Web Remote

PERMISSIONS  Web Remote must be enabled within Remote control tools.

PERMISSIONS  For Web Remote chat, you must have Chat permissions enabled. Refer to Remote control tools.

PERMISSIONS  For Web Remote PowerShell, you must have PowerShell permissions enabled. Refer to Remote control tools.

NAVIGATION  Agent Browser > connect to a device > Web Remote. For more information, refer to Remote takeover tools.

NAVIGATION  Sites > All Sites > click the name of a site > Web Remote (last column in table)

NAVIGATION  Devices > All > Web Remote (last column in table)

NAVIGATION  Device summary page > Web Remote. To view the various navigation paths you can use to access the device summary page, refer to Device summary.

NAVIGATION  A targeted list of devices > Web Remote (last column in table). To view the navigation paths for the various targeted lists of devices, refer to Targeted lists of devices in Devices.

About Web Remote

Web Remote is a browser-based HTML5 remote control, chat, and PowerShell tool. It can be used to connect quickly to online servers, laptops, and desktops, and complete remote actions.

IMPORTANT  Web Remote sessions can be initiated from Windows, macOS, Linux, iOS, or Android devices using a recent version of the Chrome, Firefox, Edge, or Safari browser; no installed Agent is required. However, only Windows and macOS devices with a Managed Agent installed can be controlled via a Web Remote session.

IMPORTANT  For Web Remote to function properly on macOS devices running Mojave or later, enable the following permissions for AEM Agent in System Preferences > Security & Privacy > Privacy (System Settings > Privacy & Security > Privacy for Ventura):

Accessibility
Full Disk Access
Screen Recording

If a macOS device that was working before a release is suddenly not allowing a Web Remote connection, check these permissions and reconfigure them if needed.

NOTE  Web Remote does not use Proxy settings when establishing a connection.

Up to four users can connect to a single Windows or macOS device using Web Remote at the same time. The number of active connections may be limited by the remote device’s resources.

Web Remote can be accessed from the Agent Browser, the device summary page, and the Devices page. For navigation paths, refer to Security and navigation. Web Remote sessions and chats may also be initiated from webhook notifications. Refer to Webhooks.

NOTE  Web Remote and Splashtop do not support remote takeover of headless devices (physical devices with no attached monitor) unless the device has an active virtual monitor. Third-party video adapters or other software can be used to generate a virtual display if needed. RDP is an alternative remote takeover tool that functions for headless devices. Refer to RDP in Remote takeover tools.

For non-admin users to gain access to Web Remote, the following permissions need to be configured: 

Web Remote is an Agent module (process) that is managed by AEMAgent and runs alongside the Agent Process (AEMAgent.exe).

When a Web Remote session is established, a new Web Remote Process (RMM.WebRemote) is created for that session. Refer to Initiate a Web Remote session.

Location of the Web Remote Process by operating system:

Operating System Location
Windows %ProgramData%\CentraStage\AEMAgent\RMM.WebRemote\[version]
macOS /usr/local/share/CentraStage/AEMAgent/RMM.WebRemote/[version]

On Windows, additional supporting Web Remote Processes are created, which run in different contexts. These are summarized below:

  • Daemon: Runs in session 0 as SYSTEM at all times and controls all Web Remote sessions on a device.
  • Interactive: Runs in an interactive session as SYSTEM and is responsible for screen capture and most of the desktop protocol handling.
  • Graphics: Runs in an interactive session as the logged in user to access GUI elements, such the system tray icon and balloon notifications.

On macOS, the Interactive process is run in the same context as Daemon. The Graphics process is not run at all.

There are three auxiliary processes that support Web Remote sessions, a subset of which are run depending on the active protocol:

  • RMM.RTO.Proxy: A proxy between AEMAgent and Ultra VNC on Windows or Vine VNC on macOS.
  • RMM.RTC.Proxy: A proxy between AEMAgent and the WebRTC protocol.
  • RMM.RTO.Quartz: A proxy between AEMAgent and the Quartz API on macOS.

Starting from Windows NT 6.2 (Windows 8/Windows Server 2012), a change in the Display Driver Model has permitted hardware acceleration when screen sharing. Using this technology in Web Remote where possible results in a marked improvement in the quality and responsiveness of the takeover session experience as compared to VNC.

NOTE  If a device has both an Integrated GPU and a Guest GPU, Web Remote will automatically test and configure a GPU preference for that device.

