Refer to ACCOUNT → Policies and SITES → Policies in Security Level Details - Permissions
Account → Policies
Sites → select a site → Policies
What is an Agent policy?
Agent policies deploy settings to affect the operation and configuration of the Datto RMM Agent. They may affect Privacy Mode, the Agent installation and service, security, and the Agent Browser mode. For information about the Agent, refer to Datto RMM Agent.
- Agent policies can be set up in the Web Portal at both the Account and Site level. Refer to Create a policy.
- On the Policies page, click New account policy... or New site policy....
- Give the policy a Name.
- Select the type Agent.
To copy an already existing policy to use it as a template, choose it from the Based on drop-down list. To create a new policy, select New Policy.
- Click Next.
Click Add a target... to target your devices through a specific filter or group.
If you want to target more than one filter or group, add another target to the policy. Multiple targets will apply the "OR" logic, that is, the policy will be run on a device if it is included in any of the targets. For more information about target types, refer to Filters and Groups.
Filters will present you with a list of the device filters that are present in every account and any custom filters you've created yourself. Devices of Unknown device type will not be targeted by the policy.
- Click Add.
- Choose one or more of the following options:
|Privacy Mode Options|
|Activate Privacy Mode||Automatically turns on Privacy Mode for all devices targeted by the policy and will require end user permission when connecting to a targeted device. Once Privacy Mode is enabled on a device, the Datto RMM Administrator cannot disable this setting. Privacy Mode can only be disabled by the end user on the device itself. For further information, refer to Privacy Mode.|
|Allow connections when no user is logged in||Allows you to connect to a device when no user is logged in but Privacy Mode is active on the device.|
|Only require endpoint permission for restricted tools||Allows you to configure Privacy Mode in a way that end user permission is only required when the following tools are used: VNC, RDP, Splashtop, Screenshot.|
|Install Service only||No system tray icon or Start menu shortcuts will be installed. It is only available for Windows devices. Refer to Hide the Datto RMM Agent icon.|
|Disable incoming jobs||Prevents the Agent from running jobs. For information on what kind of components can be installed if this feature is enabled, refer to User Tasks.|
|Disable incoming support||Prevents remote access to a device from another device.|
|Disable audits||Prevents the Agent from submitting audits to the platform.|
|Agent Policy Options|
|Disable Privacy options||Removes access to the Privacy Mode Options in the Agent.
You cannot disable Privacy Mode in the Agent using this setting if Privacy Mode had already been activated. Once Privacy Mode is enabled on a device, it can only be disabled by the end user.
|Disable Settings menu||Removes access to the Settings menu in the Agent.|
|Disable Quit options||Removes the option for the user to exit the Agent.|
|Disable Tickets tab||Removes the option for the user to log a ticket through the Agent.|
|Show "Take screenshot and request support" menu entry (Autotask PSA Only)||This option is only available if the Autotask PSA Integration is enabled. Refer to Autotask PSA Integration.
When this option is selected, a Take screenshot and request support menu entry is added to the Agent.
|Show "Request support" menu entry (Autotask PSA Only)||This option is only available if the Autotask PSA Integration is enabled. Refer to Autotask PSA Integration.
When this option is selected, a Request support menu entry is added to the Agent.
|Agent Browser Mode|
|Disabled||Prevents any access to the Agent Browser window.|
|User - No access to Support tab||Allows the user to open the Agent Browser window but prevents them from logging in. For more information, refer to Log into the Agent Browser.|
|Admin - can log into Support tab||Allows full access to the Agent Browser window. Refer to Agent Browser.
This is the default option.
Click Save and Push Changes.
If you click Save Only, you'll be directed to your list of policies where you can click Push changes... next to the policy in question.
This functionality is only available for Windows devices.
Sometimes you may want to hide the Datto RMM icon in the system tray because you do not want your end users to access all the options it offers (for example, the option to create a ticket), or because you want to prevent the users from stopping the Agent or turning on Privacy Mode.
To hide the Agent icon from the end user, check Install Service Only.
The changes will be pushed instantly if the Agent is online or as soon as it checks in to the platform. Once the change has been applied on the Agent, the Datto RMM Agent icon will be hidden on the local device.
|Need to troubleshoot this? Open the Datto Knowledge Base.|
|Want to talk about it? Head on over to our Community Forum!|
|Forward this topic to others.|
|Provide feedback for the Documentation team.|