 Tom here from Lawrence Systems and we're going to talk about ConnectWise Control, also called Screen Connect. So that was its name prior to ConnectWise's purchase. And the names are kind of back and forth. Both of the names are shown here. So if you'd like to learn more about me and my company, head over to LawrenceSystems.com. If you'd like to hire a short project, there is a high-risk button up at the top. If you like to support the channel in other ways, there are affiliate links below for products and services that we talk about on this channel. But not all of them, though. Specifically, this one, we have no affiliation with ConnectWise. We use their product. Our only affiliation is that we're a paying customer that gets no discounts. Someone won't believe me, but at least I'll throw it out there. We just been a long-time user of the Screen Connect product prior to its purchase to ConnectWise and we've continued to buy the product or buy the updates that should stay in renewal licenses for it. Now the product has changed over the years. I've done a review on it in the past. I'm doing this updated review because, well, it looks a lot different. And, yes, I have been very critical of their security and problems that have arose from it. And they have made good on that and fixed many problems, lots of little issues and things like that, which is really important because we like this tool of relying on it. Now, I already know people are going to be throwing out why not 20 other different programs and they'll leave in the comments below. I don't have time to review all of them. We have been using this one for a long time. It works really, really well, which is part of the reason I'm doing a review of it. If you too long didn't watch, yes, we like it. You can start your own free trial. But I'm going to talk about the features and things like that. Now, I'm also aware because this comes up, well, almost weekly now. Yes, I'm aware that someone's working on an open source system that maybe once it gets code audited and has a lot of features and it's gone through a long and intensive, the grueling process of a security audit and passes without major flaws. Then I can look at it right now because this is a critical piece of infrastructure for my company and also the highlight of some of the security talks we've had because when you lose access to something that controls, oh, I don't know several thousand computers, you suddenly have a really big problem on your hands because as you're going to see through this demo, it has a lot of power, which is why we like it. It's absolutely filled with features, which is also why it's frequently being attacked and looked at because it's extremely popular in both the MSP and just the general technical space. Now, it does have two versions here, support and access. Full remote support capability designed for help, desk, dial, services. And the other one is unattended access machines that manage capabilities to help you save time and superior delivery. We're going to talk about the details, not the marketing speak, but this one adds a couple more features and does not have the remote unattended, the pricing is different, and it does not have exactly an on-premise version that I can find. This seems to be the same as what we use on-prem, but we don't have the endpoint management, maybe not in the way it comes on here. So that's the only thing I really see different between the two of them is apparently there's some endpoint management, but we do that through PowerShell and through our present right here in February of 2020, SolarWinds for our RMM tool. So we do use the SolarWinds tool as well, but it's just not as powerful when it comes to remote management. They have the remote management tool built into SolarWinds, and some people think it's weird that I use ConnectWise, but we do a lot of one-off support calls, and this is great for those one-off support calls for people who are not in a type of managed contract. So I'll close this one here and then we'll talk about the version that's like we have. Now the backend looks the same, it's only a couple of things they add differently. When you look at this version here, we'll go ahead and learn more and click on pricing for that. Now the pricing, I'm not going to spend much time talking about it because it's relevant to this moment with these features. Usage may vary, things may change, because well tomorrow they could change it, and I have no crystal ball or insight to when or if this will change on pricing. But we do have, and it says contact yourselves manager, the pricing for the self-hosted version that we use starts at $2,500 annually. There's different nuances to the way the licenses work on that. They don't even have, so I don't even know what the license costs are for unselfless. I know what we pay, but I don't know what you will pay. So I'm going to leave that part there between you, the sales rep and all that, and it's not part of it, but at least I'll cover it, that yes, I'm aware. All right, now let's talk about the product. Enough of all those things. They host it for those prices that you see on there, and that's how most people I know do it. Now the reason they do it is because it takes a little bit more to host it yourself. You have to have a server, you have to have dedicated IP address, the bandwidth, and things like that, and top that off, hopefully the right security mindset and understanding how to set that up self-hosted. We run it in Linux, we run it with a reverse proxy. We have a lot of filtering that goes on in front of that, including intrusion detection systems to help mitigate threats. But if you want it to go simpler, and this is the way a lot of people do, they put that over on ConnectWise to host