tacticalrmm

Release Notes

• Fixed #1345 Powershell script arguments break when custom field contains a single quote
• Fixed #1367 Delete tasks after expiry date
• Docker: fixed celery (background tasks) only using 1 worker instead of auto scaling
• Reworked and optimized some background tasks to better handle instances with high agent counts and fixed some race conditions
• Started async rework of various functions
• Various dependency updates

New Contributors

• @mollymaemilano made their first contribution in https://github.com/amidaware/tacticalrmm/pull/1397

PR's

• Add options to enable/disable Mesh Compression, WebRTC by @joeldeteves in https://github.com/amidaware/tacticalrmm/pull/1402

Full Changelog: https://github.com/amidaware/tacticalrmm/compare/v0.15.6...v0.15.7

Release Notes

• Added #1378 Users may now reset their own password/2fa without requiring any user permissions. A new interface has been added for this (top right of dashboard, click on username > Account)
• Added shadows to web UI in dark mode
• Fixed #1369 Editing API key results in 404 error
• Fixed #1359 Path error when running scripts/commands on MS Exchange servers.
• Fixed another path issue related to chocolatey not being found
• Fixed #812 Ping check: A message sent on a datagram socket was larger than the internal message buffer
• Various dependency updates

https://user-images.githubusercontent.com/7434746/208993175-ccea0da5-3d34-4a42-98d5-f16517998f81.mp4

Full Changelog: https://github.com/amidaware/tacticalrmm/compare/v0.15.5...v0.15.6

Release notes

• Fixed #1366 automated tasks not executing

Full Changelog: https://github.com/amidaware/tacticalrmm/compare/v0.15.4...v0.15.5

Release notes

• Feature: added functionality to pass environment variables to scripts. This is a more secure way than command line args to pass sensitive info to scripts as it's not logged anywhere (for example, powershell logs the command line args in the windows event viewer even if they're not written to disk in your script). See video below for a tutorial on how to use them with various languages/OS. A new input field called "Environment vars" has been added to the web UI in all the places where you could add script args. This accepts a list of env vars in key=value format. Requires agent v2.4.3

• https://user-images.githubusercontent.com/7434746/205523156-49ef521b-e1f8-4d74-a17f-36d72b9a1192.mp4

• Fixed backup/restore when restore OS is not the same as backup OS

• Alert failure and resolved script runs are now logged in the Agent History tab

• Various dependency updates

PR's

• Fix wrong service name by @styx-tdo in https://github.com/amidaware/tacticalrmm/pull/1358

New Contributors

• @styx-tdo made their first contribution in https://github.com/amidaware/tacticalrmm/pull/1358

Full Changelog: https://github.com/amidaware/tacticalrmm/compare/v0.15.3...v0.15.4

Release notes

• Added #1294 Ability to bulk delete using client and site
• Fixed #1250 Race condition causing windows agent update to sometimes fail
• Fixed #25 Cleanup agent update temp files
• Fixed slow dashboard loading when lots of pending actions in db
• Various dependency updates

New Contributors

• @Can-eh-dian11 made their first contribution in https://github.com/amidaware/tacticalrmm/pull/1294

Full Changelog: https://github.com/amidaware/tacticalrmm/compare/v0.15.2...v0.15.3

• Fixed macOS agent silent mesh install bug
• UI bug fixes

Full Changelog: https://github.com/amidaware/tacticalrmm/compare/v0.15.1...v0.15.2

Release notes

• Fixed #1293 Agent assigned Automation Policy - patch policy not used
• Fixed #1298 Issues with improper escaping of certain characters in script snippets
• Fixed #1210 Daphne websocket service sometimes failing to start
• Fixed #1307 Harden cert file permissions
• Fixed #1317 Quit early during install if error
• Fixed #1314 URL color for the Microsoft Update KB link when in dark mode is very hard to read
• Improved linux install script for better OS detection
• Added optional setting to enable NATS monitoring
• Various reworks and code optimizations
• Updated to Python 3.10.8
• Updated various dependencies

