Web Remote

SECURITY  Web Remote must be enabled within Remote control tools.

SECURITY  For Web Remote chat, you must have Chat permissions enabled. Refer to Remote control tools.

SECURITY  For Web Remote PowerShell, you must have PowerShell permissions enabled. Refer to Remote control tools.

NAVIGATION  Agent Browser > connect to a device > Web Remote. For more information, refer to Remote takeover tools.

NAVIGATION  Sites > All Sites > click the name of a site > Web Remote (last column in table)

NAVIGATION  Devices > All > Web Remote (last column in table)

NAVIGATION  Device Summary page > Web Remote. To view the various navigation paths you can use to access the Device Summary page, refer to Device Summary.

NAVIGATION  A targeted list of devices > Web Remote (last column in table). To view the navigation paths for the various targeted lists of devices, refer to Targeted lists of devices in Devices.

About

Web Remote is a browser-based HTML5 remote control, chat, and PowerShell technology featuring fast connection times and is available as a remote action for online servers, laptops, and desktops.

IMPORTANT  Web Remote sessions can be initiated from Windows, macOS, Linux, iOS, or Android devices using a recent version of the Chrome, Firefox, Edge, or Safari browser; no installed Agent is required. However, only Windows and macOS devices with a Managed Agent installed can be controlled via a Web Remote session.

For Web Remote to function properly on macOS devices running Mojave or later, the following applications must be listed and selected for the following options in System Preferences > Security & Privacy > Privacy (or, for Ventura, System Settings > Privacy & Security > Privacy section):
Accessibility: AEM Agent, Vine Server
Full Disk Access: AEM Agent, Vine Server
Screen Recording: AEM Agent, Vine Server

File Transfer requires the Agent Process to be running using .NET Core.

Up to four users can connect to a single Windows or macOS device using Web Remote at the same time. In cases where the remote device's resources are unable to support that many connections simultaneously, the number of active connections may be limited.

Web Remote can be accessed from the Agent Browser, the Device Summary page, and the Devices page. For navigation paths, refer to Security and navigation. Web Remote sessions and chats may also be initiated from webhook notifications. Refer to Webhooks.

NOTE  Both Web Remote and Splashtop are not supported for remote takeover of headless devices (physical devices with no attached monitor) unless the device has an active virtual monitor. In these cases, third-party video adapters or other software can be used to generate a virtual display. RDP is an alternative remote takeover tool that functions for headless devices. Refer to RDP in Remote takeover tools.

Web Remote is an Agent module (process) that is managed by AEMAgent and runs alongside the Agent Process (AEMAgent.exe).

When a Web Remote session is established, a new Web Remote Process (RMM.WebRemote) is created for that session. Refer to Initiate a Web Remote session.

Location of the Web Remote Process by operating system:

Operating System Location
Windows %ProgramData%\CentraStage\AEMAgent\RMM.WebRemote\[version]
macOS /usr/local/share/CentraStage/AEMAgent/RMM.WebRemote/[version]

On Windows, additional supporting Web Remote Processes are created, which run in different contexts. These are summarized below:

  • Daemon: Runs in session 0 as SYSTEM at all times and controls all Web Remote sessions on a device.
  • Interactive: Runs in an interactive session as SYSTEM and is responsible for screen capture and most of the desktop protocol handling.
  • Graphics: Runs in an interactive session as the logged in user to access GUI elements, such the system tray icon and balloon notifications.

On macOS, the Interactive process is run in the same context as Daemon. The Graphics process is not run at all.

There are three auxiliary processes that support Web Remote sessions, a subset of which are run depending on the active protocol:

  • RMM.RTO.Proxy: A proxy between AEMAgent and Ultra VNC on Windows or Vine VNC on macOS.
  • RMM.RTC.Proxy: A proxy between AEMAgent and the WebRTC protocol.
  • RMM.RTO.Quartz: A proxy between AEMAgent and the Quartz API on macOS.

Starting from Windows NT 6.2 (Windows 8/Windows Server 2012), a change in the Display Driver Model has permitted hardware acceleration when screen sharing. Using this technology in Web Remote where possible results in a marked improvement in the quality and responsiveness of the takeover session experience as compared to VNC.

Prerequisites:

  • Windows NT 6.2 (Windows 8/Windows Server 2012) or above only. Windows NT 6.1 (Windows 7/Windows Server 2008 R2) or below must use VNC.
  • The Datto RMM Agent Process must use .NET 6. Otherwise VNC must be used, even on Windows NT 6.2 and above. For more information, refer to Supported operating systems and Agent requirements.

If VNC is disallowed on a target device, the VNC connection will fail. On Windows devices, you can control whether VNC is allowed globally. Refer to VNC Settings in the legacy UI and VNC Integration in the New UI.

When Guest GPU Acceleration is active, the following will be displayed under the Connection section. Refer to Connection.

NOTE  The Microsoft Desktop Duplication API is not supported to run on a discrete GPU on a Microsoft hybrid (Multi-GPU) system; it can only run on an integrated GPU. If this known issue occurs, "Cannot run Agent on guest GPU" will appear in the browser. Please refer to this Microsoft Support article for more information.

Starting with Windows 10 Build 17093, there is a setting available that allows you to override GPU-specific settings. For more information, refer to the New Graphics settings for Multi-GPU Systems section of this Microsoft article. Datto RMM now detects whether Windows is running as a hybrid system; for example, a laptop with two device adapters listed under Device Manager: an "integrated" one (for example, Intel) and a "discrete" one (for example, NVIDIA). Once the laptop is detected as a hybrid system, we set a registry key value for each user that logs in to Windows so that the Power saving mode preference is automatically used for the RMM.WebRemote process.

