Casper Remote Account Limited to Screen-Sharing Still Allows Scripts to Run

Todd
New Contributor

Casper Remote Version: 8.73

I'm considering allowing our help desk crew limited access to Casper Remote so they can assist clients using the screen-sharing feature. To accomplish this I have created a test account that is limited to only allow screen-sharing. The only privileges I selected for the test account are "Use Casper Remote" & "Screen Share with Remote Computers". I did not select any other options.

In testing everything seemed to function as expected. I was able to select a designated target computer and screen-share. All good. However, I realized that I was also able to run a script against a target computer. All other features remained blocked as expected.

Has anyone out there encountered this?

5 REPLIES 5

mm2270
Legendary Contributor III

Hi. I'm using JSS version 8.73 and I'm not seeing the same behavior. With those 2 options checked only I can use ScreenSharing, but all other options are grayed out in Casper Remote as they should be. Not sure why you'd be seeing something different.

Have you tried recreating the account? If so, do you see the same thing?

Todd
New Contributor

@mm2270][/url][/url][/url I recreated the test account and the problem still persists. However, after having done so I realized that I should have been more specific about the issue in my initial posting.

To clarify... when logging into Casper Remote with the test account the options in the scripts pane appear to be grayed out. Which is to say, that I cannot toggle any of the categories to select any scripts to run. BUT, the issue is when I attempt a search for a known script. If I search for a known script I can find it, select it and run it. As a matter of fact, If I perform a search I am then ALSO allowed to toggle through the categories, and like before I am able to select a script and run it. It's as though doing a search seems to unlock the browse feature for the scripts categories. Ultimately, the big issue is that I can run a script using an account that should not be able to perform such tasks.

mm2270
Legendary Contributor III

Thanks for the clarification. Confirmed that i see the same behavior. I can search for a script and the checkboxes next to them are available and I can run them. None of the other categories have this issue from what I can see. Only Scripts, just as you found.

Since you discovered it, you might want to open a case with JAMF support so they can replicate it and create a Defect if needed. I'm guessing this will be needed. My only concern is that now that 8.x has reached the end of the line and JSS 9.x is the way forward, I don't know if they'll spend much time and energy fixing this.

bajones
Contributor II

I'll just post this in case anyone is curious. Attempting this on Casper Suite 9.21 reveals the scripts are still selectable in Casper Remote, but trying to run them generates an error in creating resources on the JSS.

Todd
New Contributor

Thanks for the helpful responses. I guess we'll just have to wait on allowing help desk staff to use screen-sharing with Casper Remote until we upgrade to Casper Suite 9.x. We'll investigate other options in the meantime.

Thanks again.