it, and this is all hosted for this whole demo from here on out is all the one hosted in there. Showing mine looks the same, the differences, I don't have to blur out all the IPs or all the clients that we have in ours. This is the demo one, which when you look here, you'll see it says there are 12 days left in my trial. This is the one I use talking about security. My other video talks about security, but the shorter version of that is lock this thing down, use two factor everywhere, don't use email authentication. That's what I cover in my security one, a little bit more in-depth than showing exactly where those configuration settings go, but they're not hard to find. But I just want to make sure I get that out there because it's really important that you secure this. So right here, status is the basic, we'll cover this, we're at version 19.6 on this particular demo that is current as of, and they take care of all the updates with the self-hosted version. The only extra extensions I have loaded is this advanced configuration editor, but this is a nice feature is the fact that there are extensions that you can add to this. This allows you to update different things and import bulk users, ConnectWise view, public session style toasting, a integration with past portal, integration with Zopim, extension developer, integration with IT Boost, Ubico. There's a lot of different things that you can integrate to Zendesk. So these are nice. And of course, you can write your own as well, but you can add, put add-ons into the system. This is a nice feature that I like that they built in, ESET antivirus being able to do the near Google analytics, if you want to attract the people that hit the page or this Slack integration, etc. So I won't spend a lot of time in this, by the way, you can set up a free demo with and get this set up for yourself if you're interested. So you can start playing with it. All right, let's close that. Now the reason I put the advanced configuration editor in is it makes it easier to do things like this. And we'll jump over to some of the settings, whoop, not the quick settings, but the page settings. This is something where you put things, you put IP addresses in and block or restrict to certain pages on here. You can also force things like forcing it to ask you for the two FA when you go to the host or admin page. This is an important feature, I believe, that should be turned on. It's not turned on by default. So it's kind of hard for them to turn on by default. And I guess unless they asked your IP address when you were setting it up, but either way, set that up. I talked about that in securing screen, connect video, short video, I get to the point in that one. So other options, customizations, there's actually a lot you can do to customize this about how it works. I'm going to leave everything at the default. The defaults pretty much work perfectly fine. There are options for like, do you want it to default lock their monitor, block the guest wallpaper? Pretty much the defaults look great on this. Ours, I can't remember if we've changed anything I didn't want to go through with a fine tooth comb to do a side by side comparison, but it looks the same when I connect whether or not you want it to beep to connect or not, etc, etc. There's a little fine tuning you can do they're pretty self obvious systems in there. Now triggers, this is kind of cool, you can create triggers notifying me when a guest connects to an unconnected support or message setting, and you can create triggers based on if then in certain variables in here. That way you can show the reference here. Maybe you want certain times to know if there's a client version out of date or there's something about a guest operating system. There's a lot of little events if then else type things will let me know with this system connects and you can have notices sent out. This is actually a pretty cool or even add session events based on that. So event type, user deleted data, so someone were to uninstall it, for example, you can get notice of someone were to drop a connection. It's got a lot of little fine tuning you can do in there. It's pretty cool. Audit logs has full audit of you can query by session name, you can query by event type, and you can find out what happened, whether what commands were sent to the system, what text connected to it, and ideally when you're setting up the text under security here, which I also talked about setting them up with TOTP2FA, but there are other services supported. You can audit each individual tech and see what they did, what machines they connected to and which ones they talked to. And it does support LDAP, Windows Active Directory, SAML, OAuth2, OpenID Connect, as other ways of authenticating not just its own internal user table. So you can use the user table and build your own user sets in here or you can put it against your other larger user base and authenticate that in case you have some type of SQL sign on type service that you want to use. Both of those are supported in here. Now for the database, there's general database maintenance, if you had very specific things you wanted to do or a certain time you wanted this database maintenance schedule due to run services, you could do that and fine tune it and not going to dive much into it, but it's there. Mail, if you're self posting, of course, you have to configure this yourself. If you're doing it like this, they have their own SMTP server in here, but of course you may need to set up different settings for the default from address, etc. But those are options customizable in here. Now let's get right to the fun part. We're going to talk about how to create a support session and how support sessions look. That's where we're going to talk about