General Policy Group (Host)
The following policies for the host appear in the General policy group and pane. You can modify policy parameter values by double-clicking a policy to display the Setting Properties dialog.
Note: For all policy settings that specify a time period, the units are seconds.
Specifies the action that the host takes after an abnormal disconnect from a viewer. Valid values are as follows:
Default: Lock the workstation
Indicates whether the Remote Control viewer is permitted to install required printer drivers. If printer redirection is enabled, printer drivers may be automatically installed when a viewer connects to a printer.
Default: True
Indicates whether the screen saver on the host user's desktop is always disabled.
Default: False
Disables the wallpaper and any embedded web pages on the host user's desktop. You can set this and other visual effects to True to improve performance by decreasing the amount of video data transmitted by the host. This overrides the corresponding viewer setting.
Default: False
Encrypts all messages (keyboard or video) between the host and viewer regardless of the viewer setting.
Default: False
Note: If the target host is operating in FIPS‑preferred or FIPS‑only mode, this option has no effect—the data is always encrypted using FIPS‑compliant cryptography.
Controls whether the host disables the visual effect in which the contents of windows are displayed as the host user drags them around the desktop. You can set this and other visual effects to True to improve performance by decreasing the amount of video data transmitted by the host. This overrides the corresponding viewer setting.
Default: False
Specifies that the host icon in the taskbar become animated when the host is connected to the viewer.
Default: <locally managed>
Names the fully qualified path of a plain-text file containing EULA or other explanatory text to be displayed on the host's login confirmation dialog. This dialog appears when a viewer connects to a host that is configured to request confirmation from the end user before a remote control session can be established.
The file referenced here must be present on the host computer. If the text file is on a network share, a UNC network path can be specified. The network share's permissions must permit read access to the end users who will be confirming the connection request.
Note: For more information, see the Require Local Confirmation policy below, and the Require Local Confirmation permission in the User Remote Control Permissions Dialog topic in the Remote Control section of the DSM Explorer Help.
Default: empty
Specifies the number of times a user can postpone, or defer, a manager-initiated reboot.
Default: 1
Specifies the amount of extra time that a user deferral can add to the wait time for a manager-initiated reboot.
Default: 300
Enables a chat session from a viewer if set to True and the viewer user also has this permission. If False, then no chat session is permitted to the host regardless of the viewer user permissions.
Default: True
Enables a classroom style connection from a viewer if set to True and the viewer user also has this permission. If False, no classroom style connection is permitted to the host regardless of the viewer user permissions. Classroom connections permit a "teacher" host to be connected to by a classroom of "pupil" viewers. At most one viewer has control, which can be passed from viewer to viewer by the host.
Default: True
Enables an exclusive connection from a viewer if set to True and the viewer user also has this permission. If False, an exclusive connection is not permitted regardless of the viewer user permissions. An exclusive connection means that only one viewer at a time can connect. The host mouse and keyboard are disabled. Only the viewer user has control of the host computer.
Windows: In Secure Control and Exclusive Control modes, the Ctrl-Alt-Del key sequence cannot be blocked, because it is a low-level security feature of the operating system. The host user cannot interfere with remote control operations by repeatedly pressing Ctrl-Alt-Del to switch to the login desktop or to open the Task Manager. However, after issuing a Ctrl-Alt-Del, the host user will still not have keyboard or mouse control of the desktop.
Linux: This option prevents other users from connecting when there is a session in progress; the host's mouse and keyboard are not disabled.
Default: True
Indicates whether the host user can lock the host. This policy setting is used during security alerts to "lock down" remote control. If True, the host closes all connections and stops listening for more. In a centrally managed installation, the lock command can be sent by the domain manager even if this setting is False. This policy setting controls only whether the host user can lock.
Default: False
Enables the viewer to lock the desktop of the host computer. This also applies to locks initiated by disconnections of any type, normal or abnormal, when the operating system supports locking the workstation or desktop. If False, the host user can refuse lock requests.
Linux: The disconnect and lock actions will only lock the operating systems that support this feature. For example, in the GNOME GUI environment on Linux, it is not possible to lock the desktop of a root user.
Note: If either the Enable lock desktop or Enable logoff policy is set to False, the related normal and abnormal disconnect options are also affected. For example, the default abnormal disconnect action for a remote control session is to lock the host’s desktop. If you disable the host’s lock feature, the abnormal disconnect action no longer locks the host’s desktop and the Disconnect and Lock option is not available in the viewer.
