Then setup a session with me and I'll make my case.

This is why it's never been very useful to us. And will not be very useful in large segregated environments. If the client is not a member of the domain, this is useless. It truly is a design flaw.

This will most likely not be changed, the actions are designed to be run on the client in the security context of the client.

I get what you're saying, two issues.

1. All of our users are remote, and their Laptops are not a member of any of our server domains. So the security context has to come from the webserver.

2. It's not possible to push out a DFS share to all locations.

My thinking is, if actions were executed from the appropriate scan server the issue goes away.

I'm not sure if we are talking about the same problem.

All actions are initiated from the workstations in the security context of the user running the action.
The place where the actions (executables) are stored is not related to these security.
You can place the files anywhere you want, as long as the user running the action has access to them (a file share or unc path is most common)

This assumes that workstations will have access to file shares, and that the files shares will have access to run Actions against all servers. That may be true in small environments, but it not in corporate enterprise environments that may consist of multiple data centers.

In our environment, desktop access will never have direct access servers over a file share protocol. There would be not way to comply with HIPAA nor FDA guidelines if we opened our network in that fashion.

Any other ideas?