You can grant users and groups Recast permissions by assigning an administrator role. Your Recast software must be connected to Recast Management Server to set up role-based permissions.
Add Active Directory User or User Group
To add an AD user or user group:
1. In your Recast Management Server, navigate to Administration > Permissions.
2. In the main window, click Add User or Add Group.
3. In the window that opens, search for your AD name or AD user group and click the Add button.
NOTE: You can include a wildcard (*) to facilitate your search.
Wildcard examples:- John Connor returns strings that match exactly
- John C* returns strings beginning with 'John C', such as 'John Connor', 'John Connors', and 'John Cranston'
- *Connor returns strings ending with 'Connor', such as 'John Connor' and 'Carol O'Connor'
- *Support* returns strings that include 'Support' plus whatever is on the left and right, such as 'Customer Support Team' and 'Enterprise Support Group'
Assign User a Role
A user must be assigned at least one role.
To assign a user an administrator's role:
1. On the Permissions page, click the Edit icon to the right of the user.
2. Under Role Assignments, select Administrators.
3. To limit the user's permissions to a set of devices, enable Limit this user to specific objects and select a Service Connection.
4. If desired, set a specific Refresh Interval for repopulating scopes. A longer interval uses fewer resources but also detects new users and devices less frequently.
5. Click Save.
Read-only access lets users view Right Click Tools actions, console dashboards, web dashboards and trends, and the audit log, without the ability to make changes to any devices. Users given this role will not see permissions, routes, or scopes in the Recast Management Server interface. For the full permission list, see below.
You can add a permissions template to Recast Management Server by running a simple SQL query against your RecastManagementServerDB.
Template (updated August 24, 2023): RMS Read-Only Role Query
Video Walkthrough
Read-Only Role Permission list
| Active Directory | GetADComputer |
| Active Directory | GetADComputerWithLAPSData |
| Active Directory | GetADComputers |
| Active Directory | GetADComputersBitLockerStatus |
| Active Directory | GetADComputersInGroup |
| Active Directory | GetADContainers |
| Active Directory | GetADGroup |
| Active Directory | GetADGroups |
| Active Directory | GetADGroupsInGroup |
| Active Directory | GetADOUs |
| Active Directory | GetADUser |
| Active Directory | GetADUsers |
| Active Directory | GetADUsersInGroup |
| Active Directory | GetAccountGroupMembership |
| Active Directory | GetBitLockerRecoveryData |
| Active Directory | GetGroupMembers |
| Active Directory | GetPrimaryGroupForAccount |
| Active Directory | IsAccountEnabled |
| Active Directory | SearchADComputers |
| Active Directory | SearchADGroups |
| Active Directory | SearchADUsers |
| Administration | GetAllSettings |
| Administration | GetActionExecutionGroup |
| Administration | GetActiveDirectoryServiceConnection |
| Administration | GetExecutionHistory |
| Administration | GetExecutionHistoryForJobID |
| Administration | GetMemcmServiceConnection |
| BitLocker | GetBitLockerStatus |
| BitLocker | GetRecoveryPasswordFromDevice |
| ConfigMgr Client | GetConfigurationBaselines |
| ConfigMgr Client | GetDeployedPrograms |
| ConfigMgr Client | GetDeployedTaskSequences |
| ConfigMgr Client | GetDeviceId |
| ConfigMgr Client | GetServiceWindows |
| ConfigMgr Client | GetUserPolicyEndpoint |
| ConfigMgr Client | MissingSoftwareUpdates |
| ConfigMgr Client | PackageInformation |
| ConfigMgrServer | GetAccounts |
| ConfigMgrServer | GetActiveAlerts |
| ConfigMgrServer | GetActiveDirectoryForests |
| ConfigMgrServer | GetAdministrativeUsers |
| ConfigMgrServer | GetAlertSubscriptions |
| ConfigMgrServer | GetAllAlerts |
| ConfigMgrServer | GetAllCollections |
| ConfigMgrServer | GetAllContentStatus |
| ConfigMgrServer | GetAllDeploymentTypes |
| ConfigMgrServer | GetAllDeviceCollections |
| ConfigMgrServer | GetAllDevices |
| ConfigMgrServer | GetAllDevicesInOu |
| ConfigMgrServer | GetAllDistributedContent |
| ConfigMgrServer | GetAllSoftwareUpdates |
| ConfigMgrServer | GetAllUserCollections |
| ConfigMgrServer | GetAllUsers |
| ConfigMgrServer | GetApplicationByModelId |
| ConfigMgrServer | GetApplicationRevisions |
