Subscribe to Support RSS FeedBackground Access
IT Admins can remotely connect to and troubleshoot an end-user’s device using Background Access, a remote session type that enables remote file management and command-line interfacing on an end-user’s device – all without notifying or interrupting the end-user.
Features
Background Access enables Admins to use the following tools during a session with an end-user:
- Command Line Interface Shell: Admins can access and run remote commands for end-user’s Windows and Mac devices using a browser-based command line interface (CLI) in the Admin Portal.
- Remote File Manager (RFM): Admins can upload and download files between Admin and end-user devices. This feature is available for both Background Access and standard Remote Assist session types.
Note:
- During a Background Access session, Remote Assist using Consent Prompt or Unattended Access mode cannot be used simultaneously.
- The JumpCloud Background Access CLI currently supports Windows and Mac operating systems. After connecting to the end-user, Admins will automatically launch a browser-based PowerShell terminal for Windows devices, and a browser-based Bash terminal for Mac devices. After accessing the command line interface for a device, Admins will have root level access for both Mac and Windows systems.
- The RFM tool is available for use in both Background Access and standard remote assist session types (One-time Access Code, Consent Prompt, and Unattended Access).
Enable and Launch Background Access (Admin)
- Log in to the JumpCloud Admin Portal: https://console.jumpcloud.com.
- Go to Settings.
- Click the Features tab.
- In the Device Support section, click the Background Access Service toggle to enable Background Access.
- Click Save.
Important:
- To enable or disable Background Access, you must be an Admin with manager permissions or higher. To launch a Background Access session, you must be an Admin with HelpDesk role permissions, Admin with Manager role permissions, or higher.
- If the Remote Assist Service or Background Access Service toggles are enabled, then the Admin also has access to enable or disable the Session Timeout and Experience Survey toggles. However, if both are disabled, then the Session Timeout and Experience Survey toggles will be inaccessible.
- Go to Device Management > Devices and click the Devices tab.
- Select the device you want to provide remote assistance for.
- In the Device Support section, click launch background access.
- Wait for the connection to load and establish to the end-user device. After the connection is established, a new Background Access session browser tab opens.
Note:
- On the Terminal tab, your system automatically connects to the proper CLI type based on the user’s device OS. For Mac devices, it will default to a Bash terminal type, and for Windows devices, it will default to a PowerShell terminal type.
- Linux support will come in future releases.
- You can hover over the information icon to see the OS details for the connected device.
- Enter commands in the interface as needed.
Important:
- If you need to enter sensitive information such as passwords, do NOT enter them directly in the CLI because they will be logged. Instead, if you need to enter a password, first put it into a script on your local machine in which the password can be specified, and then transfer the script to the end-user device through RFM, and run the script/file in the CLI. Background Access does not look into scripts to see passwords, and will avoid passwords being logged.
- Admins should NOT write scripts during a remote session. Write the script on your local machine and then transfer it to the remote end-user device using the RFM.
- The maximum string length for a single input command is 8000 characters. If you paste or run a command that exceeds 8000 characters, such as a large text file, this can result in session hanging, and you will have to close and restart the Background Access session.
- The maximum string length to paste into the Terminal is 8000 characters. If you have to paste a large file (exceeding 8000 characters), you should paste it in smaller chunks to avoid session hanging.
- The maximum scroll limit in the Terminal shell is 5000 lines. You can scroll up to see the history of the previous 5000 lines, but anything after that will be replaced.
- When you are finished, click End Session.
Security Best Practices: Commonly Masked Commands
Any commands entered into the Background Access command line interface are logged into the Admin Portal's Directory Insights, including sensitive information. To improve some of these security vulnerabilities, Background Access masks common sensitive commands so that they are not visible in the logs.
A list of the currently masked commands include:
-p-k-cp–key–api-key–password–certpassword–install-arguments-sensitive–package-parameters-sensitive
Important:
Avoid running any commands or scripts with keys or passwords (sensitive information) as arguments in them. If you need to run a command with sensitive information, make sure you write a script on your local device, transfer it to a remote device using Remote File Manager, then run the script on the remote device using the remote command line interface.
Remote File Manager
The Remote File Manager (RFM) lets you transfer (upload and download) files between Admin and end-user devices during Background Access sessions and standard Remote Assist session types (One-time Access Code, Consent Prompt, and Unattended Access).
Admins have access to the RFM at any time during a regular remote assist session type through the session toolbar, and during Background Access sessions in the File Browser tab.
Features
Supported file operations in RFM include:
- Download: Admins can download files from an end-user device to their Admin device.
- Upload: Admins can select files from their device and upload them to the end-user device.
- Move: Admins can manually move files to and from different areas of the end-user device.