Prerequisites:

  • Windows NT 6.2 (Windows 8/Windows Server 2012) or above only. Windows NT 6.1 (Windows 7/Windows Server 2008 R2) or below must use VNC.
  • The Datto RMM Agent Process must use .NET 8. Otherwise VNC must be used, even on Windows NT 6.2 and above. For more information, refer to Supported operating systems and Agent requirements.

If VNC is disallowed on a target device, the VNC connection will fail. On Windows devices, you can control whether VNC is allowed globally. Refer to VNC Settings in the legacy UI and VNC Integration in the New UI.

When Guest GPU Acceleration is active, the following will be displayed under the Connection section. Refer to Connection.

NOTE  The Microsoft Desktop Duplication API is not supported to run on a discrete GPU on a Microsoft hybrid (Multi-GPU) system; it can only run on an integrated GPU. If this known issue occurs, "Cannot run Agent on guest GPU" will appear in the browser. Please refer to this Microsoft Support article for more information.

Starting with Windows 10 Build 17093, there is a setting available that allows you to override GPU-specific settings. For more information, refer to the New Graphics settings for Multi-GPU Systems section of this Microsoft article. Datto RMM now detects whether Windows is running as a hybrid system; for example, a laptop with two device adapters listed under Device Manager: an "integrated" one (for example, Intel) and a "discrete" one (for example, NVIDIA). Once the laptop is detected as a hybrid system, we set a registry key value for each user that logs in to Windows so that the Power saving mode preference is automatically used for the RMM.WebRemote process.

You can continue to use the NVIDIA or AMD control panels. To switch to your dedicated GPU in order to use Web Remote, follow the steps below.

NVIDIA:

NOTE  This option may not be available if you are on an older operating system. Refer to this article for information about a change in functionality in newer Windows 10 operating systems regarding setting the preferred graphics processor.

  1. Open the NVIDIA Control Panel.
  2. Navigate to 3D Settings > Manage 3D Settings.
  3. Select the Program Settings tab and click the Add button.
  4. Choose the RMM.WebRemote process (not AEMAgent) and then click Add Selected Program.
  5. Select Integrated processor as the preferred graphic processor and then click Apply to apply the changes.

AMD Radeon:

  1. Open the Radeon Settings panel.
  2. Navigate to System > Switchable Graphics.

    3. NOTE  In the Switchable Graphics menu, the Running Applications tab is displayed by default. This view lists recent and current running applications and their assigned mode.

  3. Navigate to the RMM.WebRemote process (not AEMAgent) in the list, select it to open its drop-down menu, and select Power Saving.
  4. Observe that changes will take affect the next time Web Remote is started.

    5. NOTE  If the Switchable Graphics menu is missing from the Radeon Settings panel on Windows devices, you can follow the steps in this AMD article, targeting the Web Remote Process location and setting the graphics preference to Power saving.

WebRTC is an open framework that enables Real-Time Communication (RTC) capabilities in the browser. Web Remote leverages this technology to allow a fast peer-to-peer (P2P) connection to be established between devices if available. If a P2P route is not possible, WebRTC will fall back to a relay connection via the platform.

For additional reliability, a WebSocket connection is automatically attempted in parallel with a WebRTC connection, and WebSocket and WebRTC connections are retried on an interval basis. If WebRTC fails to connect but WebSocket succeeds, the WebSocket channel is used for communication, and if WebRTC succeeds but then disconnects in the middle of the session, an automatic failover to the WebSocket channel occurs without the user experiencing a disconnect. If WebSocket fails to connect and WebRTC succeeds, WebRTC is used. WebRTC is always preferred over WebSocket, whether the connection is P2P or Relay.

The following will be displayed under the Connection section. Refer to Connection.

The connection type can be one of the following:

  • WebRTC (P2P)
  • WebRTC (Relay)
  • WebRTC (Relay, TLS)
  • WebRTC
  • WebSocket (Relay)

Refer to Web Remote troubleshooting and tips.

How to...

IMPORTANT  Port 3478 (UDP) must be open in order to connect via Web Remote. Refer to Web Remote communication.

  1. Follow any of the navigation paths described in Security and navigation. Refer to Multi-session support for information about initiating a Web Remote session on multi-session devices.
  2. A new browser tab will open and the Connecting screen will be displayed.

