Feature Request: Enable Smart Card Redirection in Invitation Sessions
We are currently evaluating Dameware Mini Remote Control for a regulated administrative environment where two-person control (4-eyes principle) is required.
Current behavior
Smart Card Redirection works very well when a session is initiated using Smart Card Logon.
During first use, Dameware installs the required virtual smart card reader on the remote system and the forwarded smart card becomes available to applications running on the remote computer.
In our testing this works successfully with:
- Net iD
- Microsoft Edge
- Browser-based certificate authentication
- PKI-based administrative portals
The functionality itself appears to work exactly as intended.
Limitation
Smart Card Redirection is currently only available when the remote session is initiated using the Smart Card Logon connection method.
This creates a limitation for environments where:
- The remote user must explicitly invite another user into a collaboration session.
- Separation of duties must be maintained.
- The connecting user must not have independent logon rights to the remote workstation.
In these scenarios, the most suitable connection method is Invitation, because the remote user remains in control of access and explicitly approves the session.
Unfortunately Smart Card Redirection does not appear to be available in Invitation-based sessions.
Requested enhancement
Add an option to enable Smart Card Redirection independently of the authentication method used to establish the remote session.
For example:
- A checkbox in Invitation sessions:
- Or a general session option:
- "Enable Smart Card Redirection"
similar to how Microsoft RDP allows device redirection independently from the logon method.
The smart card should not need to participate in authenticating the Dameware session itself.
Instead, the smart card should simply be made available inside the remote desktop session after the connection has been established.
Use case
A typical workflow:
- User A is logged on locally to a workstation.
- User A sends an Invitation to User B.
- User B joins the session.
- User B's smart card is redirected into User A's session.
- Applications running on User A's workstation can use User B's smart card for certificate-based authentication.
This allows:
- Shared administration workflows
- Four-eyes control
- Certificate-based authentication
- Separation of duties
- Compliance with regulated operational environments
without granting User B independent logon rights to User A's workstation.
Why this matters
The underlying Smart Card Redirection technology already exists and works well in Dameware.
This request is primarily about making that capability available for additional session types where collaborative access is required.
For regulated environments, Invitation sessions combined with Smart Card Redirection would enable use cases that currently cannot be implemented while maintaining proper separation of duties.
Business case
We are not merely suggesting a future enhancement. We have an active business case and a regulated customer environment that would become a Dameware deployment if this functionality were available. We would be interested in discussing professional services, sponsored development, or other options to accelerate delivery of this feature.
