In PCA 12.6 the new privacy patch goes a bit to far for our environment.  We want the ability for logged in users to approve the connection, but as our users do not store anything locally, we need to have the ability to connect to the computer when the user is not logged in or the computer is locked.

In this way, the user has the ability to approve or reject a connection if they have private information on the screen.  If they are logged off, or the computer is locked, then IT needs the ability to connect, and as there will be nothing open on the screen, there is no privacy issue here.