    3. NOTE  If the Show Connection Time toggle is turned on in the Preferences menu, you will see the amount of time it took to connect to the remote device. Refer to Preferences in View information about and perform actions on the connected device.

    NOTE  Connections will be halted and a message will be displayed in the following instances:
    • A technician attempts to open a Web Remote connection by manually entering a URL to an offline device. A message will be displayed indicating that the device is offline.
    • A technician attempts to connect to a closed laptop that is not asleep, and an attached monitor cannot be located. The message No display output is available for duplication will be displayed.
    • A technician attempts to connect to an inactive RDP session using Web Remote (Windows devices only). A message will be displayed indicating that the desktop is not active/not receiving input.
    • A technician attempts to connect to a device that is missing the Agent's encryption key. For more information, refer to Agent encryption.

  3. Once connected to the device, select Control Screen for the user session you wish to connect to.

    NOTE  If only a console session is available (no end user is logged in) and the remote device does not support PowerShell sessions, the Control Screen action will be launched automatically. If the remote device supports PowerShell sessions, both the Control Screen and PowerShell actions will be available. Refer to Requirements in Initiate a Web Remote PowerShell session.

    NOTE  Technicians may view the chat history for devices that are online but with no user currently logged into the device or for offline devices. Refer to View chat history.

    NOTE  If the user has locked their screen, a padlock icon will be displayed. In that case, you may still select Control Screen, but the user's screen will remain locked.

  4. Observe the pop-up notification that appears as the session is being established. This notification will display for 30 seconds before disappearing.

    NOTE  Notifications must first be enabled under System > Notifications & actions (Windows devices only).

    IMPORTANT  Refer to Privacy Mode considerations for information about connecting to an end user's device when they have Privacy Mode enabled.

  5. Once the connection has been established, the browser tab will display the name of the remote device you are connected to, and you will see the following areas on the screen:
    • Remote device screen pane: The pane on the left displays the screen of the remote device you are connected to.

      • NOTE  In some cases for devices that support Desktop Duplication (Windows devices only), you may see a black screen after the connection is established. This may indicate the desktop of the remote device is locked. A message will appear prompting you to click Send CTRL-ALT-DEL from the Keyboard section of the toolbar to unlock the desktop. Refer to Keyboard.

    • Toolbar: The pane on the right displays information about the connected device as well as the remote actions available and is open by default. Clicking > at the bottom of the pane will hide the toolbar. Clicking < will re-open the toolbar.

Web Remote allows technicians to support end users on multi-session devices such as Windows Virtual Desktops and servers running Remote Desktop Services (RDS). After initiating a Web Remote session on one of these devices, technicians can view a list of users who are logged into the device and then choose a user session from the Choose Active User Session screen.

Once a user session is selected, the Web Remote session with that user will be initiated and the user's desktop wallpaper will be displayed. Only the selected user will see the pop-up notification that a session is being established.

If Privacy Mode is set on the remote device, the end user will be prompted to accept or decline a connection request via a dialog box that includes the requesting technician's name in order for the technician to connect to the device. Refer to Privacy Mode.

NOTE  For Web Remote, if Privacy Mode is set on the remote device and Only require permission from the device when connecting with Restricted Tools is selected in the Agent policy targeting the device, end user permission will be required to initiate remote takeover sessions but will not be required to initiate PowerShell sessions. Refer to Privacy mode options in Agent policy.

Once the connection is in progress, a message will be displayed to the end user that a remote takeover is currently in progress. This message will only appear once the end user has accepted the connection request.

NOTE  Notifications must first be enabled under System > Notifications & actions (Windows devices only).

Web Remote will reconnect with the same session should a brief interruption in Internet connectivity occur; a second Privacy Mode prompt will not appear as the end user has already accepted the connection.

If the end user's screen is locked (indicated by the padlock icon), selecting Control Screen will not establish a Web Remote session; instead a message will be displayed stating that the screen is locked.

If the end user logs out, selecting Control Screen will not establish a Web Remote session; instead a message will be displayed stating that there is no end user currently logged in.

Once you are connected to a device, you can view information about and perform a variety of actions on it using the toolbar. The Display section is initially open by default, but your preferences for which sections are open or closed will be saved for future sessions.

For more details about each of the toolbar sections, refer to the table below.

Section Description
Full screen Click the full screen icon at the top of the toolbar to enter full screen mode for this session. Entering full screen mode will hide the toolbar.

