diff --git a/agents/meshcore.js b/agents/meshcore.js
index 27e48504..1d759b96 100644
--- a/agents/meshcore.js
+++ b/agents/meshcore.js
@@ -1608,6 +1608,10 @@ function onTunnelData(data) {
             if ((data.length > 3) && (data[0] == '{')) { onTunnelControlData(data, this); return; }
             this.httprequest.protocol = parseInt(data);
             if (typeof this.httprequest.protocol != 'number') { this.httprequest.protocol = 0; }
+
+            // See if this protocol request is allowed.
+            if ((this.httprequest.soptions != null) && (this.httprequest.soptions.usages != null) && (this.httprequest.soptions.usages.indexOf(this.httprequest.protocol) == -1)) { this.httprequest.protocol = 0; }
+
             if (this.httprequest.protocol == 10) {
                 //
                 // Basic file transfer
@@ -1882,7 +1886,7 @@ function onTunnelData(data) {
             }
             else if (this.httprequest.protocol == 2) {
                 //
-                // Remote KVM
+                // Remote Desktop
                 //
 
                 // Check user access rights for desktop
diff --git a/meshrelay.js b/meshrelay.js
index 72f997f3..6c94488a 100644
--- a/meshrelay.js
+++ b/meshrelay.js
@@ -771,7 +771,17 @@ function CreateMeshRelayEx(parent, ws, req, domain, user, cookie) {
                 // Send connection request to agent
                 if (obj.id == null) { obj.id = ('' + Math.random()).substring(2); }
                 const rcookie = parent.parent.encodeCookie({ ruserid: user._id, nodeid: node._id }, parent.parent.loginCookieEncryptionKey);
-                const command = { nodeid: node._id, action: 'msg', type: 'tunnel', userid: user._id, value: '*/meshrelay.ashx?p=' + cookie.p + '&id=' + obj.id + '&rauth=' + rcookie + '&nodeid=' + node._id, soptions: {}, usage: 2, rights: cookie.r, guestname: cookie.gn, consent: cookie.cf, remoteaddr: cleanRemoteAddr(obj.req.clientIp) };
+                const command = { nodeid: node._id, action: 'msg', type: 'tunnel', userid: user._id, value: '*/meshrelay.ashx?p=' + cookie.p + '&id=' + obj.id + '&rauth=' + rcookie + '&nodeid=' + node._id, soptions: {}, rights: cookie.r, guestname: cookie.gn, consent: cookie.cf, remoteaddr: cleanRemoteAddr(obj.req.clientIp) };
+
+                // Limit what this relay connection can do
+                if (typeof cookie.p == 'number') {
+                    var usages = [];
+                    if (cookie.p & 1) { usages.push(1); usages.push(6); usages.push(8); usages.push(9); } // Terminal
+                    if (cookie.p & 2) { usages.push(2); } // Desktop
+                    if (cookie.p & 4) { usages.push(5); usages.push(10); } // Files
+                    command.soptions.usages = usages;
+                }
+
                 if (typeof domain.consentmessages == 'object') {
                     if (typeof domain.consentmessages.title == 'string') { command.soptions.consentTitle = domain.consentmessages.title; }
                     if (typeof domain.consentmessages.desktop == 'string') { command.soptions.consentMsgDesktop = domain.consentmessages.desktop; }
diff --git a/meshuser.js b/meshuser.js
index 35f13296..1088b778 100644
--- a/meshuser.js
+++ b/meshuser.js
@@ -5015,7 +5015,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
                 else if ((command.start != null) && (typeof command.start != 'number')) { err = 'Invalid start time'; } // Check the start time in seconds
                 else if ((command.end != null) && (typeof command.end != 'number')) { err = 'Invalid end time'; } // Check the end time in seconds
                 else if (common.validateInt(command.consent, 0, 256) == false) { err = 'Invalid flags'; } // Check the flags
-                else if (common.validateInt(command.p, 1, 2) == false) { err = 'Invalid protocol'; } // Check the protocol, 1 = Terminal, 2 = Desktop
+                else if (common.validateInt(command.p, 1, 7) == false) { err = 'Invalid protocol'; } // Check the protocol, 1 = Terminal, 2 = Desktop, 4 = Files
                 else if ((command.expire == null) && ((command.start == null) || (command.end == null) || (command.start > command.end))) { err = 'No time specified'; } // Check that a time range is present
                 else {
                     if (command.nodeid.split('/').length == 1) { command.nodeid = 'node/' + domain.id + '/' + command.nodeid; }
@@ -5047,13 +5047,25 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
                     }
 
