By implementing Right Click Tools Enterprise with Recast Management Server, you'll have access to the product's full functionality. You can also choose to install the console extension (Task 1) initially and then install and configure your Recast Management Server (Tasks 2-4) at a later date.
To install Right Click Tools along with Endpoint Insights and Application Manager, see our Multi-Product Implementation Guide.
Prerequisites for Right Click Tools with RMS
To get you up and running with Right Click Tools Enterprise as quickly as possible, you'll first install the Right Click Tools Console Extension (aka Right Click Tools in Standalone mode). The tools will be available in ConfigMgr—for users with Local Administrator permissions on target devices—while the prerequisites and permissions for other Recast components and products are being put in place.
Run the Right Click Tools Installer
Make sure your Configuration Manager console is closed before opening the installer.
To install Right Click Tools:
1. Double-click the .msi file to open the installer you downloaded from the Recast Portal. Click Next.
2. Choose Right Click Tools Enterprise Standalone as the installation type and click Next.
3. Enter your Recast Portal Email address and Password.
4. Click Download License.
The license information will appear in the right pane if the retrieval was successful.
If the computer with your Configuration Manager console does not have internet access, you can click Browse for License to search the filesystem for a license file exported from the Recast Portal.
5. Click Install.
6. When the installation completes, click Finish to close the installer.
Task 1A (Optional): Set Up Configuration Manager for Right Click Tools
When Right Click Tools is run in Standalone mode, some actions will not work without Remote Registry or Remote WMI enabled. We recommend that you bypass the need to enable Remote Registry and Remote WMI by deploying and using Recast Agents on your devices to elevate permissions.
If, however, the installation and configuration of your Recast Management Server isn't planned for the short term and you want access to all the Right Click Tools in Standalone mode, you can start the Remote Registry service, create firewall rules for Remote Registry, Remote WMI, and ICMP Echo, and configure the Interactive Command Prompt.
Recast Management Server software can be installed on its own server or on the primary Configuration Manager server.
Run the Recast Management Server Installer
After downloading Recast Management Server from the Recast Portal, run the installer and follow its prompts.
IIS
To configure IIS:
1. On the IIS Configuration page, change the Server Name only if the client is going to use a DNS alias.
2. Set the IIS Port. The default IIS Port is TCP 444, to prevent conflicts when Recast Management Server is installed on Configuration Manager servers. The IIS Port can be changed to 443, or any open TCP port, to suit your environment.
Certificates
Recast Management Server requires a certificate for secure communication with Right Click Tools and any Recast Proxies.
To configure a certificate:
On the Certificate Configuration page, we recommend that you Use an Existing IIS Certificate issued by a trusted Certificate Authority (CA). If you choose to Generate a Self-Signed Certificate, you must import the Recast Management Server self-signed certificate to the Trusted Root Certificate Authorities store on devices running Right Click Tools, Recast Agent, or Recast Proxy.
CERTIFICATE NOTES:
- The certificate subject name (or a subject alternative name) should match the server name in the URL that Right Click Tools and Recast Proxies are pointed toward.
- Right Click Tools will prompt for any untrusted certificates and add them to an allowed list.
- The certificate can be changed later by editing the Binding in IIS Manager.
SQL Server
There are two types of permissions that will allow the Recast Management Server installer to automatically create the SQL database with all the necessary permissions:
- The user account running the installation can be assigned a SysAdmin role in the SQL instance. If the user account has permission to connect remotely, use the Test SQL Connection button to check connectivity to the SQL Server during the install. After the RMS installer creates the database, the SysAdmin permission can be removed.
- The computer account of the Recast Management Server can be granted db_creator permissions. In this case, check the Skip SQL Connection Test box.
SQL SERVER NOTES:
- The default SQL Server Port Number is 1433.
- A fully licensed version of SQL is strongly recommended to avoid the 10GB storage limitation of SQLExpress.
- After the SQL database is created, set the database recovery model to simple to prevent storage issues.
- Remote SQL Server: The computer account of Recast Management Server will need db_owner permissions to create the database on the remote device. If the account running the Recast Management Server installer does not have permission to create a SQL database, the database administrator can pre-create the RecastManagementServer database and manually give the computer account db_owner permissions.
