Recast Management Server Features

Overview

The Recast Management Server is designed to add additional features to Recast Enterprise products like Right Click Tools and Endpoint Insights.

  • Role Based Authentication that uses Active Directory Users and/or Groups to allow access to specific Right Click Tools
  • Audit log that shows who performed what action
  • Scheduling of automation actions and application of Kiosk profiles
  • Ability to use a Recast Proxy to run actions against computers using a service account
  • Ability to use the Recast Agent to run actions against computers in untrusted domain, workgroup, or over the Microsoft's Cloud Management Gateway using the Configmgr's Fast Channel
  • Web and Trend Dashboards
  • Set global settings
  • Allows Endpoint Insights to grab warranty information

Recast Management Server Configuration

Recast Management Server can be configured by going to https://ServerFQDN:Port in a web browser.

Agents

A Recast Agent is a service running on a computer that acts as a Right Click Tools client. When the Agent service is running, Right Click Tools actions can execute under the system context, which means that Local Admin is not required to run actions. Agents can be very helpful in running Right Click Tools actions against untrusted domains or on workgroup computers.

This view shows all the agents that exist in your environment. Agents can be approved or deleted from this screen. Agents must be approved before they are able to run actions.

Agents

Agents must be authorized in the Management Server user interface before they can be used to run actions.

Audit Log

The Audit Log shows all of the Recast Actions that have been run against this Recast Management Server as well as when they were run and which user ran them.

Audit Log

Device Sources (Preview)

Device Sources lets you run actions against ConfigMgr or Active Directory environments from the web. Adding a Device Source will add a new navigation item on the left pane. Please note this feature is in Preview and is not currently supported.

Device Sources

Licenses

The Licenses view lets you add or delete licenses on your Recast Management Server.Licenses

(License file location within Portal)


Logging

In the Logging pane you can view real time logs from the Management Server. For information on capturing those logs to send them to Recast Software, check here: http://docs.recastsoftware.com/features/Troubleshooting/Logs/index.html#recast-management-server

Logging

Permissions

The Permissions view lets you add users or AD Groups to Recast Management Server and determine which Recast Actions those users or groups have permissions to run

Permissions

Recast Users

Click the Add User button to add a new Recast User. Note that the user being searched for must be in the same domain as the Recast Management Server. You can search for the exact AD name or use * wildcards at the front and back of the name being searched. 

Recast Users

Click the Add Group Button to add an Active Directory group:

Add Group Button

Recast Roles

Roles are used to assign permissions to users. Click Add to create a custom role and click the Permissions button to modify the permissions for that role.

Recast Roles

Proxies

Recast Proxies are devices that can run Recast Actions, or can read from Active Directory or ConfigMgr to populate Scopes. There are 2 types of proxies:

  1. User Proxies – A User Proxy is automatically installed with your standard Right Click Tools installation. The User Proxy ensures that the actions you to run in Right Click Tools will run as the logged in user with the logged in user's permissions. These User Proxies do not show up on the Proxies list.
  2. Service Account Proxies – these are proxies that run as a service account. Service Account Proxies are useful when you want to run actions a service account, and can also be used run actions against untrusted domains. These can be installed using the Recast Proxy MSI downloadable from https://portal.recastsoftware.com/.

Proxies must be authorized in the Management Server user interface before they can be used to run actions.

Recast Proxies

Routes

Routes determine which Recast Proxy is going to run a Recast Action. You need to have a route for each of the ways that your Right Click Tools actions will reach out to your managed computers. There are four types of routes, each corresponding to the types of proxies available.

  • ConfigMgr Console User Proxy route – The User Proxy route will send the action that is being run from the originator's console out to the target device
  • ConfigMgr Fast Channel route - The ConfigMgr Fast Channel Route will send actions to computers that are Fast Channel Capable. That means the computer has the Recast Agent or the WMI provider installed, and it is communicating over the Fast Channel.
  • Recast Agent Proxy route – The Device Proxy route will send the action to the agent that is installed on the computer where the action is going to be run.
  • Service Account route – The Service Account route will send an action to a service account if the route is assigned a role that has permissions to run the action and if the targets of that action fall within the route’s assigned scope. The route role and scope work similarly to user permissions.

Routes

Recast Scopes

Recast Scopes are lists of devices. For Right Click Tools, those lists are used to limit actions to objects in a specific Active Directory Domain, Active Directory Path, Active Directory Group, ConfigMgr Site, ConfigMgr Device Collection, or ConfigMgr User Collections. A user is assigned a role and the permissions assigned to that role can be limited to only allow actions on certain devices, users, AD OUs, or AD groups. Scope results are cached and the maximum age before the cache is refreshed is determined by the Max Age slider.

Recast Scopes

When editing user permissions, you can choose which scopes a particular role assignment is allowed to run against:

Recast Scopes 2

Settings

Recast Settings are configured centrally for all connected Right Click Tools and Recast Proxies.

Settings

Active Directory

  • MaximumLapsExpirationTime
    • This setting sets the maximum time out that you can set the LAPS password expiration. This eliminates the possibility of a user accidentally setting a LAPS password to expire to far into the future.

Global Settings

The Global Settings contain settings that don’t belong to a specific plugin.

