Remote Control HUGE security issue
There are several major security problems with the current implementation of Remote Control:
1) There is no way to control which ServiceDesk users have access to it, nor which systems they can access. This means they can access ANY system with Remote Control.
2) There is no notification to the user that the ServiceDesk technician has remoted into their computer.
3) The Event Log entry for the Remote Control session only shows "servicedesk" connecting; there is no way to audit which user in ServiceDesk made the connection.
4) There is no way to disable Remote Control functionality in the ServiceDesk application.
AdventNet should really take these things into consideration before releasing a build that has Remote Control turned on! Many of us are using the product in a production environment, and Remote Control introduces unacceptable security risks.
1) There is no way to control which ServiceDesk users have access to it, nor which systems they can access. This means they can access ANY system with Remote Control.
2) There is no notification to the user that the ServiceDesk technician has remoted into their computer.
3) The Event Log entry for the Remote Control session only shows "servicedesk" connecting; there is no way to audit which user in ServiceDesk made the connection.
4) There is no way to disable Remote Control functionality in the ServiceDesk application.
AdventNet should really take these things into consideration before releasing a build that has Remote Control turned on! Many of us are using the product in a production environment, and Remote Control introduces unacceptable security risks.