Screen Recording Requirements [External-facing]
Windows
- Client Device Requirements
- Bandwidth
- Storage
- CPU and Memory Utilisation
- Display Resolution
- Server Requirements
- Firewall Whitelisting
- Operating System
- GPU Requirements
- Hardware
- Fallback for Environments Without GPU
- Installation and setup steps
- Step 1: Removing older app versions
- Step 2: Installation
- Step 3: Launch the App
Client Device Requirements
Bandwidth
- Minimum upload/download speed: 5 Mbps
Storage
- Installation size: ~300 MB
- Additional disk storage required: ~30 MB
CPU and Memory Utilisation
- App tends to use a minimum of 80 MB of RAM
- App tends to use a minimum of 1% CPU
Display Resolution
It is recommended that agents use the default screen resolution on their device.
Server Requirements
Firewall Whitelisting
| DNS / URL | Port | Reason for Whitelisting |
|---|---|---|
api-us3.pusher.com | 443 | Trigger start/stop recording events |
wss://ws-us3.pusher.com | 443 | Trigger start/stop recording events |
http-intake.logs.datadoghq.com | 443 | Send app activity logs to Datadog |
prod-api.thelevel.ai | 443 | Level API authorization |
screen-case.thelevel.ai | 443 | Start/stop recording controls |
screen.thelevel.ai | 1935 | Stream recording to Level servers |
https://screen-app.thelevel.ai | 443 | Network health checks |
https://sr-releases.thelevel.ai | 443 | Auto-update downloads |
https://screen-app-v3.thelevel.ai | 443 | App UI |
https://sr-platform.thelevel.ai | 443 | Organization-specific configuration |
https://launchdarkly.thelevel.ai | 443 | Feature flag configuration |
https://stream.launchdarkly.com | 443 | Feature flag streaming updates |
https://sdk.launchdarkly.com | 443 | Feature flag SDK access |
https://events.launchdarkly.com | 443 | Feature flag event reporting |
https://api.mixpanel.com | 443 | Analytics events |
https://api-eu.mixpanel.com | 443 | Analytics events |
https://api-in.mixpanel.com | 443 | Analytics events |
storage.googleapis.com | 443 | Update binary download storage |
For app versions <= 3.0.12, certain Optimizely URLs might also need to be whitelisted. For later versions, the list above is sufficient.
Operating System
Windows
- Windows 10 (64-bit) - Version 1809 or later
- Windows 11 (64-bit) - Any version
- Windows Server 2019 / 2022 - With Desktop Experience
x86andx64are supported. TheARMversion of Windows is not supported currently.
GPU Requirements
- DirectX 11-compatible GPU (required for screen capture)
- Minimum VRAM: 512 MB
- Driver: WDDM 1.2 or later
Hardware
- 8 GB of RAM
- Windows: 4 Core processor (Intel Core i5 or later)
Note: CPU usage may vary from 10% to 30% depending on the number and resolution of monitors being recorded.
Fallback for Environments Without GPU
Using GDI screen capture (gdiscreencapsrc)
- If DirectX 11 is unavailable (for example in VMs, VDIs, or older systems), the application can fall back to GDI-based screen capture.
Benefits of GDI fallback
- Works on Windows systems in VM, VDI, and physical environments
- No GPU requirement
- Works in RDP / Remote Desktop sessions
- Compatible with standard cloud VMs
Tradeoffs of GDI fallback
- CPU usage can be higher depending on monitor count and resolution
Installation and setup steps
Step 1: Removing older app versions
Note: This script should be executed with admin privileges in PowerShell. Running it via MDM is recommended.
Download file:
cleanup-older-app-versions.ps1— ⬇ DownloadFor enterprise rollout, run centrally in admin context on all endpoints:
- GPO (Startup Script / domain path):
powershell.exe -ExecutionPolicy Bypass -File "\\domain\NETLOGON\LevelRecorder\cleanup-older-app-versions.ps1"
- MDM (device script / local path):
powershell.exe -ExecutionPolicy Bypass -File "C:\ProgramData\LevelRecorder\cleanup-older-app-versions.ps1"
- GPO (Startup Script / domain path):
If running manually on a single endpoint, open PowerShell as Administrator and run:
powershell.exe -ExecutionPolicy Bypass -File "<path>\cleanup-older-app-versions.ps1"
After execution, Add or remove programs should not list any item matching "Level Screen Recorder".
- The status shown in the picture above confirms successful uninstallation of the old app, and the new app can now be safely installed.