| ConfigMgrServer | GetApplications |
| ConfigMgrServer | GetApplicationsDeployedToUsers |
| ConfigMgrServer | GetApprovalRequests |
| ConfigMgrServer | GetAssetIntelligenceCatalog |
| ConfigMgrServer | GetAssetIntelligenceHardwareRequirements |
| ConfigMgrServer | GetAssetIntelligenceInventoriedSoftware |
| ConfigMgrServer | GetAutomaticDeploymentRules |
| ConfigMgrServer | GetBaseboardInformation |
| ConfigMgrServer | GetBootImages |
| ConfigMgrServer | GetBoundaries |
| ConfigMgrServer | GetBoundaryGroups |
| ConfigMgrServer | GetCategoryInstanceById |
| ConfigMgrServer | GetCertificates |
| ConfigMgrServer | GetChassisInformation |
| ConfigMgrServer | GetClientOperations |
| ConfigMgrServer | GetClientSettings |
| ConfigMgrServer | GetCollectionFolderInformation |
| ConfigMgrServer | GetCollectionVariablesforDevice |
| ConfigMgrServer | GetCollectionsforDevice |
| ConfigMgrServer | GetCollectionsforUser |
| ConfigMgrServer | GetCompliantUpdateStatuses |
| ConfigMgrServer | GetComponentStatus |
| ConfigMgrServer | GetComputerSystemInformation |
| ConfigMgrServer | GetComputerSystemProductInformation |
| ConfigMgrServer | GetComputerWarranty |
| ConfigMgrServer | GetComputersWithX64LapsClient |
| ConfigMgrServer | GetComputersWithX86LapsClient |
| ConfigMgrServer | GetComputersWithoutLapsClient |
| ConfigMgrServer | GetConfigurationBaselines |
| ConfigMgrServer | GetConfigurationItems |
| ConfigMgrServer | GetConflictingRecords |
| ConfigMgrServer | GetContentStatus |
| ConfigMgrServer | GetDPGroupTaskSequenceContent |
| ConfigMgrServer | GetDPGroupsWithMembers |
| ConfigMgrServer | GetDeployedApplicationsForUser |
| ConfigMgrServer | GetDeploymentPackages |
| ConfigMgrServer | GetDeploymentTypesForApplication |
| ConfigMgrServer | GetDeployments |
| ConfigMgrServer | GetDeviceCollectionFolders |
| ConfigMgrServer | GetDeviceCollectionInformationforDevice |
| ConfigMgrServer | GetDeviceCollectionMembers |
| ConfigMgrServer | GetDeviceCollectionsinFolder |
| ConfigMgrServer | GetDeviceCountForLicensing |
| ConfigMgrServer | GetDevicesByCreationDate |
| ConfigMgrServer | GetDevicesByMACAddress |
| ConfigMgrServer | GetDevicesBySmBiosGuid |
| ConfigMgrServer | GetDevicesInCollectionScope |
| ConfigMgrServer | GetDevicesInSiteScope |
| ConfigMgrServer | GetDiscoveryMethods |
| ConfigMgrServer | GetDistributedSoftwareUpdates |
| ConfigMgrServer | GetDistributionPointConfigurationStatus |
| ConfigMgrServer | GetDistributionPointContent |
| ConfigMgrServer | GetDistributionPointGroupStatus |
| ConfigMgrServer | GetDistributionPointGroupStatusforPackage |
| ConfigMgrServer | GetDistributionPointGroups |
| ConfigMgrServer | GetDistributionPointStatusforPackage |
| ConfigMgrServer | GetDistributionPoints |
| ConfigMgrServer | GetDistributionPointsInDistributionPointGroup |
| ConfigMgrServer | GetDriverPackages |
| ConfigMgrServer | GetDrivers |
| ConfigMgrServer | GetEndpointProtectionAntimalwarePolicies |
| ConfigMgrServer | GetEndpointProtectionFirewallPolicies |
| ConfigMgrServer | GetFailedContentOnDistributionPoint |
| ConfigMgrServer | GetGlobalConditions |
| ConfigMgrServer | GetInstalledSoftwareUpdates |
| ConfigMgrServer | GetMachinesWithCmBlmKeys |
| ConfigMgrServer | GetMalwareDetected |
| ConfigMgrServer | GetMigrationJobs |
| ConfigMgrServer | GetNonCompliantUpdateStatuses |
| ConfigMgrServer | GetObjectContainerItems |
| ConfigMgrServer | GetOperatingSystemImages |
| ConfigMgrServer | GetPackages |
| ConfigMgrServer | GetPowerConfigurationsforComputer |
| ConfigMgrServer | GetQueries |
| ConfigMgrServer | GetRequiredSoftwareUpdates |
| ConfigMgrServer | GetScopeMemberships |
| ConfigMgrServer | GetSecurityRoles |
| ConfigMgrServer | GetSecurityScopes |
| ConfigMgrServer | GetServersandSiteSystemRoles |
| ConfigMgrServer | GetServiceWindowsforComputer |
| ConfigMgrServer | GetSiteDeviceCollectionsWithFolders |
| ConfigMgrServer | GetSiteStatus |
| ConfigMgrServer | GetSites |
| ConfigMgrServer | GetSoftwareMeteringRules |
| ConfigMgrServer | GetSoftwareUpdateGroups |
| ConfigMgrServer | GetSoftwareUpdatesInGroup |
| ConfigMgrServer | GetStatusMessageQueries |
| ConfigMgrServer | GetSystemBiosInformation |
| ConfigMgrServer | GetSystemConsoleUsageData |
| ConfigMgrServer | GetSystemFirmwareStatus |
| ConfigMgrServer | GetSystemOperatingSystemInformation |
