Properties that can be set in the target configuration

You can configure target properties either during or after installation. The operating system on the target system determines which properties can be configured. The target properties determine the actions that can be carried out during a peer-to-peer session. If you set a server URL and set the Managed property to Yes, the actions are determined by the policies that are set on the Remote Control server.

For more information about which properties are configurable in each operating system, see Operating systems that the property is configurable in.
Windows systems
The target properties are saved in the target registry. Edit the target registry to modify the properties:
  1. On a 64-bit system, all the 32-bit registry keys are under the Wow6432Node key. For example: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\BigFix\Remote Control\Target
    Note: On a 32-bit system, go to HKEY_LOCAL_MACHINE\SOFTWARE\BigFix\Remote Control\Target
  2. Right-click the required property and select Modify
  3. Set the required value and click OK.
  4. Restart the target service.
Linux systems
The target properties are saved to the /etc/trc_target.properties file. Edit the file after installation to configure the target.
  1. Edit the trc_target.properties file.
  2. Modify the required properties.
  3. Save the file.
  4. Restart the target service.
macOS devices
You can configure the properties in the trc_target.cfg file when you install the target. For more information, see Installing the BigFix Remote Control Target for macOS by using the .pkg file. The target properties are saved to /Library/Preferences/com.bigfix.remotecontrol.target.plist. To modify a target property, complete the following steps:
  1. Open the Terminal.app.
  2. To modify a property, enter the following command.

    sudo defaults write /Library/Preferences/com.bigfix.remotecontrol.target.plist Keyword Value

    Where Keyword is the property name and Value is the value for the property. For example,

    sudo defaults write /Library/Preferences/com.bigfix.remotecontrol.target.plist LogLevel 4

  3. Restart the target.
    • For BigFix Remote Control version 10 update 6 or earlier
      1. Click Remote Control Target > Quit Remote Control Target
      2. Open the Remote Control Target app
    • For BigFix Remote Control version 10 update 7
      1. Enter sudo launchctl unload /Library/LaunchDaemons/RCTargetDaemon.plist
      2. Enter sudo launchctl load /Library/LaunchDaemons/RCTargetDaemon.plist

Target property definitions

Table 1. Installation option descriptions
Target property

Default
Value

 Description
ServerURL Blank For the target to register with the server and take part in remote control sessions that are started from the server, provide the Remote Control server URL in the format: http://servername/trc, where servername is the fully qualified name of yourRemote Control server.

For example, http://trcserver.example.com/trc

Note: If you provide a server URL and you want the target to take part only in remote control sessions that are started from the server, set AllowP2P to No.
ProxyURL Blank Host name or IP address for a proxy server, if you are using one.
BrokerList Blank The list of host names or IP addresses of the brokers and their ports, that you want the target to connect to. In the format, hostname1:port,hostname2:port,hostname3:port.
GroupLabel Blank A target group name that the target is made a member of when the configuration is applied. This target group must exist in the Remote Control database.
Note: The GroupLabel property can be used only if the target is not already registered with the server. If the target is already registered, it is not assigned to the target group. The allow.target.group.override property in the trc.properties file on the server must be set to Yes for the GroupLabel property value to be applied.
Note:
  • The allow.target.group.override property in the trc.properties file on the server must be set to Yes for the GroupLabel property value to be applied when the target is not already registered with the server.
  • The allow.override.at.triggered.callhomes property in the trc.properties file on the server must be set to Yes for the GroupLabel property value to be applied when the target performs periodic callhomes after the target has registered with the server.
  • You can specify a single target group name or a list of target groups with a semicolon separator in the format Group1;Group2.
PortToListen 888 Specify the TCP port that the target listens on. The default value for the BigFix® Remote Control Target for macOS is 8787.
AllowP2P Yes Used to enable peer-to-peer mode. Use this parameter to enable peer to peer connections regardless of the server status. Default value is No
No
A peer-to-peer session cannot be established between a controller and this target. If a ServerURL is provided, the targets can take part only in remote control sessions that are initiated from the server.
Yes
A peer-to-peer session can be established between a controller user and this target.
Note: If this option is Yes and a server URL is provided, the target can take part in both peer-to-peer sessions and sessions that are initiated from the server.
AllowP2PFailover No Use this parameter to enable failover to peer-to-peer mode when the server is down or unreachable. AllowP2P must also be set to Yes. Default value is No.
No
The session does not failover to peer-to-peer mode when the server is down or unreachable.
Yes
The session does failover to peer-to-peer mode when the server is down or unreachable.
FIPSCompliance No Use this property to enable the use of a FIPS-certified cryptographic provider for all cryptographic functions. For more information about enabling FIPS compliance, seeFederal information processing standard (FIPS 140-2) compliance in Remote Control.
Note: If you enable FIPS compliance on the target, you must also enable FIPS compliance on the controller components that are installed. Only the IBM® Java Run-time Environment (JRE) is supported in FIPS-compliant mode and the JRE is installed when you install the controller software. To enable FIPS compliance on the controller, complete the following steps.
  1. Edit the trc_controller.cfg file on the system that the controller is installed on.
    Windows systems
    [controller installation dir]\trc_controller.cfg