                     // If we are limited to no terminal, don't allow terminal sharing
-                    if ((command.p == 1) && (rights != MESHRIGHT_ADMIN) && ((rights & MESHRIGHT_NOTERMINAL) != 0)) {
+                    if (((command.p & 1) != 0) && (rights != MESHRIGHT_ADMIN) && ((rights & MESHRIGHT_NOTERMINAL) != 0)) {
                         if (command.responseid != null) { try { ws.send(JSON.stringify({ action: 'deviceShares', responseid: command.responseid, result: 'Access denied' })); } catch (ex) { } }
-                        return;                        
+                        return;
+                    }
+
+                    // If we are limited to no desktop, don't allow desktop sharing
+                    if (((command.p & 2) != 0) && (rights != MESHRIGHT_ADMIN) && ((rights & MESHRIGHT_NODESKTOP) != 0)) {
+                        if (command.responseid != null) { try { ws.send(JSON.stringify({ action: 'deviceShares', responseid: command.responseid, result: 'Access denied' })); } catch (ex) { } }
+                        return;
+                    }
+
+                    // If we are limited to no files, don't allow file sharing
+                    if (((command.p & 4) != 0) && (rights != MESHRIGHT_ADMIN) && ((rights & MESHRIGHT_NOFILES) != 0)) {
+                        if (command.responseid != null) { try { ws.send(JSON.stringify({ action: 'deviceShares', responseid: command.responseid, result: 'Access denied' })); } catch (ex) { } }
+                        return;
                     }
 
                     // If we have view only remote desktop rights, force view-only on the guest share.
-                    if ((rights != MESHRIGHT_ADMIN) && ((rights & MESHRIGHT_REMOTEVIEWONLY) != 0)) { command.viewOnly = true; }
+                    if ((rights != MESHRIGHT_ADMIN) && ((rights & MESHRIGHT_REMOTEVIEWONLY) != 0)) { command.viewOnly = true; command.p = (command.p & 1); }
 
