Operating System

Windows

• Windows 10 (64-bit) - Version 1809 or later
• Windows 11 (64-bit) - Any version
• Windows Server 2019 / 2022 - With Desktop Experience
• Only x64 (64-bit) is supported. ARM is not supported.

GPU Requirements

• DirectX 11-compatible GPU (required for screen capture)
• Minimum VRAM: 512 MB
• Driver: WDDM 1.2 or later

Hardware

• 8 GB of RAM
• Windows: 4 Core processor (Intel Core i5 or later)

Note: CPU usage may vary from 10% to 30% depending on the number and resolution of monitors being recorded.

Fallback for Environments Without GPU

Using GDI screen capture (gdiscreencapsrc)

• If DirectX 11 is unavailable (for example in VMs, VDIs, or older systems), the application can fall back to GDI-based screen capture.

Benefits of GDI fallback

• Works on Windows systems in VM, VDI, and physical environments
• No GPU requirement
• Works in RDP / Remote Desktop sessions
• Compatible with standard cloud VMs

Tradeoffs of GDI fallback

• CPU usage can be higher depending on monitor count and resolution

---

Installation and setup steps

Step 1: Installation

The Machine-Wide installer deploys to C:\Program Files\... and requires admin privileges. Best for centralized deployment via SCCM, Intune, or Group Policy.

Installation steps:

1. Download the Machine-Wide installer
2. IT / MDM deployment: Deploy the MSI via GPO, SCCM, or Intune as SYSTEM — no additional steps required.
3. Manual installation (end user): The installer must be run from an elevated PowerShell session to ensure all install steps complete correctly. Double-clicking the MSI is not recommended.
   1. Open PowerShell as Administrator — Start → search PowerShell → right-click → Run as administrator.
   2. Paste the path to the downloaded MSI file and copy the generated command:

3. Follow the on-screen prompts.
4. The app is now installed and will launch automatically when the user logs in.

User permissions and privileges required for the app to run

The application runs in the user's context. The following operations are used at runtime; endpoint policy (GPO/EDR/AppLocker) must allow them for the app to function fully.

Command	Purpose	Privileges
PowerShell	Process management (WMI Win32_Process) and monitor detection. Runs every 30 seconds. If WMI is restricted by policy, process management falls back to the native process runner.	PowerShell execution allowed. WMI namespace root\cimv2 accessible.
schtasks (query / create / delete)	Auto-launch scheduled task management.	Read, create, and delete own scheduled tasks.
whoami	Resolves current user SID to create the auto-launch scheduled task. If blocked, task creation fails silently and the app will not auto-launch on next login.	Read current user identity.

The app also uses taskkill and reg query/delete on HKCU; these are normally allowed for the user and are not listed above.

---

Step 2: Security Policy — AppLocker, Antivirus, and Firewall

Endpoint security policies (AppLocker, EDR/AV, and Windows Firewall) can block or flag Level Screen Recorder components if they are not explicitly permitted. This section lists the minimum allowlist entries required.

---

AppLocker (Application Control)

Publisher rule (preferred):

Field	Value
Publisher / O	Ujwal Inc
Product name	Level Screen Recorder
File description	(any)
File version	(any version or set a minimum)

If publisher-based rules are not available (unsigned environment or WDAC path-based policy), add a path rule for the install directory:

%ProgramFiles%\Level Screen Recorder\*

PowerShell: The MSI installer runs PowerShell internally during install, upgrade, and uninstall. Ensure %SystemRoot%\System32\WindowsPowerShell\v1.0\powershell.exe is allowed for SYSTEM.