| ConfigMgrServer | GetSystemsBitLockerEncryptionStatus |
| ConfigMgrServer | GetTaskSequenceContent |
| ConfigMgrServer | GetTaskSequences |
| ConfigMgrServer | GetUnknownDevices |
| ConfigMgrServer | GetUserCollectionFolders |
| ConfigMgrServer | GetUserCollectionsinFolder |
| ConfigMgrServer | GetUserDevices |
| ConfigMgrServer | GetUserDevicesByUsername |
| ConfigMgrServer | GetUserStateMigrations |
| ConfigMgrServer | GetVirtualHardDisks |
| ConfigMgrServer | GetWarrantyInformation |
| EndpointInsights | OpenRecastEiReportViewer |
| Filesystem | GetDirectoryEntries |
| Filesystem | GetDirectoryEntries |
| Filesystem | GetSecurityByName |
| InstalledSoftware | ListSoftware |
| KioskManager | ListProfiles |
| LocalActions | ActiveDirectoryCleanupTool |
| MBAM | GetMBAMCompliance |
| MBAM | GetMBAMComplianceForAllMachines |
| MBAM | GetMachinesWithMBAMKeys |
| MBAM | GetMachinesWithMBAMKeys_v2 |
| MBAM | GetRecoveryKeysForDevice |
| MBAM | GetTPMHash |
| MBAM | GetTPMHashForUser |
| Network | PingComputer |
| Registry | GetValue |
| Registry | ListHives |
| Registry | ListSubkeys |
| Registry | ListValues |
| SCEP | GetDefenderExclusions |
| SCEP | GetDefenderStatus |
| Services | ListServices |
| SystemInformation | GetAllLocalGroupMembers |
| SystemInformation | GetBatteryInformation |
| SystemInformation | GetLoggedInUsers |
| SystemInformation | GetRunningProcesses |
| SystemInformation | GetUserSessions |
| SystemInformation | ReadOnly |
| TaskScheduler | GetTaskResults |
| TaskScheduler | GetTaskResultsForDate |
| UnifiedWriteFilter | GetFileExclusions |
| UnifiedWriteFilter | GetOverlayConfiguration |
| UnifiedWriteFilter | GetRegistryExclusions |
| UnifiedWriteFilter | GetUnifiedWriteFilterFeatureStatus |
| UnifiedWriteFilter | GetWriteFilterStatus |
| WindowsSecurity | GetAllVirtualizationBasedSecuritySettings |
| WindowsSecurity | GetCredentialGuardSettings |
| WindowsSecurity | GetSecureBootStatus |
| WindowsSecurity | GetSystemGuardSecureLaunchSettings |
| WindowsSecurity | GetTpmStatus |
| WindowsSecurity | GetUefiSecureBootStatus |
| WindowsSecurity | GetVirtualizationBasedSecuritySettings |
| WindowsSecurity | GetWindowsFirewallProfiles |
| WindowsSecurity | GetWindowsFirewallRules |
| WindowsTaskScheduler | ListTasks |
| WMI | ReadOnly |
We've created these role templates as starting point for creating custom permission sets for Right Click Tools users. They are designed to be quickly added in Recast Management Server and can then be adjusted to fit your needs by adding or removing individual permissions.
Add a Permission Template to Recast Management Server
You can add a permission template to your Recast Management Server running a simple SQL query against your RecastManagementServer database.
To add a permission template in RMS:
1. Open SQL Server Management Studio (SSMS).
2. Expand the Databases folder.
3. Right-click on RecastManagementServer.
4. Select New Query from the drop-down menu.
5. Copy the template file (available below) and paste it into the main window in SSMS.
6. Execute the action.
In the Recast Management Server interface, the Permissions page should display a new Recast Role. You can click Permissions to the right of the role to view and/or change the specific permissions associated with the role.
Video Walkthrough
Custom Permission Templates
Read Only Access
This template will create a custom role called "ReadOnly" and grant users read access to all of the tools and Recast Management Server Web Dashboards.
SQLNewRMSReadOnlyAccessRole.txt
Remote Software Center
This template will create a custom role called "RemoteSoftwareCenter" and grant users access to all of the actions within Remote Software Center.
SQLNewRMSRemoteSoftwareCenterRole.txt
Content Distribution Monitor
This template will create a custom role called "ContentDistributionMonitorDashboard" and grant users access to all of the actions within the Content Distribution Monitor.
SQLNewRMSContentDistributionMonitorDashboardRole.txt
Recast Scopes are lists of devices. Beginning with Recast Software Version 5.0, scopes are created automatically in the background when you create a route or limit user permissions to a set of devices. A user assigned a role and its associated permissions will automatically be allowed to perform tasks within a specific scope, which may include certain devices, users, AD OUs, or AD groups.