                     // Create cookie
                     var publicid = getRandomPassword(), startTime, expireTime;
@@ -5079,8 +5091,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
                     var httpsPort = ((args.aliasport == null) ? args.port : args.aliasport); // Use HTTPS alias port is specified
                     var xdomain = (domain.dns == null) ? domain.id : '';
                     if (xdomain != '') xdomain += '/';
-                    var page = (command.p == 1) ? 'terminal' : 'desktop';
-                    var url = 'https://' + serverName + ':' + httpsPort + '/' + xdomain + page + '?c=' + inviteCookie;
+                    var url = 'https://' + serverName + ':' + httpsPort + '/' + xdomain + 'sharing?c=' + inviteCookie;
                     if (serverName.split('.') == 1) { url = '/' + xdomain + page + '?c=' + inviteCookie; }
                     command.url = url;
                     if (command.responseid != null) { command.result = 'OK'; }
diff --git a/views/default.handlebars b/views/default.handlebars
index 6eab24e6..a03228d3 100644
--- a/views/default.handlebars
+++ b/views/default.handlebars
@@ -626,7 +626,7 @@
                                 </div>
                             </div>
                         </div>
-                        <div id=p11DeskConsoleMsg style="display:none;cursor:pointer;position:absolute;left:30px;top:17px;color:yellow;background-color:rgba(0,0,0,0.6);padding:10px;border-radius:5px;text-align:left" onclick=p11clearConsoleMsg()></div>
+                        <div id=p11DeskConsoleMsg style="display:none;text-align:left;cursor:pointer;position:absolute;left:30px;top:17px;color:yellow;background-color:rgba(0,0,0,0.6);padding:10px;border-radius:5px;text-align:left" onclick=p11clearConsoleMsg()></div>
                         <div id=p11DeskSessionSelector style="display:none;position:absolute;left:30px;top:17px;right:30px;bottom:17px;overflow-y:auto"></div>
                     </div>
                     <div id=deskarea4 class="areaFoot">
@@ -729,7 +729,7 @@
                             </td>
                         </tr>
                     </table>
-                    <div id=p12TermConsoleMsg style="display:none;cursor:pointer;position:absolute;left:30px;top:45px;color:yellow;background-color:rgba(0,0,0,0.6);padding:10px;border-radius:5px" onclick=p12clearConsoleMsg()></div>
+                    <div id=p12TermConsoleMsg style="display:none;text-align:left;cursor:pointer;position:absolute;left:30px;top:45px;color:yellow;background-color:rgba(0,0,0,0.6);padding:10px;border-radius:5px" onclick=p12clearConsoleMsg()></div>
                 </div>
             </div>
             <div id=p13 style="display:none">
@@ -788,7 +788,7 @@
                         </td>
                     </tr>
                 </table>
-                <div id=p13FilesConsoleMsg style="display:none;cursor:pointer;position:absolute;left:30px;top:165px;color:yellow;background-color:rgba(0,0,0,0.6);padding:10px;border-radius:5px" onclick=p13clearConsoleMsg()></div>
+                <div id=p13FilesConsoleMsg style="display:none;text-align:left;cursor:pointer;position:absolute;left:30px;top:165px;color:yellow;background-color:rgba(0,0,0,0.6);padding:10px;border-radius:5px" onclick=p13clearConsoleMsg()></div>
                 <div id="p13filetable" style="">
                     <div id="p13bigok" style="display:none"><b>&checkmark;</b></div>
                     <div id="p13bigfail" style="display:none"><b>&#10007;</b></div>
@@ -3211,7 +3211,7 @@
                     QV('agentInvitationLinkDiv', true);
                     break;
                 }
-                case 'createDeviceShareLink': { // Remote desktop sharing link
+                case 'createDeviceShareLink': { // Guest sharing link
                     if (xxdialogTag) break;
                     var node = getNodeFromId(message.nodeid), x = '';
                     if (node == null) break;
@@ -3221,12 +3221,13 @@
                     x += addHtmlValue("Start Time", printDateTime(new Date(message.start)));
                     x += addHtmlValue("Expire Time", printDateTime(new Date(message.expire)));
                     var y = [];
-                    if (message.consent & 1) { y.push("Notify"); }
-                    if (message.consent & 8) { y.push("Prompt"); }
-                    if (message.consent & 64) { y.push("Privacy bar"); }
+                    if (message.consent & 0x0007) { y.push("Notify"); }
+                    if (message.consent & 0x0038) { y.push("Prompt"); }
+                    if (message.consent & 0x0040) { y.push("Privacy bar"); }
                     if (y.length == 0) { y.push("None"); }
                     x += addHtmlValue("User Consent", y.join(', '));
-                    x += '<div id=agentInvitationLinkDiv style="text-align:center;font-size:large;margin:16px"><a href="' + message.url + '" id=agentInvitationLink rel="noreferrer noopener" target="_blank" style=cursor:pointer>' + ((message.p == 1)?"Remote Terminal Link":"Remote Desktop Link") + '</a> <img src=images/link4.png height=10 width=10 title="' + "Copy link to clipboard" + '" style=cursor:pointer onclick=d2CopyInviteToClip()></div></div>';
+                    var type = ['', "Remote Terminal Link", "Remote Desktop Link", "Remote Desktop + Terminal Link", "Remote Files Link", "Remote Terminal + Files Link", "Remote Desktop + Files Link", "Remote Desktop + Terminal + Files Link"][message.p];