Press the Esc key to exit full screen mode, or click the < icon at the bottom of the pane to open the toolbar while in full screen mode. Select the exit full screen icon to return the screen to normal.
Display • Fit Screen: Fits the remote device screen to the screen of your device. Windows devices that have multiple monitors are supported.
• Original Size: View the actual size of the remote device screen.

NOTE  Both horizontal and vertical (landscape and portrait, respectively) display orientations are supported.

The following options appear if the device you are connecting to has multiple monitors/multiple graphic adapters (Windows devices only):

• All Monitors: Select to navigate across all monitors within the display area.
• Single Monitor: Select to navigate only within the currently selected monitor.
Chat Click to load and review the chat history. You may also export the chat history by selecting an option from the Export drop-down menu or invite the end user to chat by clicking Chat Invite. Once the end user accepts the chat invitation, you can continue the chat from within the toolbar. For more information, refer to Initiate a Web Remote chat.
Keyboard On-Screen: Opens the on-screen keyboard on the end user's remote device. The end user's native keyboard layout will be respected.

NOTE  If you are connected to a macOS device from a Windows device and opt to not use the on-screen keyboard, the ALT key on your device will act as the command key on the remote macOS device (for example, you can copy items with ALT+C and paste them with ALT+V).

Send clipboard as keystrokes: Allows you to send text copied from your device to the remote device. A visual indication will appear when you copy something on the remote device, or when you copy something on your device and then click the Web Remote browser tab.

IMPORTANT  The text must be ASCII-only and less than or equal to 256 characters, and your browser must support the Clipboard API in order for this command to become available.

If the button is unavailable, one of the following tooltip messages will be displayed, depending on your browser:

• Browser does not support clipboard
• Clipboard blocked
• Clipboard blocked by browser
• Clipboard awaiting permission
• Clipboard too long (over 100 characters)
• Clipboard contains non-ASCII characters
• Clipboard empty

For Google Chrome (recommended):
1. Enable the Ask when a site wants to see text and images copied to the clipboard (recommended) button within chrome://settings/content/clipboard.
2. You may also need to manually add the platform to the list of allowed sites. Under the Allow section, click Add and enter the platform URL, including the outbound traffic port: for example, https://concord.centrastage.net:443. Refer to Allowlist requirements for IP addresses and URLs for more information.

For Firefox:
1. Type about:config into the browser search bar and press Enter.
2. Enter dom.events.testing.asyncClipboard and double-click the setting to change its value to True.

3. Enter dom.events.asyncClipboard.clipboardItem and double-click the setting to change its value to True.

4. Enter dom.events.asyncClipboard.readText and double-click the setting to change its value to True.

For Safari:
1. Copy text from another window or tab, then click Send clipboard as keystrokes.
2. Observe that the Paste button appears, and click it to paste your copied text.

NOTE  This action is not available when Safari is being used on a secondary display.

• Send CTRL+ALT+DEL: Sends the key press combination of CTRL-ALT-DEL to the remote device.
• For devices that support Desktop Duplication (Windows devices only), Windows ALT key codes for Norwegian, Finnish, Danish, Swedish, Dutch, German, and French language keyboards are also supported.
IT Glue Passwords

Refer to IT Glue passwords in Web Remote.
Autotask Ticket Refer to Autotask companion in Web Remote.
Quick Launch Launch the following applications on the remote device (Windows devices only):
• Command Prompt
• Computer Management
• Control Panel
• Event Viewer
• PowerShell
• Problem History (Reliability Monitor)
• Registry Editor
• Services
• System Information
• System Restore (not available for Windows Servers)
• Task Manager

Launch the following applications on the remote device (macOS devices only):
• Activity Monitor
• Console
• Disk Utility
• System Information
• System Preferences
• Terminal
File Transfer

IMPORTANT  You must have File Manager permissions enabled in Remote control tools to view and access this option. The File Manager tool requires SYSTEM permissions to any file or folder you wish to take actions against. Refer to How do I enable SYSTEM access to files or folders?.

Allows you to download files from the remote device and upload files to the remote device (Windows admin, Windows non-admin, and macOS sessions).

NOTE  File Transfer requires the Agent process to be running using .NET Core.

NOTE  File uploads are limited to 1GB per file upload.

NOTE  For devices that support Desktop Duplication (Windows devices only), if the remote user is not logged in (the desktop is locked), a tooltip will appear stating that the Windows desktop is locked and the download and upload file actions will be disabled.