You can continue to use the NVIDIA or AMD control panels. To switch to your dedicated GPU in order to use Web Remote, follow the steps below.

NVIDIA:

NOTE  This option may not be available if you are on an older operating system. Refer to this article for information about a change in functionality in newer Windows 10 operating systems regarding setting the preferred graphics processor.

  1. Open the NVIDIA Control Panel.
  2. Navigate to 3D Settings > Manage 3D Settings.
  3. Select the Program Settings tab and click the Add button.
  4. Choose the RMM.WebRemote process (not AEMAgent) and then click Add Selected Program.
  5. Select Integrated processor as the preferred graphic processor and then click Apply to apply the changes.

AMD Radeon:

  1. Open the Radeon Settings panel.
  2. Navigate to System > Switchable Graphics.

    3. NOTE  In the Switchable Graphics menu, the Running Applications tab is displayed by default. This view lists recent and current running applications and their assigned mode.

  3. Navigate to the RMM.WebRemote process (not AEMAgent) in the list, select it to open its drop-down menu, and select Power Saving.
  4. Observe that changes will take affect the next time Web Remote is started.

WebRTC is an open framework that enables Real-Time Communication (RTC) capabilities in the browser. Web Remote leverages this technology to allow a fast peer-to-peer (P2P) connection to be established between devices if available. If a P2P route is not possible, WebRTC will fall back to a relay connection via the platform.

For additional reliability, a WebSocket connection is automatically attempted in parallel with a WebRTC connection, and WebSocket and WebRTC connections are retried on an interval basis. If WebRTC fails to connect but WebSocket succeeds, the WebSocket channel is used for communication, and if WebRTC succeeds but then disconnects in the middle of the session, an automatic failover to the WebSocket channel occurs without the user experiencing a disconnect. If WebSocket fails to connect and WebRTC succeeds, WebRTC is used. WebRTC is always preferred over WebSocket, whether the connection is P2P or Relay.

The following will be displayed under the Connection section. Refer to Connection.

The connection type can be one of the following:

  • WebRTC (P2P)
  • WebRTC (Relay)
  • WebRTC (Relay, TLS)
  • WebRTC
  • WebSocket (Relay)

Refer to Web Remote troubleshooting and tips.

How to...

IMPORTANT  Port 3478 (UDP) must be open in order to connect via Web Remote. Refer to Web Remote communication.

  1. Follow any of the navigation paths described in Security and navigation. Refer to Multi-session support for information about initiating a Web Remote session on multi-session devices.
  2. Observe that a new browser tab opens and the Connecting screen displays. The connection time will show the time it took to connect to the remote device.

    3. NOTE  Connections will be halted and a message will be displayed in the following instances:
    • A technician attempts to open a Web Remote connection by manually entering a URL to an offline device. A message will be displayed indicating that the device is offline.
    • A technician attempts to connect to an inactive RDP session using Web Remote (Windows devices only). A message will be displayed indicating that the desktop is not active/not receiving input.
    • A technician attempts to connect to a device that is missing the Agent's encryption key. For more information, refer to Agent encryption.

  3. Once connected to the device, select Control Screen for the user session you wish to connect to.

    NOTE  If only a console session is available (no end user is logged in) and the remote device does not support PowerShell sessions, the Control Screen action will be launched automatically. If the remote device supports PowerShell sessions, both the Control Screen and PowerShell actions will be available. Refer to Requirements in Initiate a Web Remote PowerShell session.

    NOTE  Technicians may view the chat history for offline devices, or for users who are not currently logged into the device. Refer to View chat history.

    A padlock icon will be displayed next to the end user if they have locked their screen. In that case, you may still select Control Screen, but the user's screen will remain locked.

  4. Observe the pop-up notification that appears as the session is being established. This notification will display for 30 seconds before disappearing.

    NOTE  Notifications must first be enabled under System > Notifications & actions (Windows devices only).

    Refer to Privacy Mode considerations for information about connecting to an end user's device when they have Privacy Mode enabled.

  5. Once the connection has been established, the browser tab will display the name of the remote device you are connected to, and you will see the following areas on the screen:
    • Remote device screen pane: The pane on the left displays the screen of the remote device you are connected to.

      • NOTE  In some cases for devices that support Desktop Duplication (Windows devices only), you may see a black screen after the connection is established. This may indicate the desktop of the remote device is locked. A message will appear prompting you to click Send CTRL-ALT-DEL from the Keyboard section of the toolbar to unlock the desktop. Refer to Keyboard.

    • Toolbar: The pane on the right displays information about the connected device as well as the remote actions available and is open by default. Clicking > at the bottom of the pane will hide the toolbar. Clicking < will re-open the toolbar.

Web Remote allows technicians to support end users on multi-session devices such as Windows Virtual Desktops and servers running Remote Desktop Services (RDS). After initiating a Web Remote session on one of these devices, technicians can view a list of users who are logged into the device and then choose a user session from the Choose Session screen.

Once a user session is selected, the Web Remote session with that user will be initiated and the user's desktop wallpaper will be displayed. Only the selected user will see the pop-up notification that a session is being established.