+                    x += '<div id=agentInvitationLinkDiv style="text-align:center;font-size:large;margin:16px"><a href="' + message.url + '" id=agentInvitationLink rel="noreferrer noopener" target="_blank" style=cursor:pointer>' + type + '</a> <img src=images/link4.png height=10 width=10 title="' + "Copy link to clipboard" + '" style=cursor:pointer onclick=d2CopyInviteToClip()></div></div>';
                     setDialogMode(2, "Share Device", 1, null, x);
                     break;
                 }
@@ -6524,12 +6525,13 @@
                     for (var i = 0; i < deviceShares.length; i++) {
                         var dshare = deviceShares[i];
                         var trash = '<a href="' + dshare.url + '" rel="noreferrer noopener" target=_blank title="' + "Device Sharing Link" + '" style=cursor:pointer><img src=images/link2.png border=0 height=10 width=10></a> <a href=# onclick=\'return p30removeDeviceSharing(event,"' + encodeURIComponentEx(currentNode._id) + '","' + encodeURIComponentEx(dshare.publicid) + '","' + encodeURIComponentEx(dshare.guestName) + '")\' title="' + "Remove device sharing" + '" style=cursor:pointer><img src=images/trash.png border=0 height=10 width=10></a>';
-                        var details = format("{0}, {1} to {2}", ((dshare.p == 1)?"Terminal":"Desktop"), printFlexDateTime(new Date(dshare.startTime)), printFlexDateTime(new Date(dshare.expireTime)));
+                        var type = ['', "Terminal", "Desktop", "Desktop + Terminal", "Files", "Terminal + Files", "Desktop + Files", "Desktop + Terminal + Files"][dshare.p];
+                        var details = format("{0}, {1} to {2}", type, printFlexDateTime(new Date(dshare.startTime)), printFlexDateTime(new Date(dshare.expireTime)));
                         if (dshare.viewOnly === true) { details += ", View only"; }
                         if (dshare.consent != null) {
                             if (dshare.consent == 0) { details += ", No Consent"; } else {
-                                if (((dshare.consent & 8) != 0) || ((dshare.consent & 16) != 0)) { details += ", Prompt for consent"; }
-                                if ((dshare.consent & 0x40) != 0) { details += ", Toolbar"; }
+                                if ((dshare.consent & 0x0038) != 0) { details += ", Prompt for consent"; }
+                                if ((dshare.consent & 0x0040) != 0) { details += ", Toolbar"; }
                             }
                         }
                         x += '<tr ' + (((++count % 2) == 0) ? 'style=background-color:#DDD' : '') + '><td style=width:30%><div class=m' + 2 + '></div><div>&nbsp;' + dshare.guestName + '<div></div></div></td><td style=width:70%><div style=float:right>' + trash + '</div><div>' + details + '</div></td></tr>';
@@ -6731,8 +6733,26 @@
             if ((rights != 0xFFFFFFFF) && ((rights & 0x100) != 0)) { deskFull = ''; }
             var fullTerm = '<option value=1>' + "Terminal" + '</option>';
             if ((rights != 0xFFFFFFFF) && ((rights & 0x200) != 0)) { fullTerm = ''; }
-            x += addHtmlValue("Type", '<select id=d2shareType style=float:right;width:250px onchange=showShareDeviceValidate()>' + ((currentNode.agent.caps & 1)?(deskFull + '<option value=3>' + "Desktop, View only" + '</option>'):'') + ((currentNode.agent.caps & 2)?fullTerm:'') + '</select>');
+            var fullFiles = '<option value=4>' + "Files" + '</option>';
+            if ((rights != 0xFFFFFFFF) && ((rights & 0x400) != 0)) { fullFiles = ''; }
+            var deskFiles = '<option value=5>' + "Desktop + Files" + '</option>';
+            if ((rights != 0xFFFFFFFF) && ((rights & 0x500) != 0)) { deskFiles = ''; }
+            var termFiles = '<option value=6>' + "Terminal + Files" + '</option>';
+            if ((rights != 0xFFFFFFFF) && ((rights & 0x600) != 0)) { termFiles = ''; }
+            var allFeatures = '<option value=7>' + "Desktop + Terminal + Files" + '</option>';
+            if ((rights != 0xFFFFFFFF) && ((rights & 0x700) != 0)) { allFeatures = ''; }
+
+            var y = '';
+            if (currentNode.agent.caps & 1) { y += (deskFull + '<option value=3>' + "Desktop, View only" + '</option>'); } // Agent is desktop capable
+            if (currentNode.agent.caps & 2) { y += fullTerm; } // Agent is terminal capable
+            if (currentNode.agent.caps & 4) { y += fullFiles; } // Agent is files capable
+            if (currentNode.agent.caps & 5) { y += deskFiles; } // Agent is desktop + files capable
+            if (currentNode.agent.caps & 6) { y += termFiles; } // Agent is terminal + files capable
+            if (currentNode.agent.caps & 7) { y += allFeatures; } // Agent is desktop + terminal + files capable
+            
+            x += addHtmlValue("Type", '<select id=d2shareType style=float:right;width:250px onchange=showShareDeviceValidate()>' + y + '</select>');
             var options = { 1 : "1 minute", 5 : "5 minutes", 10 : "10 minutes", 15 : "15 minutes", 30 : "30 minutes", 45 : "45 minutes", 60 : "60 minutes", 120 : "2 hours", 240 : "4 hours", 480 : "8 hours", 720 : "12 hours", 960 : "16 hours", 1440 : "24 hours", 2880 : "2 days", 5760 : "4 days" }
+            y = '';
             for (var i in options) { y += '<option value=' + i + '>' + options[i] + '</option>'; }
             x += addHtmlValue("Validity", '<select id=d2timeRange style=float:right;width:250px onchange=showShareDeviceValidate()><option value=0>' + "Starting now" + '</option><option value=1>' + "Time range" + '</option></select>');
             x += '<div id=d2modenow>';
@@ -6758,16 +6778,28 @@
         }
 
