Right Click Tools Roles

Right Click Tools with Recast Management Server lets you set up role-based permissions that use Active Directory users or groups to grant or limit access to specific actions.

Administrator Role

You can grant users and groups Recast permissions by assigning an administrator role. Your Recast software must be connected to Recast Management Server to set up role-based permissions.

Add Active Directory User or User Group

To add an AD user or user group:

1. In your Recast Management Server, navigate to Administration > Permissions.

2. In the main window, click Add User or Add Group.

3. In the window that opens, search for your AD name or AD user group and click the Add button.

NOTE: You can include a wildcard (*) to facilitate your search.

Wildcard examples:
  • John Connor returns strings that match exactly
  • John C*  returns strings beginning with 'John C', such as 'John Connor', 'John Connors', and 'John Cranston'
  • *Connor returns strings ending with 'Connor', such as 'John Connor' and 'Carol O'Connor'
  • *Support* returns strings that include 'Support' plus whatever is on the left and right, such as 'Customer Support Team' and 'Enterprise Support Group'

Assign User a Role

A user must be assigned at least one role.

To assign a user an administrator's role:

1. On the Permissions page, click the Edit icon to the right of the user.

2. Under Role Assignments, select Administrators.

3. To limit the user's permissions to a set of devices, enable Limit this user to specific objects and select a Service Connection.

4. If desired, set a specific Refresh Interval for repopulating scopes. A longer interval uses fewer resources but also detects new users and devices less frequently.

5. Click Save.




Read Only Access Role

Read-only access lets users view Right Click Tools actions, console dashboards, web dashboards and trends, and the audit log, without the ability to make changes to any devices. Users given this role will not see permissions, routes, or scopes in the Recast Management Server interface. For the full permission list, see below.

You can add a permissions template to Recast Management Server by running a simple SQL query against your RecastManagementServerDB.

Template (updated August 24, 2023): RMS Read-Only Role Query

Video Walkthrough







Read-Only Role Permission list

Active Directory GetADComputer
Active Directory GetADComputerWithLAPSData
Active Directory GetADComputers
Active DirectoryGetADComputersBitLockerStatus
Active DirectoryGetADComputersInGroup
Active DirectoryGetADContainers
Active DirectoryGetADGroup
Active DirectoryGetADGroups
Active DirectoryGetADGroupsInGroup
Active DirectoryGetADOUs
Active DirectoryGetADUser
Active DirectoryGetADUsers
Active DirectoryGetADUsersInGroup
Active DirectoryGetAccountGroupMembership
Active DirectoryGetBitLockerRecoveryData
Active DirectoryGetGroupMembers
Active DirectoryGetPrimaryGroupForAccount
Active DirectoryIsAccountEnabled
Active DirectorySearchADComputers
Active DirectorySearchADGroups
Active DirectorySearchADUsers


AdministrationGetAllSettings
AdministrationGetActionExecutionGroup
AdministrationGetActiveDirectoryServiceConnection
AdministrationGetExecutionHistory
AdministrationGetExecutionHistoryForJobID
AdministrationGetMemcmServiceConnection


BitLockerGetBitLockerStatus
BitLockerGetRecoveryPasswordFromDevice


ConfigMgr Client GetConfigurationBaselines
ConfigMgr Client GetDeployedPrograms
ConfigMgr ClientGetDeployedTaskSequences
ConfigMgr ClientGetDeviceId
ConfigMgr ClientGetServiceWindows
ConfigMgr ClientGetUserPolicyEndpoint
ConfigMgr ClientMissingSoftwareUpdates
ConfigMgr ClientPackageInformation