Step 2: Installation
We offer two installation methodologies for Windows:
- Machine-Wide Installer (Recommended): MSI-based deployment to a shared machine location (
C:\Program Files\...). This is the recommended installation method because:- Lower chance of antivirus false positives: A stable executable path and centrally controlled rollout are typically easier for EDR/AV allowlisting.
- Stable updates: Updates are handled by the Level updater service and MSI workflow, reducing user-context update failures.
- User-Profile Installer: Installs into the active user profile (
%LOCALAPPDATA%) and is scoped to that user.
Machine-Wide Installation
Machine-Wide installation is an MSI-based deployment that installs software into a shared location (typically C:\Program Files or C:\Program Files (x86)) rather than an individual user profile. The application is then available to all users who sign in to that machine.
Key characteristics:
- Requires admin privileges to install.
- Best for centralized IT deployment using SCCM, Intune, or Group Policy.
- Installs binaries once in a central location (one copy for all users).
Installation steps:
- Download the Machine-Wide installer: https://sr-releases.thelevel.ai/releases/stable/default?platform=windows&installerType=systemWide
- Deploy the MSI via GPO/SCCM/Intune or run the installer as administrator on the endpoint.
- Ensure users have the required privileges (whoami, schtasks) so the app can create the scheduled task automatically; if not, deploy it using Scheduled Task (Machine-Wide) below.
User permissions and privileges required for the app to run
The application runs in the user's context (both Machine-Wide and User-Profile). The following operations are used at runtime; endpoint policy (GPO/EDR/AppLocker) must allow them for the app to function fully.
| Command | Purpose | Privileges |
|---|---|---|
| whoami (or PowerShell as fallback) | Get current user SID to create the scheduled task (when not deployed via GPO/MDM). | Read current user identity. If PowerShell is used as fallback: PowerShell execution allowed. |
| schtasks (query / create / delete) | Check if keepalive task exists; create or delete the keepalive scheduled task. | Read, create, and delete own scheduled tasks. Can be restricted by policy. |
| PowerShell | Get user SID (fallback), enumerate processes (single-instance), get number of monitors. | PowerShell execution allowed. If blocked by policy, app uses fallbacks (weaker duplicate detection; monitor count may be unavailable). |
The app also uses taskkill (to terminate duplicate processes) and reg query/delete on HKCU (for DPI compatibility); these are normally allowed for the user and are not listed above.
Note: To reduce steps for the admin, ensure users have the above privileges so the app can create the scheduled task automatically. If these cannot be granted, follow the Scheduled Task section below to deploy the task (e.g. via GPO/MDM).
Scheduled Task (Machine-Wide)
What it is and purpose
A per-user Windows scheduled task named LevelScreenRecorder_KeepAlive that runs in the logged-in user's context. It ensures the Screen Recording app is started (or restarted) when the user logs on, when the workstation is unlocked, and on a 1-minute heartbeat. This provides auto-launch and crash recovery without requiring the user to start the app manually. Even when the app is installed Machine-Wide (Program Files), it runs in the user session, so this user-level task is required.
Provided files (Machine-Wide only):
LevelScreenRecorder_KeepAlive-systemwide.xml.template— ⬇ Downloaddeploy-keepalive-task-machinewide.ps1— ⬇ Download
Policy requirements
Allow scheduled task name LevelScreenRecorder_KeepAlive and launcher C:\Program Files\Level Screen Recorder\Level Screen Recorder.exe. The deploy script must run in user context at user logon (not as SYSTEM).
Deployment steps:
- Download the Machine-Wide script and XML template (links above).
- Copy both files to a shared path that target machines can read (e.g.
\\domain\NETLOGON\LevelRecorder\). - Run the script at user logon so the task is created for each user:
- GPO: User Configuration → Windows Settings → Scripts → Logon → add:
powershell.exe -NoProfile -ExecutionPolicy Bypass -File "\\domain\NETLOGON\LevelRecorder\deploy-keepalive-task-machinewide.ps1" - MDM: Use "Run script at user logon" (as the logged-in user):
powershell.exe -NoProfile -ExecutionPolicy Bypass -File "<path-to-script>\deploy-keepalive-task-machinewide.ps1"
- GPO: User Configuration → Windows Settings → Scripts → Logon → add:
- The script creates the task
LevelScreenRecorder_KeepAlivewith triggers: logon, unlock, and every 1 minute (launcher: Machine-Wide exe).
User-Profile Installation
User-Profile installation installs the app into the active user directory (%LOCALAPPDATA%\LevelAI\) instead of Program Files. It is useful where local admin access is unavailable.
Key characteristics:
- Usually does not require local admin for installation.
- App is scoped to the user who installs it.