         function showShareDeviceEx(b, tag) {
-            var consent = 0, p = parseInt(Q('d2shareType').value), viewOnly = false;
-            if (currentNode.agent.caps & 1) {
-                if (Q('d2shareType').value == 1) { if (Q('d2userConsent').value == 1) { consent = 18; } else { consent = 2; } } // Terminal Consent: 2 = Notify, 16 = Prompt
-                if (Q('d2shareType').value > 1) { if (Q('d2userConsent').value == 1) { consent = 73; } else { consent = 65; } } // Desktop Consent: 1 = Notify, 8 = Prompt, 64 = Privacy bar
+            var consent = 0, p = parseInt(Q('d2shareType').value), viewOnly = false, q = 0;
+            if (p == 3) { viewOnly = true; }
+            var q = [0, 1, 2, 2, 4, 6, 5, 7][p]; // Protocol flags: 1 = Terminal, 2 = Desktop, 4 = Files.
+
+            if (q & 1) {
+                consent |= 0x0002; // Terminal notify
+                if (Q('d2userConsent').value == 1) { consent |= 0x0010; } // Terminal prompt for user consent
             }
-            if (p == 3) { p = 2; viewOnly = true; }
+            if (q & 2) {
+                consent |= 0x0001; // Desktop notify
+                consent |= 0x0040; // Desktop connection toolbar
+                if (Q('d2userConsent').value == 1) { consent |= 0x0008; } // Desktop prompt for user consent
+            }
+            if (q & 4) {
+                consent |= 0x0004; // Files notify
+                if (Q('d2userConsent').value == 1) { consent |= 0x0020; } // Files prompt for user consent
+            }
+
             if (Q('d2timeRange').value == 0) {
-                meshserver.send({ action: 'createDeviceShareLink', nodeid: currentNode._id, guestname: Q('d2inviteName').value.trim(), p: p, expire: parseInt(Q('d2inviteExpire').value), consent: consent, viewOnly: viewOnly });
+                meshserver.send({ action: 'createDeviceShareLink', nodeid: currentNode._id, guestname: Q('d2inviteName').value.trim(), p: q, expire: parseInt(Q('d2inviteExpire').value), consent: consent, viewOnly: viewOnly });
             } else {
-                meshserver.send({ action: 'createDeviceShareLink', nodeid: currentNode._id, guestname: Q('d2inviteName').value.trim(), p: p, start: Math.floor(tag.selectedDates[0].getTime() / 1000), end: Math.floor(tag.selectedDates[1].getTime() / 1000), consent: consent, viewOnly: viewOnly });
+                meshserver.send({ action: 'createDeviceShareLink', nodeid: currentNode._id, guestname: Q('d2inviteName').value.trim(), p: q, start: Math.floor(tag.selectedDates[0].getTime() / 1000), end: Math.floor(tag.selectedDates[1].getTime() / 1000), consent: consent, viewOnly: viewOnly });
             }
         }
 
