Session policies for unregistered targets

The set of session policies available for unregistered targets is divided into two sections. The core policies cater for remote support actions during a session. The extended policies cater for the session administration actions during a session. The core policies are always visible on the Set Permissions for Unregistered Targets screen. Click Show in the More permissions section to set values for the extended policies.

Core policies

For more information about setting session policies, see Setting session permissions for unregistered targets.
Policy list definitions
Security policies
Reboot
To send a restart request to the target computer to allow it to be rebooted remotely. Determines whether Reboot is available as a session mode option on the start session panel.
Set to Yes
Reboot is displayed as an option on the start session panel.
Set to No
Reboot is not displayed as an option on the start session panel.
Allow multiple Controllers
To enable collaboration to allow more than one controller to join a session. Determines the availability of the collaboration option on the controller window. For details about collaboration sessions that involve multiple participants, see the BigFix® Remote Control Controller User's Guide.
Set to Yes
The collaboration icon is available in the controller window.
Set to No
The collaboration icon is not available in the controller window.
Allow local recording
To make and save a local recording of the session on the controlling system. Determines the availability of the record icon in the controller window. For details of recording sessions, see the BigFix® Remote Control Controller User's Guide.
Set to Yes
The record icon is available in the controller window.
Set to No
The record icon is not available in the controller window.
Enable On-screen Session Notification
Determines whether a semitransparent overlay is displayed on the target computer, indicating that a remote control session is in progress. Must be used when privacy is a concern to ensure that the target user is clearly notified when somebody is remotely viewing or controlling their computer.

Set to Yes

The semitransparent overlay is displayed on the target screen, together with the text Remote Control. The type of remote control session that is in progress is also displayed. The overlay does not intercept keyboard or mouse actions, therefore the user can still interact with their screen.

Set to No

The overlay is not displayed on the target computer.