If Privacy Mode is set on the remote device, the end user will be prompted to accept or decline a connection request via a dialog box that includes the requesting technician's name in order for the technician to connect to the device. Refer to Privacy Mode.

NOTE  For Web Remote, if Privacy Mode is set on the remote device and Only require permission from the device when connecting with Restricted Tools is selected in an Agent policy targeting the device, end user permission will be required to initiate remote takeover sessions but will not be required to initiate PowerShell sessions. Refer to Privacy mode options in Agent policy.

Once the connection is in progress, a message will be displayed to the end user that a remote takeover is currently in progress. This message will only appear once the end user has accepted the connection request.

NOTE  Notifications must first be enabled under System > Notifications & actions (Windows devices only).

Web Remote will reconnect with the same session should a brief interruption in Internet connectivity occur; a second Privacy Mode prompt will not appear as the end user has already accepted the connection.

If the end user's screen is locked (indicated by the padlock icon), selecting Control Screen will not establish a Web Remote session; instead a message will be displayed stating that the screen is locked.

If the end user logs out, selecting Control Screen will not establish a Web Remote session; instead a message will be displayed stating that there is no end user currently logged in.

Once you are connected to a device, you can view information about and perform a variety of actions on it using the toolbar. The Display section is initially open by default, but your preferences for which sections are open or closed will be saved for future sessions.

For more details about each of the toolbar sections, refer to the table below.

Section Description
Full screen Click the full screen icon at the top of the toolbar to enter full screen mode for this session. Entering full screen mode will hide the toolbar.

Press the Esc key to exit full screen mode, or click the < icon at the bottom of the pane to open the toolbar while in full screen mode. Select the exit full screen icon to return the screen to normal.
Display • Fit Screen: Fits the remote device screen to the screen of your device. Windows devices that have multiple monitors are supported.
• Original Size: View the actual size of the remote device screen.

NOTE  Both horizontal and vertical (landscape and portrait, respectively) display orientations are supported.

The following options appear if the device you are connecting to has multiple monitors/multiple graphic adapters (Windows devices only):

• All Monitors: Select to navigate across all monitors within the display area.
• Single Monitor: Select to navigate only within the currently selected monitor.
Chat Click to load and review the chat history. You may also export the chat history by selecting an option from the Export drop-down menu or invite the end user to chat by clicking Chat Invite. Once the end user accepts the chat invitation, you can continue the chat from within the toolbar. For more information, refer to Initiate a Web Remote chat.
Keyboard • On-Screen: Opens the on-screen keyboard on the end user's remote device. The end user's native keyboard layout will be respected.

NOTE  If you are connected to a macOS device from a Windows device and opt to not use the on-screen keyboard, the ALT key on your device will act as the command key on the remote macOS device (for example, you can copy items with ALT+C and paste them with ALT+V).

• Send clipboard as keystrokes: Allows you to send text copied from your device to the remote device. A visual indication will appear when you copy something on the remote device, or when you copy something on your device and then click the Web Remote browser tab.

IMPORTANT  The text must be ASCII-only and less than 100 characters, and your browser must support the Clipboard API in order for this command to become available (not grayed out).

If the button is grayed out, one of the following tooltip messages will be displayed, depending on your browser:

• Browser does not support clipboard
• Clipboard blocked
• Clipboard blocked by browser
• Clipboard awaiting permission
• Clipboard too long (over 100 characters)
• Clipboard contains non-ASCII characters
• Clipboard empty

For Google Chrome (recommended):
1. Enable the Ask when a site wants to see text and images copied to the clipboard (recommended) button within chrome://settings/content/clipboard.
2. You may also need to manually add the platform to the list of allowed sites. Under the Allow section, click Add and enter the platform URL, including the outbound traffic port: for example, https://concord.centrastage.net:443. Refer to Allowlist requirements for IP addresses and URLs for more information.

For Firefox:
1. Type about:config into the browser search bar and press Enter.
2. Enter dom.events.testing.asyncClipboard and double-click the setting to change its value to True.

3. Enter dom.events.asyncClipboard.clipboardItem and double-click the setting to change its value to True.

4. Enter dom.events.asyncClipboard.readText and double-click the setting to change its value to True.

For Safari:
1. Copy text from another window or tab, then click Send clipboard as keystrokes.
2. Observe that the Paste button appears, and click it to paste your copied text.

NOTE  This action is not available when Safari is being used on a secondary display.

• Send CTRL+ALT+DEL: Sends the key press combination of CTRL-ALT-DEL to the remote device.
• For devices that support Desktop Duplication (Windows devices only), Windows ALT key codes for Norwegian, Finnish, Danish, Swedish, Dutch, German, and French language keyboards are also supported.
IT Glue Passwords

IMPORTANT  This section is available only if the IT Glue Integration is turned on for the account. Refer to IT Glue Integration.
If the integration is turned on but you have not yet authenticated the integration as a user, click Device Page to open the device's Device Summary page in a new tab. In the upper-right corner of the Device Summary page, click IT Glue to open the IT Glue pane. Click Authenticate to log in to IT Glue and complete the user authentication. Refer to IT Glue in Device Summary.
Once authenticated, return to the Web Remote tab and click Refresh.

IMPORTANT  If IP Access Control in your instance of IT Glue is restricted to certain IP addresses, be sure to add the IP addresses of technicians using this feature, as it will not work if accessed from an IP address not included in the allowlist. For details about how to configure IP access control in IT Glue, refer to Allow the IP address of your Datto RMM platform access to IT Glue.