    where [controller installation dir] is the directory that the controller is installed in.

    Linux systems
    opt/BigFix/trc/controller/trc_controller.cfg
  2. Set the fips.compliance property to Yes and save the file.
SP800131ACompliance No Select this option to enforce NIST SP800-131A-compliant algorithms and key strengths for all cryptographic functions. For more information about enabling NIST SP800-131A compliance, see NIST SP800-131A compliance in Remote Control.
Note: If you enable NIST SP800-131A compliance on the target, you must also enable NIST SP800-131A compliance on the controller components that are installed. Only the IBM® Java Run-time Environment (JRE) is supported in NIST SP800-131A compliant mode and the JRE is installed when you install the controller software. To enable NIST SP800-131A compliance on the controller, complete the following steps.
  1. Edit the trc_controller.cfg file on the system that the controller is installed on.
    Windows systems
    [controller installation dir]\trc_controller.cfg

    where [controller installation dir] is the directory that the controller is installed in.

    Linux systems
    opt/BigFix/trc/controller/trc_controller.cfg
  2. Set the sp800131A.compliance property to Yes and save the file.
Accessibility No Select this option to enable the accessibility UI. Available only on Windows operating system.
LogLevel 2

The log level determines the types of entries and how much information is added to the log file. Default value is 2.

0 - Logging is set to a minimal level.

1 - Logging is set to ERROR level.

2 - Logging is set to INFO level.

4 - Logging is set to DEBUG level.

Note: Use Log Level = 4 only by request from HCL support.
LogRollover Daily

Controls the period after which a new log file is started. This period must be shorter than the LogRotation period, therefore not all combinations are valid. LogRollover cannot be disabled. Default value is Daily.

Hourly
Start a new log file on the hour. Recommended if the log is written to frequently or when you use a log level higher than 2.
Daily
Start a new log file every day.
LogRotation Weekly

Controls the period after which an older log file is overwritten. Log rotation can be disabled. Default value is Weekly.