Choose where to download the file to your device. Uploaded files appear on the Desktop of the domain user currently logged in on the remote device or within C:\Users\<username>\Desktop on Windows devices. Any operations under Quick Launch, File Transfer, and Reboot are temporarily disabled when a file upload or download is being performed.
Reboot Allows you to reboot the remote device and reconnect to the device once the reboot is complete. Select Reboot (macOS devices) or Normal Reboot (Windows devices) to reboot in normal mode, or Safe Reboot to reboot in Safe Mode (Windows devices only).
Performance The following performance graphs are displayed:
• CPU (Used %)
• Memory (Used %)
• Disk: Write and read values measured in megabytes per second
• Network: Receive and send values measured in megabits per second
Connection The following connection quality graphs are displayed:
• Client FPS: Measured in frames per second
• Lag: Measured in milliseconds
• Latency: Measured in milliseconds
• Inbound Traffic Instructions: Measured in instructions per second
• Inbound Traffic Data: Measured in kilobytes per second
Preferences Turn on the toggles to enable the following options:

View Only Mode
Mouse clicks and keyboard entries will not be sent to the remote device. You will receive a notification when this button is selected and the Preferences section will remain open by default.
When switching to another Web Remote session within the same account, this selection will persist.

Block Remote Input
Prevent any mouse clicks or keyboard input from the remote user while providing support.
When switching to another Web Remote session within the same account, this selection will persist. The setting will be turned off for any Windows desktop changes, such as logging in or returning to the login screen by sending CTRL-ALT-DEL. Refer to Keyboard.

Blank Desktop
For sessions on Windows devices, turn on the toggle to blank the desktop, or turn off the toggle to show the user's desktop wallpaper.
This selection will persist per user and device.

NOTE  Upon initial connection, the wallpaper will be blanked by default; that is, it will be changed to a solid black color (existing solid-colored backgrounds will not change). The user's original wallpaper will be restored once the session is terminated. For multi-session support, the wallpaper will only change for the active session. Refer to Multi-session support.

Lock After Disconnect
Upon disconnecting from a device, the windows session will lock and the remote session is dismissed. Credentials are required to log in to the device again. For multi-session support, the session will lock only for the latest connection. Refer to Multi-session support. For devices that support Desktop Duplication (Windows devices only), the background will be restored at the end of the session before the session is locked.
This setting is turned on by default.

Show Connection Time
Generates notifications that display the amount of time it took to connect to remote devices when initiating sessions.
This setting is turned off by default.

Sync Clipboard
Automatically synchronizes the contents of the clipboard between the host and guest devices. A visual indication will appear in the Keyboard menu when content is copied. Refer to Keyboard.
This setting is turned on by default.

NOTE  When switching to another Web Remote session within the same account, this selection will persist.
The Sync Clipboard action is not supported for Safari browsers. For Chrome, Firefox, and Edge browsers, this option will be disabled if clipboard permissions are not configured or enabled within the browser. For more information, refer to Keyboard.

Clear Clipboard On Close
Clears the clipboard contents when the Web Remote session is disconnected. Clipboard History and Microsoft Cloud Clipboard features on Windows devices will be disabled; any content synchronized to a target device’s clipboard will not be available to other devices owned by the target user. This cannot be disabled by technicians or administrators.
When switching to another Web Remote session within the same account, this selection will persist.

For Windows key use (Windows devices only)
Select which key to map the Windows key functionality to in order to make use of keyboard shortcuts during a remote session. Options include the following:

  • Left Alt
  • Left Ctrl
  • Right Ctrl
  • None (default)

Image Quality (Windows devices only)
For devices that support Desktop Duplication (Windows devices only), you can manually select the image quality for a Web Remote session to help in low bandwidth scenarios. Options include the following:

  • Auto (Low/Medium/High): Dynamically adjusts the image quality based on frames per second (FPS) and lag data. The current setting is displayed in parenthesis. This is the default setting.
  • Low: Displays the image quality at 20%.
  • Medium: Displays the image quality at 60%.
  • High: Displays the image quality at 100%.

When switching to another Web Remote session within the same account, this selection will persist.
Rate Session Select a rating for the quality of the Web Remote session from 1-5 stars. Once you have entered your rating, add a comment (optional), select the Use my location toggle button if you wish to include your geolocation data, and then click the Rate Current Session button. A confirmation message will be displayed once you have submitted your rating, and this section will disappear from the toolbar.