- Delete: Admins can delete files from the end-user device.
- Rename: Admins can rename files on the end-user device.
- Browsing: Admins can browse the files on an end-user’s device.
- Copy: Admins can copy files to and from different areas of the end-user device.
Note:
The Copy function is not currently supported in EA, but will be available in GA.
Limitations / Known Issues
- Admins using the RFM on a Windows device can currently only browse the C: drive. Support for browsing the rest of the file drives will come in subsequent releases.
- During a file transfer, Admins can not pause active downloads or uploads. Pausing and resuming active file transfers will be available in subsequent releases.
- RFM does not support copy, move, download, upload, or rename functionalities for folders.
- RFM can only perform one file operation at a time. It can’t perform multiple file operations simultaneously.
- The maximum file transfer size limit is 2 GB.
- Linux is not currently supported.
- When an Admin is trying to upload an unauthorized file, or upload without the appropriate permissions and fails, there is no error message to communicate this failure.
- Admins can not currently see all of the directory shortcuts during a Background Access session.
- Upload files above 1 MB might be corrupted at the destination (RAA).
- Admins must manually dismiss notifications; notifications are not dismissed automatically.
- Uploading several large files in sequence can freeze the upload operation.
- When an Admin tries and fails to upload a file to a directory with read-only access, there is no error message to communicate this failure.
Access Remote File Manager with Background Access
- Ensure that you have the proper permissions to use Remote File Manager. For more information, see Grant Screen Recording and Accessibility Permissions for the Remote Assist Agent.
- Launch a Background Access session and connect to an end-user’s device. For more information, see Enable and Launch Background Access.
- In the Background Access browser window, click the File Manager tab.
- The File Manager interface displays.
- For next steps on using the RFM, see Use Remote File Manager.
Access Remote File Manager with Remote Assist
- Start a standard Remote Assist session and connect to an end-user’s device. For more information on initiating a Remote Assist session, see Get Started: Remote Assist.
- In the session toolbar, click Session Options.
- Click File Manager (Beta). The file browser opens in a new window displaying the end-user’s remote file systems.
Note:
- To close the File Manager window, click the X close icon.
- You can quickly navigate between directories using the shortcuts in the left-hand navigation, such as the Home, Downloads, Documents, Desktop, Pictures, and Music file directories.
- For next steps on using the RFM, see Use Remote File Manager.
Use Remote File Manager
After opening RFM from a Background Access or standard Remote Assist session type, perform the following steps to use RFM.
- To download, cut, delete, or rename a file from the end-user device file system:
- Click to highlight the file you want to download, and then click Actions.
- In the dropdown menu, click Download, Rename, or Delete.
- Wait for the operation to complete.
- Alternatively, click to highlight the file you want to download, then click the ellipses (…) icon, and select Download, Cut, Delete, or Rename.
- To upload a file or create a new folder in the end-user device:
- Navigate to where you want to upload a file, and then click + Add File. You can also drag-and-drop files from your device into the file manager.
- Click to Upload File or Create Folder and wait for the operation to complete.
Note:
- You can not upload existing folders, you can only create new folders on the end-user device.
- To perform bulk actions on multiple files:
- Select all of the check boxes for the files you want to affect.
- Click the Actions menu.
- Click to Download or Delete the files.
Note:
- You can only perform copy, download, or delete operations on bulk files.
- The copy function is not available for EA, but will be available for GA.
- When you are finished, close the File Manager window.
Note:
The File Transfer Status bar displays the download and upload progress for files, as well as whether the file transfer was a success or failure.
View Directory Insights Logging Information
During a Background Access session or standard Remote Assist session, any commands or remote file transfer operations will be logged and available for viewing in the Directory Insights events. You can access these event logs at any time.
To view the logging information for a Background Access session:
- Log in to the JumpCloud Admin Portal: https://console.jumpcloud.com.
- Go to Insights > Directory. The Directory Insights page displays.
- Review all of the commands and event types that were entered during the background access session.
- To expand the contents of a specific event, click the down arrow icon to the left of the event.
Note:
- Any commands run in the remote shell during a Background Access session will be logged.
- Please remember to completely avoid entering passwords or sensitive information in the command line interface or else they will be logged in the Directory Insights.
- All file operations performed in the RFM during a Background Access session will be logged.
Directory Insights Event Types
Relevant event types include the following:
remote_session_start- This event provides details of when the Remote Assist session was initiated.
remote_session_end- This event provides details of when the Remote Assist session was terminated.
remote-assist-settings- This event provides details of the settings changed by the Administrator.
background_access_shell- This event provides details of the command types (command, timestamp) run during a background access session.
background_access_file- This event provides details of the file operations (command, timestamp, result) run during a background access session.
In this Article
Learn More