Default: True
Enables the viewer to log off the host computer. This also applies to logoffs initiated by disconnections of any type, normal or abnormal. If False, the host user can refuse logoff requests.
Default: True
Enables users to manually record desktop activity independently of any remote control sessions.
Default: True
Enables meeting mode remote control connections from any viewer, with or without explicitly defined user permissions. With these requests, a connection confirmation dialog appears displaying the viewer’s user name and computer name. The host user can then accept the connection or deny it. If the Require meeting confirmation password policy is also set to True, then Remote Control prompts for the password of the currently logged on user before permitting a meeting session to proceed.
If False, a viewer’s request for a meeting mode connection is rejected and a Security validate permissions failed event is raised.
Default: True
Indicates whether host printing can be directed to a viewer's printer.
Default: True
Enables the host to reboot the host computer when requested by a viewer or domain manager. This also applies to reboots initiated by disconnections of any type, normal or abnormal.
Default: False
Enables a secure connection from a viewer user if set to True and the viewer user also has this permission. If False, the host does not permit any secure connections from viewers regardless of the viewer user permissions.
Windows: In a secure mode connection, only one viewer at a time is permitted to connect. The host user cannot use the host computer because the screen, mouse, and keyboard are all disabled. A secure control message screen is displayed; this screen is configurable and displays a static HTML page.
Windows: In Secure Control and Exclusive Control modes, the Ctrl-Alt-Del key sequence cannot be blocked, because it is a low-level security feature of the operating system. The host user cannot interfere with remote control operations by repeatedly pressing Ctrl-Alt-Del to switch to the login desktop or to open the Task Manager. However, after issuing a Ctrl-Alt-Del, the host user will still not have keyboard or mouse control of the desktop.
Note: See Notes on Secure Control in Polling capture mode on Windows.
Note: The secure control mode uses multiple-monitor operating system features with which some versions of the Intel Display drivers are not fully compatible. If Remote Control detects a driver compatibility problem, it does not display the Secure Control Message, “Remote Control Session In Progress.” Instead, the host screen becomes black. Using the latest display drivers from Intel resolves the problem.
Linux: In a secure mode connection, a new login session with a hidden desktop is created that only the viewer can see. Remote control connections to Linux hosts in this mode do not control the desktop of the currently logged on user. Multiple concurrent secure control connections are supported, and each connection creates a separate hidden desktop.
Note: The secure control feature in Linux requires the Virtual frame buffer X server (Xvfb) utility, and secure control connections are refused if it is not present. This utility can normally be installed from the Linux installation media, if not already installed by default.
Mac OS X: The secure control feature is not supported.
Default: True
Enables a shared control connection from a viewer user if set to True and the viewer user also has this permission. If False, the host will not permit any shared control connections from viewers regardless of the viewer user permissions. In a shared mode connection, both the host and viewer user have control of the host computer. Any number of viewers can connect.
Default: True
Indicates whether smart card redirection of user credentials from a viewer to a remote host computer is enabled.
Default: True
Enables a stealth view connection from the viewer user if set to True and the user of the viewer also has this permission. If False, the host will not permit any stealth view connections from viewers regardless of the viewer user permissions. In a stealth mode connection, the host retains control of the host computer but is unaware that a connection has been made. Normally, the host icon changes to indicate a connection is in progress and the host menu shows the connections. Any number of viewers can connect.
Default: True
Indicates whether the host can receive files from viewer users. If False, the host will not receive any files sent from viewers. To receive files, the viewer user permission, Send Files, must also be specified.
Default: True
Indicates whether the host can send files to viewers. If False, the host will not send any files to viewers regardless of the viewer user permissions. To send files, the viewer user permission, Receive Files, must also be specified.
Default: True
Enables a view-only connection from a viewer user if set to True and the user of the viewer also has this permission. If False, the host will not permit any view-only connections from viewers regardless of the viewer user permissions. In a view mode connection, the host retains control of the host computer and the viewers can only see. Any number of viewers can connect.
