Conrad Sallian wrote:
We'll re-consider this issue and see if it's possible to be implemented without any potential threats to security.
If I may suggest, you could design it in a similar way to LMI. Having an option within the viewer to request the credentials, this will then provide a popup on the host side informing them of exactly what's happening with accept/deny options. Upon accepting, the host will be asked to enter in their login credentials to be stored for the current session. Once the session expires the credentials are deleted.
You could add an option within the request credentials feature(in the viewer) to define exactly how long the session is. IE: Until next reboot (or until x reboots), until x time passes, until x date, or until client deletion within the viewer. Whatever is selected to define the session would be presented to the host within the same accept/deny prompt that explains that the technician will be able to remotely restart the computer without the need of their password.
As an added security feature, you could disallow technician input for the accept/deny prompt. This will prevent the viewer from accepting said prompt on behalf of the client, ensuring that the client is fully aware of the situation, as they would be the ones accepting these terms.
Personally I find this to be a much lesser security risk than having to either remove the password form the host's computer, or asking for it directly. As many people use the same password for just about everything, it opens a can of worms that we really would rather avoid. (Plus it just makes everyone's lives more convenient)