ConfigMgr Console
How to Use Right Click Tools in Your Complex Configuration Manager Environment
Topics: ConfigMgr Console, Right Click Tools
This is part I in the series, How to Use Right Click Tools in Your Complex Environment. Read Part II on complex Configuration Manager environments here.
One of the more common questions we answer from customers is “How can I ensure my Right Click Tools actions are successful in my environment? Oh, and by the way, we have three domains—two of them don’t trust each other—and no one in the environment has local admin rights.”
While the specifics of your environment may differ, the beauty of Right Click Tools lies in its design. Recast has built it to leverage the Recast Management Server to run actions seamlessly, even in the most complex ConfigMgr scenarios.
In this blog, I want to describe the technologies that Recast deploys to run actions in complex environments that are being managed through ConfigMgr. All these scenarios require installing a Recast Management Server in your environment, along with additional Recast technologies to ensure you can effectively communicate and manage your devices.
Managing Multiple Domains with Recast Proxy
It’s a fairly common scenario to have multiple domains with multiple trust levels. Perhaps your organization has merged with or acquired another company, or maybe you have a DMZ domain.
The challenge with multiple domains that have varying trust levels is that running Right Click Tools actions often requires different Administrator permissions across those domains. For example, our AD1 admin account likely does not have permission to do anything on devices in the AD2 domain.
In this situation, you would use a Recast Proxy for running Right Click Tools actions. The proxy would be installed on a device in the AD2 domain, and any actions running to devices on that domain would be routed through that Proxy using an account that has administrator permissions in that domain. There is no limit to the number of proxies you can have in your environment, so if you have multiple untrusted domains, simply add additional proxies.
Managing Non-Domain Joined Workgroup Devices with Recast Agent
Perhaps for your DMZ environment, your organization has gone with devices that aren’t domain joined. Or maybe they aren’t in the DMZ, but you do have non-domain joined devices throughout your environment. The issue with running Right Click Tools on these devices out-of-the-box is, once again, one of permissions. Your domain credentials lack the necessary permissions to perform actions on the device.
However, as long as the workgroup devices have a Recast Agent installed and show up in ConfigMgr, we can run actions against them. When you right click on a device to run one of the tools, the Recast Management Server determines if there is an Agent connected for that device, and then uses it to run the action.
The Recast Agent operates as a service on the device, allowing actions to run as the System account without needing additional permissions.
Managing Devices Without Local Administrator Access with Recast Agent
If you’ve removed all local administrators from the devices in your environment, Recast Agent will also allow you to run select Right Click Tools to manage your devices. The Recast Management Server will determine if there is an active Recast Agent on the device, and if there is, it will route actions that way.
Managing Cloud Management Gateway Connected Remote Devices with Recast Proxy and Recast Agent
As organizations started moving to remote work and users became less likely to connect to their work networks, Microsoft added the Cloud Management Gateway technology so ConfigMgr could still communicate with those devices.
Right Click Tools can execute actions on devices connected through a Cloud Management Gateway. All that you need to do is install the Recast Agent on the external device, and then configure the Recast Management Server so that it runs actions over the CMG. This runs Right Click Tools actions over the ConfigMgr “Fast Channel.” Now Fast Channel isn’t all that fast, so if you need to speed up your communication times, the next scenario might be for you.
Managing Remote Devices with Recast Agent and Recast Agent Gateway
You may also have devices that you would still like to be able to manage, but they very rarely connect to your local network.
Right Click Tools leverages a technology called the Recast Agent Gateway to communicate with these devices. The Agent Gateway would sit on the edge of your network so that devices that are connected to the internet can use the Recast Agent to connect to the Agent Gateway, and then the Agent Gateway makes the connection back into the Recast Management Server.
In this scenario it should be noted that if there isn’t a connection to ConfigMgr the ConfigMgr actions will not be successful, but if you have a CMG installed you can use the Agent Gateway to run the Configuration manager specific Right Click Tools actions as well.
Facing Another Complex Scenario?
Is there another way that your environment is configured, or do you have a mix of the scenarios above and are looking for the best way to design your environment? Let us know and we can help figure out which methods would be best for you.
Coming Soon: How to use the Right Click Tools in your Intune environment