all the features in here. But first, we need to create a support session. And I will admit this does work and I'm running Linux right now. And for those wondering, yes, I can do support sessions in Linux, the bad part, and we'll go ahead and create the support session and get this started in Linux, but then I move the windows because all the features are a lot better. So this is you tube demo. And if I had the client on the phone, I would tell you them to go to proof a concept dot screen connect.com. That was the name I registered. You can also embed this in your website. There's customization for doing that. Or I could email them a link, I could copy a link myself as a calendar option to set it up as a calendar invite too. So I never I've never used that feature though. Usually it's link email or just give them a code usually on the website, you give them a code and get that code over to them. So let's get that machine and I have a demo machine set up a virtual machine. We're going to go here proof concept that screen kick calm. And I already forgot the number. It's 90375 90375. I typed it wrong. Nope. Yeah, 90375. I did type it right. They download and run a little application. All of 84 kilobytes to get it kicked off. Say yes, I would like this program to take over my computer. And now it is so this is over here. And here it is host connected through the cloud administrator, which I am I should have be running it as a separate user, but for demo reasons were not. And away we go. I now can connect to that system. Now I'll put these side by side just going to give you an idea actually I can shrink this one to make it a little easier. It scales we got view options. But one of the things I'm going to show is, you notice how it just doesn't look very modern that is completely related to the Linux version. So I want to show that yes, it works in Linux. Drag this over here. And yes, I can scale it and move things around. If I drag an icon around, it does drag around and all that. But the one problem with the Linux version is, well, this is the way screen connect used to look your windows. They updated it. They've not shown any more love to the Linux one here. It's got some of the new features, but it didn't really get a facelift. So it's, yeah, it's missing a few things. So one, it's ugly to things I can't do in Linux that I'll be showing. I cannot do the search and automatically throw a search into Google. That's a cool feature we'll talk about. That's just missing from here. The other thing that's missing is ability to manage the toolbox, which we'll talk about that the toolbox is there, but the actual management of the toolbox is missing. Also in Linux, it's inconsistent when you can drag files on and off of this session, you can always transfer by using the file transfer button, but dragging them on and off just kind of falls flat when you're doing it in Linux. So yes, it works. Yes, those are the challenges you deal with in Linux. When you run it with Java. And now I'll show you how it works inside of Windows, which is a lot better. I have a virtual box running in Windows on there. So now in Windows, we have a nice much more modern looking interface. So I can do the same things, drag things around, operate the system. That's all the same, but this is so much nicer. Now when you get select monitors, it works in Linux, but you either show all the monitors spread across or one at a time. This actually lets you pop them out. Now there's only one monitor on my demo machine, but it's kind of cool as you can pop each one of them out into their own window. You have the same options low, medium, or high. So if it's a lower bandwidth connection, you can do that. You can say, all right, low bandwidth and shrink it down. You can scale these pretty easily to different sizes. So that works. I'm going to leave it back at 100%. But easy enough to zoom in and out. So that's there. Send control, delete, send clipboards, keystrokes. This is great. So if you got something clipboard and you want it to paste into a thing that maybe doesn't have the actual right click or paste options, you can just put the curse there and hit send clipboard, send clipboard, keystrokes, block, guest input mode. I like this. So this is that tug-of-war ender. So you've probably connected to a remote session where you move the mouse and they move it and it becomes this tug-of-war that this helps them lose it very quickly. So you just hit block, guest input. I'm done with whatever they're doing. I've stopped them. They can watch. Now this is an important one that you may or may not want to set to default. And let me show you why. That's what this looks like now when I hit that. What happens is if you're, let's say doing something after hours and you don't know who's looking at that workstation, you have to open up some type of thing that may be sensitive and you're unlocking that workstation. Because yes, you can unlock. Yes, you can log in with the username and password even from a lock screen. Now you've unlocked a workstation and what if someone was standing by that workstation? Well, you may want to lock it out prior to your connection. So you can lock out both the keyboard and the screen so you can't see what's on there and they don't have keyboard access. So that's something to think about. And it's a good feature to maybe you want to have on default. But generally, we don't do it on default. We do it on connect because most of the time we're interacting with the user because they want to show us what's wrong. So just different methodologies there. Now one thing I can't really show here, there's only one single user session on this system. But if you connect even things like a terminal server, it lets you select which session you want. And also