Background Tools
IT Admins can remotely connect to and troubleshoot an end-user’s device using Background Tools, a remote session type that enables remote file management and command-line interfacing on an end-user’s device – all without notifying or interrupting the end-user.
Features
Background Tools enables Admins to use the following tools during a session with an end-user:
- Command Line Interface Shell: Admins can access and run remote commands for end-user’s Windows and Mac devices using a browser-based command line interface (CLI) in the Admin Portal.
- Remote File Manager (RFM): Admins can upload and download files between Admin and end-user devices. This feature is available for both Background Tools and standard Remote Access session types.
Enhancements:
- Screen recording permissions for Background Tools mode is disabled because it is not necessary for the working of Background Tools.
Considerations
- Ensure your device meets the requirements for the Remote Assist Agent. For more information, see Understand the Remote Assist Agent.
- During a Background Tools session, Remote Assist using Consent Prompt or Unattended Access mode cannot be used simultaneously.
- The JumpCloud Background Tools CLI currently supports Windows and Mac operating systems. After connecting to the end-user, Admins will automatically launch a browser-based PowerShell terminal for Windows devices, and a browser-based Bash terminal for Mac devices. After accessing the command line interface for a device, Admins will have root level access for both Mac and Windows systems.
- The RFM tool is available for use in both Background Tools and standard remote assist session types (One-time Access Code, Consent Prompt, and Unattended Access).
Enable and Launch Background Tools (Admin)
- Log in to the JumpCloud Admin Portal: https://console.jumpcloud.com.
- Go to Settings.
- Click the Features tab.
- In the Device Support section, click the Background Tools Service toggle to enable Background Tools.
- Click Save.
- To enable or disable Background Tools, you must be an Admin with manager permissions or higher. To launch a Background Tools session, you must be an Admin with HelpDesk role permissions, Admin with Manager role permissions, or higher.
- If the Remote Assist Service or Background Tools Service toggles are enabled, then the Admin also has access to enable or disable the Session Timeout and Experience Survey toggles. However, if both are disabled, then the Session Timeout and Experience Survey toggles will be inaccessible.
- Go to Device Management > Devices and click the Devices tab.
- Select the device you want to provide remote assistance for.
- Select the Actions menu, then click Launch Background Tools.
- Wait for the connection to load and establish to the end-user device. After the connection is established, a new Background Tools session browser tab opens.
- On the Terminal tab, your system automatically connects to the proper CLI type based on the user’s device OS. For Mac devices, it will default to a Bash terminal type, and for Windows devices, it will default to a PowerShell terminal type.
- Linux support will come in future releases.
- You can hover over the information icon to see the OS details for the connected device.
- Enter commands in the interface as needed.
- If you need to enter sensitive information such as passwords, do NOT enter them directly in the CLI because they will be logged. Instead, if you need to enter a password, first put it into a script on your local machine in which the password can be specified, and then transfer the script to the end-user device through RFM, and run the script/file in the CLI. Background Tools does not look into scripts to see passwords, and will avoid passwords being logged.
- Admins should NOT write scripts during a remote session. Write the script on your local machine and then transfer it to the remote end-user device using the RFM.
- The maximum string length for a single input command is 8000 characters. If you paste or run a command that exceeds 8000 characters, such as a large text file, this can result in session hanging, and you will have to close and restart the Background Tools session.
- The maximum string length to paste into the Terminal is 8000 characters. If you have to paste a large file (exceeding 8000 characters), you should paste it in smaller chunks to avoid session hanging.
- The maximum scroll limit in the Terminal shell is 5000 lines. You can scroll up to see the history of the previous 5000 lines, but anything after that will be replaced.
- When you are finished, click End Session.
Security Best Practices: Commonly Masked Commands
Any commands entered into the Background Tools command line interface are logged into the Admin Portal's Directory Insights, including sensitive information. To improve some of these security vulnerabilities, Background Tools masks common sensitive commands so that they are not visible in the logs.
A list of the currently masked commands include:
-p
-k
-cp
--key
--api-key
--password
--certpassword
--install-arguments-sensitive
--package-parameters-sensitive
Avoid running any commands or scripts with keys or passwords (sensitive information) as arguments in them. If you need to run a command with sensitive information, make sure you write a script on your local device, transfer it to a remote device using Remote File Manager, then run the script on the remote device using the remote command line interface.
Remote File Manager
The Remote File Manager (RFM) lets you transfer (upload and download) files between Admin and end-user devices during Background Tools sessions and standard Remote Assist session types (One-time Access Code, Consent Prompt, and Unattended Access).
Admins have access to the RFM at any time during a regular remote assist session type through the session toolbar, and during Background Tools sessions in the File Browser tab.
Features
Supported file operations in RFM include:
- Download: Admins can download files from an end-user device to their Admin device.
- Upload: Admins can select files from their device and upload them to the end-user device.
- Move: Admins can manually move files to and from different areas of the end-user device.
- Delete: Admins can delete files from the end-user device.