Note: This policy is only supported on targets that have a Windows operating system installed.
Inactivity timeout
Number of seconds to wait until the connection ends if there is no session activity. Set this value to 0 to disable the timer so that the session does not end automatically. The minimum timeout value is 60 seconds. For values 1 - 59, the session times out after 60 seconds of inactivity.
Note: The inactivity timeout value applies to Active session mode only. The session does not end automatically when other session modes are used.
The default value is 0.
Auditing policies
Force session recording
All sessions are recorded and the session recordings are uploaded and saved to the server.
Set to Yes
A recording of the session is saved to the server when the session ends. A link for playing the recording is also available on the session details panel.
Set to No
No recording is stored and therefore no link is available on the session details panel.
Force session audit
A log of auditable events is automatically stored on the server. Determines the visibility of these events on the session details panel.
Set to Yes
Controller and target events that took place during the session are displayed on the session details panel.
Set to No
Controller and target events are not displayed on the session details panel.
Control policies
Enable user acceptance for system information
Use this policy to display the user acceptance window on the target computer when the controller user selects to view the target system information.
Set to Yes
When the controller user clicks the system information icon in the controller window, the user acceptance window is displayed. The target user must accept or refuse the request to view the target system information. If the target user clicks accept, the target system information is displayed in a separate window on the controller system. If they click refuse, a message is displayed on the controller and the system information is not displayed.
Set to No
The target system information is displayed automatically when the controller user clicks the system information icon.
Enable user acceptance for file transfers
Use to display the user acceptance window on the target computer when the controller user selects to transfer a file from the target to the controller system.
Set to Yes
The acceptance window is displayed in the following two cases. The target user must accept or refuse the file transfer.
  • If the controller user selects pull file from the file transfer menu in the controller window.
    Note: The target user must select the file that is to be transferred after they accept the request.
  • If the controller user selects send file to controller from the Actions menu in the target window.
Set to No
The acceptance window is not displayed and files are transferred automatically from the target to the controller system when requested.
Enable user acceptance for mode changes
Use to display the user acceptance window on the target computer when the controller user selects a different session mode from the session mode list.
Set to Yes
The user acceptance window is displayed each time a session mode change is requested and the target user must accept or refuse the request.
Set to No
The user acceptance window is not displayed and the session mode is changed automatically.
Enable user acceptance for incoming connections
Use this policy to display the user acceptance window on the target computer when a remote control session is requested. The target user must accept or refuse the session.
Note: This policy works with Acceptance Grace Time and Acceptance timeout action
Set to Yes
The acceptance window is displayed and the target user has the number of seconds defined for Acceptance Grace time to accept or refuse the session.
Note:
  1. The target user also has the option of selecting a different session mode in the Acceptance window.
  2. The target user can hide any running applications by choosing the Hide applications option on the acceptance window. For more information about hiding applications, see the BigFix® Remote Control Controller User's Guide.
  3. When set to Yes, the Acceptance Grace time must be greater than 0 to give the target user time to accept or refuse the session.
Accept
The session starts.
Refuse
The session is not started and a message is displayed.
Set to No
The session is automatically established and the Acceptance window is not displayed on the target.
Allow clipboard transfer
Determines the availability of the clipboard transfer icon in the controller session window.
Set to Yes
The clipboard transfer icon is available for use in the controller window. Use this icon to transfer the clipboard content between the controller and the target.
Set to No
The clipboard transfer icon is not available for use in the controller window.
Allow session handover
The master controller in a collaboration session can use this feature to hand over control of the session to a new controller. Determines the availability of the Handover option on the collaboration control panel. For more information about the handover feature, see the BigFix® Remote Control Controller User's Guide.
Set to Yes
The Handover option is displayed in the collaboration control panel.
Set to No
The Handover option is not displayed in the collaboration control panel.
Enable user acceptance for collaboration requests
Use this policy to display the user acceptance window on the target computer when another controller tries to join a collaboration session. For details about joining collaboration sessions, see the BigFix® Remote Control Controller User's Guide.
Set to Yes
The user acceptance window is displayed on the target computer after the master controller accepts to share the session for collaboration. The target users response determines whether the additional controller is allowed to join the session.
Accept
The additional controller now joins the collaboration session.
Refuse
A message is displayed to the additional controller to inform them that the target refused the session, and they do not join the collaboration session.
If the target user does not respond to the user acceptance within the time that is defined in Acceptance Grace Time a message is displayed to the additional controller informing them that the target has refused the session and they do not join the collaboration session.
Set to No
The user acceptance window is not displayed on the target computer after the master controller accepts to share the session for collaboration. The additional controller automatically joins the session.
Enable user acceptance for local recording
Use this feature to display the user acceptance window when a controller user clicks the record icon in the controller window. The target user must accept or refuse the request to make a local recording of the remote control session.
Set to Yes

When the controller user clicks the record icon on the controller window, a message window is displayed. If the target user clicks Accept, the controller user can select a location to save the recording to. If the target user clicks Refuse, a refusal message is displayed to the controller user.

After the target user accepts the request, the acceptance window is not displayed again if the controller user stops and restarts a local recording in the same session.

Set to No
When the controller user clicks the record icon in the controller window, the controller user can select a location to save the recording to. The message window is not displayed.
Configuration policies
Active
Determines whether the target computer can take part in active sessions and also whether Active is available as a session mode on the start session panel. For details of the Active session mode, see the BigFix® Remote Control Controller User's Guide.
Set to Yes
Active is available for selection as a session mode in the start session panel.
Set to No
Active is not available for selection as a session mode in the start session panel.
Guidance
Determines whether the target computer can take part in guidance sessions and also whether Guidance is available as a session mode on the start session panel. For details of the Guidance session mode, see the BigFix® Remote Control Controller User's Guide.
Set to Yes
Guidance is available for selection as a session mode in the start session panel
Set to No
Guidance is not available for selection as a session mode in the start session panel
Monitor
Determines whether the target computer can take part in monitor sessions and also whether Monitor is available as a session mode on the start session panel. For details about the Monitor session mode, see the BigFix® Remote Control Controller User's Guide.
Set to Yes
The Monitor option is available as a session mode on the start session panel.
Set to No
The Monitor option is not available as a session mode on the start session panel.
Chat
Determines whether the target computer can take part in chat-only sessions and whether Chat is available as a session mode on the start session panel. For details about the Chat session mode, see the BigFix® Remote Control Controller User's Guide.
Set to Yes
Chat is available for selection as a session mode in the start session panel.
Set to No
Chat is not available for selection as a session mode in the start session panel.
Allow file transfer in session
Controls the transfer of files while in an Active session. Its value determines the availability of the Send file and Pull file options in the File Transfer menu within the controller window. For details about transferring files, see the BigFix® Remote Control Controller User's Guide.
Set to NONE
The Send file and Pull file options are not available. Files cannot be transferred.
Set to BOTH
The Send file and Pull file options are available for selection. Files can be transferred to the target and transferred from the target. Default value.
Set to PULL
Only the Pull file option is available. Files can be transferred from the target.
Set to SEND
Only the Send file option is available. Files can be transferred to the target.

