Server session policies

Set to Yes.

Reboot is shown as an option on the start session screen.

Set to No.

Reboot is not shown as an option on the start session screen.

Set to Yes.

The collaboration icon is available for selection in the controller window.

Set to No.

The collaboration icon is not active in the controller window.

Set to Yes.

The record option is available for selection in the controller window.

Set to No.

The record option is not active in the controller window.

Set to Yes.

The target screen is blanked out when the session is started, preventing the target user from interacting with the screen while in the session. The target desktop is still visible to the controller user in the controller window.

Set to No.

The target screen is not blanked out when the session is started and the target user is able to interact with the screen.

Set to Yes.

The Enable Privacy option is available in the Perform Action in target menu in the controller window. For more information about the controller window functions, see the BigFix® Remote Control Controller User's Guide.

Set to No.

The Enable Privacy option is not available in the Perform Action in target menu in the controller window.

Set to Yes.

Session is started with the target.

Set to No.

Session is not started and the following message is displayed. Session rejected because there is no user logged to confirm the session

Set to Yes.

The target user cannot use the Pause Break key to automatically end the remote control session.

Set to No.

The target user can use the Pause Break key to automatically end the remote control session.

Set to Yes.

The semi-transparent overlay is shown on the target screen with the text Remote Control. The type of remote control session that is in progress is also displayed. The overlay does not intercept keyboard or mouse actions, therefore the user is still able to interact with their screen.

Set to No.

The overlay is not shown on the target computer.

Set to Yes.

The lock target input menu item is enabled in the Perform action in target menu, in the controller window. Select lock target input to lock the target users mouse and keyboard during a remote control session. The target screen is still visible to the target user.

Set to No.

The lock target input menu item is not enabled in the Perform action in target menu in the controller window.

Note: If Enable Privacy is selected, during a session, the remote user input is automatically locked. It is not possible to enable privacy without also locking the input.

Set to Yes.

In privacy mode, the target screen is visible to the target user during the session, but their mouse and keyboard control is locked.

Set to No.

In privacy mode, the target screen is not visible to the target user and the privacy bitmap is displayed during the session. The target users mouse and keyboard input is also disabled.

Set to Yes.

A recording of the session is saved to the server when the session ends. A link for playing the recording is also available on the session details screen.

Set to No.

No recording is stored and therefore no link is available on the session details screen.

Set to Yes.

The trcaudit log file is created and stored on the controller computer in the home directory of the currently logged on user.

The log can be viewed on a Windows target computer by using the event viewer. To access the Application Event Viewer click Start > Control Panel > Administrative Tools > Event Viewer > Application. On a Linux target, the events are stored in the messages file that is in the /var/log directory.

Set to No.

No log is created or stored on the controller or target computer.

Set to Yes.

Controller and target events that took place during the session are displayed on the session details screen.

Set to No.

Controller and target events are not displayed on the session details screen.

Set to Yes.

If Record the session in the target system is set to Yes and the session recording is successfully uploaded to the BigFix® Remote Control Server, a copy of the recording is also saved on the target system.

Set to No.

If Record the session in the target system is set to Yes and the session is recorded, a copy of the recording is not saved on the target system.

Set to Yes.

The session is recorded on the target and uploaded to the BigFix® Remote Control Server.

Note: However, if Force session recording is set to No, the session is not recorded.

Set to No.

The session is recorded on the controller and uploaded to the BigFix® Remote Control Server.

Determines whether the target desktop is displayed in high-quality colors in the controller window at the start of a session. Used together with Lock color quality.

Set to Yes.

The target desktop is displayed in true color 24-bit mode at the start of the session. Partial screen updates are also enabled.

Set to No.

The target desktop is displayed in 8-bit color mode at the start of the session. Partial screen updates are also enabled. This value is the default value.

Set to Yes.

The Enter key option is available in the Registry keys menu. Use the Enter key option to enter a registry key and lookup the value that is defined for it on the target. For more information about the Registry keys menu, see the BigFix® Remote Control Controller User's Guide.

Set to No.

The Enter key option is not available and the controller user cannot find out the values of the targets registry keys.

Set to Yes.

The list of up to 10 registry keys, which can be defined in the trc.properties file, is visible in the Registry keys menu. The controller user can select one to view the value for it on the target. For more information about editing the properties files, see Editing the properties files.

Note: If you set this policy to Yes, you must make sure that you define registry keys in the trc.properties file. Otherwise, if you click the menu item, nothing is shown.

Set to No.

The defined list of registry keys is not visible in the Registry keys menu.

Set to Yes.

When the controller user clicks the system information icon in the controller window, the user acceptance window is displayed. The target user must accept or refuse the request to view the target system information. If the target user clicks accept, the target system information is displayed in a separate window on the controller system. If they click refuse, a message is displayed on the controller and the system information is not displayed.

Set to No.

The target system information is displayed automatically when the controller user clicks the system information icon.

Set to Yes.