PR's

• typo by @silversword411 in https://github.com/amidaware/tacticalrmm/pull/1295
• break from loop once a valid policy is found. remove old unused list by @af7567 in https://github.com/amidaware/tacticalrmm/pull/1301
• Updating meshcentral's config casing to match upstreams json schema. by @stavros-k in https://github.com/amidaware/tacticalrmm/pull/1213
• Update agent_linux.sh by @dinger1986 in https://github.com/amidaware/tacticalrmm/pull/1310
• Update agent_linux.sh by @dinger1986 in https://github.com/amidaware/tacticalrmm/pull/1311

New Contributors

• @stavros-k made their first contribution in https://github.com/amidaware/tacticalrmm/pull/1213

Full Changelog: https://github.com/amidaware/tacticalrmm/compare/v0.15.0...v0.15.1

• Initial release of the macOS agent (beta, same functionality as the linux agent)
• Fixed #1283 Bug with Block Policy Inhiretance from Agent
• Windows agent no longer sets AV exclusions during install

Full Changelog: https://github.com/amidaware/tacticalrmm/compare/v0.14.8...v0.15.0

• Fixed a bug where enabling maintenance mode and assigning a policy via the agent's context menu wasn't working.
• Fixed #1270 logic error in windows updates installation function causing some agents to skip installing pending updates. Thank you @af7567 for finding the bug and submitting the PR with the fix.
• Updated agent to allow for setting custom environment variables in the process of commands and scripts (this will be exposed in the Web UI/API in a future release).
• Updated nats-server to v2.9.0
• Updated MeshCentral to 1.0.85
• Updated various dependencies

New Contributors

• @af7567 made their first contribution in https://github.com/amidaware/tacticalrmm/pull/1277

Full Changelog: https://github.com/amidaware/tacticalrmm/compare/v0.14.7...v0.14.8

• Added #652 The following data from the 'Summary' tab is now filtered in the Search field of the agent table: version, OS string, public IP, cpu model, graphics card, local ips, make/model and disk info.
• Added #1246 Added a Copy to Clipboard button for every entry under the 'Assets' tab
• Fixed #1177 All checks for a client disappear
• Fixed #1145 Limited User can See "Policy Overview" from all Clients/Sites
• Fixed #1171 Policies marked as linux applying to windows when they're checks
• Fixed #1191 Global automation polices aren't applied to Linux agents
• Updated to Python 3.10.6
• Updated MeshCentral to 1.0.72

Full Changelog: https://github.com/amidaware/tacticalrmm/compare/v0.14.6...v0.14.7

• Fixed #1238 Run as User permission issues with temp dir. Also standardized the temp directory used by the agent for various tasks (running scripts, agent updates etc), all files will now be created in %PROGRAMDATA%\TacticalRMM so please make sure to update your AV exclusions (C:\ProgramData\TacticalRMM\*).
• Fixed #1239 Fixed agent update when SELinux is enforcing.
• Fixed #1174 (again) Issues with Reboot Later.
• Update to Django 4.1

0.14.5

• Fixed Run As User not working for non-admin users (requires agent v2.2.1)

0.14.4

• Added Run As User support for all methods of running commands and scripts (requires agent v2.2.0 and only supported on Windows workstations SKUs, not Server). A "Run As User" checkbox is now available throughout the UI when running commands and scripts. To make a script always run as user, check the "Run As User" checkbox in the Script Editor. Doing so will override any of the ad hoc "Run As User" checkboxes throughout the UI and force that script to always run in the context of the logged in user (do this for script check or tasks that need to run as user). See video below for a quick example:

https://user-images.githubusercontent.com/7434746/182259431-7a34158d-8d81-47e0-b17d-166349cf5934.mp4