This feature allows you to insert usernames and passwords from IT Glue into a Web Remote session. The drop-down menu allows you to search for passwords from the following three levels:

Search global: Select this option to populate all organizations that exist in the IT Glue account. Either scroll through the list or use the Organization or Password bar to enter and search for a specific organization or for any password from any organization. The results are narrowed as you type. Click an organization name to switch to the Search organization view and access all available usernames and passwords from that organization.

Search organization: If you select this option at the start of the session or after refreshing the page, all available usernames and passwords from the organization/site the current remote configuration/device belongs to will show. If you use the Search global view described above to select a different organization, this view will show usernames and passwords from that organization. You can use the Search for Password bar to enter and search for the name of a specific password or set of passwords from the selected organization.

Search configuration: Select this option to populate all available usernames and passwords for the current remote device. You can use the Search for Password bar to enter and search for the name of a specific device password or set of passwords.

NOTE  The Search organization and Search configuration options are not available if the data has not been matched to IT Glue. Refer to Match IT Glue organizations and configurations.

Click Send CTRL+ALT+DEL to access the login screen of the remote device. This option is only available for remote Windows devices with no user logged in. This option is also available in the Keyboard section. Refer to Keyboard.

In the IT Glue section, click the Insert username icon or Insert password icon to insert that username or password into the session, respectively.

NOTE  Insertion of the following types of passwords is not supported:
Vaulted passwords
• Passwords that contain non-ASCII characters

NOTE  The insertion is performed by emulating keystrokes directly from the IT Glue API to ensure that passwords are not copied to the technician or user clipboards. Take care not to insert a password into a non-hidden field on a user’s computer. If copying passwords to your clipboard, we recommend selecting the Clear Clipboard On Close toggle in the Preferences section. Refer to Preferences.
Autotask Ticket This feature allows you to access and manage Autotask tickets from within a Web Remote session.
First, be sure to review the feature requirements and restrictions. Then, expand the following sections to learn about linking relevant tickets to sessions, opening and updating tickets from within sessions, tracking and recording time spent on tickets while in sessions, and more.

Requirements and restrictions

• This section is available only if the Autotask Integration is turned on for the account. Refer to Autotask Integration. The feature will be disabled if the following requirements are not met.

The Autotask user account used for the integration must have a security level of API User, and Datto RMM must be selected as the Integration Vendor. Refer to Adding or editing an API user in the Autotask Help system.

• To ensure correct functionality of the Autotask platform, Datto recommends enabling pop-ups for Autotask in your browser. Refer to Allowing pop-ups in your browser in the Autotask Help system.
• This section is visible only to users with the Web Remote Autotask tool toggle turned on in their current security level. Refer to Web Remote Autotask in Remote control tools.
• Users with the Web Remote Autotask Search tool toggle turned off in their current security level cannot search for or view results for Autotask tickets from within Web Remote. Refer to Starting from Web Remote in Linking an Autotask ticket to a Web Remote session and Searching for an Autotask ticket in Web Remote.

Alternatively, these users can link tickets to a Web Remote session starting from within Autotask and can create new tickets from within Web Remote. Refer to Starting from an Autotask ticket in Linking an Autotask ticket to a Web Remote session and Creating an Autotask ticket from Web Remote.
• The Autotask ticket search results in Web Remote only include tickets within the Autotask company linked to the Datto RMM site the remote device belongs to.

You can link an Autotask ticket to a Web Remote session by initiating the session from Datto RMM or by initiating the session directly from the Autotask ticket.

Begin the process with either of the following workflows:

  1. In Datto RMM, initiate a Web Remote session for the applicable device synced to the Autotask Integration. Refer to Configure device synchronization.
    For information about initiating a Web Remote session and factors that may affect the connection capabilities, refer to Initiate a Web Remote session.
  2. Expand the Autotask Ticket section.

    3. NOTE  If the feature appears unavailable, confirm you have configured the correct permissions for the Autotask user account used for the Autotask Integration in Datto RMM. For details, refer to the note at the top of this section.

  3. Click Link to a Ticket.
  4. In the Link to a Ticket window, click Link in the Action column for the ticket you wish to link to the session. Refer to Searching for an Autotask ticket in Web Remote.
  1. In Autotask, open the ticket you wish to manage from a Web Remote session.
  2. In the Datto RMM Device Insight in the upper-right corner of the ticket, click Web Remote. For details, refer to Datto RMM Device Insight in Autotask alert ticket information and information specific to Datto RMM.

  3. Once connected to the device in Web Remote, click Control Screen.
    For information about initiating a Web Remote session and factors that may affect the connection capabilities, refer to Initiate a Web Remote session.
  4. You will notice the Autotask Ticket section is expanded by default and the ticket has been automatically linked to the session.

    5. NOTE  If the feature appears unavailable, confirm you have configured the correct permissions for the Autotask user account used for the Autotask Integration in Datto RMM. For details, refer to the note at the top of this section.

Upon disconnecting from the device, the linked ticket is automatically unlinked but can be relinked upon starting a new connection. Refer to Disconnect from a device.

Changing the linked ticket

You can change the linked ticket at any time throughout the session by clicking Change Ticket. Refer to Searching for an Autotask ticket in Web Remote.

You can create an Autotask ticket directly in a Web Remote session as follows:

  1. In Datto RMM, initiate a Web Remote session for the applicable device synced to the Autotask Integration. Refer to Configure device synchronization.
    For information about initiating a Web Remote session and factors that may affect the connection capabilities, refer to Initiate a Web Remote session.
  2. Expand the Autotask Ticket section.