IMPORTANT  You must have Chat permissions enabled in Remote control tools to view and access this feature.

NOTE  Branding for Web Remote chat is configured using the header logo and header background color within Setup > Branding. Refer to Branding.

  1. Follow any of the navigation paths described in Security and navigation.
  2. A new browser tab will open and the Connecting screen will be displayed.

    3. NOTE  If the Show Connection Time toggle is turned on in the Preferences menu, you will see the amount of time it took to connect to the remote device. Refer to Preferences in View information about and perform actions on the connected device.

  3. Once connected to the device, select Chat for the user session you wish to connect to. The end user must be logged in for this action to be available.

    A padlock icon will be displayed next to the end user if they have locked their screen. In that case, you may still select Chat to review the chat history, but you will not be able to invite the user to the chat.

    4. NOTE  Technicians may view the chat history for devices that are online but with no user currently logged into the device or for offline devices. Refer to View chat history.

  4. If available, you can review the chat history. A message will be displayed indicating the beginning of the chat if no history is yet available. If multiple technicians have initiated a chat on this device, all technicians can review the chat history before the end user is invited.


    5. IMPORTANT   If a device is deleted from Datto RMM, the Web Remote chat history for that device will be permanently deleted.

    NOTE  Any technician with access to the device can view the entire chat history.

    NOTE  While there is no limit on the amount of technicians that can initiate a chat on the same device, if a device's available resources are unable to support that many connections simultaneously, the number of active connections may be limited.

    NOTE  To initiate a Web Remote session at any time independently of the chat, click Control Screen. Refer to Initiate a Web Remote session.

  5. Click Chat Invite to invite the end user to the chat. If multiple technicians have initiated a chat on this device, only the primary (first) technician that connected will be able to invite the end user to the chat. The primary technician will be dynamically assigned to a new technician if the original primary technician leaves the chat.

    NOTE  Chatting with an end user can only be initiated by a technician. This action will be logged in the Activity Log. Refer to Activity Log.

    NOTE   If you are not assigned as the primary technician, the Chat Invite button will be disabled, and hovering over the button will display a message indicating that only the primary technician can invite the end user to the chat.

  6. A message indicating that the end user is being prompted to join the chat will display.

  7. The end user will be prompted to approve or reject the invitation. If approved, the chat will open in their default browser. The end user will then be able to view the chat history.

  8. After the end user accepts the invitation, a message will indicate that they are joining the chat. Once connected, the Chat Invite button will disappear, and you can begin chatting with the end user. Refer to Chat with an end user.

    NOTE  If the end user rejects the invitation or is unable to connect, a message will indicate that the end user has declined the invitation or is unable to connect to the chat, and the Chat Invite button will become available again.

Messages

Chat messages have a limit of 2048 characters and cannot be empty. The following is supported:

  • Unicode characters
  • Line breaks (Shift+Enter)
  • Inserting emojis using copy/paste
  • URLs (will be converted to a hyperlink when sent)

NOTE  Web Remote chat for browsers configured to use German, Spanish, Italian, or French are supported for end users only.

The chat window will automatically scroll to the latest message when a new message arrives. If you have scrolled away as new messages are arriving, a new message indicator is shown. Click the indicator to scroll to the bottom and view the new messages.

Status indicators

The participants counter at the top of the chat shows the total number of participants, including the end user. This number reflects the participants active in the current Web Remote chat session (not throughout the entire chat history).

NOTE  Visual indicators for chat participants will appear as a green circle when participants are online, and a transparent circle when offline or reconnecting.

If participants are idle for 30 minutes, the connection will be closed, and a message will be displayed indicating that the session has been disconnected. In addition, if a connection is closed, the message text box will no longer be available.

To export a chat, select one of the following options from the drop-down menu, then click Export:

  • Today: from last midnight (relative to current timezone) until the most recent message.
  • Last week: from midnight 7 days ago until the most recent message.
  • Last month: from midnight 30 days ago until the most recent message.
  • All: from the first message until the most recent message (entire history).

NOTE  Each option is only selectable if there are messages available within the specified timeframe.

The chat history will be downloaded to your device in TXT format.

NOTE  The Export button will only appear once you have selected an option from the Export drop-down menu.