Default: True
Controls the amount of bandwidth that the host can use when connected to a viewer. In some installations, the host must co-exist with other networked applications and must not try to use all the bandwidth, which it may do if large bitmaps or animations are being displayed. This setting always overrides the corresponding viewer setting if it is more restrictive. For example, if the viewer specifies Unlimited but the host specifies 1MBIT, then 1MBIT is used. The smallest value is the specified value for the connection.
Valid values are as follows:
Default: Unlimited
Controls whether the host disables the menu and window animation effects provided by Windows. You can set this and other visual effects to improve performance by decreasing the amount of video data transmitted by the host. This overrides the corresponding viewer setting.
Default: False
Controls whether the host disables the visual styles and effects provided by Microsoft Windows. This includes the animation effects used by the common controls, the taskbar, and themes. You can set this and other visual effects to improve performance by decreasing the amount of video data transmitted by the host. This overrides the corresponding viewer setting.
Default: False
Specifies the inactivity timeout period in seconds, that is, the maximum time a viewer can be connected to a host and be inactive before a timeout occurs. Only controlled remote control sessions are subject to inactivity timeouts. View-only sessions are not affected by the inactivity timer.
If set to 0 (zero), the inactivity timer is disabled.
Default: 0
Specifies the login timeout period in seconds, that is, the maximum time a login from a viewer to a host can take before a timeout occurs. This includes the time taken to answer a confirmation dialog (if Require local confirmation is set).
Default: 120
Specifies the action the host computer should take after a normal disconnect from a viewer user. Valid values are as follows:
Default: Do nothing
When the Require local confirmation host property is True and a viewer connects, the host user is prompted to confirm the connection. However, if the Windows login window is visible, the host will refuse by default to connect because it assumes that nobody is available to confirm the connection. If Override confirm at login is set to Allow, the local host user confirmation requirement is overridden and the host accepts the connection. If Override confirm at login is set to Prompt, the connection confirmation dialog appears. If this setting is Deny, the Require local confirmation setting remains valid.
If a meeting mode connection is requested and the Windows login window is visible, the local host user confirmation requirement is not overridden and the connection confirmation dialog appears independent of the Override confirm at login setting.
Default: Deny
Requires a local confirmation from the host user when a viewer connects regardless of the viewer user permissions. If False, the viewer user permissions control whether confirmation is required. This feature can be used with Require local confirmation password.
Default: False
Indicates whether a local confirmation password is required. When the Require local confirmation host property is True and a viewer connects, the host user is prompted to confirm the connection by clicking Yes. However, if the Require local confirmation password property is also set to True for increased security purposes, Remote Control prompts for the password of the currently logged on user before permitting the connection to proceed.
Default: False
Indicates whether a meeting confirmation password is required. When the Enable meeting host property is True and the Require meeting confirmation password property is also set to True, Remote Control prompts for the password of the host user before permitting a meeting session to proceed. If additional viewers join the meeting, the host’s password will be required only to confirm the first connection request.
If Require local confirmation is False, but the Require local confirmation password property is True, the confirmation will be password protected.
Default: True
Specifies the full URL of a static HTML page to be shown on the host during secure control sessions. This setting is effective only if the Show HTML Secure Control Message policy is enabled. The URL must point to a page that does not require scripts or active content to display correctly. If the page is hosted on a web server, it must permit anonymous access. Leave this setting empty for a default message.
Example: http://myserver/rcmessage.html
Default: empty
Enables the display of a static HTML page to be used for the "Remote Control Session in Progress" message shown on the host computer during Remote Control secure control connections.
Default: True
Indicates whether the host will always start up in a locked state. This is useful in situations when the user wants to be able to decide whether someone can connect to the host computer. To enable the user to unlock, ensure that the Enable lock property is also set to True. If False, only a domain manager can unlock the host.
Default: False
When the host receives a logoff request from the viewer when it disconnects, this policy setting specifies the time in seconds to wait before the host logs off. A countdown dialog is displayed starting at this time.
Limits: 1–3000
Default: 30
When the host receives a reboot request from the domain manager or from a viewer when it disconnects, this policy setting specifies the time in seconds to wait before the reboot takes place. A countdown dialog is displayed starting at this time.
Limits: 1–3000
Default: 30
Linux: Specifies that X Display Manager Control Protocol (XDMCP) be used to display the login screen for a remote control session in secure mode.
Note: Local XDMCP connections must be enabled in your display manager configuration before setting this option.
Default: False
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|