    3. NOTE  If the feature appears unavailable, confirm you have configured the correct permissions for the Autotask user account used for the Autotask Integration in Datto RMM. For details, refer to the note at the top of this section.

  3. Click Link to a Ticket.

    4. NOTE  If a ticket is already linked, you will find the option to create a new ticket after clicking Change Ticket.

  4. Click Create New Ticket in the lower-right corner of the Link to a Ticket window. 
    For this button to be available, the device's site must be mapped to an Autotask organization. Refer to Configure organization (site) mapping. You must also have alert priority mapping and default ticket settings configured. Refer to Configure alert priority mapping and Default Ticket Settings section.
  5. Enter the ticket details via the Title field (required) and Description field (optional).

  6. Turn on the Attach this Device to the Ticket toggle to cause the remote device details to show in the Configuration Item Insight in the created Autotask ticket. For details about this insight, refer to Configuration Item Insight in Autotask Integration.
  7. The Default Ticket settings section shows the ticket attributes that will appear by default in the Autotask ticket. The Status value is not editable in Datto RMM and will default to New, but you can update this status as you work on the ticket. The rest of the values are based on the settings configured in the Alerts tab of the Autotask integration setup card.
    As necessary, you can edit the following default ticket values for Web Remote-created tickets as follows:

    8. NAVIGATION  Setup > Integrations > Autotask > Alerts tab > Alert Mapping > Moderate row

    • Priority: Edit the Autotask Priority selection in the Moderate row and save the change.

    NAVIGATION  Setup > Integrations > Autotask > Alerts tab > Default Ticket Settings section > End Client Agent row

    • Queue, Issue Type, Sub-Issue Type, and Work Type: Edit the selections in the End Client Agent row and save your changes.

      • NOTE  Ensure the issue type and sub-issue type you set in the End Client Agent row are available in your default Autotask ticket template.

    For further instructions on how to select these values, refer to Default Ticket Settings section in Autotask Integration.
    Any ticket attribute changes will be reflected in this Default Ticket settings section in Web Remote. As necessary, you can change the values in individual tickets once the tickets are created in Autotask.

  8. If you do not wish to save your progress, click Back to return to the Link to a Ticket window.
    You have the option to save and create the Autotask ticket either with or without immediately creating a time entry.
    If you click Save and Enter Time, the New Ticket Time Entry page for the ticket will open. Refer to Adding a ticket time entry in the Autotask Help system.

    9. NOTE  To save the time entry, the Time Worked must be recorded as more than zero minutes, you must enter a note in the Summary Notes field, and you must change the status from New.

    If you click Save instead, the ticket will be created without prompting you to create a time entry. You can always add a time entry later in the ticket or via the stopwatch in Web Remote. Refer to Managing Autotask tickets from Web Remote. A pop-up notification will confirm the ticket has been created.

The newly created ticket is automatically linked to your Web Remote session.

Upon disconnecting from the device, the linked ticket is automatically unlinked but can be relinked upon starting a new connection. Refer to Disconnect from a device.

IMPORTANT  The Autotask ticket search results in Web Remote only include tickets within the Autotask company linked to the Datto RMM site the remote device belongs to.

You can open the Link to a Ticket window in Web Remote by clicking Link to a Ticket or Change Ticket in the Autotask Ticket section.

The table displays the following information:

  • Title: The ticket title. Click the hyperlink to open the Autotask ticket in a new window and review its details. To learn how to manage and update the ticket, refer to The Ticket page in the Autotask Help system.
  • Number: The ticket number.
  • Completed: This column shows Yes if the ticket Status is set to Complete or No if it is set to any other status.
  • Assigned to me: This column shows Yes if the current Datto RMM user is assigned as a resource in the ticket or No if the current Datto RMM user is not assigned as a resource in the ticket.
  • Due: The Due Date set in the ticket.
  • Action: Click Link to link the ticket to the Web Remote session. Refer to Managing Autotask tickets from Web Remote.

By default, the window lists all tickets created in the last 30 days, sorted by ticket number (which equates to date created). Continue scrolling to load all items in the list.

To search for a specific ticket, enter the ticket title or ticket number in the search bar. The search results are narrowed as you type.

You can filter the list in the following ways:

  • In the All Tickets drop-down menu, select one of the following options:
  • Turn the following toggles on or off:
    • Only assigned to me: This toggle is disabled if the current Datto RMM user is not mapped to an Autotask resource. Once enabled, turn on this toggle to only see tickets to which you are assigned as a resource.
    • Only show open Tickets: Turn on this toggle to only see tickets with a Status that is not Complete.
    • Created in last 30 days: Turn on this toggle to only see tickets created in the last 30 days.

NOTE  You must specify at least one filter or search phrase.

NOTE  The filter selection will persist the next time a Web Remote session is initiated.

Once a ticket is linked to the Web Remote session, the Autotask Ticket section displays the following information:

  • The Autotask stopwatch: Refer to The task or ticket stopwatch in the Autotask Help system to learn how to work with the stopwatch. Click the Record button to open the New Ticket Time Entry page for the ticket.

    The recorded time is automatically captured in the Time Entry Details section and can be edited. Refer to Adding a ticket time entry in the Autotask Help system.

