Remote session will be opened with a different user description

[moonwalk5]

Hello all,

we have the situation, that we use a central MeshCentral installation with several IT members.

In some cases we see, that a remote session of user A will be opened on the remote client with the information of user B.

We checked this and have find out, that this will be happening, if more then one IT member is logged in in the console.

We use a strictly user consent setting for all defined groups and assigned client.

Could it be a problem with the "Threat Safety" in underlaying NPM or Java Script?

We use a Windows 2019 installation of MeshCentral and the version 1.1.13.

Thanks in advance.

With best regards.

[moonwalk5]

Hello si458,

the issue is existing furthermore. We have the version 1.1.16. The user will be asked to control with the last logged in MeshCentral admin.

Is there a problem with the npm version?

With best regards,

Jörg

[si458]

the latest is 1.1.20 for starters, but i dont understand what you mean by In some cases we see, that a remote session of user A will be opened on the remote client with the information of user B. ?

[moonwalk5]

Hello Simon,

yes. Correct. We are 10 administrators that using the tool and sometimes we will connect to a client and the connection string comes from an other administrator, that is logged on.

Is this an npm problem? We use version 18.x on the MeshCentral Windows server.

With best regrads,

Jörg

[si458]

Again I'm not sure what u mean connection string comes from another administrator ?
an administrator just opens the meshcentral webpage and login with there user OR if they visit the webpage, it should login with the last user that logged in on that webpage?

[moonwalk5]

Hello Simon,

Admin A and B are connected to MeshCentral. Admin B will open a remote session to a user. The user will be ask "Please allow user A to control your desktop.". This is strange.

With best regards,

Jörg

[si458]

is Admin A already connected to the same device when Admin B tries to connect to it also?

[moonwalk5]

Hello Simon,

no. It seems, that MeshCentral takes this info from a buffer.

With best regards,

Jörg

[si458]

what computer OS are you trying to connect too? as i cannot replicate this issue at all. Admin A logs into web panel (does nothing), Admin B logs into web panel (different browser), Admin B connects to a computer, i get prompt for Admin B ?

[moonwalk5]

Hello Simon,

we are using Windows 10 and Windows 11.

With best regards,

Jörg

[si458]

nope, cannot replicate the issue, is Admin A and Admin B on different computers? different browsers?, how do each user login?

[moonwalk5]

Hello Simon,

we have a central MeshCentral installation on Windows 2019.
We have set strictly consent for all client access in "config.json".

{
    "userConsentFlags": {
        "desktopnotify": true,
        "terminalnotify": true,
        "filenotify": true,
        "desktopprompt": true,
        "terminalprompt": true,
        "fileprompt": true,
        "desktopprivacybar": true
    }
}

All Admins work on this external server via the started service and the web side from MeshCentral. The login is via LDAP with AD accounts.

Each Admin has an own individual PC and sitting also in different locations. We have checked with Chrome and Edge. The issue is not always occured, but very often. We do not why.
We have the feeling, that will be used the display name of the last Admin, that opened a client session.

With best regards,

Jörg