A Recast Agent is a Windows service that runs as the local system. Agents are designed to be installed on every device within an organization.
Agent Uses
- Run Recast actions on workgroup computers or on computers in untrusted domains
- Run Recast actions on computers where the user does not have administrator permissions
- Run Recast actions on computers that have more restrictive firewall rules in place
- Collect additional Endpoint Insights inventory data from devices
- Give users a way to self-elevate credentials with Privilege Manager
NOTE: An Agent Gateway is required for every 20K Recast Agents deployed.
A Recast Agent is installed on a computer and runs actions on that computer as the local system account. A Recast Agent should be deployed on each device you want to run actions against. After deploying Recast Agents, you can configure them to run Right Click Tools actions or for Fast Channel Support. You can also use the same Recast Agent for Endpoint Insights and Privilege Manager.
To learn more, see Recast Agents and Recast Agent Gateways.
Prerequisites for Deploying Recast Agents:
- If deploying 5000+ Recast Agents, follow the 503.2 IIS Error instructions before proceeding.
- If your Recast Management Server is using a self-signed certificate, you must first import the certificate into the Trusted Root Certificate Authorities Store on all devices that will have Agents.
Deploy Agents with Application Manager
We recommend deploying Recast Agents using Application Manager. Your Right Click Tools Enterprise license alone gives you access to Application Manager to deploy Recast Agents. In the absence of Application Manager licensing, only the Recast Agent and Right Click Tools applications will be available in the AM software catalog.
TIP: Alternatively, you can choose to deploy Recast Agents by downloading and running the Agent installer.
Prerequisites for Deploying Agents using Application Manager:
- Recast Management Server is running Recast Software version 5.4 or later, as that version introduces Application Manager in RMS.
- Required proxy permissions for Application Manager are in place
To deploy the Recast Agent application with Application Manager:
1. If you haven't already done so, complete your initial AM setup, skipping the Setup Wizard's Define Deployment Processes step.
2. Add a deployment process for the 'Recast Agent' application.
3. On the Deployment Process Details page, click the Settings cog to open your Global Deployment Process settings.
4. On the Advanced tab, set Additional Installation Parameters:
- Silent Agent Install: Add the RCTENTERPRISESERVER=https://<RMS URL>:<Port> parameter to your install string, substituting the URL and port number for your Recast Management Server.
- Connect Recast Agents to a specific Agent Gateway: Add the AGENTGATEWAY=https://<AG URL>:<Port> parameter to your install string, substituting the URL and port number for your Agent Gateway
NOTE: Adding these parameters in Application Manager's deployment settings enables deployed Recast Agents to connect to your Recast Management Server, verify that the certificate used by the RMS is trusted, and successfully enroll with the RMS. Recast Agents are required to enroll with the RMS before they can communicate with a Recast Agent Gateway and be used to run actions.
Agent Deployment Video Walkthrough
See Recast Application Deployment with Application Manager on our YouTube channel.
The Recast Agents page lists all agents installed in your environment.
Agent details and actions:
- Connected - Checked if the agent is connected to an agent gateway
- Last Connected - Date and time when the agent last connected to an agent gateway, converted to local time on the client side
- Gateway - Displays the agent gateway to which the agent is connected or was last connected
- Version - Displays the Recast Software version that the agent is running
- Authorized - Checked if the agent is available to run actions. You can manually authorize or unauthorize an agent, if needed.
- The agent is not connected to an agent gateway (even if the gateway is connected to RMS)
- The agent is connected to an agent gateway that is not connected to RMS
- A certificate on the client is not functioning properly
- Actions
- Edit an agent - To edit agent details, click the Edit icon to the right of the agent. Edit agent authorization, if needed, and click Update.
- Delete an agent - Remove the agent from the database and revoke the client certificate. To delete an agent, click the Delete icon to the right of the agent you want to remove and confirm the deletion.
NOTE: You will need to delete a disconnected agent before you can force it to re-enroll.
Installed agents must be authorized before they can be used to run actions. The Recast Management Server will automatically approve any agents that connect from the same domain as the Recast Management Server. Agents connecting from a different domain (or from a workgroup computer) must be approved manually, unless you've edited the default setting to approve all agents automatically.
Approve an Agent Manually
To approve an agent manually in RMS:
1. On the Recast Agents page, click the Edit icon to the right of the agent you want to authorize.
2. In the Edit window, enable the Authorized checkbox and click Update.
Approve All Agents Automatically
You can choose to have your Recast Management Server automatically authorize all agents regardless of the domain where they're installed.
To approve all agents automatically:
1. In your Recast Management Server, navigate to Administration > Settings.
2. Under Recast Management Server, click the Edit icon to the right of Recast Agent Approval.
3. In the Change Setting window, choose Automatically Approve All Agents from the Value drop-down.
Automatic Agent Re-enrollment
As of Recast Software Version 5.9.2505, an agent will automatically re-enroll with your Recast Management Server after it receives a number of 403 forbidden responses.
NOTE: If the ForbiddenResponsesBeforeReenroll option is not present in the appsettings, the system defaults to 5 forbidden responses before re-enrolling an agent.
Disable Automatic Agent Re-enrollment
Disable automatic re-enrollment by adding the following option in the agent's appsettings.json:
"AgentOptions": { "ForbiddenResponsesBeforeReenroll": 0 }
Manual Agent Re-enrollment
You can manually re-enroll an agent following the steps in our Recast Agent not Connecting troubleshooting doc.
Beginning with Recast Software Version 5.9.2505, inactive agents are removed automatically when the number of days of inactivity, meaning the number of days since the agent last connected to an agent gateway, is higher than the Max Inactive Agent Age set in the Recast Management Server settings. By default, an inactive agent is removed after 90 days.
You can see which agents are nearing the Max Inactive Agent Age on the Agent Management dashboard.
Agent cleanup can be disabled by setting the Max Inactive Agent Age option to 0
in your RMS settings.
NOTE: When you upgrade your Recast Software to v5.9.2505.2003, the Last Connected date for enrolled agents resets to the current date and the number of days to the Max Inactive Agent Age is set at a default 90 days.