- Can be centrally deployed via GPO/SCCM/Intune (user context).
Installation steps:
- Download the User-Profile installer: https://sr-releases.thelevel.ai/releases/stable/default?platform=windows&installerType=perUser
- Deploy via GPO/SCCM/Intune or run directly as that user.
- Ensure users have the required privileges (whoami, schtasks) so the app can create the scheduled task automatically; if not, deploy it using Scheduled Task (User-Profile) below.
User permissions and privileges required for the app to run
The application runs in the user's context (both Machine-Wide and User-Profile). The following operations are used at runtime; endpoint policy (GPO/EDR/AppLocker) must allow them for the app to function fully.
| Command | Purpose | Privileges |
|---|---|---|
| whoami (or PowerShell as fallback) | Get current user SID to create the scheduled task (when not deployed via GPO/MDM). | Read current user identity. If PowerShell is used as fallback: PowerShell execution allowed. |
| schtasks (query / create / delete) | Check if keepalive task exists; create or delete the keepalive scheduled task. | Read, create, and delete own scheduled tasks. Can be restricted by policy. |
| PowerShell | Get user SID (fallback), enumerate processes (single-instance), get number of monitors. | PowerShell execution allowed. If blocked by policy, app uses fallbacks (weaker duplicate detection; monitor count may be unavailable). |
The app also uses taskkill (to terminate duplicate processes) and reg query/delete on HKCU (for DPI compatibility); these are normally allowed for the user and are not listed above.
Note: To reduce steps for the admin, ensure users have the above privileges so the app can create the scheduled task automatically. If these cannot be granted, follow the Scheduled Task section below to deploy the task (e.g. via GPO/MDM).
Scheduled Task (User-Profile)
What it is and purpose
A per-user Windows scheduled task named LevelScreenRecorder_KeepAlive that runs in the logged-in user's context. It ensures the Screen Recording app is started (or restarted) when the user logs on, when the workstation is unlocked, and on a 1-minute heartbeat. This provides auto-launch and crash recovery without requiring the user to start the app manually.
Provided files (User-Profile only):
LevelScreenRecorder_KeepAlive-peruser.xml.template— ⬇ Downloaddeploy-keepalive-task-userprofile.ps1— ⬇ Download
Policy requirements
Allow scheduled task name LevelScreenRecorder_KeepAlive and launcher %LOCALAPPDATA%\LevelAI\Update.exe. The deploy script must run in user context at user logon (not as SYSTEM).
Deployment steps:
- Download the User-Profile script and XML template (links above).
- Copy both files to a shared path that target machines can read (e.g.
\\domain\NETLOGON\LevelRecorder\). - Run the script at user logon so the task is created for each user:
- GPO: User Configuration → Windows Settings → Scripts → Logon → add:
powershell.exe -NoProfile -ExecutionPolicy Bypass -File "\\domain\NETLOGON\LevelRecorder\deploy-keepalive-task-userprofile.ps1" - MDM: Use "Run script at user logon" (as the logged-in user):
powershell.exe -NoProfile -ExecutionPolicy Bypass -File "<path-to-script>\deploy-keepalive-task-userprofile.ps1"
- GPO: User Configuration → Windows Settings → Scripts → Logon → add:
- The script creates the task
LevelScreenRecorder_KeepAlivewith triggers: logon, unlock, and every 1 minute (launcher: User-Profile Update.exe).
Step 3: Launch the App
Note: Screenshots may differ slightly from the actual UI of the app.
- Organization name — After successful installation and launch, the application asks for the organization name (ask your admin if you do not know it). Example: for Level AI, use
level.
- Login — Proceed to the login page and sign in with your credentials or use available SSO.
- Status / recording page — You should be greeted with a status page. It shows whether recording is currently on or off; the page reflects the current state.
Installation and setup steps
Step 1: Installation
- Navigate to this link and choose macOS in platform dropdown if not already selected, then click the download icon based on the Mac architecture.
- After the download, you should have a file named Level Screen Recorder x.x.x.dmg.
- Double click Level Screen Recorder x.x.x.dmg and drag Level Screen Recorder to the Applications folder.
- Open Level Screen Recorder from Applications. After this, the app launches automatically on system login.
Step 2: Launch the App
Note: Screenshots may differ slightly from the actual UI of the app.
- Organization name — After successful installation and launch, the application asks for the organization name (ask your admin if you do not know it). Example: for Level AI, use
level.
- Login — Proceed to the login page and sign in with your credentials or use available SSO.
- Status / recording page — You should be greeted with a status page. It shows whether recording is currently on or off; the page reflects the current state.