Daily
Overwrite log files after 1 day. When LogRollover is set to Hourly, the suffix that is added to the log file name is 00H to 23H.
Weekly
Overwrite log files after 1 week. When LogRollover is set to Hourly, the suffix that is added to the log file name specifies the day and hour. Value can be Mon-00H to Sun-23H. When LogRollover is set to Daily, the suffix that is added to the log file name specifies the day. The value can be Mon to Sun.
Monthly
Overwrite log files after 1 month. 01-00H to 31-23H. When LogRollover is set to Hourly, the suffix that is added to the log file name specifies the numeric day of the month and the hour. Value can be 01-00H to 31-23H. When LogRollover is set to Daily, the suffix that is added to the log file name specifies the numeric day of the month. The value can be 01 - 31.
Disabled
LogRotation is disabled. When LogRollover is set to hourly, the suffix that is added to the log file name specifies the current date and time. Value can be YYYY-MM-DD-hh. When LogRollover is set to Daily, the suffix that is added to the log file name specifies the current date. The value can be YYYY-MM-DD.
Table 2. Session option properties.
Target property Default Value Description
AllowMonitor Yes Determines whether the target can take part in monitor peer-to-peer sessions. For information about the different types of remote control session that can be established, see Types of remote control sessions that can be established.
Yes
The target can take part in monitor peer-to-peer sessions. The Monitor option is available for selection in the session type list in the controller window. The Open connection window also lists a Monitor option.
No
The target cannot take part in monitor peer-to-peer sessions. The Monitor option is not available in the session type list in the controller window.
AllowGuidance Yes Determines whether the target can take part in guidance peer-to-peer sessions.
Yes
The target can take part in guidance peer-to-peer sessions. The Guidance option is available in the session type list in the controller window. The Open connection window also lists a Guidance option.
No
The target cannot take part in guidance peer-to-peer sessions. The Guidance option is not available in the session type list in the controller window.
AllowActive Yes Determines whether the target can take part in active peer-to-peer sessions.
Yes
The target can take part in active peer-to-peer sessions. The Active option is available in the session type list in the controller window. The Open connection window also contains an Active option.
No
The target cannot take part in active peer-to-peer sessions. The Active option is not available in the session type list in the controller window.
DisableChat No Determines the ability to start a chat session with the target and also chat to the controller user during a peer-to-peer session.
Yes
If Chat Only is chosen as the connection type on the open connection screen, the session is refused. During the session, the chat icon is not available in the controller window.
No
A Chat Only session can be initiated from the open connection window. During the session, the chat icon is available in the controller window.
DisableFilePull No Determines the ability to transfer files from the target to the controller during the session.
Yes
Files cannot be transferred from the target to the controller.
No
Files can be transferred from the target to the controller.
DisableFilePush No Determines the ability to transfer files from the controller to the target during the session.
Yes
Files cannot be transferred from the controller to the target.
No
Files can be transferred from the controller to the target.
DisableClipboard No Determines the availability of the clipboard transfer menu in the controller UI in a peer-to-peer session. Use the menu to transfer the clipboard content between the controller and target during a remote control session.
Yes
The clipboard transfer menu is not available during the session to transfer the clipboard content to and from the target.
No
The clipboard transfer menu is available during the session.
AllowRecording Yes The controller user can make and save a local recording of the session in the controlling system.
Yes
The record option is available in the controller window.
No
The record option is not available in the controller window.
AllowCollaboration Yes Use this property to allow more than one controller to join a session. Determines the availability of the collaboration icon on the controller window.
Yes
The collaboration icon is available in the controller window.
No
The collaboration icon is not available in the controller window.
AllowHandover Yes The master controller in a collaboration session, can hand over control of the session to a new controller. Determines the availability of the Handover button on the collaboration control panel.
Yes
The Handover button is displayed in the collaboration control panel.
No
The Handover button is not displayed in the collaboration control panel.
AllowForceDisconnect No Determines whether a Disconnect session button is available in the message window that is displayed when you attempt to connect to the target. You can use the Disconnect session option to disconnect the current session.
Yes
The disconnect button is displayed in the message window.
No
The disconnect button is not displayed in the message window.
ForceDisconnectTimeout 45 Number of seconds you must wait for the controller user to respond to the prompt to disconnect the current session. If they do not respond in the time that is given, they are automatically disconnected from the session. The timer takes effect only when AllowForceDisconnect and CheckUserLogin are set to Yes. The default value is 45.
AutoWinLogon Yes Determines whether a session can be started when no users are logged on at the target.
Yes

Session is started with the target.

No
Session is not started and the following message is displayed. Session rejected because there is no user logged to confirm the session
RunPreScript No Determines whether a user-defined script is run before the remote control session starts. The script is run just after the session is allowed but before the controller user has access to the target. The outcome of running the script and the continuation of the session is determined by the value that is set for Proceed on pre/post-script failure.
Yes
When a remote control session is requested, the defined script is run before the controller user has access to the target.
No
No script is run before the session.
For more information about setting up pre and post session scripts, see the BigFix® Remote Control Administrator's Guide.
RunPostScript No Determines whether a user-defined script is run after the remote control session finishes.
Yes
When a remote control session ends, the user-defined script is run.
No
No script is run after the session.
For more information about setting up pre and post session scripts, see the BigFix® Remote Control Administrator's Guide.
ProceedOnScriptFail No The cction to take if the pre-script or post-script execution fails. A positive value or 0 is considered a successful run of the pre-script or post-session script. A negative value, a script that is not found, or not finished running within 3 minutes is considered a failure.
Yes
If the pre-script or post-script run fails, the session continues.
No
If the pre-script or post-script run fails, the session does not continue and ends.
WorkaroundW2K3RDP No Automatically reset the console after a Remote Desktop console session. When a Remote Desktop user uses the /admin or /console option to start a Remote Desktop session with a Windows Server 2003 system and a user starts a remote control session with this target before, during or after the Remote Desktop session, remote control is unable to capture the display. The result is that a gray screen is shown in the controller. This issue is a limitation in Windows Server 2003 operating systems. Therefore, this property introduces a workaround that will reset the Windows session either after each Remote Desktop session ends, or before a remote control session starts, depending on the value Yes.
0
The workaround is disabled. This value is the default value.
1
Reset the session automatically when a remote control session is started.
Note: The Windows session takes a couple of minutes to initialize and a blank desktop is displayed on the controller until the initialization is complete. A message informs the controller user that the session is being reset and it might take a few minutes.
2
Reset the session automatically when the Remote Desktop user logs out.
EnableTrueColor No

Determines whether the target desktop is displayed in high-quality colors in the controller window at the start of a session. Used together with Lock color quality.

