. • MinAuthenticationFactorCount: Determine whether to use two-factor authentication on the Host and/or Administration page. • RestrictToIPs: Allow only certain IP addresses to access the web interface. You can name multiple IP addresses in a comma-separated list, or you can specify a range of IP addresses by using the CIDR notation. • BlockIPs: Block IP addresses from the web interface. You can name multiple IP addresses in a comma-separated list, or you can specify a range of IP addresses by using the CIDR notation. Automatically force a host to disconnect from a session

With additional editing of the web.config file, you can further control how long a Host can stay connected to a session. • AccessTokenExpireSeconds: Specifies the period before a Host relaunches a session (Support, Access, or Meeting). Also, it determines how long a downloaded launcher file can be used to connect to a session.

Advanced Remote Desktop Sharing Guide version - 1

SUMMIT Advanced Remote Desktop Sharing Guide Version - 1 Classification: External Date: 20-07-2020 27 Tip: Set ShouldRevalidateAccessToken to "true" to automatically disconnect the Host from your sessions after the time specified in AccessTokenExpireSeconds. • : Force a Host to reauthenticate after a set period in seconds (on-premise installations only). • InputIdleDisconnectTimeSeconds: Disconnect a host from a session if they have remained idle for a set number of seconds.

Logging and auditing

ConnectWise Control includes logging ("auditing") as well as automatic video auditing ("extended auditing"). The server's SQLite database stores all logged data, which you can then query for custom reporting.

The automatically-recorded videos from "extended auditing" are stored in a proprietary format on your server to keep the file sizes small. Visit the Audit page to download your encoded (AVI) videos.

Guest security

Here are some ways in which guests can feel assured when a host is connecting to their computer. Guests can also report suspicious behavior to our team to investigate. Exiting a support session

Guests can disconnect from a support session or meeting by selecting "Exit" from the right-click context menu. Consent to control

A ConnectWise Control administrator can enable a "consent-to-control" dialog box that will appear on the guest's side. When a host tries to connect to the guest's machine, the guest will first have to select a "Consent to Control" button before the host can get access to the guest's machine. The "Consent to Control" dialog box will appear if the Administrator removes the "Host Session Without Consent" permission from one or more of the defined user roles. See our page on defining user roles and permissions for an explanation on removing permissions like "Host Session Without Consent". Regaining control of machine

Guests can also regain their mouse and keyboard control by pressing CTRL-ALT-DEL. Ending a session

Guests can end support sessions by right-clicking on the icon and selecting the "End" option, or by uninstalling the access agent.

Advanced Remote Desktop Sharing Guide version - 1

SUMMIT Advanced Remote Desktop Sharing Guide Version - 1 Classification: External Date: 20-07-2020 28