- Local SQL Server: The IIS AppPool\Recast Management Server account will need db_owner permissions to create the database on the local device. Alternatively, the database administrator can pre-create the database and give the IIS AppPool\Recast Management Server account db_owner permissions to the database. The IIS AppPool\Recast Management Server account will not exist until after the installation completes, so the permissions will need to be given after installation.
Import License
You can download and import your Recast licenses when installing Recast Management Server.
To download your Enterprise license:
1. On the Import License page, enter your Recast Portal email address and password.
2. Click Download License. The license information will appear in the right-hand column.
NOTE: If your server does not have internet access, click Browse for License to browse the filesystem for a license file that has been exported from the Recast Portal.
Proxy
If the Recast Proxy is being installed on a server other than the Recast Management Server, install the Proxy separately after Recast Management Server installation.
NOTE: Proxy configuration is optional for Privilege Manager where Active Directory or Microsoft Entra ID objects are not used to target rules.
To configure the proxy during RMS installation:
On the installer's Proxy Configuration page, enter the service account Domain, Username, and Password and click Test Credentials to verify service account details.
TIP: If you haven't already set up the required proxy permissions, remove any information from the text fields, select Test ConfigMgr Connection and the Skip ConfigMgr Verification checkbox, and click Next.
Domain
To configure your domain:
1. On the Domain Configuration page, enter the Domain Name.
2. Click Test Domain Connection to verify that the service account has access to read from your domain.
Configuration Manager
NOTE: Configuration Manager does not need to be set up for Privilege Manager.
To set up your Configuration Manager for the proxy:
1. On the Configuration Manager Configuration page, enter the following information:
- Name of the site server that has your SMS Provider role
- Site Code
- Name of the SQL Server where your Configuration Manager SQL database is located
- SQL Database name
NOTE: You can skip the Configuration Manager Configuration page during Recast Management Server or Recast Proxy installation by removing any information from the text fields, selecting Test ConfigMgr Connection and the Skip ConfigMgr Verification checkbox, and clicking Next.
2. Click Test ConfigMgr Connection to check that the service account has access.
MBAM
MBAM configuration is only required for a separate MBAM Server. If you are using the ConfigMgr-integrated BitLocker or AD, you can skip this section. MBAM also does not need to be configured for Privilege Manager or Application Manager.
To configure MBAM:
1. Tap Click Here to Configure MBAM.
2. Add your Administration URL and SQL Server information.
3. Click Test MBAM Connection to verify that the service account has access to MBAM.
Initiate RMS Installation
Once you have filled in all the necessary information, click Install at the bottom of the MBAM Configuration page.
When the installation is complete, open the Recast Management Server by navigating to https://ServerFQDN:Port in a web browser (Chrome, Edge, or Firefox are recommended).
When asked to sign in, enter the username and password for the account used to install the Recast Management Server.
Installation Log Location
To check the installation logs for Recast Management Server and Recast Proxy (when installed together), navigate to C:\Users\user account running the install\AppData\Local\Temp
NOTE: The log is named something like Recast_Management_Server_2022*****.log
After installing your Recast Management Server, you'll need to assign roles to users and configure a Recast Proxy to manage tasks.
Assign Roles to Users
Add an Active Directory User or User Group
To add an AD user or user group:
1. In your Recast Management Server, navigate to Administration > Permissions.
2. In the main window, click Add User or Add Group.
3. In the window that opens, search for your AD name or AD user group and click the Add button.
NOTE: You can include a wildcard (*) to facilitate your search.
Wildcard examples:- John Connor returns strings that match exactly
- John C* returns strings beginning with 'John C', such as 'John Connor', 'John Connors', and 'John Cranston'
- *Connor returns strings ending with 'Connor', such as 'John Connor' and 'Carol O'Connor'
- *Support* returns strings that include 'Support' plus whatever is on the left and right, such as 'Customer Support Team' and 'Enterprise Support Group'
Assign a User a Role
A user must be assigned at least one role. To assign Right Click Tools permissions using a role template, see Custom Role Templates for Right Click Tools.
To assign a user an Administrator's role:
1. On the Permissions page, click the Edit icon to the right of the user.
2. Under Role Assignments, select Administrators.
3. Add a scope that limits user permissions to a set of devices by enabling Limit this user to specific objects and selecting a Service Connection. (optional)
4. If desired, set a specific Refresh Interval for repopulating scopes. A longer interval uses fewer resources but also detects new users and devices less frequently.