• Added Run As User support for all methods of running commands and scripts (requires agent v2.2.0 and only supported on Windows workstations SKUs, not Server). A "Run As User" checkbox is now available throughout the UI when running commands and scripts. To make a script always run as user, check the "Run As User" checkbox in the Script Editor. Doing so will override any of the ad hoc "Run As User" checkboxes throughout the UI and force that script to always run in the context of the logged in user (do this for script check or tasks that need to run as user). See video below for a quick example:

https://user-images.githubusercontent.com/7434746/182218118-e32e75e0-647c-49b3-b623-e91aa20df420.mp4

• Fixed #1174 Setting a date in the past for "Reboot Later" would cause the agent to crash.
• Fixed #1189 When editing a task, UI was not populating with the original datetime of the task.
• Fixed #1193 Windows update patch policy off by one day, causing patches to be installed a day late.
• Fixed a bug affecting script checks part of an automation policy where the cache was not being invalidated after editing the contents of the script, causing the agent to run the old script.
• Added #1224 Include latest agent version in monitoring API endpoint.
• Update MeshCentral to 1.0.60
• Added the Nginx reuseport socket option to help with instances with high agent counts.
• Switched to official Nginx repos to update Nginx from 1.18 to 1.22. Note: when running the update script you will receive a prompt that looks like the text below. Make sure you choose the default action (just press Enter or type 'N') to keep your current version.

Configuration file '/etc/nginx/nginx.conf'
 ==> Modified (by you or by a script) since installation.
 ==> Package distributor has shipped an updated version.
   What would you like to do about it ?  Your options are:
    Y or I  : install the package maintainer's version
    N or O  : keep your currently-installed version
      D     : show the differences between the versions
      Z     : start a shell to examine the situation
 The default action is to keep your current version.
*** nginx.conf (Y/I/N/O/D/Z) [default=N] ?

Note for those on Debian 10: the update script will fail and exit after trying to update nginx. Once it fails, please run the following and then run the update script again

sudo apt --fix-broken install
sudo apt upgrade

Full Changelog: https://github.com/amidaware/tacticalrmm/compare/v0.14.2...v0.14.3

Release v0.14.2

• Increased Nginx limit on the maximum number of open files for worker processes. This solves various issues on instances with high agent counts.
• Docker: removed unneeded compose port.

Release v0.14.1

• Fixed agent crash on Windows 7 /Server 2008 R2
• Fixed Windows 11 showing as Windows 10 #892 #1075

Release v0.14.0

• Switched to NATS websocket for agent<->server communication. This removes the need to publicly expose port 4222 TCP and now the only open port needed is 443 TCP. You must leave port 4222 open though until all your agents are updated to v2.1.0 at which point you may close port 4222 in your firewall.

• Note for those running UNSUPPORTED setups or proxies (HAProxy, NPM, Traefik, Kubernetes etc. Ignore this section if you are on a traditional or docker install): NATS still listens on 4222 (for internal communication between various trmm services) but now also listens internally on localhost:9235 (websocket protocol). Agent NATS traffic now connects to nginx public port 443 which is proxy passed to localhost:9235 so you will need to implement this manually in your proxy settings. You may refer to this commit to see how a supported nginx setup implements it (make sure to only proxy pass traffic that matches the pattern https://api.example.com/natsws). You must implement this in your custom proxy before upgrading to this release.

• If for whatever reason you can't use NATS websocket or just want to keep things the way they were before this release, check out these docs on how to fall back to NATS standard.

• Note for docker users: the docker-compose.yml file has changed this release so make sure to delete the old one and re-download the latest one (just copy paste from the docker update docs).

• Added an API endpoint which can be called to monitor your TRMM instance's health, check docs for instructions.

• Changed the uWSGI config to automatically scale workers based on load. Previously, the number of workers and threads was calculated based on number of cpu cores but required manual load testing to tune to optimal values. Now the workers will dynamically increase/decrease based on server load, which will solve issues with no workers being available during long running http requests and/or high number of requests per second caused by agents slamming the server.

• Agent binaries now follow a consistent naming format tacticalagent-vX.X.X-os-arch to prepare for mac agent and any future agent OS that we will support.

• Fixed a bug where orphaned tasks were not being removed.

• Frontend code has been moved to its own repo and build tool has been switched to Vite instead of Webpack.

