MeshCentral - Access rights, Remote exec, Recordings, MyServer, User Consent
There is so much to announce this week, I must send the announcement right away before it gets too big. One of the important features of MeshCentral that is often overlooked is its fine grain access control. You can delegate to a user an exact set of permissions to an exact set of devices. To do this, there is a complex system to determine what rights a user has on each device. This week, we added two more access control rights to make granting user permissions even more precise. This is just one of many new features. In detail:
- New “Remote Command” and “Reset/Off” access rights. Previously, you could ask the mesh agent to remotely execute a command or power off a computer if the user had the “Remote Control” permission. These operations are now their own access right that must be given to a user separately. This is the result of a request made by a GitHub community member and allows a user to be given, for example, the right to remotely run commands without remote desktop access.
- Improvements to remote command execution. This week the remote command execution dialog box was improved so that you can specify if a command must be run as the mesh agent, or run as the currently logged in user on the primary console if a user is logged in. This is super useful since you can now launch an application on your user’s desktop remotely. For example, run “notrepad.exe” as the logged in users and notepad will launch on the user’s desktop.
- Selective session recording. At the request of a member of the GitHub community, MeshCentral now has a new option to selectively record user desktop and terminal sessions for only select device groups if needed. When enabled, only sessions from selected device groups will be recorded and saved on the server’s disk for later playback. This is perfect if your using a server for mixed use and only need recording for some devices.
- MyServer tab customization. Administrators can now customize the “MyServer” tab for each domain. This is useful if you want to remove server-wide administration options from certainly sub-domains but still allow some sub-domain users to be full administrators. As you see in the picture below, you can turn off most of the active features found in the “MyServer” tab from the config.json file.
- User consent policy control in user groups. This is a more advanced usage. When remotely connecting to a device using remote desktop, terminal or files there may be user consent flags set that will prompt the remote user for permissions. These consent flags where controlled per device, per device group, per user or server wide. Now, these flags can also be set per user group. For example, this allows all users in a user group to be required to ask for remote user consent before connecting a remote desktop session.
- MeshCentral testing table. This is not a new feature, but below is a picture of a MeshCentral device testing table with all sorts of devices featuring different processors and operating systems running the Mesh Agent and connecting back to the MeshCentral development server. This is a really good way to see if everything works well and some of these devices are used for automated agent builds.
Many thanks to the GitHub community for their continued feedback and contributions. As usual, feedback appreciated. If you see any problems and need support on something, please create a new issue on GitHub or help other users.