Yes.
The target desktop is displayed in true color 24-bit mode at the start of the session. Partial screen updates are also enabled.
No.
The target desktop is displayed in 8-bit color mode at the start of the session. Partial screen updates are also enabled. This value is the default value.
LockColorDepth No

Determines whether the color quality that a remote control session is started with can be changed during the session. Used together with Enable high quality colors.

Yes.
The initial color quality, for the remote control session, is locked and cannot be changed during the session. The Performance settings icon is disabled in the controller window. The controller user cannot change settings to improve the session performance if their network is slow.
No.
The color quality can be changed during the session. The Performance settings icon is enabled in the controller window.
RemoveBackground No If a desktop background image is set on the target, this property can be used to remove the background from view during a remote control session.
Yes.
The desktop background image on the target is not visible during a remote control session.
No.
The desktop background image on the target is visible during a remote control session.
NoScreenSaver No Stops the target from sending screen updates when it detects that the screen saver is active.
Yes.
While the screen saver is active on the target system, the target stops transmitting screen updates. The controller displays a simulated screen saver so that the controller user is aware that a screen saver is active on the remote display. The controller user can remove the screen saver by pressing a key or moving the mouse.
No.
A simulated screen saver is not displayed in the session window. The target screen is displayed as normal and the target continues to transmit screen updates.
Managed Yes Determines whether the target registers with the Remote Control server.
Yes.
The target registers with the Remote Control server and periodically contacts the server.
No.
The target does not register with the Remote Control server. The target can take part only in peer-to-peer sessions.
Table 3. User acceptance property descriptions
Target property

Default
Value

 Description
ConfirmTakeOver Yes Determines whether the acceptance window is displayed on the target, when a remote control session is requested.
Yes
The user acceptance window is displayed and the target user can accept or refuse the session.
No
The user acceptance window is not displayed and the session is established.
ConfirmModeChange Yes Determines whether the user acceptance window is displayed when the controller user selects a different session mode from the session mode list on the controller window.
Yes
The user acceptance window is displayed each time a session mode change is requested and the target user must accept or refuse the request.
No
The user acceptance window is not displayed and the session mode is changed automatically.
ConfirmFileTransfer Yes Determines whether the user acceptance window is displayed when the controller user selects to transfer files between the target and the controller.
Yes
The acceptance window is displayed in the following two cases. The target user must accept or refuse the file transfer.
  • The controller user selects pull file from the file transfer menu on the controller window. The target user must select the file that is to be transferred after they accept the request.
  • The controller user selects send file to controller from the Actions menu in the target window.
No
The acceptance window is not displayed and files are transferred automatically from the target to the controller system when requested.
ConfirmSysInfo Yes Determines whether the user acceptance window is displayed when the controller user requests to view the target system information.
Yes
When the controller user clicks System information in the controller window, the user acceptance window is displayed. The target user must accept or refuse the request. If the target user clicks accept, the target system information is displayed in a separate window on the controller system. If they click refuse, a message is displayed on the controller and the system information is not displayed.
No
The target system information is displayed automatically when the controller user clicks the system information icon.
ConfirmRecording Yes Determines whether the user acceptance window is displayed when the controller user clicks the record icon on the controller window.
Yes
When the controller user clicks the record icon on the controller window, a message window is displayed. If the target user clicks Accept, the controller user can select a directory to save the recording to. If the target user clicks Refuse, a recording refused message is displayed to the controller.
Note: After the target user accepts the request for recording, if the controller user stops and restarts local recording, the acceptance window is not displayed.
No
When the controller user clicks the record icon on the controller window, the message window is not displayed. The controller user can select a directory to save the recording to.
ConfirmCollaboration Yes Determines whether the user acceptance window is displayed when another controller user requests to join a collaboration session with a target.
Yes
When the controller user tries to join the collaboration session, the user acceptance window is displayed. The target user must accept or refuse the request to allow the additional controller to join the session. If the target user clicks accept, the additional controller joins the collaboration session. If they click refuse, a message is displayed on the controller system and the additional controller cannot join the collaboration session.
No
The additional controller automatically joins the collaboration session when they try to connect to the master controller of the session.
AcceptanceGraceTime 45 Sets the number of seconds to wait for the target user to respond before a session starts or times out, used with Confirm incoming connections.
  • Acceptable values 0 - 60. If set to 0, the target user is not asked to respond to the session request.
Note: If Confirm incoming connections is Yes, Acceptance grace time must be set to a value >0 to provide the target user with enough time to respond.
AcceptanceProceed No The action to take if the user acceptance window timeout lapses. The target user did not click accept or refuse within the number of seconds defined for Acceptance grace time.
Yes
Session is established.
No
Session is not established.
HideWindows No Determines whether the Hide windows check box is displayed on the user acceptance window when Confirm incoming connections is also set to Yes.
Yes
The Hide windows check box is displayed on the user acceptance window.
No
The Hide windows check box is not visible on the user acceptance window.
DisableGUI_CLI No Lets the user to send actions to the target through command line.
Yes
The GUI command line interface is disabled.
No
The GUIcommand line interface is enabled.
Note: The command line interface is only available in managed mode and when the BrokerList property is not empty.
Table 4. Security property descriptions
Target property Default Value Description
CheckUserLogin Yes Determines whether a logon window is displayed when the controller user clicks a session type button on the Open Connection window.
Yes
The logon window is displayed and the controller user must log on with a valid Windows operating system ID and password. If the logon credentials are invalid, the target refuses the session.
No
The logon window is not displayed and the session is established.
CheckUserGroup see description Default value.
Windows systems
BUILTIN\Administrators
Linux systems
wheel

