How to setup ScreenConnect with RMMmax
Minimum Requirements: Connect 22.9.1+ and RMM Plus 1.0.29 or greater
ScreenConnect by default does not come with an API that you can authenticate against and connect to endpoints that will allow you to do stuff. Stuff like collecting the company and agent data from the environment or being able to send commands down to the local agent.
But don’t be discouraged! Tim Steffen, a,k.a., Big Dessert has built a nice little ScreenConnect extension that places API functions need with the authentication support so that we can access ScreenConnect in the same way we connect to Tactical RMM or CW Automate.
To get started you will need to log in as an administrator to your ScreenConnect Environment and navigate to the Admin section and select Extensions and then find and select the Browse Extension Marketplace.
Once installed make sure your version is on or above Build 1.0.29. The reason for this is that we are working with Tim to create the functionality we need to integrate Control into RMMmax. This collaboration started after release build 1.0.29
API Security
Secure Password
As part of the setup of the RMM+ extension you need to provide 2 forms of security to complete the configuration of the API on ScreenConnect. A very strong pass phrase, we prefer a generated key which you can get at https://randomkeygen.com 1. This key will be passed securely across the Internet to the API so we recommend that you use 256-bit WEP keys as they do not contain characters that may cause distortion of the HTTPS requests.
Allowed Origin
The allowed origin setting is basically another password that is set but this is in the form of a FQDM. It can be pretty much any name you want it to be as long as it matches the name configured in RMMmax. You can name it the domain you are on, or you can name it the domain we are coming from, and both will work as long as they match in RMMmax.
Configure your Team in RMMmax
Now that you have the API up and running you can configure RMMmax to connect to it and access the data it holds. If you have not yet configured a team, RMMmax will prompt you to create a new team.
The key elements to a successful connection are the API URL, API Secret and the Allowed Origin setting.
Here is what they would look like on a common self-hosted setup.
Place the base URL for your ScreenConnect Web access and the generated key into the team’s configuration area for the ScreenConnect RMM Type.
Use the same URL and port combination you use to access ScreenConnect web portal.
Example:
Now you can browse over to the Dashboard and select RMM Sync to seed the system for the first time or if you log out and log back in this will also force a client/agent sync or you can leave it alone and the automation of RMMmax will cycle around and scan your RMM environment for you. The automation will do this daily if the system is configured to do so.
NOTE:
Configuring access to the RMM environment in the team’s settings area “will not” automatically start any data collections or services on RMMmax. You are required to enable scanning and must enable each client and agent separately for each tool in the RMMmax toolbox.
See RMM Environment settings and enabling of clients and agents’ documentation for more information.