diff --git a/views/sharing.handlebars b/views/sharing.handlebars
index b5d070c6..77a3e344 100644
--- a/views/sharing.handlebars
+++ b/views/sharing.handlebars
@@ -30,7 +30,7 @@
     <title>{{{title}}}</title>
 </head>
 <body style="overflow:hidden;background-color:black">
-    <div id=LeftSideToolBar style="position:absolute;left:0;bottom:0;width:52px;top:0;background:#113962;background:linear-gradient(to bottom, #104893 0%,#113962 100%);color:white;border-right: 5px solid #BBB;">
+    <div id=LeftSideToolBar style="display:none;position:absolute;left:0;bottom:0;width:52px;top:0;background:#113962;background:linear-gradient(to bottom, #104893 0%,#113962 100%);color:white;border-right: 5px solid #BBB;">
         <div id=LeftMenuDesktop class="slbbutton slbbuttonsel2" title="Desktop" onclick=go(11)>
             <div class="slb1" style="position:absolute;top:6px;left:6px"></div>
         </div>
@@ -66,7 +66,7 @@
                 <div id=DeskParent>
                     <canvas id=Desk width=640 height=480 oncontextmenu="return false" onmousedown=dmousedown(event) onmouseup=dmouseup(event) onmousemove=dmousemove(event) onmousewheel=dmousewheel(event)></canvas>
                 </div>
-                <div id=p11DeskConsoleMsg style="display:none;cursor:pointer;position:absolute;left:30px;top:17px;color:yellow;background-color:rgba(0,0,0,0.6);padding:10px;border-radius:5px" onclick=clearConsoleMsg()></div>
+                <div id=p11DeskConsoleMsg style="display:none;text-align:left;cursor:pointer;position:absolute;left:30px;top:17px;color:yellow;background-color:rgba(0,0,0,0.6);padding:10px;border-radius:5px" onclick=clearConsoleMsg()></div>
             </div>
             <div id=deskarea4 class="areaFoot" style="min-height:24px">
                 <div class="toright2">
@@ -146,7 +146,7 @@
                 <input type=button onkeypress="return false" onkeydown="return false" class="bottombutton" id="pastebutton" value="Paste" title="Paste text into the terminal" onclick="showTermPasteDialog()" style="display:none" />
             </div>
         </div>
-        <div id=p12TermConsoleMsg style="display:none;cursor:pointer;position:absolute;left:30px;top:45px;color:yellow;background-color:rgba(0,0,0,0.6);padding:10px;border-radius:5px" onclick=p12clearConsoleMsg()></div>
+        <div id=p12TermConsoleMsg style="display:none;text-align:left;cursor:pointer;position:absolute;left:30px;top:45px;color:yellow;background-color:rgba(0,0,0,0.6);padding:10px;border-radius:5px" onclick=p12clearConsoleMsg()></div>
     </div>
     <div id=p13 class="noselect" style="overflow:hidden;position:absolute;left:54px;top:0;right:0;bottom:0;display:none;background-color:white">
         <div id="p13toolbar" style="position:absolute;left:0;top:0;right:0;bottom:28px">
@@ -192,7 +192,7 @@
                 <div>&nbsp;&nbsp;<span id="p13currentpath"></span></div>
             </div>
             <div id="fileArea4" style="height:calc(100vh - 146px)">
-                <div id=p13FilesConsoleMsg style="display:none;cursor:pointer;position:absolute;left:30px;top:165px;color:yellow;background-color:rgba(0,0,0,0.6);padding:10px;border-radius:5px" onclick=p13clearConsoleMsg()></div>
+                <div id=p13FilesConsoleMsg style="display:none;text-align:left;cursor:pointer;position:absolute;left:30px;top:165px;color:yellow;background-color:rgba(0,0,0,0.6);padding:10px;border-radius:5px" onclick=p13clearConsoleMsg()></div>
                 <div id="p13filetable" style="width:100%;height:100%">
                     <div id="p13bigok" style="display:none"><b>&checkmark;</b></div>
                     <div id="p13bigfail" style="display:none"><b>&#10007;</b></div>
@@ -285,7 +285,6 @@
         var domain = '{{{domain}}}';
         var domainUrl = '{{{domainurl}}}';
         var authCookie = '{{{authCookie}}}';
-        var nodeid = '{{{nodeid}}}';
         var viewOnly = parseInt('{{{viewOnly}}}');
         var urlargs = parseUriArgs();
         var debugmode = urlargs.debug;
@@ -300,6 +299,7 @@
             QH('p12power', printFlexDateTime(new Date(parseInt(expire))));
             QH('p13power', printFlexDateTime(new Date(parseInt(expire))));
         }
+        var features = parseInt('{{{features}}}');
 