ConfigMgrServerGetAccounts
ConfigMgrServerGetActiveAlerts
ConfigMgrServerGetActiveDirectoryForests
ConfigMgrServerGetAdministrativeUsers
ConfigMgrServerGetAlertSubscriptions
ConfigMgrServerGetAllAlerts
ConfigMgrServerGetAllCollections
ConfigMgrServerGetAllContentStatus
ConfigMgrServerGetAllDeploymentTypes
ConfigMgrServerGetAllDeviceCollections
ConfigMgrServerGetAllDevices
ConfigMgrServerGetAllDevicesInOu
ConfigMgrServerGetAllDistributedContent
ConfigMgrServerGetAllSoftwareUpdates
ConfigMgrServerGetAllUserCollections
ConfigMgrServerGetAllUsers
ConfigMgrServerGetApplicationByModelId
ConfigMgrServerGetApplicationRevisions
ConfigMgrServerGetApplications
ConfigMgrServerGetApplicationsDeployedToUsers
ConfigMgrServerGetApprovalRequests
ConfigMgrServerGetAssetIntelligenceCatalog
ConfigMgrServerGetAssetIntelligenceHardwareRequirements
ConfigMgrServerGetAssetIntelligenceInventoriedSoftware
ConfigMgrServerGetAutomaticDeploymentRules
ConfigMgrServerGetBaseboardInformation
ConfigMgrServerGetBootImages
ConfigMgrServerGetBoundaries
ConfigMgrServerGetBoundaryGroups
ConfigMgrServerGetCategoryInstanceById
ConfigMgrServerGetCertificates
ConfigMgrServerGetChassisInformation
ConfigMgrServerGetClientOperations
ConfigMgrServerGetClientSettings
ConfigMgrServerGetCollectionFolderInformation
ConfigMgrServerGetCollectionVariablesforDevice
ConfigMgrServerGetCollectionsforDevice
ConfigMgrServerGetCollectionsforUser
ConfigMgrServerGetCompliantUpdateStatuses
ConfigMgrServerGetComponentStatus
ConfigMgrServerGetComputerSystemInformation
ConfigMgrServerGetComputerSystemProductInformation
ConfigMgrServerGetComputerWarranty
ConfigMgrServerGetComputersWithX64LapsClient
ConfigMgrServerGetComputersWithX86LapsClient
ConfigMgrServerGetComputersWithoutLapsClient
ConfigMgrServerGetConfigurationBaselines
ConfigMgrServerGetConfigurationItems
ConfigMgrServerGetConflictingRecords
ConfigMgrServerGetContentStatus
ConfigMgrServerGetDPGroupTaskSequenceContent
ConfigMgrServerGetDPGroupsWithMembers
ConfigMgrServerGetDeployedApplicationsForUser
ConfigMgrServerGetDeploymentPackages
ConfigMgrServerGetDeploymentTypesForApplication
ConfigMgrServerGetDeployments
ConfigMgrServerGetDeviceCollectionFolders
ConfigMgrServerGetDeviceCollectionInformationforDevice
ConfigMgrServerGetDeviceCollectionMembers
ConfigMgrServerGetDeviceCollectionsinFolder
ConfigMgrServerGetDeviceCountForLicensing
ConfigMgrServerGetDevicesByCreationDate
ConfigMgrServerGetDevicesByMACAddress
ConfigMgrServerGetDevicesBySmBiosGuid
ConfigMgrServerGetDevicesInCollectionScope
ConfigMgrServerGetDevicesInSiteScope
ConfigMgrServerGetDiscoveryMethods
ConfigMgrServerGetDistributedSoftwareUpdates
ConfigMgrServerGetDistributionPointConfigurationStatus
ConfigMgrServerGetDistributionPointContent
ConfigMgrServerGetDistributionPointGroupStatus
ConfigMgrServerGetDistributionPointGroupStatusforPackage
ConfigMgrServerGetDistributionPointGroups
ConfigMgrServerGetDistributionPointStatusforPackage
ConfigMgrServerGetDistributionPoints
ConfigMgrServerGetDistributionPointsInDistributionPointGroup
ConfigMgrServerGetDriverPackages
ConfigMgrServerGetDrivers
ConfigMgrServerGetEndpointProtectionAntimalwarePolicies
ConfigMgrServerGetEndpointProtectionFirewallPolicies
ConfigMgrServerGetFailedContentOnDistributionPoint
ConfigMgrServerGetGlobalConditions
ConfigMgrServerGetInstalledSoftwareUpdates
ConfigMgrServerGetMachinesWithCmBlmKeys
ConfigMgrServerGetMalwareDetected
ConfigMgrServerGetMigrationJobs
ConfigMgrServerGetNonCompliantUpdateStatuses
ConfigMgrServerGetObjectContainerItems
ConfigMgrServerGetOperatingSystemImages
ConfigMgrServerGetPackages
ConfigMgrServerGetPowerConfigurationsforComputer
ConfigMgrServerGetQueries
ConfigMgrServerGetRequiredSoftwareUpdates
ConfigMgrServerGetScopeMemberships
ConfigMgrServerGetSecurityRoles
ConfigMgrServerGetSecurityScopes
ConfigMgrServerGetServersandSiteSystemRoles
ConfigMgrServerGetServiceWindowsforComputer
ConfigMgrServerGetSiteDeviceCollectionsWithFolders
ConfigMgrServerGetSiteStatus
ConfigMgrServerGetSites
ConfigMgrServerGetSoftwareMeteringRules
ConfigMgrServerGetSoftwareUpdateGroups
ConfigMgrServerGetSoftwareUpdatesInGroup
ConfigMgrServerGetStatusMessageQueries
ConfigMgrServerGetSystemBiosInformation
ConfigMgrServerGetSystemConsoleUsageData
ConfigMgrServerGetSystemFirmwareStatus
ConfigMgrServerGetSystemOperatingSystemInformation
ConfigMgrServerGetSystemsBitLockerEncryptionStatus
ConfigMgrServerGetTaskSequenceContent
ConfigMgrServerGetTaskSequences
ConfigMgrServerGetUnknownDevices
ConfigMgrServerGetUserCollectionFolders
ConfigMgrServerGetUserCollectionsinFolder
ConfigMgrServerGetUserDevices
ConfigMgrServerGetUserDevicesByUsername
ConfigMgrServerGetUserStateMigrations
ConfigMgrServerGetVirtualHardDisks
ConfigMgrServerGetWarrantyInformation