    • NOTE  To save the time entry, the Time Worked must be recorded as more than zero minutes, you must enter a note in the Summary Notes field, and you must change the status from New.

    NOTE  The stopwatch will continue to run even if you change the linked ticket. At any point, you can suspend and save the stopwatch count by clicking the Pause button or clear any recorded time from the clock and reset it to 00:00:00 by clicking the Clear button.

    When ready to continue or restart the count, click the Start button.

    NOTE  The Record button is disabled if the count on the clock is 00:00:00.

  • Add Note:


    In the Note field, enter a note to be added to the Autotask ticket. The Title field is optional. If you do not enter a custom title, it will show as Web Remote Note in the ticket. Be sure the Internal toggle is turned on if you would like to publish the note to internal users only rather than all Autotask users. When ready, click Save to publish the note in the ticket.
  • Add Attachment:
    • From local device: Opens the file manager application on your local device.
    • From remote device: Opens the file manager application on the screen of the remote device.

    Select a file that is 4 MB or smaller from your local device to upload to the Autotask ticket. Be sure the Internal toggle is turned on if you would like to publish the attachment to internal users only rather than all Autotask users. When ready, click Save to publish the attachment in the ticket.
  • Add Screenshot:


    A screenshot of the current remote device screen will be automatically captured. The Attachment name field is optional. If you do not enter a custom name, it will show as Web Remote Screenshot in the ticket. Be sure the Internal toggle is turned on if you would like to publish the screenshot to internal users only rather than all Autotask users. When ready, click Save to publish the screenshot in the ticket.
  • Open Checklist:


    If the Autotask ticket contains a checklist, the list is displayed. Refer to The checklist in the Autotask Help system. Select or clear the check mark list items to mark the items as complete or incomplete. Changes are immediately reflected in the ticket.
    The following checklist features that can be configured in Autotask are displayed in Web Remote as follows:
    • Typed URL: Displays as a hyperlink that can be clicked.
    • Associated document or article: Displays as a hyperlink that can be clicked, denoted by an article icon.
    • Item marked as Important: An exclamation mark is displayed after the item.

    • NOTE  Checklist creation, addition or removal of items, item reordering, and other checklist editing actions must be performed in the Autotask ticket.

    NOTE  Web Remote displays both parent and child checklist items in the order in which they are arranged in Autotask, but child items do not appear indented underneath their parent items as they do in Autotask.

  • The ticket number.
  • The ticket title. Click the hyperlink to open the Autotask ticket in a new window and review its details. To learn how to manage and update the ticket, refer to The Ticket page in the Autotask Help system.
  • The due date set in the ticket.
  • The contact assigned to the ticket. Refer to Adding and editing contacts in the Autotask Help system.
  • Change Ticket: You can change the linked ticket at any time throughout the session by clicking Change Ticket. Refer to Searching for an Autotask ticket in Web Remote.
  • Make sure Autotask pop-ups are enabled: To ensure correct functionality of the Autotask platform, Datto recommends enabling pop-ups for Autotask in your browser. Refer to Allowing pop-ups in your browser in the Autotask Help system.
Quick Launch Launch the following applications on the remote device (Windows devices only):
• Command Prompt
• Computer Management
• Control Panel
• Event Viewer
• PowerShell
• Problem History (Reliability Monitor)
• Registry Editor
• Services
• System Information
• System Restore (not available for Windows Servers)
• Task Manager

Launch the following applications on the remote device (macOS devices only):
• Activity Monitor
• Console
• Disk Utility
• System Information
• System Preferences
• Terminal
File Transfer

IMPORTANT  You must have File Manager permissions enabled in Remote control tools to view and access this option. The File Manager tool requires SYSTEM permissions to any file or folder you wish to take actions against. Refer to How do I enable SYSTEM access to files or folders?.

Allows you to download files from the remote device and upload files to the remote device (Windows admin, Windows non-admin, and macOS sessions).

NOTE  For devices that support Desktop Duplication (Windows devices only), if the remote user is not logged in (the desktop is locked), a tooltip will appear stating that the Windows desktop is locked and the download and upload file actions will be disabled.

Choose where to download the file to your device. Uploaded files appear on the Desktop of the domain user currently logged in on the remote device or within C:\Users\<username>\Desktop on Windows devices. Any operations under Quick Launch, File Transfer, and Reboot are temporarily disabled when a file upload or download is being performed.
Reboot Allows you to reboot the remote device and reconnect to the device once the reboot is complete. Select Reboot (macOS devices) or Normal Reboot (Windows devices) to reboot in normal mode, or Safe Reboot to reboot in Safe Mode (Windows devices only).
Performance The following performance graphs are displayed:
• CPU (Used %)
• Memory (Used %)
• Disk: Write and read values measured in megabytes per second
• Network: Receive and send values measured in megabits per second
Connection The following connection quality graphs are displayed:
• Client FPS: Measured in frames per second
• Lag: Measured in milliseconds
• Latency: Measured in milliseconds
• Inbound Traffic Instructions: Measured in instructions per second
• Inbound Traffic Data: Measured in kilobytes per second
Preferences Select the toggle buttons to enable the following options:
• View Only Mode: Mouse clicks and keyboard entries will not be sent to the remote device. You will receive a notification when this button is selected and the Preferences section will remain open by default. When switching to another Web Remote session within the same account, this selection will persist.
• Block Remote Input: Prevent any mouse clicks or keyboard input from the remote user while providing support. When switching to another Web Remote session within the same account, this selection will persist. The selection will be turned off for any Windows desktop changes, such as logging in or returning to the login screen by sending CTRL-ALT-DEL. Refer to Keyboard.
• Blank Desktop: For sessions on Windows devices, toggle ON to blank the desktop or OFF to show the user's desktop wallpaper. This selection will persist per user and device.