         // Terminal
         var terminal = null;
@@ -341,7 +341,24 @@
             Q('p13filetable').addEventListener('dragover', p13fileDragOver, false);
             Q('p13filetable').addEventListener('dragleave', p13fileDragLeave, false);
 
-            go(11); // Go to desktop
+            // Setup feature visibility
+            QV('LeftMenuDesktop', features & 2);
+            QV('LeftMenuTerminal', features & 1);
+            QV('LeftMenuFiles', features & 4);
+            if (features & 2) { go(11); } // Goto desktop
+            else if (features & 1) { go(12); } // Goto terminal
+            else if (features & 4) { go(13); } // Goto files
+
+            // Only show left bar if two or more features are visible
+            var featureCount = 0;
+            if (features & 1) { featureCount++; }
+            if (features & 2) { featureCount++; }
+            if (features & 4) { featureCount++; }
+            QV('LeftSideToolBar', featureCount > 1);
+            QS('p11')['left'] = (featureCount > 1) ? '54px' : '0px';
+            QS('p12')['left'] = (featureCount > 1) ? '54px' : '0px';
+            QS('p13')['left'] = (featureCount > 1) ? '54px' : '0px';
+
             deskAdjust();
         }
 
@@ -1717,7 +1734,7 @@
                         //link = '<a href="devicefile.ashx?c=' + authCookie + '&m=' + currentNode.meshid.split('/')[2] + '&n=' + currentNode._id.split('/')[2] + '&f=' + encodeURIComponentEx(newlinkpath + '/' + name) + '" download="' + name + '" style=cursor:pointer>' + shortname + '</a>';
                         // Server link
                         //link = '<a onclick=downloadFile("devicefile.ashx?c=' + authCookie + '&m=' + currentNode.meshid.split('/')[2] + '&n=' + currentNode._id.split('/')[2] + '&f=' + encodeURIComponentEx(newlinkpath + '/' + name) + '","' + encodeURIComponentEx(name) + '") style=cursor:pointer>' + shortname + '</a>';
-                        link = '<a onclick=downloadFile("devicefile.ashx?c=' + authCookie + '&n=' + nodeid.split('/')[2] + '&f=' + encodeURIComponentEx(newlinkpath + '/' + name) + '","' + encodeURIComponentEx(name) + '") style=cursor:pointer>' + shortname + '</a>';
+                        link = '<a onclick=downloadFile("devicefile.ashx?c=' + authCookie + '&f=' + encodeURIComponentEx(newlinkpath + '/' + name) + '","' + encodeURIComponentEx(name) + '") style=cursor:pointer>' + shortname + '</a>';
                     }
                     h = '<div id=fileEntry cmenu=filesContextMenu fileIndex=' + i + ' class=filelist file=3><input file=3 style=float:left name=fd class=fcb type=checkbox onchange=p13setActions() value=\'' + f.nx + '\'>&nbsp;<span class=fsize>' + fdatestr + '</span><span style=float:right>' + EscapeHtml(fsize) + '</span><span><div class=fileIcon' + f.t + '></div>' + link + '</span></div>';
                 }
diff --git a/webserver.js b/webserver.js
index fde6d96e..12694603 100644
--- a/webserver.js
+++ b/webserver.js
@@ -2992,7 +2992,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
     function handleDeviceFile(req, res) {
         const domain = checkUserIpAddress(req, res);
         if (domain == null) { return; }
-        if ((req.query.c == null) || (req.query.n == null) || (req.query.f == null)) { res.sendStatus(404); return; }
+        if ((req.query.c == null) || (req.query.f == null)) { res.sendStatus(404); return; }
 
         // Check the inbound desktop sharing cookie
         var c = obj.parent.decodeCookie(req.query.c, obj.parent.loginCookieEncryptionKey, 60); // 60 minute timeout
@@ -3002,6 +3002,12 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
         const user = obj.users[c.userid];
         if ((c == user)) { res.sendStatus(404); return; }
 
