Tactical RMM integrates with MeshCentral for the following 3 functions:
- Take Control.
- Real time shell.
- Real time file browser.
MeshCentral has issues with Firefox, use a Chromium-based browser.
At some point in the future, these functions will be directly built into the Tactical agent, removing the need for MeshCentral.
It should be noted that Tactical RMM and MeshCentral are 2 completely separate products and can run independently of each other.
They do not even have to run on the same box, however when you install Tactical RMM it simply installs MeshCentral for you with some pre-configured settings to allow integration.
It is highly recommended to use the MeshCentral instance that Tactical installs, since it allows the developers more control over it and to ensure things don't break.
How does it work?¶
MeshCentral has an embedding feature that allows integration into existing products.
See Section 14 - Embedding MeshCentral in the MeshCentral User Guide for a detailed explanation of how this works.
The Tactical RMM agent keeps track of your Mesh agents, and periodically interacts with them to synchronize the Mesh agent's unique ID with the Tactical RMM database.
When you do a take control / terminal / file browser on an agent using the Tactical UI, behind the scenes, Tactical generates a login token for MeshCentral's website and then "wraps" MeshCentral's UI in an iframe for that specific agent only, using it's unique ID to know what agent to render in the iframe.
Running your own existing or separate MeshCentral server?¶
We do testing to make sure everything works with the version found here (look for MESH_VER).
Installation instructions for using your own MeshCentral server:
- Run standard installation.
- When asked for Mesh URL specify your existing Mesh server URL.
- After installation, you will need to run thru manually uploading installers and connecting token with this:
- Make sure DNS is pointing to your existing server (you must also remove
/etc/hostson the trmm server).
Mesh usernames are CaSe sEnSiTive
Customize Take Control Username¶
If you've enabled the Mesh "Ask Consent + Bar" display option that shows across the top when controlling a users machine and you'd like to change the name that users see, login to https://mesh.yourdomain.com, go to Users, select User > Edit
There are MANY MeshCentral options that you can configure. Here are some you might want to investigate:
tlsOffload (for proxy users)
Using Tactical RMM Without MeshCentral¶
Install Tactical RMM normally. Then, to disable the MeshCentral Server on the TRMM server run:
sudo systemctl disable --now meshcentral mongod
Then when installing an agent, make sure to pass the
-nomesh flag to the installer
Tactical RMM has a full permission module, but because of how Tactical RMM integrates with MeshCentral currently there is a permissions bypass atm. First, here's how Tactical RMM's integration works.
With that understanding, when you trigger any function in Tactical RMM that uses a MeshCentral function (Remote Control, or Remote background) the user gets the full admin login Auth token for logging into MeshCentral. If they then goto https://mesh.example.com they will see all agents and have full administrative permissions for everything in MeshCentral.
If you have multiple techs, and need to restrict their computer access permissions, right now you will need to disable auto login and manually manage your meshcentral users and computers. First you will need to:
- Check the
Disable Auto Login for Remote Control and Remote background:option.
- Manually login to MeshCentral, and manually create users and set their permissions/restrictions.
- All techs will then have to manually login to https://mesh.example.com daily so they can use Remote Control and the MeshCentral Remote Background features.
It is planned at some point in the future for this to either be automated, or eliminated entirely. For now, you will need to handle this yourself.