5. Click Save.
NOTE: For Application Manager, the user account running the Recast Proxy requires the TaskScheduler > StartTaskByName permission in RMS prior to running the initial setup. You can grant the permission using the default Administrator role, or by a creating custom role.
Configure a Recast Proxy to Manage Tasks
A Recast Proxy can be used to manage a number of tasks within Right Click Tools, such as allowing access to web dashboards, scheduling Recast Builder actions and Kiosk Manager actions. You'll also require a Recast Proxy to collect warranty information with Endpoint Insights.
To set up a proxy to manage tasks, you must authorize the proxy in the Recast Management Server (if necessary), create a Recast Proxy route, order the routes to match your priorities, and add service connections.
Authorize a Recast Proxy
By default, the Recast Management Server automatically authorizes any proxy installed in the same domain as the Recast Management Server. Proxies installed in other domains must be approved manually, unless you've edited the default setting to approve all proxies automatically.
Create a Recast Proxy Route
To create a Recast Proxy route:
1. In your Recast Management Server, navigate to Administration > Routes.
2. In the main window, click Create.
3. Set route Type to Recast Proxy.
4. Select your proxy computer name with service account from the drop-down.
5. Set the Role to Administrators.
6. Click Submit.
Reorder Routes
By default, new routes appear at the bottom of the table on the Routes page.
- To make actions run using a Recast Proxy route that is lower in the list, you must move that route above the Console Extension route in the table, as the first route to be successfully matched will be used.
- If you only need your proxy to populate scopes, and you don't want to run any actions using that proxy, you can leave your proxy route at the bottom of the table.
Changes to the route order are saved automatically.
Add Service Connections
Add service connections in your Recast Management Server so that the Recast Proxy can query the third-party services.
Service Connection Types:
- ActiveDirectory: Required for Right Click Tools web dashboards
- AzureActiveDirectory (Entra ID): Required for Privilege Manager and the Entra ID BitLocker Recovery Keys tool
- MEMCM (Microsoft Endpoint Manager Configuration Manager): Required for Application Manager and Right Click Tools web dashboards
- MBAM (Microsoft BitLocker Administration and Monitoring): Optional for BitLocker web dashboard
To add a service connection:
1. On the Service Connections page in the Recast Management Server interface, click Add Service Connection.
2. Select a connection Type: ActiveDirectory, MEMCM, MBAM, AzureActiveDirectory (Entra ID).
3. Name the new connection and add details associated with the connection type, such as the Tenant ID, Client ID, and Client Secret key.
4. Select a Proxy Computer Name and Proxy User Name from the drop-down lists.
5. Click the Confirmed check box to ensure that the service connection is available for use.
6. Click Submit.
A Recast Agent is installed on a computer and runs Right Click Tools actions on that computer as the local system account. A Recast Agent should be deployed on each device you want to run Right Click Tools actions against. After deploying Recast Agents, you can configure them to run Right Click Tools actions or for Fast Channel Support. You can also use the same Recast Agent for Endpoint Insights and Privilege Manager. To learn more about Recast Agent uses, see the Recast Agent Overview.
Prerequisites for Deploying Recast Agents:
- If deploying 5000+ Recast Agents, follow the 503.2 IIS Error instructions before proceeding.
- If your Recast Management Server is using a self-signed certificate, you must first import the certificate into the Trusted Root Certificate Authorities Store on all devices that will have Agents.
Deploying Agents with Application Manager
We recommend deploying Recast Agents using Application Manager. Your Right Click Tools Enterprise license alone gives you access to Application Manager to deploy Recast Agents. In the absence of Application Manager licensing, only the Recast Agent and Right Click Tools applications will be available in the AM software catalog.
Prerequisites for Deploying Agents using Application Manager:
- Recast Management Server is running Recast Software version 5.4 or later, as that version introduces Application Manager in RMS.
- Required proxy permissions for Application Manager are in place
To deploy the Recast Agent application with Application Manager, complete the initial AM setup, selecting 'Recast Agent' as the application to deploy.
For a video walkthrough, see Recast Application Deployment with Application Manager on our YouTube channel.
TIP: Alternatively, you can choose to deploy Recast Agents by downloading and running the Agent installer.