- Rename: Admins can rename files on the end-user device.
- Browsing: Admins can browse the files on an end-user’s device.
- Copy: Admins can copy files to and from different areas of the end-user device.
Limitations
- Admins using the RFM on a Windows device can currently only browse the C: drive. Support for browsing the rest of the file drives will come in subsequent releases.
- During a file transfer, Admins can not pause active downloads or uploads. Pausing and resuming active file transfers will be available in subsequent releases.
- RFM does not support copy, move, download, upload, or rename functionalities for folders.
- RFM can only perform one file operation at a time. It can’t perform multiple file operations simultaneously.
- The maximum file transfer size limit is 2 GB.
- Linux is not currently supported.
- Admins can not currently see all of the directory shortcuts during a Background Tools session.
- Admins must manually dismiss notifications; notifications are not dismissed automatically.
Known Issues
- Upload files above 1 MB might be corrupted at the destination (RAA).
- When an Admin is trying to upload an unauthorized file, or upload without the appropriate permissions and fails, there is no error message to communicate this failure.
- Uploading several large files in sequence can freeze the upload operation.
- When an Admin tries and fails to upload a file to a directory with read-only access, there is no error message to communicate this failure.
- In the Volume file directory, Admins can create new folders, but can not currently upload files. This will be fixed in future releases.
- Admins can not currently cancel a file during upload, they must wait for the file to finish uploading and then delete the file. This cancel functionality will be fixed in future releases.
- Admins must manually click the text on a file or directory to select it. In future releases, Admins will be able to select items by clicking on the entire row.
- Error messages for uploading duplicate files are very vague. These error messages will be more descriptive in future releases.
- When creating a new folder, Admins must manually click Create. In future releases, Admins will be able to use the Enter key to confirm folder creation.
Access Remote File Manager with Background Tools
- Ensure that you have the proper permissions to use Remote File Manager. For more information, see Grant Screen Recording and Accessibility Permissions for the Remote Assist Agent.
- Launch a Background Tools session and connect to an end-user’s device. For more information, see Enable and Launch Background Tools.
- In the Background Tools browser window, click the File Manager tab.
- The File Manager interface displays.
- For next steps on using the RFM, see Use Remote File Manager.
Access Remote File Manager with Remote Assist
- Start a standard Remote Assist session and connect to an end-user’s device. For more information on initiating a Remote Assist session, see Get Started: Remote Assist.
- In the session toolbar, click Session Options.
- Click File Manager (Beta). The file browser opens in a new window displaying the end-user’s remote file systems.
- To close the File Manager window, click the X close icon.
- You can quickly navigate between directories using the shortcuts in the left-hand navigation, such as the Home, Downloads, Documents, Desktop, Pictures, and Music file directories.
- For next steps on using the RFM, see Use Remote File Manager.
Use Remote File Manager
After opening RFM from a Background Tools or standard Remote Assist session type, perform the following steps to use RFM.
1. To download, cut, delete, or rename a file from the end-user device file system:
- Click to highlight the file you want to download, then click the ellipses (...) icon.
- From the drop-down menu, select Download, Copy, Cut, Delete, or Rename.
The Download option will not be available in the drop-down menu if any of the folders is highlighted.
If you select the Copy or Cut options for a file, the Action button activates . You can select Paste from the Action drop-down menu.
- To upload a file or create a new folder in the end-user device:
- Navigate to where you want to upload a file, and then click + Add File. You can also drag-and-drop files from your device into the file manager.
- Click to Upload File or Create Folder and wait for the operation to complete.
- You can not upload existing folders, you can only create new folders on the end-user device.
- When you are finished, close the File Manager window.
The File Transfer Status bar displays the download and upload progress for files, as well as whether the file transfer was a success or failure.
View Directory Insights Logging Information
During a Background Tools session or standard Remote Assist session, any commands or remote file transfer operations will be logged and available for viewing in the Directory Insights events. You can access these event logs at any time.
To view the logging information for a Background Tools session:
- Log in to the JumpCloud Admin Portal: https://console.jumpcloud.com.
- Go to Insights > Directory. The Directory Insights page displays.
- Review all of the commands and event types that were entered during the background tools session.
- To expand the contents of a specific event, click the down arrow icon to the left of the event.
- Any commands run in the remote shell during a Background Tools session will be logged.
- Please remember to completely avoid entering passwords or sensitive information in the command line interface or else they will be logged in the Directory Insights.
- All file operations performed in the RFM during a Background Tools session will be logged.
Directory Insights Event Types
Relevant event types include the following:
remote_session_start
- This event provides details of when the Remote Assist session was initiated.
remote_session_end
- This event provides details of when the Remote Assist session was terminated.
remote-assist-settings
- This event provides details of the settings changed by the Administrator.
background_access_shell
- This event provides details of the command types (command, timestamp) run during a background tools session.
background_access_file
- This event provides details of the file operations (command, timestamp, result) run during a background tools session.