Installing the Windows target

The trc_target_setup.exe file is required to install the IBM® BigFix® Remote Control target component on a Windows™ system.

Before you begin

For details of how to obtain the Windows component installation files see, Install the IBM BigFix Remote Control components. Choose the appropriate method for obtaining the file.

About this task

Procedure

Run the trc_target_setup.exe file.
Click Next at the welcome screen.
Accept the license agreement. Click Next.
Accept the default location for the installation files, or click Change to select a different location.
Specify the host name of the IBM BigFix Remote Control server that the target connects to.
For example, trcserver.example.com.

Note: Select secure connections if you Selected. to use https during the server installation.
For advanced settings, click Advanced settings

Server port

The port must match the value that is entered for the Server port on Webserver parameter during the server installation.

Server Context

The server context is used as part of the URL for contacting the server. It must match the value that is entered after the '/' in the Path to URL field, on the Web server parameters screen during the server installation.

Use a FIPS certified cryptographic provider

Select this option to enable FIPS compliance on the target. For more information about enabling FIPS compliance, see Enable FIPS compliance on the target.

Enable NIST SP800-131A compliance (Enables FIPS)

Select this option to enable NIST SP800-131A compliance on the target. For more information about enabling NIST SP800-131A compliance, see NIST SP800-131A compliance in IBM BigFix Remote Control.
Click Next.
On the Proxy settings screen if you are not using a proxy server, click Next.
- To use a Proxy select Use a proxy server or a Remote Control Gateway.
  1. Type in the IP address or host name for the Proxy server.
  2. Type in the port that proxy server is listening on.
  3. Select whether you are using an HTTP proxy or a Remote Control Gateway.
  4. Select Proxy requires authentication if you must authenticate with the proxy server. Enter the ID and password for authenticating to the proxy server.
  5. Click Next.
Accept or change the port value to be used to listen for incoming remote control sessions. Click Next
Note: Your operating system might have a firewall that is installed by default. The inbound firewall rule for target port defaults to 888. Incoming TCP connections to that port must be open. If another port is configured instead for the IBM BigFix Remote Control sessions, the same applies. Also, traffic on the localhost loopback address 127.0.0.1 between trc_base, trc_gui, and trc_dsp on arbitrary ports must be allowed.

To enable failover to peer-to-peer mode, select one of the following options:

Regardless of server status

A peer to peer session can be established between a controller and this target directly if the server is available or not. Click Peer to Peer policies to set the local policies for the target to use during a peer to peer session. Click Next to move through the peer to peer policies screens.

Only when server is down or unreachable

A peer to peer session can be established only if the server is down or the target cannot connect to the server. Click Peer to Peer policies to set the local policies for the target to use during a peer to peer session. Click Next to move through the peer to peer policies screens.

Never

A peer to peer session is not allowed directly between a controller and this target. If you select this option, continue from step 11.