---

Antivirus / EDR

Add the following as exclusion paths:

Path
%ProgramFiles%\Level Screen Recorder\   (i.e. C:\Program Files\Level Screen Recorder\)
%ProgramData%\Level Screen Recorder\   (i.e. C:\ProgramData\Level Screen Recorder\)
%APPDATA%\Level Screen Recorder\   (per-user app data, logs, and GStreamer plugin cache)

Individual executables (if path exclusions are not supported — use full paths):

Full path
%ProgramFiles%\Level Screen Recorder\Level Screen Recorder.exe
%ProgramFiles%\Level Screen Recorder\resources\watchdog\LevelScreenRecorderWatchdog.exe
%ProgramFiles%\Level Screen Recorder\resources\watchdog\LevelScreenRecorderWatchdogSvc.exe
%ProgramFiles%\Level Screen Recorder\resources\watchdog\LevelScreenRecorderProcessRunner.exe
%ProgramFiles%\Level Screen Recorder\resources\gstreamer\bin\gst-launch-1.0.exe
%ProgramFiles%\Level Screen Recorder\resources\gstreamer\bin\gst-plugin-scanner.exe
%ProgramFiles%\Level Screen Recorder\resources\gstreamer\bin\gst-inspect-1.0.exe

Note: gst-inspect-1.0.exe runs once on first launch to scan GStreamer plugins. Some EDR tools flag binary-scanning behaviour — the install directory exclusion above covers it.

Auto-updates: The watchdog service (running as LocalSystem) downloads and silently installs updates via msiexec /qn — no UAC prompt or user action required. This is expected behaviour and not a security incident.

---

Windows Firewall

Refer to the Firewall Whitelisting section for the full list of URLs and ports to allow.

---

Step 3: Launch the App

Note: Screenshots may differ slightly from the actual UI of the app.

1. Organization name — After successful installation and launch, the application asks for the organization name (ask your admin if you do not know it). Example: for Level AI, use level.

2. Login — Proceed to the login page and sign in with your credentials or use available SSO.

3. Status / recording page — You should be greeted with a status page. It shows whether recording is currently on or off; the page reflects the current state.

Installation and setup steps

Step 1: Installation

1. Navigate to this link and choose macOS in platform dropdown if not already selected, then click the download icon based on the Mac architecture.
2. After the download, you should have a file named Level Screen Recorder x.x.x.dmg.
3. Double click Level Screen Recorder x.x.x.dmg and drag Level Screen Recorder to the Applications folder.
4. Open Level Screen Recorder from Applications. After this, the app launches automatically on system login.

Step 2: Launch the App

Note: Screenshots may differ slightly from the actual UI of the app.

1. Organization name — After successful installation and launch, the application asks for the organization name (ask your admin if you do not know it). Example: for Level AI, use level.

2. Login — Proceed to the login page and sign in with your credentials or use available SSO.

3. Status / recording page — You should be greeted with a status page. It shows whether recording is currently on or off; the page reflects the current state.

Client Device Requirements

Bandwidth

• Minimum upload speed: 2 Mbps (for HIGH quality with 1 monitor at 3,500 kbps)
• Recommended upload speed: 5 Mbps or higher (for multi-monitor recording; up to 11,000 kbps with 4 monitors)
• The app uses at most 40% of the reported downlink for uploads, clamped between 0.25–5 Mbps
• Adaptive quality automatically downgrades resolution and bitrate when bandwidth is limited

Storage

• Installation size: minimal — the app is a signed Web Bundle deployed via Admin Console (no local installer)
• Recording chunks are temporarily stored in IndexedDB (default cap: 5 GB) and automatically uploaded to the cloud and deleted
• Adaptive quality reduces resolution when storage usage exceeds 50%; recording pauses automatically at 80% and resumes once chunks are uploaded

CPU and Memory Utilisation

• The app runs inside the Chrome browser process on the Chromebook
• Recording uses canvas-based compositing at 3 FPS with H.264 WebM encoding
• Adaptive quality monitors CPU pressure via the Compute Pressure API and automatically downgrades the recording profile (resolution and bitrate) under heavy load
• Multi-monitor recording increases CPU usage proportionally (each additional display adds to the composite canvas)

Display Resolution

It is recommended that agents use the default screen resolution on their device. The app captures at native resolution and composites to 1280×720 (HIGH), 960×540 (MEDIUM), or 640×360 (LOW) depending on system conditions.

