The permission set required for a proxy service account differs depending on how you're using a Recast Proxy.
If you haven't set up the required proxy permissions prior to installing Recast Management Server or Recast Proxy, you can skip the installer's Configuration Manager Configuration page by removing any information from the text fields, selecting Test ConfigMgr Connection and the Skip ConfigMgr Verification checkbox, and clicking Next.
Right Click Tools
Access web dashboards and trends
Schedule Builder actions
Schedule kiosk profile application | - Local admin access on the server where the proxy is being installed
- Read permissions in Active Directory
- db_datareader in the Configuration Manager SQL server database
- Read-only access to the Configuration Manager console (Read-only Analyst security role in ConfigMgr)
|
| Run actions as a service account | - Local admin access on any device that actions will be run against
- Read/Write permissions in Active Directory (Write only required to delete devices from AD)
- Appropriate ConfigMgr Security Role for intended actions in the Configuration Manager console (Full Administrator for all actions)
- Permission to MBAM, if applicable
|
| Elevate permissions | - Local admin access on all devices managed by Right Click Tools
|
| Add or remove from collections | - Permission to modify a collection in Configuration Manager
configmgr collection > modify permission |
| Fast Channel support | - Permission to run scripts in Configuration Manager
- If using Read-only Analyst in ConfigMgr as your base security role, also grant the following privileges:
Collection > Run Script = Yes SMS Scripts > Read = True
|
Endpoint Insights
| Collect warranty information | - Local admin access on the server where the proxy is being installed
- Read permissions in Active Directory
- db_datareader in the Configuration Manager SQL server database
- Read-only access to the Configuration Manager console (Read-only Analyst security role in ConfigMgr)
NOTE: These permissions match those required to access web dashboards and trends in Right Click Tools - Internet access for the proxy account in order for the Recast Management Server to reach our API at https://warranty.recastsoftware.com over TCP 443
|
| Collect warranty information if RMS is installed on a server other than your ConfigMgr SQL database | - Add proxy account to the SMS_SiteSystemToSiteServerConnection_MP_<YourSiteCode> local group on that server, allowing it to read/write to your inboxes\auth\ddm.box
|
Privilege Manager
NOTE: Privilege Manager does not require a Configuration Manager service connection.
| For all Privilege Manager features | - Local admin on the server where the proxy is being installed
- Read permissions in Active Directory
|
Application Manager
MECM Integration
| - Grant any of the following built-in roles/role combinations to the proxy account:
- Full Administrator
- Operations Administrator
- Application Administrator and Compliance Settings Manager
- Application Administrator and Read-only Analyst
- Grant modify permissions to the SMB share (UNC path) that will be used to store downloaded applications
- Access to the necessary external domains. See Application Manager System Requirements.
|
| Intune Integration | |
NOTE: Group Managed Service Accounts (gMSAs) are not currently supported.