Peer to Peer policies

Session policies options

Table 1. Session policies options.
Installation option.	Target Property.	Default Value.	Description
Active	AllowActive	Selected.	Determines whether the target can take part in active peer to peer sessions. For more information about the different types of remote control session that can be started, see the IBM BigFix Remote Control Controller User's Guide. Selected. The target can take part in active peer to peer sessions and the Active option is available in the session type list in the controller window. The Open connection window also displays an Active option. Not selected. The target cannot take part in active peer to peer sessions and the Active option is not available in the session type list in the controller window.
Guidance	AllowGuidance	Selected.	Determines whether the target can take part in guidance peer to peer sessions. For more information about the different types of remote control session that can be started, see the IBM BigFix Remote Control Controller User's Guide. Selected. The target can take part in guidance peer to peer sessions and the Guidance option is available in the session type list in the controller window. The Open connection window also displays a Guidance option. Not selected. The target cannot take part in guidance peer to peer sessions and the Guidance option is not available n in the session type list in the controller window.
Monitor	AllowMonitor	Selected.	Determines whether the target can take part in monitor peer to peer sessions. For more information about the different types of remote control session that can be started, see the IBM BigFix Remote Control Controller User's Guide. Selected. The target can take part in monitor peer to peer sessions and the Monitor option is available in the session type list in the controller window. The Open connection window also displays a Monitor option. Not selected. The target cannot take part in monitor peer to peer sessions and the Monitor option is not available in the session type list in the controller window.
Enable high quality colors	EnableTrueColor	Not selected.	Determines whether the target desktop is displayed in high-quality colors in the controller window at the start of a session. Used together with Lock color quality. Selected. The target desktop is displayed in true color 24-bit mode at the start of the session. Partial screen updates are also enabled. Not selected. The target desktop is displayed in 8-bit color mode at the start of the session. Partial screen updates are also enabled. This value is the default value.
Lock color quality	LockColorDepth	Not selected.	Determines whether the color quality that a remote control session is started with can be changed during the session. Used together with Enable high quality colors. Selected. The initial color quality, for the remote control session, is locked and cannot be changed during the session. The Performance settings icon is disabled in the controller window. The controller user cannot change settings to improve the session performance if their network is slow. Not selected. The color quality can be changed during the session. The Performance settings icon is enabled in the controller window.
Remove desktop background	RemoveBackground	Not selected.	If the target has a desktop background image set, this property can be used to remove the background from view during a remote control session. Selected. The desktop background image on the target is not visible during a remote control session. Not selected. The desktop background image on the target is visible during a remote control session.
Stop screen saver updates when screen saver is active	NoScreenSaver	Not selected.	Stops the target from sending screen updates when it detects that the screen saver is active. Selected. While the screen saver is active on the target system, the target stops transmitting screen updates. The controller displays a simulated screen saver, so that the controller user is aware that a screen saver is active on the remote display. The controller user can remove the screen saver by pressing a key or moving the mouse. Not selected. A simulated screen saver is not displayed in the session window. The target screen is displayed as normal and the target continues to transmit screen updates.

Policies options

Table 2. Peer to peer policy descriptions -
Installer screen names.	Target property.	Default value.	Description
Disable chat	DisableChat	Not selected.	Determines whether you can start a chat session with the target and also chat to the controller user during a peer to peer session. Selected. If ChatOnly is chosen as the connection type on the open connection screen, the session is refused. During the session, the chat icon is not available in the controller window. Not selected. A Chat Only session can be started from the open connection window. During the session, the chat icon is available in the controller window.
Save chat messagess	AutoSaveChat	Not selected.	Determines whether the chat messages that are entered during a chat session are saved. Selected. The chat messages are saved in an html file, in the working directory of the target. The location is defined by the target property WorkingDir. The file name is prefixed with `chat-`. For example, on a Windows system, a file that is named `chat-m15.html` is saved to the following location. c:\Documents and Settings\All Users\Application Data\IBM\Tivoli\Remote Control Not selected. The chat messages are not saved to a file.
Disable file transfer from target to controller	DisableFilePull	Not selected.	Determine whether files can be transferred from the target to the controller during the session. Selected. Files can be transferred from the target to the controller. Not selected. Files cannot be transferred from the target to the controller.
Disable file transfer from controller to target	DisableFilePush	Not selected.	Determines whether files can be transferred from the controller to the target during the session. Selected. Files can be transferred from the controller to the target. Not selected. Files cannot be transferred from the controller to the target.
Disable clipboard transfer	DisableClipboard	Not selected.	Determines the availability of the clipboard transfer menu. Use this menu option to transfer the clipboard content between the controller and target during a remote control session. Selected. The clipboard transfer menu is available during the session and you can transfer the clipboard content to and from the target. Not selected. The clipboard transfer menu is not available during the session.
Allow local recording	AllowRecording	Selected.	Determines whether the controller user can make and save a local recording of the session in the controlling system. Determines the availability of the record option on the controller window. For more information about recording sessions, see the IBM BigFix Remote Control Controller User's Guide. Selected. The record option is available in the controller window. Not selected. The record option is not available in the controller window.
Allow collaboration	AllowCollaboration	Selected.	Determines whether more than 1 controller can join a session. Determines the availability of the collaboration icon on the controller window. For details of collaboration sessions, see the IBM BigFix Remote Control Controller User's Guide. Selected. The collaboration icon is available in the controller window. Not selected. The collaboration icon is not available in the controller window.
Allow session handover	AllowHandover	Selected.	Determines whether the master controller in a collaboration session can hand over control of the session to a new controller. Determines the availability of the Handover button on the collaboration control panel. For more information about collaboration sessions, see the IBM BigFix Remote Control Controller User's Guide. Selected. The handover option is available in the collaboration control window. Not selected. The handover option is not available in the collaboration control window.
Allow requests to disconnect existing session	AllowForceDisconnect	Not selected.	Determines whether a controller user is given the option to disconnect a session with a target so that they can connect to the target instead. Used with the Managed and CheckUserLogin properties. For more information about disconnecting sessions, see the IBM BigFix Remote Control Controller User's Guide. Selected. A Disconnect session option is available in the message window that is displayed when you attempt to connect to the target. Not selected. A Disconnect session option is not available when you attempt to connect to the target. The CheckUserLogin property must be set to Yes and Managed set to No for AllowForceDisconnect to take effect.
Disconnect grace time	ForceDisconnectTimeout	45	Number of seconds in which the current controller user must respond to the prompt to disconnect the current session. If they do not respond on time, they are automatically disconnected from the session. The timer takes effect only when AllowForceDisconnect and CheckUserLogin are set to Yes. The default value is 45.
Audit to Application Event Log	AuditToSystem	Selected.	Determines whether the actions that are carried out during remote control sessions are logged to the application event log on the target. This log can be used for audit purposes. Selected. Entries are displayed in the application event log of the target corresponding to each action carried out during the session. Not selected. No entries are logged to the application event log.