Technicians may view the chat history for offline devices by manually navigating to the Web Remote URL for the device in the following format: https://[platform address]/csm/remote/rto/[device ID]

Technicians may view the chat history for devices with no user currently logged into the device as follows:

  1. On the Choose Session screen, click View Chat History next to the user you wish to view the chat history for.

NOTE  The number of chat history records is limited to 50.

NOTE  A No chat history exists message will show if a device is offline and there is no saved chat history.

  1. The chat history for the selected user will load, and is read-only. The Chat Invite and Control Screen buttons will be disabled, and a tooltip in the upper right will indicate that the user is not currently logged in.

Requirements

Permissions

You must have PowerShell permissions enabled in Remote control tools to view and access this feature.

Supported operating systems

A Web Remote PowerShell session can be initiated for remote devices with the following operating systems only:

  • Windows 10 version 1809 and above
  • Windows Server 2019 and above

Session type

The PowerShell action is available only for Windows Console sessions (running as SYSTEM).

PowerShell version

The PowerShell session will run the version of PowerShell installed via C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe. Even if installed, pwsh will not be run.

To retrieve the PowerShell version information, run the command get-host.

Overview

A Web Remote PowerShell session, which does not require screen control, allows technicians to privately solve remote device issues from the command line and view output in real time. The technician's browser communicates with the terminal via WebRTC. This feature includes support for special commands and escape sequences (for example: tab completion, CTRL+C, CTRL+V, and so forth).

NOTE  While the Web Remote PowerShell window is open, copy and paste commands interact only with the clipboard of the device conducting the session and not the clipboard of the remote device. This prevents clipboard content that is private to the end user or unrelated to the PowerShell session from being inadvertently copied or pasted by the technician/Datto RMM user.

NOTE  In PowerShell sessions initiated from Web Remote, you may be able to see stored commands from previous Web Remote sessions on the same device. This is considered expected behavior.

Web Remote shell actions are recorded in the Activity Log. Refer to Activity Log.

One of the following visual indicators, along with a session status description, will be continuously displayed in the header of the PowerShell interface:

  • A green dot indicates the session is connected.
  • A yellow dot indicates the session is in the process of connecting or awaiting acceptance. Refer to Step 4 in the following instructions.
  • A red dot indicates any other status.

Initiate a Web Remote PowerShell session as follows:

  1. Follow any of the navigation paths described in Security and navigation.
  2. A new browser tab will open and the Connecting screen will be displayed.

    3. NOTE  If the Show Connection Time toggle is turned on in the Preferences menu, you will see the amount of time it took to connect to the remote device. Refer to Preferences in View information about and perform actions on the connected device.

  3. Once connected to the device, select PowerShell for the user session you wish to connect to.

    NOTE  If a user has locked their screen, a padlock icon will be displayed. The ability to initiate a PowerShell session will remain available.

  4. Web Remote will attempt to launch the PowerShell session.

    • If Privacy Mode is enabled, the end user must respond to the connection request within 30 seconds for the session to connect.

      NOTE  If the end user declines the connection request or does not respond within 30 seconds, if the screen of the remote device is locked (preventing visibility of the request), or if another Privacy Mode-related error occurs, the session will not connect. Refer to Privacy Mode considerations.

  5. Upon successful connection, the session status will change to Connected. A full-page PowerShell terminal component will become available, allowing you to execute PowerShell commands for the remote device.

If the PowerShell session connection is interrupted, the session status will change to Reconnecting.... If the connection cannot be re-established within 30 seconds, the session will be disconnected.

If the reconnection attempt is successful, the PowerShell session will be restored with output history preserved. If Privacy Mode is enabled, end user permission will not be required again to continue the session.

The PowerShell session will be automatically disconnected if the browser tab in which the session is initiated is not visited for 30 minutes or more. The session will otherwise remain connected, assuming no network disruption, even if no interaction occurs within the terminal.

Upon disconnection, the session status will change to Disconnected due to user inactivity and the cursor will change in appearance.

To start a new PowerShell session following disconnection due to inactivity, simply refresh the page.

Running the exit command will disconnect the PowerShell session. You can refresh the page to start a new session.

Closing the browser tab ends the PowerShell session.

To close the connection to a device, close the device's browser tab. The connection to the remote device will be terminated.

NOTE  The connection is automatically terminated after 30 minutes if there is no activity detected in the device's browser tab. Warning notifications are displayed after 10, 20, and 29 minutes if there is no activity detected.

Refer to Web Remote log files.