EndpointInsightsOpenRecastEiReportViewer


FilesystemGetDirectoryEntries
FilesystemGetDirectoryEntries
FilesystemGetSecurityByName


InstalledSoftwareListSoftware


KioskManagerListProfiles


LocalActionsActiveDirectoryCleanupTool


MBAMGetMBAMCompliance
MBAMGetMBAMComplianceForAllMachines
MBAMGetMachinesWithMBAMKeys
MBAMGetMachinesWithMBAMKeys_v2
MBAMGetRecoveryKeysForDevice
MBAMGetTPMHash
MBAMGetTPMHashForUser


NetworkPingComputer


RegistryGetValue
RegistryListHives
RegistryListSubkeys
RegistryListValues


SCEPGetDefenderExclusions
SCEPGetDefenderStatus


ServicesListServices


SystemInformationGetAllLocalGroupMembers
SystemInformationGetBatteryInformation
SystemInformationGetLoggedInUsers
SystemInformationGetRunningProcesses
SystemInformationGetUserSessions
SystemInformationReadOnly


TaskSchedulerGetTaskResults
TaskSchedulerGetTaskResultsForDate


UnifiedWriteFilterGetFileExclusions
UnifiedWriteFilterGetOverlayConfiguration
UnifiedWriteFilterGetRegistryExclusions
UnifiedWriteFilterGetUnifiedWriteFilterFeatureStatus
UnifiedWriteFilterGetWriteFilterStatus


WindowsSecurityGetAllVirtualizationBasedSecuritySettings
WindowsSecurityGetCredentialGuardSettings
WindowsSecurityGetSecureBootStatus
WindowsSecurityGetSystemGuardSecureLaunchSettings
WindowsSecurityGetTpmStatus
WindowsSecurityGetUefiSecureBootStatus
WindowsSecurityGetVirtualizationBasedSecuritySettings
WindowsSecurityGetWindowsFirewallProfiles
WindowsSecurityGetWindowsFirewallRules


WindowsTaskSchedulerListTasks


WMIReadOnly




Custom Role Templates

We've created these role templates as starting point for creating custom permission sets for Right Click Tools users. They are designed to be quickly added in Recast Management Server and can then be adjusted to fit your needs by adding or removing individual permissions. 

Add a Permission Template to Recast Management Server

You can add a permission template to your Recast Management Server running a simple SQL query against your RecastManagementServer database.

To add a permission template in RMS:

1. Open SQL Server Management Studio (SSMS).

2. Expand the Databases folder.

3. Right-click on RecastManagementServer.

4. Select New Query from the drop-down menu. 

5. Copy the template file (available below) and paste it into the main window in SSMS.

6. Execute the action.

In the Recast Management Server interface, the Permissions page should display a new Recast Role. You can click Permissions to the right of the role to view and/or change the specific permissions associated with the role.

Video Walkthrough


Custom Permission Templates

Read Only Access 

This template will create a custom role called "ReadOnly" and grant users read access to all of the tools and Recast Management Server Web Dashboards.

SQLNewRMSReadOnlyAccessRole.txt

Remote Software Center 

This template will create a custom role called "RemoteSoftwareCenter" and grant users access to all of the actions within Remote Software Center.

SQLNewRMSRemoteSoftwareCenterRole.txt

Content Distribution Monitor

This template will create a custom role called "ContentDistributionMonitorDashboard" and grant users access to all of the actions within the Content Distribution Monitor.

SQLNewRMSContentDistributionMonitorDashboardRole.txt




Scopes

Recast Scopes are lists of devices. Beginning with Recast Software Version 5.0, scopes are created automatically in the background when you create a route or limit user permissions to a set of devices. A user assigned a role and its associated permissions will automatically be allowed to perform tasks within a specific scope, which may include certain devices, users, AD OUs, or AD groups.