it's letting you select whether you want this, the user that's logged in happens to be named LTS or backstage. Now backstage is really cool. The user doesn't see you connected. You've now connected to PowerShell and command prompt in the back end. This allows you to really easily just connect to the system, run a PowerShell command, do something on the back side of it without interacting with the desktop of the user. So I do like this feature and you can kick off more systems from here. But it's a good way to sometimes you just got to load something and solve something in the background. They're doing something you don't want to mess up any user session. But you need to get work done. This is a great feature. And I'll show more about this when we're inside the web interface as well. So that is that feature there. We'll switch it back. Now the user sees this at the top. It says your computer, your computer is being controlled. It'll put the technician's name. I'm logged in as administrator. So it shows that as administrator. Now let's move to the toolbox. This is awesome. So if you want to manage a toolbox, we can drag different programs in here. We can put different files. We'll just copy anything in there really. Upload file. There we go. Actually have to select it. So you can select a file and put it inside of here. And away we go, you can manage the toolbox. But this allows you to put things in the toolbox. Now what does that actually mean being able to put them in the toolbox? Well, let's actually watch this. We just have this installer for XDP engineer. I just click it. It sends it over to the client, copies it over, runs the installer automatically. We do this and one of the ways we'll do things such as onboarding, for example, with our RMM tools, we'll build the installer for the client site. Everything's ready to go. Once we have screen connect up and running for that particular client, we create a subfolder called RMM install with the client name in there and we just push it. And it just sends it right over there, gets them installed, makes it so easy. Once we get them all connected to a screen connect, done, makes life really fast. And then being able to manage the toolbox, that's how you manage more of them on there. And you can also have your own personal toolbox on there that will look at computer files that you have locally and maybe you have just some utility you want just for you because you're working on a special project. Now that back and forth goes this way too. Let's drag a file in here. And now we copy the file over there. Now we can do it through this file, send file, send folder, receive file, receive folder, manage folders. You can do it that way, but it's also convenient. You can just take and drag a folder, drag a file right on top of it and away we go. And it works in reverse. So we'll delete this file off this desktop and copy it back on this one. And I can drag something off there's desktop and back on the mind and it's doing a copy. So away we go. I really like that feature. It's great for getting things. Screenshots, record video if we need to show someone something to clipboard to file, open folder, change folder, microphones. You can set this differently for options, but the default is off and do that and be careful because obviously you turning on a microphone at someone's remote end or vice versa, you turning on your microphone and talking to them, great for conversation, bad if you didn't mean to do it. So take that would take that for what you will participants more than one person at the same time can connect to the same system. So if you are especially for training, it's really helpful or when you have level one and higher tax, you have the basic tech doing the work, he's stuck on something, he or she's stuck on something and you go, Hey, I need some help. Someone can also join in on that session and help out with that particular session, which is really a nice feature. Drawing. Yeah, this is cool. You can go here and host draw all draw and we can draw circles on things. So definitely pretty novel. I like it. So sometimes you got to do that and circle things, chat, chat messages, test and shows up on the Windows system here. There we go. We got a chat message and they can chat back and forth. Now they can do this offline as well, by the way, this feature is the one that is the feature. You didn't know you needed until you see this. Let's say I have a screenshot. I want to take of something and I want to take a screenshot or even just any type of text. So I have here so I can do a Google search right inside without leaving. But what if we want to go further? I have something that I want to OCR in there. Yes, folks, this thing OCR. So we're going to, whoops, I went to grab the whole thing. But do you notice what's in the search there? It OCRed all the text. That is, this is one of those features you didn't know you needed. Let's just go to OCR this little piece of text instead. Yep. And we now can OCR pieces of screenshots that you can't copy and paste in there. And then if you need the results to pop out, they'll pop out on your computer locally. So that's just a cool feature. That's a feature you didn't know you needed. Then you have the client version and everything else over here. So that's really cool. And now we're going to go ahead and close this. And we're going to leave the session open. So if we end the session, it'll end up for everybody. It'll uninstall automatically because we started this on the support side. But for now, we're going to leave the session open. So not ended. Let's go back over to, all right. Now we're going to go ahead and move this over to install access. This is where you want to leave them. And if they're on the unattended, so demo company