Recording remote control sessions

Endpoint Manager has a remote control recording feature. This can be useful for training new employees or documenting procedures.

Remote control records the contents of the remote screen during a remote control session. It doesn't record audio or the remote control console toolbar. Recordings are saved to Amazon Web Services S3 storage and can be accessed from there. There are no other storage options right now.

While recording, the session is streamed from the IT Analyst's remote control console in realtime to Amazon S3. The video isn't stored locally.

When recording, make sure you properly end the remote control session by clicking the Close button on the toolbar. If you directly close the remote control application or the browser tab it's running in without clicking the Toolbar's Close button, the recording won't be saved.

If the viewer is active and there is a timeout between the viewer and client, the recording can still be saved.

For detailed information on configuring remote control recording, see this Ivanti Community article.

Before using this feature, in AWS you'll need to create an Amazon S3 bucket where recordings will be stored. You also need to do the following:

  1. In AWS, create an account that will be used to store the recordings.

  2. In Endpoint Manager's credential manager, create a new storage container.

  3. Configure and deploy a remote control agent setting that allows remote control recording.

  1. Sign in to the AWS Management Console with your AWS admin account.

  2. At the top of the page, click your account name, and click My Security Credentials.

  3. At the left, click Users.

  4. Click the Add user button.

  5. Enter a User name.

  6. Next to Access type, select Programmatic access.

  7. Click the Next: Permissions button.

  8. Click the Next: Tags button.

  9. Click the Next: Review button.

  10. On the Review page, you'll see a warning that this user has no permissions. That's OK and expected.

  11. Click the Create user button.

  12. At the Add user Success page, save the Access key ID and Secret access key so you can enter them in Endpoint Manager.

  13. Click Close.

  1. Click Tools > Distribution > Cloud storage > S3 buckets.

  2. Right-click and click New storage.

  3. Enter your S3 bucket name.

  4. Select your region.

  5. Click the Manage credential button.

  6. Give the credential a Unique name.

  7. Enter your Access key and Secret key that you got from Amazon.

  8. Click Save,

  9. Select the S3 credential you created

  10. Click Test, and if the test works click Save.

  1. Click Tools > Configuration > Agent settings.

  2. Click Agent settings> All agent settings.

  3. Create a new remote control agent setting or edit an existing one.

  4. Name it after the recording type you want, such as User initiated. This way you can easily find it among your other agent settings.

  5. Click the Record settings page.

  6. Select the recording type you want. They're described in the next section.

  7. Under Cloud storage, select the storage you created earlier in Credential manager.

  8. Click Save.

  9. Right-click your new agent configuration and click Create scheduled task. Add targets and schedule your task for deployment. Alternatively, if you're editing a deployed remote control configuration, devices using that configuration will automatically receive your changes the next time they run the vulnerability scanner.

Using remote control session recording

There are four types of remote control session recordings you can chose from in the remote control agent settings.

  • Disabled: Remote control recording isn't allowed and there's no record button on the remote control toolbar.

  • User initiated: An IT analyst can manually start and stop recording during a session. The user being remote controlled can't start recording a session on their own.

  • Always record: Always records the session. In this mode, recording is always active. You can't stop it manually during the session.

  • Prompt before saving: Always record but prompt to keep or delete the recording at the end of the session. In this mode, recording is always active. You can't stop it manually during the session.

The remote control toolbar shows a Record button if recording is enabled. In User initiated mode, you can use the record button to stop and start recording as needed. Each time you stop and start the recording it creates a new recording file instance on Amazon S3.

Recording uses the remote control permission settings you specify on the Permission settings page. For example, if users must grant permission to be remote controlled, they will also need to grant permission to allow recording. The recording permission prompt will time out if it isn't acknowledged.

Users only need to grant permission once per session. The remote control session will continue if permission is denied or times out, but no recording will be made.

At the remote control console, a dismissible banner appears on the remote control console when recording begins. The green screen border turns red once actual recording has started.

The remote control notification on endpoints also has a "Recording in progress" indicator when recording is active. Users being remote controlled see this.

Viewing recordings

Recordings are stored in the Amazon S3 bucket you configured. You must use Amazon's Management Console to download recordings so that you can view them.

To download a recording.

  1. In Amazon's Management Console, go to the Amazon S3 bucket view.

  2. Click the recording you want to get to the details for that object.

  3. Click Object actions > Download. The file will be downloaded in .webm format.

Ivanti doesn't do any automated maintenance on saved recordings. When necessary, you can use Amazon's console to review your S3 bucket contents and delete old or unimportant recordings.