• The frontend build is now compiled using github actions on every release and uploaded as a tarball to github releases. This removes the need to compile it during a trmm update which lately was using a ton of RAM and causing OOM errors and updates to fail. The update script now downloads this pre-compiled tarball.

• Added a new find service management command.

• Added a new method to bulk recover agents (Tools > Recover All Agents) which will restart both the tacticalagent and meshagent services across all machines, which helps when restoring.

• Fixed an integer out of range error that would cause scripts or command results to not be saved in the database when return code value was greater than 2147483647.

• Fixed #10 linux agent update doesn't work when /tmp is mounted on different filesystem.

• Agent is now built with golang 1.18.3

• Code refactoring and optimizations

• Update MeshCentral to 1.0.43

Release v0.14.1

• Fixed agent crash on Windows 7 /Server 2008 R2
• Fixed Windows 11 showing as Windows 10 #892 #1075

Release v0.14.0

• Switched to NATS websocket for agent<->server communication. This removes the need to publicly expose port 4222 TCP and now the only open port needed is 443 TCP. You must leave port 4222 open though until all your agents are updated to v2.1.0 at which point you may close port 4222 in your firewall.
• If you have more than a few hundred agents, you should increase nginx's open file limit as now each agent uses an additional nginx connection. You can do so by adding the following line to the top of /etc/nginx/nginx.conf

worker_rlimit_nofile 1000000;

• Note for those running UNSUPPORTED setups or proxies (HAProxy, NPM, Traefik, Kubernetes etc. Ignore this section if you are on a traditional or docker install): NATS still listens on 4222 (for internal communication between various trmm services) but now also listens internally on localhost:9235 (websocket protocol). Agent NATS traffic now connects to nginx public port 443 which is proxy passed to localhost:9235 so you will need to implement this manually in your proxy settings. You may refer to this commit to see how a supported nginx setup implements it (make sure to only proxy pass traffic that matches the pattern https://api.example.com/natsws). You must implement this in your custom proxy before upgrading to this release.

• If for whatever reason you can't use NATS websocket or just want to keep things the way they were before this release, check out these docs on how to fall back to NATS standard.

• Note for docker users: the docker-compose.yml file has changed this release so make sure to delete the old one and re-download the latest one (just copy paste from the docker update docs).

• Added an API endpoint which can be called to monitor your TRMM instance's health, check docs for instructions.

• Changed the uWSGI config to automatically scale workers based on load. Previously, the number of workers and threads was calculated based on number of cpu cores but required manual load testing to tune to optimal values. Now the workers will dynamically increase/decrease based on server load, which will solve issues with no workers being available during long running http requests and/or high number of requests per second caused by agents slamming the server.

• Agent binaries now follow a consistent naming format tacticalagent-vX.X.X-os-arch to prepare for mac agent and any future agent OS that we will support.

• Fixed a bug where orphaned tasks were not being removed.

• Frontend code has been moved to its own repo and build tool has been switched to Vite instead of Webpack.

• The frontend build is now compiled using github actions on every release and uploaded as a tarball to github releases. This removes the need to compile it during a trmm update which lately was using a ton of RAM and causing OOM errors and updates to fail. The update script now downloads this pre-compiled tarball.

• Added a new find service management command.

• Added a new method to bulk recover agents (Tools > Recover All Agents) which will restart both the tacticalagent and meshagent services across all machines, which helps when restoring.

• Fixed an integer out of range error that would cause scripts or command results to not be saved in the database when return code value was greater than 2147483647.

• Fixed #10 linux agent update doesn't work when /tmp is mounted on different filesystem.