  • PingComputerBeforeRunningTools
    • Enabling this will send an ICMP Echo request to devices to see if the machine is on before running an action. This is a performance enhancement so Right Click Tools doesn't need to wait for WMI timeouts when devices are turned off.
    • This setting should be disabled if ICMP echo is not allowed in your environment.
  • DNSReverseLookup
    • This setting uses a DNS reverse lookup on the IP address that was returned by the ICMP echo request to make sure the device you’re hitting is correct.
    • It is disabled by default because reverse lookups aren’t configured in default DNS installations.
  • DisplayLicensePromptsToUsers
    • When your license has less than 30 days left, this setting will display a message box when you try to run a Recast action warning you that your license is expiring soon.
  • DisplayUpdatePromptsToUsers
    • This setting will allow the tools to display a message when they detect that Recast Software has released a newer version.
  • DisplayBugfixUpdatePromptsToUsers
    • This setting will allow the tools to display a message when they detect that Recast Software has released a newer minor version with bugfixes.
  • ProvideAnalyticsDataToRecast
    • This setting will allow Right Click Tools to send crash reports and tool usage data to Recast Software. No identifiable information is sent to Recast Software.
  • MaxAuditLogAge
    • This setting determines the amount of time to save audit log entries
  • MaxSnapshotAge
    • This setting determines the amount of time to save Snapshot entries'
  • UseFQDN
    • This setting will determine if Right Click Tools uses the FQDN when attempting to run actions on computers.
  • UseIPInsteadOfComputerName
    • This setting will determine if Right Click Tools uses the IP to attempt to run an action rather than the computer name

ConfigMgr Server

  • WakeOnLanPort
    • This setting determines the UDP port from which WoL packets will be sent
  • Unicast
    • This setting determines if WoL packets are sent with unicast or subnet directed broadcasts
  • NumberOfPackets
    • With this setting you can configure the number of WoL packets to send when trying to wake up devices
  • SQLServer
    • To enable Right Click Tools to query SQL Directly, the FQDN of the server hosting the CM SQL database should be entered here
      • This is optional to configure for larger environments where certain tools can query SQL directly for information rather than the WMI provider for enhanced performance on large datasets
  • SQLDatabase
    • To enable Right Click Tools to query SQL Directly, the name of the CM Database, usually CM_{SiteCode} should be entered here
      • Optional to configure for larger environments where certain tools can query SQL directly for information rather than the WMI provider for enhanced performance on large datasets

MBAM

  • MbamAdministrationUri
    • To enable MBAM reporting this setting should display the URI of the MBAM Administration Web Service. This is used for MBAM key requests to ensure proper auditing and key reset through MBAM.
  • SQLServer
    • To enable MBAM reporting this setting should display the the server hosting the MBAM SQL Database
  • MbamRecoveryAndHardwareDatabase
    • To enable MBAM reporting this setting should display the name of the MBAM Recovery and Hardware database. This field is populated with the default name.
    • This database is used for finding recovery key ids linked to devices before using them to query for a key from the MBAM Administration web service.
  • MbamComplianceStatusDatabase
    • To enable MBAM reporting this setting should display the name of the MBAM Compliance Status database. This field is populated with the default name.
    • This database is used to query compliance information for the BitLocker Status dashboard.

PowerShell

  • EnablePSRemoting
    • When a Run Script action is run in RCT Builder, this will determine if that action tries to enable PS Remoting on the remote device, if required.

Registry

  • Enable Remote Registry
    • This setting allows Right Click Tools to enable the remote registry service when the registry plugin tries to connect to the registry of a device via registry RCT builder actions.

Scheduler

  • NumberOfJobs
    • This setting determines the number of threads per user that the Recast Proxy will schedule. The higher the number, the more resources the tools will be allocated, but this may cause performance issues for other applications.
  • TimeSliceLength
    • If a Recast Proxy is running multiple jobs simultaneously, this setting determines how often the scheduler will try to switch between those jobs in milliseconds.
  • StaleRecordAge
    • This setting determines how long the Recast Proxies will cache records in minutes. Records are cached until either a client requests the result or this time expires.
  • MaxResultsReturned
    • This setting determines the number of results that the Recast Proxies should return at a time. Larger numbers will make the tools pull results faster, but may have more impact on network performance

Task Scheduler

  • TaskResultMaxAge
    • This setting determines the max age for Task Results to be stored.

Recast Management Server

  • Recast Agent Approval
    • This setting determines the approval behavior when a Recast Agent connects to the Recast Management Server
  • Recast Proxy Approval
    • This setting determines the approval behavior when a Recast proxy connects to the Recast Management Server

Snapshots

Snapshots that have been taken from the Right Click Tools Dashboards or Web Dashboards will be available here

  • You can click on the "View" Button to open the Snapshot in your default Web Browser
  • You can click on the trash icon to delete the Snapshot

Users must have specific permissions in the Recast Management Server to be allowed to see the snapshots. Those permissions are GetExecutionHistoryForJobID and GetActionExecutionGroup

For more information on taking snapshots, please see the Recast Web Dashboard documentation located here

Recast Snapshots

Dashboards

From this location you can open the Recast Web Dashboards. For more information about the Recast Web Dashboards click here

Recast Dashboards