When CheckUserGroup has a value set, the user name that is used for authentication must be a member of one of the groups that are listed. If the user is not a member, the session is refused. Multiple groups must be separated with a semicolon. For example, wheel;trcusers

Note: By default, on Windows systems, only the Administrator user is granted access. On Linux systems, by default no users are granted access. To resolve this issue, complete one of the following steps.
  1. To also grant administrator rights to the users, make them members of the Administrators group on Windows systems or the wheel group on Linux systems.
  2. For users with no administrator rights, complete the following steps.
    1. Create a group or use an existing group. For example, the following command can be run as root:

      groupadd trcusers

      .
    2. Add the users to this group. For example, the following command can be run as root to add bsmith to trcusers:

      usermod -a -G trcusers <bsmith>

    3. Add the group to the list in the Authorized user group field.
AuditToSystem Yes Determines whether the actions that are carried out during remote control sessions are logged to the application event log on the target. This file can be used for audit purposes.
Yes
Entries that correspond to each action that is carried out during the session, are logged in the application event log of the target.
No
No entries are logged to the application event log.
AutoSaveChat No Determines whether the chat text, entered during a chat session, can be saved.
Yes
The chat text is saved as an html file. The file is chat-username-date.html, where username is the display name of the logged on user on the controller machine in a peer-to-peer session. In managed mode username is the display name for the controller user that is on the server. The date is in the format YYYYMMDD. The file is saved in the working directory of the target. The location of the working directory is defined by the target property WorkingDir. For example, on Windows systems, the file is saved to

c:\ProgramData\BigFix\Remote Control.

On Linux systems, the file is saved to /var/opt/bigfix/trc/target/.
On Mac systems, the file is saved to /Users/<user>/Library/Application Support/com.bigfix.remotecontrol.target.
No
The chat text is not saved to a file.
EnableFileTransferSystemAccess No Determines whether the file transfer session allows for target file system access using System privileges (Windows) or root privileges (Linux). This option is valid for peer to peer sessions only.
Yes
The file transfer session uses System privileges (Windows) or root privileges (Linux) on the target file system.
No
The file transfer session uses the privileges of the logged on user on the target file system.
Note: If the option is set to No, and there is no logged on user on the target during the file transfer session, an error message is displayed.
SessionDisconnect No Determines whether the target computer is automatically locked when the remote control session ends. Allowed value: lock.