• Agent is now built with golang 1.18.3

• Code refactoring and optimizations

• Update MeshCentral to 1.0.43

• Switched to NATS websocket for agent<->server communication. This removes the need to publicly expose port 4222 TCP and now the only open port needed is 443 TCP. You must leave port 4222 open though until all your agents are updated to v2.1.0 at which point you may close port 4222 in your firewall.
• If you have more than a few hundred agents, you should increase nginx's open file limit as now each agent uses an additional nginx connection. You can do so by adding the following line to the top of /etc/nginx/nginx.conf

worker_rlimit_nofile 1000000;

• Note for those running UNSUPPORTED setups or proxies (HAProxy, NPM, Traefik, Kubernetes etc. Ignore this section if you are on a traditional or docker install): NATS still listens on 4222 (for internal communication between various trmm services) but now also listens internally on localhost:9235 (websocket protocol). Agent NATS traffic now connects to nginx public port 443 which is proxy passed to localhost:9235 so you will need to implement this manually in your proxy settings. You may refer to this commit to see how a supported nginx setup implements it (make sure to only proxy pass traffic that matches the pattern https://api.example.com/natsws). You must implement this in your custom proxy before upgrading to this release.

• If for whatever reason you can't use NATS websocket or just want to keep things the way they were before this release, check out these docs on how to fall back to NATS standard.

• Note for docker users: the docker-compose.yml file has changed this release so make sure to delete the old one and re-download the latest one (just copy paste from the docker update docs).

• Added an API endpoint which can be called to monitor your TRMM instance's health, check docs for instructions.

• Changed the uWSGI config to automatically scale workers based on load. Previously, the number of workers and threads was calculated based on number of cpu cores but required manual load testing to tune to optimal values. Now the workers will dynamically increase/decrease based on server load, which will solve issues with no workers being available during long running http requests and/or high number of requests per second caused by agents slamming the server.

• Agent binaries now follow a consistent naming format tacticalagent-vX.X.X-os-arch to prepare for mac agent and any future agent OS that we will support.

• Fixed a bug where orphaned tasks were not being removed.

• Frontend code has been moved to its own repo and build tool has been switched to Vite instead of Webpack.

• The frontend build is now compiled using github actions on every release and uploaded as a tarball to github releases. This removes the need to compile it during a trmm update which lately was using a ton of RAM and causing OOM errors and updates to fail. The update script now downloads this pre-compiled tarball.

• Added a new find service management command.

• Added a new method to bulk recover agents (Tools > Recover All Agents) which will restart both the tacticalagent and meshagent services across all machines, which helps when restoring.

• Fixed an integer out of range error that would cause scripts or command results to not be saved in the database when return code value was greater than 2147483647.

• Fixed #10 linux agent update doesn't work when /tmp is mounted on different filesystem.

• Agent is now built with golang 1.18.3

• Code refactoring and optimizations

• Update MeshCentral to 1.0.43

Changelog

• More DB/API optimizations
• Fixed #1020 Disable auto quoting when using variable substitution on batch scripts
• Fixed #1097 Task Run does not show name in Script/Command column under History tab
• Fixed #1110 Quirks with clicking links in notifications
• Fixed #1118 Sites not sorting alphabetically
• Fixed #8 reboot required logic on RHEL based systems
• Fixed file extension when downloading shell scripts from Script Editor UI
• Fixed install script on Linux Mint
• Fixed check policy copy issue where copied checks are all of type diskspace
• Update to Python 3.10.4
• Update to MeshCentral 1.0.22

PR's

• Typescript prep and add some linting by @sadnub in https://github.com/amidaware/tacticalrmm/pull/1102
• typo fix by @silversword411 in https://github.com/amidaware/tacticalrmm/pull/1127

Full Changelog: https://github.com/amidaware/tacticalrmm/compare/v0.13.3...v0.13.4

More fixes for bugs introduced in v0.13.0

• Fixed variable substitution in policy script checks not working
• Fixed #1093 PERSISTENT_MESH_CONFIG=1 not working in Docker

Full Changelog: https://github.com/amidaware/tacticalrmm/compare/v0.13.2...v0.13.3

More fixes for bugs introduced in v0.13.0

• Fixed variable substitution in automated policy tasks not working
• Fixed #1092 Default tabs not loading correctly
• More slow query optimization

Full Changelog: https://github.com/amidaware/tacticalrmm/compare/v0.13.1...v0.13.2