is this one, we'll leave all the rest blank, but you get the idea you can site device department device type, et cetera, use machine name or get specific, this is so you can install persistent access. So you can access it at any time. You can do this once it's hooked up here, or you can go over here and I could have created a build session. Now a build session means it's meant to be persistent. It's meant to be something that you need to access from time to time. And it sits just like this over here. Now the cool thing is the way screen connect works. And this works not just with this particular instance, but if I were to install my screen connect, it won't overwrite this one. You can have a screen connect from my session, this demo session we have here, and a support session and an access session from each of them. And they won't conflict, you'll just see a lot of icons down at the bottom. So that's kind of cool. So then we're going to go in and end this session. And before I end it, I will say the things I'm going to show you over here in the access session, if you notice there exist in both sides. So you can do this from either access or support. I'll go ahead and just end this one, we don't really need two of them. All right, that uninstalled it and just so you know, they get a pop up over here. This says your host ended the remote session application when I'll close and it cleans off and exits. When we do our one off support, that's how we do it is right there. We use you these one off sessions. And when it's done, it exits and closes. So now let's look at access. What all do we have here? A lot of information. This is pretty cool. So here's the desktop name and the company where I can name and put information on there. You notice how it grouped it right here to demo company, all the other ones in demo company week group there. There's a lot of different grouping options you can do, which is great. So you can see host connected, not connected, guest connected, restricted access, which ones are offline. There's even more filters if you dig into there, where you can create a query like offline for X amount of days, for example, or even group them by IP address. And this even has the option to group by OS type, because it gets that kind of information it pulls it. So you can see how this is really handy when you get about eight or 900 machines in here and sorting them all out and having them all categorizing group by company when you're trying to find something. And it does have a search here at the top. So let's talk about all the little buttons over here. There's the name. Let's go to the info. Now the info gives you an updated screenshot. So every so often it takes on our screenshots, you can see what's on the screen. This feature can be turned on or off. We have the session information. I scroll down here. I'm blocking it, but it's going to show you network IP address public, the MAC address and the private IP address. So now you have both sides of the story on that, which is really, I like that feature. Then we have how many times anyone's connected. No one's connected this machine yet. So let's go ahead and connect to it. And now you see that cloud administrator connected and now cloud administrator is going to disconnect. So it keeps a journal right here. So you can quickly see which technicians were touching it. If there were more than one, it would create all these kind of spread out timelines for each person connecting. So that's really nice. The chat application. We haven't, we're going to send a chat. I'll drag this over to show. And away we go. We can talk back and forth and we're not connected to it. That's a great feature. So you can have clients message you. That's something you may want to set up as a trigger where if a client sends a message to you, they click on a little icon down there and kick off a message, you maybe want to send a trigger to let you know that they sent a message. Then we have this and we're just going to run a DIR command. You can specify which shell you want to run. Power shell or CMD in here. There's a lot of customization and well, options that can go into that, but the user's unaware that you're doing it and this is great. Not because we want the user to be unaware. We want the users really to be undisrupted while we look at the back end of a machine while someone says, Hey, look at this or that. And there's some type of problem. You can start digging into it a little bit from the back end. More specifically, these are notes. We'll skip over that. We'll talk about the processes. So this will give you real time the processes. That's great. I can filter them. I can look for which running and dig into things and go, all right, let's kill that process running on or just the process is causing a problem. A note says that you enter notes for a particular system. Oops, I mean the type there. Not a feature we really use, but you can put some notes and tie them to a system so you can make some note. Hey, I'm going to get to this later. This is what I did when you're working with our technician, but being able to look at the processes, get the list of software. In the beginning, we installed this XEP and G center. We're just going to install it. And also it's doing it silently to the user. So user installed some little thing you don't want installed on our system. You can go here, click on install. And also because you're able to run these PowerShell commands, you could do that from here. Now what you're seeing here as well is as these commands were queued up, you see them being pulled through here. That's how there's so much in this run command history besides what we ran. As you run these features, it's showing up here because their PowerShell commands being brought