+        // If this cookie has restricted usages, check that it's allowed to perform downloads
+        if (Array.isArray(c.usages) && (c.usages.indexOf(10) < 0)) { res.sendStatus(404); return; } // Check protocol #10
+
+        if (c.nid != null) { req.query.n = c.nid.split('/')[2]; } // This cookie is restricted to a specific nodeid.
+        if (req.query.n == null) { res.sendStatus(404); return; }
+
         // Check if this user has permission to manage this computer
         obj.GetNodeWithRights(domain, user, 'node/' + domain.id + '/' + req.query.n, function (node, rights, visible) {
             if ((node == null) || ((rights & MESHRIGHT_REMOTECONTROL) == 0) || (visible == false)) { res.sendStatus(404); return; } // We don't have remote control rights to this device
@@ -3310,7 +3316,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
 
         // Check the inbound desktop sharing cookie
         var c = obj.parent.decodeCookie(req.query.c, obj.parent.invitationLinkEncryptionKey, 60); // 60 minute timeout
-        if ((c == null) || (c.a !== 5) || ((c.p !== 2) && (c.p != null)) || (typeof c.uid != 'string') || (typeof c.nid != 'string') || (typeof c.gn != 'string') || (typeof c.cf != 'number') || (typeof c.start != 'number') || (typeof c.expire != 'number') || (typeof c.pid != 'string')) { res.sendStatus(404); return; }
+        if ((c == null) || (c.a !== 5) || (typeof c.p !== 'number') || (c.p < 1) || (c.p > 7) || (typeof c.uid != 'string') || (typeof c.nid != 'string') || (typeof c.gn != 'string') || (typeof c.cf != 'number') || (typeof c.start != 'number') || (typeof c.expire != 'number') || (typeof c.pid != 'string')) { res.sendStatus(404); return; }
 
         // Check the expired time, expire message.
         if (c.expire <= Date.now()) { render(req, res, getRenderPage((domain.sitestyle == 2) ? 'message2' : 'message', req, domain), getRenderArgs({ titleid: 2, msgid: 12, domainurl: encodeURIComponent(domain.url).replace(/'/g, '%27') }, req, domain)); return; }
@@ -3335,13 +3341,13 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
 
                 // Looks good, let's create the outbound session cookies.
                 // Consent flags are 1 = Notify, 8 = Prompt, 64 = Privacy Bar.
-                const authCookie = obj.parent.encodeCookie({ userid: c.uid, domainid: domain.id, nid: c.nid, ip: req.clientIp, p: 2, gn: c.gn, cf: 65 | c.cf, r: 8, expire: c.expire, pid: c.pid, vo: c.vo }, obj.parent.loginCookieEncryptionKey);
+                const authCookie = obj.parent.encodeCookie({ userid: c.uid, domainid: domain.id, nid: c.nid, ip: req.clientIp, p: c.p, gn: c.gn, cf: c.cf, r: 8, expire: c.expire, pid: c.pid, vo: c.vo }, obj.parent.loginCookieEncryptionKey);
 
                 // Lets respond by sending out the desktop viewer.
                 var httpsPort = ((obj.args.aliasport == null) ? obj.args.port : obj.args.aliasport); // Use HTTPS alias port is specified
                 parent.debug('web', 'handleDesktopRequest: Sending guest sharing page for \"' + c.uid + '\", guest \"' + c.gn + '\".');
                 res.set({ 'Cache-Control': 'no-store' });
-                render(req, res, getRenderPage('sharing', req, domain), getRenderArgs({ authCookie: authCookie, authRelayCookie: '', domainurl: encodeURIComponent(domain.url).replace(/'/g, '%27'), nodeid: c.nid, serverDnsName: obj.getWebServerName(domain), serverRedirPort: args.redirport, serverPublicPort: httpsPort, expire: c.expire, viewOnly: (c.vo == 1) ? 1 : 0, nodeName: encodeURIComponent(node.name) }, req, domain));
+                render(req, res, getRenderPage('sharing', req, domain), getRenderArgs({ authCookie: authCookie, authRelayCookie: '', domainurl: encodeURIComponent(domain.url).replace(/'/g, '%27'), nodeid: c.nid, serverDnsName: obj.getWebServerName(domain), serverRedirPort: args.redirport, serverPublicPort: httpsPort, expire: c.expire, viewOnly: (c.vo == 1) ? 1 : 0, nodeName: encodeURIComponent(node.name), features: c.p }, req, domain));
             });
         });
     }