NOTE  Upon initial connection, the wallpaper will be blanked by default; that is, it will be changed to a solid black color (existing solid-colored backgrounds will not change). The user's original wallpaper will be restored once the session is terminated. For multi-session support, the wallpaper will only change for the active session. Refer to Multi-session support.

• Lock After Disconnect: Upon disconnecting from a device, the windows session will lock and the remote session is dismissed. Credentials are required to log in to the device again. For multi-session support, the session will lock only for the latest connection. Refer to Multi-session support. For devices that support Desktop Duplication (Windows devices only), the background will be restored at the end of the session before the session is locked.
• Show Connection Time: Display connection time notifications when initiating sessions.
• Sync Clipboard: Automatically synchronizes the contents of the clipboard between the host and guest devices. Enabled by default. A visual indication will appear in the Keyboard menu when content is copied. Refer to Keyboard. When switching to another Web Remote session within the same account, this selection will persist.

NOTE  The Sync Clipboard action is not supported for Safari browsers. For Chrome, Firefox, or Edge browsers, this option will be disabled if clipboard permissions are not configured or enabled within the browser. For more information, refer to Keyboard.

• Clear Clipboard On Close: Clears the clipboard contents when the Web Remote session is disconnected. Enabled by default. Clipboard History and Microsoft Cloud Clipboard features on Windows devices will be disabled; any content synchronized to a target device’s clipboard will not be available to other devices owned by the target user. This cannot be disabled by technicians or administrators. When switching to another Web Remote session within the same account, this selection will persist.

• For Windows key use (Windows devices only): Select which key to map the Windows key functionality to in order to make use of keyboard shortcuts during a remote session. Options include Left Alt, Left Ctrl, Right Ctrl, and None (default).
• For devices that support Desktop Duplication (Windows devices only), you can manually select the image quality for a Web Remote session to help in low bandwidth scenarios. When switching to another Web Remote session within the same account, this selection will persist. Choose from the following options:
◦ Auto (Low/Medium/High): Dynamically adjusts the image quality based on frames per second (FPS) and lag data. The current setting is displayed in parenthesis. This is the default setting.
◦ Low: Displays the image quality at 20%.
◦ Medium: Displays the image quality at 60%.
◦ High: Displays the image quality at 100%.
Rate Session Select a rating for the quality of the Web Remote session from 1-5 stars. Once you have entered your rating, add a comment (optional), select the Use my location toggle button if you wish to include your geolocation data, and then click the Rate Current Session button. A confirmation message will be displayed once you have submitted your rating, and this section will disappear from the toolbar.

IMPORTANT  You must have Chat permissions enabled in Remote control tools to view and access this feature.

NOTE  Branding for Web Remote chat is configured using the header logo and header background color within Setup > Branding. Refer to Branding.

  1. Follow any of the navigation paths described in Security and navigation.
  2. Observe that a new browser tab opens and the Connecting screen displays. The connection time will show the time it took to connect to the remote device.
  3. Once connected to the device, select Chat for the user session you wish to connect to. The end user must be logged in for this action to be available.

    A padlock icon will be displayed next to the end user if they have locked their screen. In that case, you may still select Chat to review the chat history, but you will not be able to invite the user to the chat.

    4. NOTE  Technicians can view the chat history for offline devices, or for devices that are online but with no user currently logged into the device. Refer to View chat history.

  4. Review the chat history. A message will be displayed indicating the beginning of the chat if no history is yet available. If multiple technicians have initiated a chat on this device, all technicians can review the chat history before the end user is invited.


    5. NOTE  Any technician with access to the device can view the entire chat history.

    NOTE  There is no limit on the amount of technicians that can initiate a chat on the same device.

    NOTE   If a device is deleted from Datto RMM, the Web Remote chat history for that device will be permanently deleted.

    NOTE  To initiate a Web Remote session at any time independently of the chat, click Control Screen. Refer to Initiate a Web Remote session.

  5. Click Chat Invite to invite the end user to the chat. If multiple technicians have initiated a chat on this device, only the primary (first) technician will be able to invite the end user to the chat. The primary technician will be dynamically assigned to a new technician if the original primary technician leaves the chat.

    NOTE  Chatting with an end user can only be initiated by a technician. This action will be logged in the Activity Log. Refer to Activity Log.

    NOTE   If you are not assigned as the primary technician, the Chat Invite button will be disabled, and hovering over the button will display a message indicating that only the primary technician can invite the end user to the chat.

  6. Observe the message indicating that the end user is being prompted to join the chat.

  7. The end user will be prompted to approve or reject the invitation, and if approved, the chat will open in their default browser. The end user will then be able to view the chat history.

  8. After the end user accepts the invitation, a message will indicate that they are joining the chat. Once connected, the Chat Invite button will disappear, and you can begin chatting with the end user. Refer to Chat with an end user.

    If the end user rejects the invitation or is unable to connect, a message will indicate that the end user has declined the invitation or is unable to connect to the chat, and the Chat Invite button will become available again.