The acceptance window is displayed in the following two cases. The target user must accept or refuse the file transfer.

• If the controller user selects pull file from the file transfer menu on the controller window.
  Note: The target user must select the file that is to be transferred, after they accept the request.
• If the controller user selects send file to controller from the Actions menu in the target window

Set to No.

The acceptance window is not displayed and files are transferred automatically from the target to the controller system when requested.

Set to Yes.

The user acceptance window is displayed each time the controller user selects a new session mode. The target user must accept or refuse the request.

Set to No.

The user acceptance window is not displayed and the session mode is changed automatically.

Set to Yes.

The acceptance window is displayed and the target user has the number of seconds defined for Acceptance Grace time to accept or refuse the session.

Note:

1. The target user can also select a different session mode on the User Acceptance window.
2. The target user can hide any running applications by choosing the Hide applications option on the acceptance window. For more information about hiding applications, see the BigFix® Remote Control Controller User's Guide.
3. When set to Yes, the Acceptance Grace time must be > 0 to give the target user time to accept or refuse the session

Accept

The session is established.

Refuse

The session is not started and a message is displayed.

Set to No.

The session is started automatically and the User Acceptance window is not displayed on the target.

Determines whether a user-defined script is run after the remote control session finishes.

Set to Yes.

When a remote control session ends, the user-defined script is run. Complete the following steps to set up the scripts.

The script must be given the following name.

post_script. {ext}

Where {ext} is .cmd on a Windows™ system and .sh in UNIX™ or Linux™ systems.

The script must be placed in the following directory on the target.

Windows™ systems.

\%SYSTEMROOT%\scripts

Where SYSTEMROOT is the relevant Windows™ operating system directory.

UNIX™ or Linux™ systems.

/etc/scripts

Note: This directory must be owned by root and have the permissions 700 so that root can read, write, or execute. All other users must have no permissions. Otherwise, the script does not run and it fails. The success or failure of the execution of this script is logged in the audit log by the target.

Set to No.

No script is run after the session.

Determines whether a user-defined script is run before the remote control session starts. The script is run just after the session is allowed but before the controller user has access to the target. This policy is connected to Pre-script fail operation. The outcome of running the script and the continuation of the session is determined by the value that is set forPre-script fail operation.

Set to Yes.

When a Remote Control Session is requested, the defined script is run before the controller user has access to the target.

Defining Pre and Post scripts.

The script development is free from any constraint. Except for the need to allow them to run unattended and to use exit codes that can be correctly interpreted by Remote Control. Pre-scripts and post-scripts are supported on the following operating systems.

• Windows® (XP, 2003, Vista, 7)
• Linux® (SLES, RHLE)

When you develop scripts, you must adhere to the following rules:

• Define the scripts as batch files on a Windows® system (with extension .cmd) and as shell files on a Linux® system (with extension .sh).
• On Windows® systems, the scripts must be named pre_script.cmd and post_script.cmd. On Linux systems,™ they must be named pre_script.sh and post_script.sh.
• Copy the scripts into a directory that is called scripts that is in the installation directory of the Remote Control target. Make sure that they are executable just by root to avoid security exposures in Linux®.
  Note: This directory must be owned by root and have the permissions 700 so that root can read, write, or execute. All other users must have no permissions. Otherwise, the script does not run and it fails. The success or failure of the execution of this script is logged in the audit log by the target.
• The pre-script and post-scripts are run with system privileges and without validation to protect them from unauthorized access.
  Note: The installer creates the script directory with access just for administrators and localsystem on a Windows® system and for read/write/execute just for root on a Linux® system.
• Ensure that the scripts end within 3 minutes. If they run for longer, they cannot return a valid execution code. The administrator at the controller is notified that the timeout elapsed and an error occurred. The execution code indicates whether the script did run.
• Define a non-negative (greater than or equal to 0) exit code for the script to indicate that the script ran with success. Define a negative exit code to indicate that it ran with errors. Whenever an error occurs a message is reported to the controller. The exit code is shown and session fails to start.

Environment Variables

You can use the following environment variables in the pre-script and post-script.

RC_TIVOLI_ADMIN_NAME= Tivoli_administrator_name.

Where Tivoli_administrator_name specifies the Tivoli® administrator name on the controller as provided by the server.

RC_TIVOLI_ADMIN_LOGIN = Tivoli_administrator_name.

Where Tivoli_administrator_name specifies the Tivoli® administrator name on the controller as provided by the server.

RC_ACTION=action.

Where action specifies the following actions:

0

No actions.

1

Remote Control (Active, Guidance, or Monitor)

2

File Transfer.

3

Chat

4

Reboot

RC_GRACE_PERIOD= duration.

Where duration specifies the number of seconds to wait for the target user to respond before an activity starts or times out.

RC_PROCEED_IF_TIMEOUT= timeout.

Where timeout determines whether to start a session if the target user does not respond within the grace period. Possible values are,

1

Starts the session if the grace period times out.

0

Cancels the session if the grace period times out.

