Additional administrative restriction - disable Generate session URL/code menu option

Hello,

Is it possible to include the "Session > Generate session URL/code" menu option in the list of Administrative restrictions (https://winscp.net/eng/docs/administration#configuring).

And of course the result would be: after the required Reqistry change, the menu option would be disabled/greyed out.

Thank you!
J

Why do you want that?

Hi Martin,
some application users would prefer to use the "File > Custom commands", when connected with WinSCP, but the "Generate session URL/code" option does not allow us to use "Security > Remember password for duration of session", since they should not have direct access to the password itself.
These users do not use the "Generate session URL/code" option, so if we could disable this, we may eliminate one way of reading a managed password and think about mitigating others.

Thank you!
J

What do you mean by "does not allow us to use "Security > Remember password for duration of session""? What exactly are you trying to prevent? What does this have to do with Custom commands?

Hello,

Sorry for not being very clear:
1. since the "Generate session URL/code" menu option makes it easy for users to read the current password in use,
2. we cannot use the "Security > Remember password for duration of session" setting.
3. As a consequence, users cannot use the File > Custom commands when they right click on a file during a session.

So, in our case with this administrative restriction, we could maybe use the "Security > Remember password for duration of session" setting, because it blocks the "Generate session URL/code" menu option, making it somewhat harder for the end user to get hold of the current password.
But, they can use the right click and use File > Custom commands on a session without prompting for a password again (which they don't know, since it is managed).
Kind regards,
J

But they would be able to do run a (local) custom command like this to get the password:

Hi Martin,

indeed that would torpedo the whole thing.
(In this case WinSCP would run on a proxy as a Remoteapp and cmd could be controlled there, but it's probably not worth the effort, considering the users could use ssh and commands to achieve the same thing)
Thank you for your time!
J