Messages

Chat messages have a limit of 2048 characters and cannot be empty. The following is supported:

  • Unicode characters
  • Line breaks (Shift+Enter)
  • Inserting emojis using copy/paste
  • URLs (will be converted to a hyperlink when sent)

NOTE  Web Remote chat for browsers configured to use German, Spanish, Italian, or French are supported for end users only.

The chat window will automatically scroll to the latest message when a new message arrives. If you have scrolled away as new messages are arriving, a new message indicator is shown. Click the indicator to scroll to the bottom and view the new messages.

Status indicators

The participants counter at the top of the chat shows the total number of participants, including the end user. This number reflects the participants active in the current Web Remote chat session (not throughout the entire chat history).

Visual indicators for chat participants will appear as a green circle when participants are online, and a transparent circle when offline or reconnecting.

If participants are idle for 30 minutes, the connection will be closed, and a message will be displayed indicating that the session has been disconnected. In addition, if a connection is closed, the message text box will no longer be available.

To export a chat, select one of the following options from the drop-down menu, then click Export:

  • Today: from last midnight (relative to current timezone) until the most recent message.
  • Last week: from midnight 7 days ago until the most recent message.
  • Last month: from midnight 30 days ago until the most recent message.
  • All: from the first message until the most recent message (entire history).

NOTE  Each option is only selectable if there are messages available within the specified timeframe.

The chat history will be downloaded to your device in TXT format.

NOTE  The Export button will only appear once you have selected an option from the Export drop-down menu.

Technicians can view the chat history for offline devices, or for devices that are online but with no user currently logged into the device.

  1. On the Choose Session screen, select View Chat History next to the user you wish to view the chat history for.

NOTE  The number of chat history records is limited to 50.

  1. Observe that the chat history for this user will load, and that it is read-only. The Chat Invite and Control Screen buttons are disabled, and tooltips indicate that the user is not currently logged in.

Requirements

Permissions

You must have PowerShell permissions enabled in Remote control tools to view and access this feature.

Supported operating systems

A Web Remote PowerShell session can be initiated for remote devices with the following operating systems only:

  • Windows 10 version 1809 and above
  • Windows Server 2019 and above

Session type

The PowerShell action is available only for Windows Console sessions (running as SYSTEM).

PowerShell version

The PowerShell session will run the version of PowerShell installed via C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe. Even if installed, pwsh will not be run.

To retrieve the PowerShell version information, run the command get-host.

Overview

A Web Remote PowerShell session, which does not require screen control, allows technicians to privately solve remote device issues from the command line and view output in real time. The technician's browser communicates with the terminal via WebRTC. This feature includes support for special commands and escape sequences (for example: tab completion, CTRL+C, CTRL+V, and so forth).

NOTE  While the Web Remote PowerShell window is open, copy and paste commands interact only with the clipboard of the device conducting the session and not the clipboard of the remote device. This prevents clipboard content that is private to the end user or unrelated to the PowerShell session from being inadvertently copied or pasted by the technician/Datto RMM user.

NOTE  In PowerShell sessions initiated from Web Remote, you may be able to see stored commands from previous Web Remote sessions on the same device. This is considered expected behavior.

Web Remote shell actions are recorded in the Activity Log. Refer to Activity Log.

One of the following visual indicators, along with a session status description, will be continuously displayed in the header of the PowerShell interface:

  • A green dot indicates the session is connected.
  • A yellow dot indicates the session is in the process of connecting or awaiting acceptance. Refer to Step 4 in the following instructions.
  • A red dot indicates any other status.

Initiate a Web Remote PowerShell session as follows:

  1. Follow any of the navigation paths described in Security and navigation.
  2. Observe that a new browser tab opens and the Connecting screen displays. The connection time will show the time it took to connect to the remote device.
  3. Once connected to the device, select PowerShell for the user session you wish to connect to.

    A padlock icon will be displayed next to the end user if they have locked their screen. The ability to initiate a PowerShell session will remain available.
  4. Web Remote will attempt to launch the PowerShell session.

    If Privacy Mode is enabled, the end user must respond to the connection request within 30 seconds for the session to connect.

    If the end user declines the connection request or does not respond within 30 seconds, if the screen of the remote device is locked (preventing visibility of the request), or if another Privacy Mode-related error occurs, the session will not connect.
    Refer to Privacy Mode considerations.
  5. Upon successful connection, the session status will change to Connected. A full-page PowerShell terminal component will become available, allowing you to execute PowerShell commands for the remote device.

If the PowerShell session connection is interrupted, the session status will change to Reconnecting.... If the connection cannot be re-established within 30 seconds, the session will be disconnected.

If the reconnection attempt is successful, the PowerShell session will be restored with output history preserved. If Privacy Mode is enabled, end user permission will not be required again to continue the session.

The PowerShell session will be automatically disconnected if the browser tab in which the session is initiated is not visited for 30 minutes or more. The session will otherwise remain connected, assuming no network disruption, even if no interaction occurs within the terminal.

Upon disconnection, the session status will change to Disconnected due to user inactivity and the cursor will change in appearance.

To start a new PowerShell session following disconnection due to inactivity, simply refresh the page.

Running the exit command will disconnect the PowerShell session. You can refresh the page to start a new session.

Closing the browser tab ends the PowerShell session.

To close the connection to a device, close the device's browser tab. The connection to the remote device will be terminated.

NOTE  The connection is automatically terminated after 30 minutes if there is no activity detected in the device's browser tab. Warning notifications are displayed after 10, 20, and 29 minutes if there is no activity detected.

Refer to Web Remote log files.