Recast Proxy is a feature that enables you to extend your reach of the Right Click Tools into previously untapped areas, such as: Untrusted Domains, WorkGroup Machines, and machines the user [ConfigMgr Console User] doesn't have rights on directly. This post is an overview, the next Post covers deployment in more detail.
Test Scenarios in this Post:
PreReqs: You already have a Recast Enterprise Management Server Setup and working in your environment. For assistance with that, look to this Post. You'll need to Export the Self-Signed Certificate from the Recast Server**
** If you're using PKI, and have your PKI infracture already setup and pushed your certs to the Untrusted domain machienes or imported them on the workgroup machines, that will save you a bunch of time, and you can skip importing the self-signed cert that is about to be covered:
To Export the Self-Signed Cert, open MMC with the Certificate Snap-in, then export the Cert:
When exporting in this example, we chose all the defaults then saved it to our Source Share where we could access it easily when we install the Proxy Software.
Before we Start, Lab Setup:
1: Untrusted Domain: (Service Account Proxy) Did you find yourself in a merger, you now have more than one Active Directory Domain, you already took time to setup your CM Infrastructure so in that other domain, but now you would like to leverage the Right Click Tools as well? No problem. First off, we're not going to cover how to extend your CM environment in this post, but here is a useful blog write up that we used to help when setting this up in a lab.
In the Unstrusted domain RECASTVILLE, we want it to be managed by the ConfigMgr Server & Recast Management Servers in the VIAMONSTRA domain. We created a dedicated box for the Proxy Host (RVILLE-PROXY), you can use a server / workstation you already have, no additional hardware / servers required. We'd recommend NOT using a domain controller as your proxy host. Before you begin your Proxy Install, if you're using a self-signed cert, you'll need to import it into the Trusted Root Certificates Authorities.
When you start the Proxy Install, if you run into this, it is probably due to the certificate. You'll need to import the Self-Signed Certificate (if you're not using a PKI setup or a Certificate issued by one of the main certificate authorities).
Proxy Install Instructions are already documented on the Recast Site, but I'll walk through it here too.
The Service Account needs to have rights on the devices you plan to trigger Right Click Actions on. This example, the RecastService is in an AD Group, which is setup in Group Policy to be a local admin on all workstations.
After the install, you'll go into the Recast Server's Web Portal, confirm the Proxy Install shows up under Proxies, then "edit" it to check the box "Authorized".
2: Work Group Computer (Device Proxy)
In this example, we've setup a Windows 10 machine, it's not joined to any domain. We installed the CM Client manually and it populated into the Console. See more on how to install SCCM Client on Workgroup Computers from our friends at SystemCenterDudes. On the workstation Computer, we added the Recast Server's Self-Signed Certificate, then installed the Recast Proxy, but this time in Device Mode.
After the install, go back to the Recast Management Server's Web Portal and authorize the Proxy.
3: Service Account / User Permissions. Scenario: Service Desk launch the Console with an account that has rights in the ConfigMgr Console, but no rights on the workstations. If you want the actions to be ran by a service account you can install a service account proxy using the same instructions as Scenario 1. In this scenario most customers chose to install the proxy on their Recast Management Server.
With the Recast Server, you can setup roles, and scopes and assign accordingly. Having Recast Proxies installed, it will allow the Techs run the tools on the machines without needing rights on those workstations. Expect a future blog post going into this scenario and going into deeper controlling rights of Console Users.
Deployment: [Deployment Blog Post]
In summary, the Recast Proxy Software is new in Right Click Tools 4.0, and enables you to leverage your Recast investment on any device in your environment.