ASG 2016 Reconnect Functionality: Connect As-- Custom Credentials

[jjhockey21]

Can I disable the reconnect option on the session toolbar from using the cached "custom" credentials that were originally entered to connect to a RDP connection? 

The reconnect behavior I'm looking for is the same as if you were to right click on the connection from the tree layout (on the left) but NOT on the active RDP tab/window.

I want ASG to re-prompt AWLAYS for credentials no matter where I select reconnect. Unless I'm using explicit "saved" credentials. 

How customizable is this "custom" crews feature. I understand for others this is an awesome feature however for myself and the security focused company I work for this actually is a vulnerability. Ideally if I can just disabled the "custom" connect as option that'd be fine too.

Thanks
Jack Jo

[DevOma]

Please have a look at the "Reconnect settings" in Settings=>Connections - I think if you check "On reconnect use assigned credentials from connection" that should fit for you

Second issue - currently we have a security settings "Use of 'Connect as...'" - if you disable this on connection/folder level the users can only work with the assigned credentials - does that fit your needs also?

[jjhockey21]

Please have a look at the "Reconnect settings" in Settings=>Connections - I think if you check "On reconnect use assigned credentials from connection" that should fit for you

Second issue - currently we have a security settings "Use of 'Connect as...'" - if you disable this on connection/folder level the users can only work with the assigned credentials - does that fit your needs also?

Ok, so I found a way to turn off the connect as - custom feature. 1) Tools > 2) Settings > 3) Context Menu 4) Uncheck Connect as => Custom. 

Can I implement any policies that would not allow the user to change this option? Also if I wanted to deploy your application with the above config - is that possible?

Thanks
Jack Jo

[DevOma]

If you would like to set any permission policies you need to use a database environment (else the local user is always admin)

Then you can set your Settings how you like it - and set Global Permissions (Tools=>Security Groups=>select Security Group=>Details) - if you do not activate "Settings=>Allow changing of Personal / Environment Settings the users will not be able to change your settings that you have defined for the environment

You also can define on object level that users are not allowed to change assigned credentials - and if you prefer that the users always be prompted for their credentials you only need to keep the assigned credentials field empty or even do not create any credential objects that users can read (Security on credential objects) - there is a granular security assignment for every object / folder you can set. I think you should try to set security in a way that matches your needs - just try it, I think everything is possible :-)