---

Server Requirements

Firewall Whitelisting

DNS / URL	Port	Reason for Whitelisting
prod-api.thelevel.ai	443	Level API authorization and login
screen-prod.thelevel.ai	443	Platform API (recording session, token refresh, audit logs)
storage.googleapis.com	443	Chunk uploads to Google Cloud Storage
http-intake.logs.datadoghq.com	443	Send app activity logs to Datadog
sr-releases.thelevel.ai	443	IWA update manifest and signed bundle downloads
www.cloudflare.com	443	Time synchronization — primary (HTTPS trace endpoint)
timeapi.io	443	Time synchronization — fallback (used if Cloudflare endpoint is unreachable)
Your Okta / SSO IdP domain	443	SSO authentication (if Okta SSO is configured for your organization)

---

Limited Availability Release

To roll out the app to a specific group of users before enabling it org-wide, use Google Admin Console's Org Unit (OU) hierarchy:

1. Create a child Org Unit in Google Admin Console (e.g., Org > Screen Recorder Beta Testers).
2. Move the target users/devices into that child OU.
3. Apply the IWA policies only at this OU level — follow Step 1: Installation below, selecting this child OU at each step. This covers the Web Bundle ID, Update manifest URL, Web capabilities (screen recording origin), and force install + launch on login settings. Do not apply these policies at the parent OU level.

Only users in the child OU will receive the app. Once validated, you can move additional users into the OU or apply the same policies at a higher level for full rollout.

---

Installation and setup steps

Step 1: Installation

Note: If you are doing a limited rollout, perform these steps on the child Org Unit you created in the Limited Availability Release section above, not the parent OU.

1. Go to admin.google.com → Devices → Chrome → Apps & extensions.

2. Select the Users & browsers tab.

3. Select the target Org Unit.

4. Click + → Add Isolated Web App.

5. Fill in:

   Field	Value
   Web bundle ID	Provided by Level AI
   Update manifest URL	Provided by Level AI

6. Click Save.

7. Go to Devices → Chrome → Web capabilities.

8. Select the same Org Unit.

9. Click Add origin.

10. Fill in:

Field	Value
Origin	Provided by Level AI
Screen recording	Allowed

11. Click Save.

12. Go to Devices → Chrome → Apps & extensions → Users & browsers.

13. Select the same Org Unit.

14. Click the IWA entry for this app (the list shows the update manifest URL and bundle id; selecting it opens the details panel on the right).

15. In the right-side panel, set Installation policy and Launch on login as below, then click Save.

Setting	Value
Installation policy	Force install + pin to ChromeOS taskbar
Launch on login	Force launch and prevent closing

The panel also shows Web bundle ID and Update manifest URL; they must match the values above. You may see This app is unverified and may not work properly — that is expected for self-hosted IWAs on managed devices.

Under Launch on login, the console may warn that preventing IWAs from being closed might affect device speed and performance; that is normal for this setting.

16. On a test Chromebook:

    1. Go to chrome://policy → click Reload policies.
    2. Confirm IsolatedWebAppInstallForceList shows the web bundle ID and update manifest URL.
    3. Sign out and sign back in. The app should open automatically.
    4. Verify the app is pinned to the ChromeOS taskbar.
    5. Try closing the app window — it should not close.

    Policy sync can take 5–30 minutes. Signing out and back in speeds it up.

Step 2: Launch the App

Note: Screenshots may differ slightly from the actual UI of the app.

1. Organization name — After successful installation and launch, the application asks for the organization name (ask your admin if you do not know it). Example: for Level AI, use level.

2. Login — Proceed to the login page and sign in with your credentials or use available SSO.

3. Status / recording page — You should be greeted with a status page. It shows whether recording is currently on or off; the page reflects the current state.