Differentiation between Agent's ability to run updates and run scripts

aoibheil · ‎06-05-2024

At the moment, in order for an agent to be able execute updates on end-user devices via Go To Resolve they need to have the "Remote Execution" permission enabled, which is what allows an agent to run scripts on a managed device. However, enabling this feature also allows the agent to write a custom script which they could then run on any managed device, which is a higher level of permission than what we'd like to give the majority of our agents.

I'd like to suggest that the setting be split out so that you can give an agent the ability to execute the updates as identified by Go To Resolve, but without giving them the permission to create and execute any other scripts.

Viktor_Egri · ‎06-06-2024

Dear @aoibheil,

Thank you for reaching out.

I’m Viktor, one of the product managers for GTRe, focusing on the RMM feature set. I wanted to clarify that you do not need to have the "Remote Execution" permission enabled for your agent to perform patch management.

While disabling "Remote Execution" hides this option from the agent, patch management remains fully functional as long as the patch management permission is enabled.

If you have any further questions or need assistance, please don’t hesitate to contact us.

Best regards,
Viktor

KateG · ‎06-06-2024