RC_STARTUP_STATE = startup_state .

Where startup_state specifies the initial state of a Remote Control action. Possible values are,

0

The action is started in monitor state (Monitor or Guidance).

1

The action is started in active state (Active).

RC_CHANGE_STATE= change_state

Where change_state determines whether the target user can change the state during a remote control session. Possible values are,

0

Not enabled.

1

Enabled (user can change from Active to Monitor/Guidance or vice versa).

Set to No.

No script is run before the session.

Set to Yes.

If the master controller does not reconnect to the broker within 3 minutes, session control automatically passes to another participant. However, if user acceptance is enabled, the target user must accept or refuse the new master controller.

Set to No.

If the master controller does not reconnect to the broker within 10 minutes, the session terminates. This value is the default value.

Set to Yes.

The clipboard transfer icon is available for use in the controller window. The controller user can transfer the clipboard content between the controller and the target.

Set to No.

The clipboard transfer icon is not available for use in the controller window.

Set to Yes.

The Handover option is displayed in the Collaboration control panel.

Set to No.

The Handover option is not displayed in the Collaboration control panel.

Set to Yes.

The user acceptance window is displayed on the target computer after the master controller accepts to share the session for collaboration. The target users response determines whether the additional controller is allowed to join the session.

Accept

The additional controller joins the collaboration session.

Refuse

A refusal message is displayed on the controller and the additional controller cannot join the collaboration session.

Timeout

If the target user does not respond to the user acceptance within the time that is defined in Acceptance Grace Time, a refusal message is displayed to the additional controller. The additional controller does not join the collaboration session.

Set to No.

The user acceptance window is not displayed on the target computer. After the master controller accepts to share the session for collaboration, the additional controller joins the session.

Set to Yes.

While the screen saver is active on the target system, the target stops transmitting screen updates. A simulated screen saver is displayed on the controller computer so that the controller user knows that a screen saver is active on the remote screen. The controller user can close the screen saver by pressing a key or moving the mouse.

Set to No.

No simulated screen saver is displayed in the session window. The target screen is displayed as normal and the target continues to transmit screen updates.

Set to Yes.

When the controller user clicks the record icon on the controller window, a message dialog is displayed. If the target user clicks Accept, the controller user can select a directory to save the recording to. If the target user clicks Refuse, a recording refused message is displayed to the controller.

Note: After the target user accepts the request for recording, if the controller user stops and restarts local recording, the acceptance window is not displayed.

Set to No.

When the controller user clicks the record icon on the controller window, the message window is not displayed. The controller user can select a directory to save the recording to.

Set to Yes.

The Hide windows check box is displayed on the user acceptance window.

Set to No.

The Hide windows check box is not displayed on the user acceptance window.

Set to Yes.

The desktop background image on the target is not visible during a remote control session.

Set to No.

The desktop background image on the target is visible during a remote control session.

Determines whether the color quality that a remote control session is started with can be changed during the session. Used together with Enable high quality colors.

Set to Yes.

The initial color quality, for the remote control session, is locked and cannot be changed during the session. The Performance settings icon is disabled in the controller window. The controller user cannot change settings to improve the session performance if their network is slow.

Set to No.

The color quality can be changed during the session. The Performance settings icon is enabled in the controller window.

Abort

If the pre-script or post-script run is a fail, the session does not continue.

Proceed

If the pre-script or post-script run is a fail, the session continues.

Action to take if the user acceptance window timeout lapses. The target user did not click accept or refuse within the number of seconds defined for Acceptance Grace time.

Abort

Session is not established. This value is the default value.

Proceed

Session is established.

Set to Yes.

File Transfer is available as a session mode in the start session window.

Set to No.

File Transfer is not available as a session mode in the start session window.

Set to Yes.

Chat icon is available for selection in the controller window.

Set to No.

Chat icon is disabled in the controller window.

Set to Yes.

Active is available as a session mode in the start session window.

Set to No.

Active is not available as a session mode in the start session window.

Set to Yes.

Guidance is available for selection as a session mode in the start session window.

Set to No.

Guidance is not available for selection as a session mode in the start session window.

Set to Yes.

Monitor is available for selection as a session mode in the start session window.

Set to No.

Monitor is not available for selection as a session mode in the start session window.

Set to Yes.

Chat is available as a session mode in the start session window.

Set to No.

Chat is not available as a session mode in the start session window.

Set to Send.

You can transfer files only to the target during a File Transfer session.

Set to Pull.

You can transfer files only from the target during a File Transfer session.

Set to Both.

You can transfer files to and from the target during a File Transfer session.

Set to NONE.

The Send file and Pull file options are not available for selection. No file transfers can be initiated.

Set to BOTH.

The Send file and Pull file options are available. Files can be transferred to the target and transferred from the target. This value is the default value.

Set to PULL.

Only the Pull file option is available. Files can be transferred only from the target.

Set to SEND.

Only the Send file option is available. Files can be transferred only to the target.