Extended policies

Policy list definitions
Security policies
Set target locked
Determines whether the local input and display are locked for all sessions. The target user cannot use the mouse or keyboard on the target while in a remote control session.
Set to Yes
The target screen is blanked out when the session is started, preventing the target user from interacting with the screen while in the session. The target desktop is still visible to the controller user in the controller window.
Set to No
The target screen is not blanked out when the session is started and the target user is able to interact with the screen.
Allow input lock
Determines whether the controller user can lock the local input and display of the target when in a remote control session. Determines the visibility of the Enable Privacy option in the controller window.
Set to Yes
The Enable Privacy option is available in the Perform Action in target menu in the controller window. For more details about the controller window functions, see the BigFix® Remote Control Controller User's Guide.
Set to No
The Enable Privacy option is not available in the Perform Action in target menu in the controller window.
Allow input lock with visible screen
This property works both with Allow input lock and on its own. Use Allow input lock with visible screen to lock the target user's mouse and keyboard during a remote control session.
Set to Yes
The lock target input menu item is enabled in the Perform action in target menu, in the controller window. Select lock target input to lock the target user's mouse and keyboard during a remote control session. The target screen is still visible to the target user.
Set to No
The lock target input menu item is not enabled in the Perform action in target menu in the controller window.
Note: If Enable Privacy is selected during a session, the remote user input is automatically locked. It is not possible to enable privacy without also locking the input.
Display screen on locked target
Works with Set target locked, which you can use to enable privacy mode at session startup. Use Display screen on locked target to determine whether or not the target user can view their screen during a remote control session, when privacy mode is enabled.
Set to Yes
The target screen is visible to the target user during the session, while in privacy mode, but their mouse and keyboard control is locked.
Set to No
The target screen is not visible to the target user and the privacy bitmap is displayed during the session. The target user's mouse and keyboard input is also disabled.
Note: For Display screen on locked target to take effect, Set target locked must be set to Yes.
Disable Panic Key
Determines whether the Pause Break key can be used by the target user to automatically end the remote control session.
Set to Yes
The target user cannot use the Pause Break key to automatically end the remote control session.
Set to No
The target user can use the Pause Break key to automatically end the remote control session.
Auditing policies
Local Audit
Use to create a log of auditable events that take place during the remote control session. A trcaudit_date_time.log file is created, where date_time is the date and time that the session took place. For example, trcaudit_20130805_132527.log.
Set to Yes
Audit log is created and stored on the controller and target computer in the home directory of the currently logged on user.
Set to No
No log is created or stored on the controller or target computer.
Control policies
Enable high quality colors

Determines whether the target desktop is displayed in high-quality colors in the controller window at the start of a session. Used together with Lock color quality.