When you set the value to lock, the target computer is automatically locked at the end of the session. If the property is blank or set to another value, the target computer is not automatically locked at the end of the session.
AllowPrivacy Yes Determines whether a controller user can lock the local input and screen of the target in a remote control session. Determines the visibility of the Enable Privacy option on the controller window.
Yes
The Enable Privacy option is available in the Perform Action in target menu in the controller window.
No
The Enable Privacy option is not available in the Perform Action in target menu in the controller window.
AllowInputLock Yes This property works with Allow privacy and on its own. You can use Allow input lock to lock the target users mouse and keyboard during a remote control session.
Yes
The lock target input menu item is enabled, in the Perform action in target menu in the controller window. Select lock target input to lock the target users mouse and keyboard during a remote control session. The target screen is still visible to the target user.
No
The lock target input menu item is not enabled in the Perform action in target menu in the controller window.
Note: If the option to Enable Privacy is Yes during a session, the remote user input is automatically locked. It is not possible to enable privacy without also locking the input.
EnablePrivacy No Determines whether the local input and screen are locked for all sessions. Therefore, the target user cannot input or do anything on the target while in a remote control session.
Yes
The target screen is blanked out by the privacy bitmap when the session starts, preventing the target user from interacting with the screen while in the session. The target desktop is still visible to the controller user in the controller window.
No
The target screen is not blanked out when the session is started and the target user can interact with the screen.
EnableInputLock No This property works with Enable privacy. When privacy mode is enabled, use Enable input lock to determine whether the target user can view their screen, during a remote control session.
Yes
The target screen is visible to the target user during the session, while in privacy mode but the mouse and keyboard control is locked.
No
The target screen is not visible to the target user. The privacy bitmap is displayed on the target during the session. The target users mouse and keyboard input is also disabled.
Note: Enable privacy must be Yes for Enable input lock to take effect.
DisablePanicKey No Determines whether the Pause Break key can be used by the target user to automatically end the remote control session.
Yes
The target user cannot use the Pause Break key to automatically end the remote control session.
No
The target user can use the Pause Break key to automatically end the remote control session.
EnableOSSN No Determines whether a semi-transparent overlay is displayed on the target computer to indicate that a remote control session is in progress. Use this property when privacy is a concern so that the user is clearly notified when somebody can remotely view or control their computer.
Yes
The semi-transparent overlay is displayed on the target screen with the text Remote Control and what type of remote control session is in progress. For example, Remote Control - Active Mode. The overlay does not intercept keyboard or mouse actions. The user is still able to interact with their screen.
No
No overlay is displayed on the target computer.
Note: This policy is only supported on targets where a Windows operating system installed.
DisableGUI No Determines whether the target UI is visible when the remote control session is starting and also during the session.
Note: This option works only when the target is installed in peer-to-peer mode and the Managed target property is set to No. This option is ignored when applied to any targets that were installed by using the Remote Control server mode when a server URL was supplied.
Yes
The target UI is not visible on the target and the target user is not aware that the session is started. The Remote Control target icon is not visible in the Windows system tray.
No
The target UI is displayed on the target as the session is starting and is available to the target user during the remote control session.

Operating systems that the property is configurable in

Table 5. Operating systems that the property is configurable in
Property name Windows Linux macOS
ServerURL * * **
ProxyURL * * **
BrokerList * * *
GroupLabel * * **
PortToListen * * *
AllowP2P * * *
AllowP2PFailover * * **
FIPSCompliance * *
SP800131ACompliance * *
Accessibility *
LogLevel * * *
LogRollover * * *
LogRotation * * *
AllowMonitor * * *
AllowGuidance * * *
AllowActive * * *
DisableChat * * *
DisableFilePull * * *
DisableFilePush * * *
DisableClipboard * *
AllowRecording * * *
AllowCollaboration * * *
AllowHandover * * *
AllowForceDisconnect * *
ForceDisconnectTimeout * *
AutoWinLogon * * **
RunPreScript * *
RunPostScript * *
ProceedOnScriptFail * *
WorkaroundW2K3RDP *
EnableTrueColor * * *
LockColorDepth * * *
RemoveBackground *
NoScreenSaver *
Managed * * **
ConfirmTakeOver * * *
ConfirmModeChange * * *
ConfirmFileTransfer * * *
ConfirmSysInfo * * *
ConfirmRecording * * *
ConfirmCollaboration * * *
AcceptanceGraceTime * * *
AcceptanceProceed * * *
HideWindows * *
CheckUserLogin * *
CheckUserGroup * *
AuditToSystem * * *
AutoSaveChat * * *
EnableFileTransferSystemAccess * * **
SessionDisconnect * *
AllowPrivacy *
AllowInputLock *
EnablePrivacy *
EnableInputLock *
DisablePanicKey *
EnableOSSN *
DisableGUI * **
DisableGUI_CLI * * **
Note: ** Property supported starting from macOS Remote Control target V10 Update 7.