Prevent Users from Uninstalling the Agent

[kakalpa]

Is your feature request related to a problem? Please describe.
I'm trying out the RMM its so good so far but a small concern I have is since most of my end users have admin access they are able to uninstall the agent.
Describe the solution you'd like
is there any way to prevent this from happening? what I'm asking is if they need to uninstall they need to provide a maintenance or uninstall token which is to get from the RMM at the uninstall otherwise it fails,

[wh1te909]

don't give your users admin access then. any workaround you implement will just be overridden by anyone who has admin so what's the point

[adamjrberry]

Sorry, I know this is an old thread, but thought I'd add what I did to work around this, since I had a similar question.

I don't want to restrict users from removing TRMM if they know what it is and really want to remove it. If someone has admin rights, then they're entitled to make the decision about what goes on their device (esp. our residential clients who fully own their machines).
However, my initial issue was that clients didn't associate 'Tactical Agent' with us, because we moved from another product and did the migration behind-the-scenes. As such, we had a few users just remove the software, not knowing what it was or that we were the ones using it. I often try to keep service names generic (i.e. "PC Protect for anti-virus) rather than saying the actual product name, as it makes it easier for us to change the backend products as/when we need to.

I then had two options:

• In registry, modify the DisplayName and DisplayIcon to represent our own brand, so that users are aware that the software is legitimate and in use by us. However, I didn't know if these values would persist after agent updates, so I implemented the second option instead.
• In registry, adding the SystemComponent DWORD and setting it to 1. So far it hasn't changed or been removed during updates, and it hides the agent from the control panel list of applications. For users who really want to remove the software, they still can, but it prevents accidental uninstalls. This option works really well for us now, so perhaps a potential solution for other orgs/users wanting to do similar.

I do agree with the underlying principle of not giving end users admin rights. For our business clients, we strictly don't give admin rights to end users. However, in residential client environments, it's not always possible to limit the user's rights. We outline the risks to them, which they accept, and that we won't take responsibility if they misuse their privileges in those instances.

I hope this is useful for someone :-)

[wh1te909]

@adamjrberry Thank you, I just added your SystemComponent idea to our docs on the FAQ page: https://docs.tacticalrmm.com/faq/#can-i-password-protect-the-uninstalling-of-the-trmm-agent