Set to Yes
The target desktop is displayed in true color 24-bit mode at the start of the session. Partial screen updates are also enabled.
Set to No
The target desktop is displayed in 8-bit color mode at the start of the session. Partial screen updates are also enabled. This value is the default value.
Stop screen updates when screen saver is active
Stops the target from sending screen updates when it detects that the screen saver is active.
Set to Yes
While the screen saver is active on the target system, the target stops transmitting screen updates. The controller displays a simulated screen saver to make the controller user aware that a screen saver is active on the remote display. The controller user can close the screen saver in the usual way by pressing a key or moving the mouse.
Set to No
No simulated screen saver is displayed in the session window. The target screen is displayed as normal and the target continues to transmit screen updates.
Hide windows
Determines whether the Hide windows check box is displayed in the user acceptance window when Enable user acceptance for incoming connections is also set to Yes.
Set to Yes
The Hide windows check box is displayed in the user acceptance window.
Set to No
The Hide windows check box is not displayed in the user acceptance window.
Remove desktop background
Use this policy to remove the target's desktop background image from view during a remote control session.
Set to Yes
The desktop background image on the target is not visible during a remote control session.
Set to No
The desktop background image on the target is visible during a remote control session.
Lock color quality

Determines whether the color quality that a remote control session is started with can be changed during the session. Used together with Enable high quality colors.

Set to Yes
The initial color quality, for the remote control session, is locked and cannot be changed during the session. The Performance settings icon is disabled in the controller window. The controller user cannot change settings to improve the session performance if their network is slow.
Set to No
The color quality can be changed during the session. The Performance settings icon is enabled in the controller window.
Acceptance timeout action

Action to take if the user acceptance window timeout lapses. The target user did not click accept or refuse within the number of seconds defined for Acceptance Grace time.

Abort
Session is not established. Default is Abort.
Proceed
Session is established.
Acceptance Grace Time
Sets the number of seconds to wait for the target user to respond before a session starts or times out. Used with Enable User Acceptance for incoming connections.
Note: If the Enable user acceptance for incoming connections policy is set to Yes, Acceptance Grace Time must be set to a value greater than 0 to give the target user time to respond.
Configuration policies
Allow automatic session handover
Determines whether a collaboration session is automatically handed over to another participant when the master controller loses connection to the broker. The policy applies only to collaboration sessions that you start through a broker. For more information about session resilience, see the BigFix® Remote Control Controller User's Guide.
Set to Yes.
If the master controller does not reconnect to the broker within 3 minutes, session control automatically passes to another participant. However, if user acceptance is enabled, the target user must accept or refuse the new master controller.
Set to No.
If the master controller does not reconnect to the broker within 10 minutes, the session terminates. This value is the default value.
Allow chat in session
Determines whether chat functions are available while in a remote control session and also the availability of the chat icon in the controller window. For details about the Chat function, see the BigFix® Remote Control Controller User's Guide.
Set to Yes
Chat icon is available for selection in the controller window.
Set to No
Chat icon is disabled in the controller window.
Policy List Values
Table 1. Acceptable and default policy values
Policy Possible Values Default value
Reboot yes | no yes
Allow multiple controllers yes | no yes
Allow local recording yes | no no
Set target locked yes | no no
Allow input lock yes | no no
Enable on-screen session notification yes | no yes
Allow input lock with visible screen yes | no no
Display screen on locked target yes | no no
Inactivity timeout number of seconds 360
Force session recording yes | no no
Local audit yes | no yes
Force session audit yes | no (live audit on server) yes
Disable Panic key yes | no no
Enable high quality colors yes | no no
Enable user acceptance for system information yes | no yes
Enable user acceptance for file transfers yes | no yes
Enable user acceptance for mode changes yes | no yes
Enable user acceptance for incoming connections yes | no yes
Allow clipboard transfer yes | no yes
Allow session handover yes | no yes
Enable user acceptance for collaboration requests yes | no yes
Stop screen updates when screen saver is active yes | no yes
Enable user acceptance for local recording yes | no yes
Hide windows yes | no no
Remove desktop background yes | no no
Lock color quality yes | no no
Acceptance timeout action abort | proceed abort
Acceptance Grace Time number of seconds 180
Allow chat in session yes | no yes
Allow automatic session handover yes | no no
Active yes | no yes
Guidance yes | no yes
Monitor yes | no yes
Chat yes | no yes
Allow file transfer in session none | pull | send | both both