Creating an Agent policy - Legacy UI

What is an Agent policy?

An Agent policy deploys settings to affect the operation and configuration of the Datto RMM Agent. An Agent policy may affect Privacy Mode, Agent installation and service, security, and the Agent Browser mode. For information about the Agent, refer to Datto RMM Agent.

How to...

Specify the policy details for an Agent policy

Agent policies can be set up in the Web Portal at both the account and the site level. Refer to Create a policy.
On the Policies page, click New account policy... or New site policy....
Give the policy a Name.
Select the type Agent.

To copy an already existing policy to use it as a template, choose it from the Based on drop-down list. To create a new policy, select New Policy.
Click Next.
Click Add a target... to target your devices through a specific filter or group.

If you want to target more than one filter or group, add another target to the policy. Multiple targets will apply the "OR" logic, that is, the policy will be run on a device if it is included in any of the targets. For more information about target types, refer to Filters - Legacy UI and Groups - Legacy UI.

NOTE Device filters contain all Default Device Filters and Custom Device Filters. Devices of Unknown device type will not be targeted by the policy.

Click Add.

Choose one or more of the following options:

Privacy Mode Options

Option	Description
Activate Privacy Mode	Automatically turns on Privacy Mode for all devices targeted by the policy and will require end user permission when connecting to a targeted device. Once Privacy Mode is enabled on a device, the Datto RMM Administrator cannot disable this setting. Privacy Mode can only be disabled by the end user on the device itself. For further information, refer to Privacy Mode.
Allow connections when no user is logged in	Allows you to connect to a device when no user is logged in but Privacy Mode is enabled on the device. NOTE This setting will apply to all remote connections.
Only require endpoint permission for restricted tools	Allows you to configure Privacy Mode in a way that end user permission is only required when the following tools are used: VNC, RDP, Splashtop, Screenshot, or Web Remote.

Service Options

Option	Description
Install Service only	No system tray icon or Start menu shortcuts will be installed. It is only available for Windows devices. When this option is selected, the gui.exe process (Agent Browser) will not start on the targeted devices. For more information, refer to Hide the Datto RMM Agent icon.
Disable incoming jobs	Prevents the Agent from running jobs. NOTE Even if this option is selected, components enabled as User Tasks can still be installed. Refer to User Tasks.
Disable incoming support	Prevents remote access to the targeted device from another device. NOTE Remote options for the targeted device will be visible on the device summary page and on device list pages but no remote request will be processed.
Disable audits	Prevents the Agent from submitting audits to the platform.

Agent Policy Options

Option	Description
Disable Privacy options	Removes access to Privacy Mode Options from the system tray icon. NOTE You cannot disable Privacy Mode in the Agent using this setting if Privacy Mode has already been activated. Once Privacy Mode is enabled on a device, it can only be disabled by the end user. For further information, refer to Privacy Mode.
Disable Settings menu	Disables the following features: • Access to the Settings menu from the system tray. Refer to Settings. • The ability to edit the device description from the system tray. Refer to Device description.
Disable Quit options	Removes the option for the user to exit the Agent.
Disable Tickets tab	Removes the option for the user to log a ticket through the Agent.
Show "Take screenshot and request support" menu entry	This option is only available if an integration with a PSA is enabled. When this option is selected, the Take screenshot and request support menu entry is added to the Agent. For more information about Autotask, refer to Autotask Integration. For more information about ConnectWise PSA, refer to ConnectWise PSA Integration.
Show "Request support" menu entry	This option is only available if an integration with a PSA is enabled. When this option is selected, the Request support menu entry is added to the Agent. For more information about Autotask, refer to Autotask Integration. For more information about ConnectWise PSA, refer to ConnectWise PSA Integration.

Agent Browser Mode

Option	Description
Disabled	Prevents any access to the Agent Browser window.
User - No access to Support tab	Allows the user to open the Agent Browser window but prevents them from logging in. For more information, refer to Log in to the Agent Browser.
Admin - can log in to Support tab	Allows full access to the Agent Browser window. Refer to Agent Browser. NOTE This is the default option.

Click Save and Push Changes.
If you click Save Only, you'll be directed to your list of policies where you can click Push changes... next to the policy in question.

NOTE If you click Save Only (legacy UI) or Save and Deploy Later (New UI) instead of Save and Push Changes (legacy UI) or Save and Deploy Now (New UI) when creating or updating a policy, the changes will still be deployed at midnight in your time zone because policies are automatically deployed every 24 hours.

	Need troubleshooting help? Open the Kaseya Helpdesk.
	Want to talk about it? Head on over to the Kaseya Community!
	Have an idea for a new feature? Want to learn about upcoming enhancements? Visit the Ideas forum!
	Provide feedback for the Documentation team.