Configuring Actions To Run As A Service Account With Recast Proxy

Introduction

Recast Proxy is a service that runs under a service account. It can be used to read from Active Directory to populate scopes, or it can be used to run Right Click Tools actions under that Service Account. There is also a “hidden” type of proxy. A Console User Proxy is automatically installed with your standard Right Click Tools installation. The Console User Proxy ensures that the actions you to run in Right Click Tools will run as the logged in user with the logged in user's permissions. These User Proxies do not show up on the Proxies list.

Configuring a Proxy

Proxies run as a service account. Proxies are useful when you want to run Right Click Tools actions a service account, and can also be used run Right Click Tools actions against untrusted domains. The service account must be a Local Admin on the computer where it is being installed in order to function correctly.

Start the Installer

Test Connection to the Recast Management Server

Enter the Recast Management Server address and port number, click test to make sure that the Proxy can connect to the Recast Management Server. When the installer responds with "Success" you can click next to continue.

If the installer does not connect to the Recast Management Server, the Proxy will not be installed successfully. You should troubleshoot any error messages that appear in the installer before continuing with the the install.

Connecting to Recast Management Server

Enter Service Account Configuration

In the following Window, enter the Service Account information that you would like to use for your Proxy. You can then click Next to continue.

If the User Account Credentials that you enter on the Service Account Proxy Screen do not validate correctly, the Service Account Proxy will not work correctly. You should troubleshoot any login errors before continuing on to the next step.

Enter Service Account Configuration

Enter Domain Information

In the next window enter the Domain information of your primary domain, this will verify that the service account can read from the domain. When your test is successful, click next.

Enter Domain Configuration

Enter Configuration Manager Information

In the next window enter the information about your Configuration Manager environment. This will verify that your service account has permission to read into MEMCM. After your test is successful, click Next

Enter Configuration Manager Information

Choose to Configure Standalone MBAM

If you have a standalone MBAM server (and are not managing Bitlocker in ConfigMgr), you can click the box and enter the information for your MBAM environment. If you do not, leave the box blank and click Install.

Choose to Configure MBAM

Enter Standalone MBAM information

If you have a standalone MBAM environment, enter it below. This ensures that the service account you selected has permission to use MBAM. After you have entered and tested the information, click Install. After your test is successful, click next

Enter Standalone MBAM information

Finishing Proxy Installer

After the Proxy installer has finished, click Finish

Finish Proxy Installer

Authorize Proxy in Recast Management Server

Before actions will be sent from the Recast Management Server to the Proxy, the Proxy needs to be authorized. Please note that by default, the Recast Management Server will auto approve proxies that are installed in the same domain as the Recast Management Server. If a proxy is installed in another domain, you must approve it manually.

To approve the proxy manually, open the Configure Recast Management Server application (or connect to the Recast Management Server web interface) and navigate to "Proxies". Your new Proxy should be visible, but Authorized will be listed as "False" Click on Edit to approve the proxy. The Edit Recast Proxy window will open.

Authorize in Recast Management Server

Once saved the Authorized checkbox will fill in. (The checkbox after the version number.)

Authorized Proxy Screenshot

Create Route

In order for the Recast Management Server to run actions through the Service Account Proxy, a route will need to be created that uses the Service Account.

Click on the Routes section of the Recast Management Server. The routes page will open and will look like the below screenshot.

Routes Page

When you click on the create button, the Create Routes page will open.

Create Route

After clicking save, your route will be added to the routes table at the bottom of the page. In order for all actions to be run through the Service Account Proxy, you must move the new route higher than the "Right Click Tools" Route in the route order from top to bottom.

Edit Route Table

Actions should now be running through the Service Account Proxy, and will be attempted using the Service Account.