into this. Now here's the event logging. So we can pull some of the latest information on there, which we have MS installer, cool. Let's say information on that. Windows restart manager, et cetera. Services that are running, start, stop, restart services. Sometimes that solves a lot of problems. Windows updates, if there's any in there, and that is the beast that you have to wrestle with is Windows updates. I can't really speak to how good that works. It works just because Windows updates works. So we can click install and it's Windows updates. So maybe it'll install. It should work. I know I'm dogging on it more, but we all know in that community that what a problem that is. Now these features all are showing here edit and reinstall. Wake, reinstall. There's two different ways to do this. You can tell it to auto update clients or when there's a new version in your session updates, your clients can be out of date. It still works going is if you're newer on your install, but the clients have an older version, not too big of a deal, but you can bring them up by hitting reinstall and it brings them up to new version. Wake if that's possible. Send message, run command, and get host pass. This is a great feature if you have to work with third parties. So what permissions do they get? My permissions except transfer files, except print. Yes, it does have shared printing. I didn't mention that, but yeah, you can share printers across Screen Connect. My permission and requires consent. So these people getting this link either, you know, they can get the link and it works, but they require your consent or view only and sometimes that's enough. You want to give vendors just because they're helping you doesn't mean they need as many privileges, but being able to see the same thing as you is very helpful. They do not have to have a login to do this. If this creates a link, and then you just send link or copy the link, this very special link works for whatever the lifetime you set here is and has for permissions that you set here. Now once you've done this, and we'll go ahead and hit copy the link, it done. And we'll go back over here to admin, admin and security, and then you can revoke those host passes. You can also revoke session connections, authenticated sessions, etc. But if you have that need, we can revoke all the host passes that way they can get killed off. So you don't have to worry about them wandering. Of course, we set expiration on them, which is important, but the ability to revoke them is also just in case you've created one, you're like, I thought I sent it to the right person. I seem to have sent it to the wrong person. Whatever we realize mistakes do happen, you have the ability, well the admin has the ability. So FYI, if you do create these, that is important. So if we create this host pass that the admin would have the ability to revoke it. A feature we don't use as much, but it's kind of the in between is you can create meetings. And it works because you pick who's going to share the screen and you can do the microphone sharing. So it is a feature on there. We've never really used it much for meetings. I think there's so better tools for that. But I will at least comment that it's an option in here. So this is screen connect. This is my review of it. I'm positive about it. Like I think it's a good product. I like that they're getting serious about security. We didn't know they weren't serious for those. So I say getting but we found minor flaws, but they were kind of big because there were some scripting problems, but they didn't represent maybe the worst threat because it still required some levels of authentication to get in. So yes, they've had some gone through and they have since gone through solid code audits and things like that, which are really important. So I'm overall happy with the product. I think it's everything about it looks pretty good. The overall though, I'm always looking for other solutions because someone will ask this like I said at the very beginning. But right now this is best one we've seen with the amount of features it has and how well it works with all the machines that we keep it on. We do keep it very locked down. We are using this self hosted. Like I said, we do have it behind a reverse proxy that automatically adds a certificate. But however you're doing this self hosted or hosted by them to keep it all up to date really takes security seriously, especially with, you know, two factor and everything else on everything. Don't give any of the users watch my security video. Don't give the users admin privileges unless they need it. And even then it shouldn't be the daily usage. One shouldn't have like when you're doing just general support, you shouldn't have to have admin privileges. So just keep that in mind because well, with great power comes great responsibility and thanks. And thank you for making it to the end of the video. If you like this video, please give it a thumbs up. If you'd like to see more content from the channel, hit the subscribe button and hit the bell icon if you like YouTube to notify you when new videos come out. If you'd like to hire us head over to LawrenceSystems.com, fill out our contact page and let us know what we can help you with and what projects you'd like us to work together on. If you want to carry on the discussion, head over to forums.LauranceSystems.com where we can carry on the discussion about this video, other videos or other tech topics in general, even suggestions for new videos, they're accepted right there on our forums, which are free. Also, if you'd like to help the channel in other ways, head over to our affiliate page. We have a lot of great tech offers for you. And once again, thanks for watching and see you next time.