Security policies

Table 3. Peer to peer policy descriptions - Security policies.
Installer screen names.	Target property.	Default Value.	Description.
Authenticate by using Windows logon	CheckUserLogin	Selected.	Determines whether a log on window is displayed when the controller user clicks a session type button on the Open Connection window. Yes The logon window is displayed and the controller user must log on with a valid Windows ID and password. If the credentials are invalid, the target refuses the session. No The user acceptance window does not appear and the peer to peer session is established.
Must be a member of these Windows groups	CheckUserGroup	See description.	Default value. Windows systems. `BUILTIN\Administrators` Linux™ systems. `wheel` When Authorized user group has a value set, the user name that is used for authentication must be a member of one of the listed groups. Otherwise, the session is refused. Multiple groups must be separated with a semicolon. For example, `wheel;trcusers`. Note: By default, on a Windows system, only the administrator user is granted access. On a Linux system, by default no users are granted access. To resolve this issue, complete one of the following steps. If the users must also be granted administrator rights, add them as members of the Administrators group on a Windows system or the wheel group on a Linux system. If the users must not have administrator rights, complete the following steps. Create a group or use an existing group. For example, the following command might be run as root: `groupadd trcusers` . Add the users to this group. For example, the following command might be run as root to add `bsmith` to `trcusers`. `usermod -a -G trcusers <bsmith>` Add the group to the list in the Authorized user group field.
Allow privacy	AllowPrivacy	Selected.	Determines whether a controller user can lock the local input and display of the target when in a remote control session. Determines the visibility of the Enable Privacy option on the controller window. Selected. The Enable Privacy option is available in the Perform Action in target menu in the controller window. Not selected. The Enable Privacy option is not available in the Perform Action in target menu in the controller window.
Allow input lock	AllowInputLock	Selected.	This property works with Allow privacy and on its own. Select Allow input lock to lock the target users mouse and keyboard during a remote control session. Selected. The lock target input menu item is enabled, in the Perform action in target menu in the controller window. Select lock target input to lock the target users mouse and keyboard during a remote control session. The target screen is still visible to the target user. Not selected. The lock target input menu item is not enabled in the Perform action in target menu in the controller window. Note: If Enable Privacy is selected during a session, the remote user input is automatically locked. It is not possible to enable privacy without also locking the input.
Enable privacy when session starts	EnablePrivacy	Not selected.	Determines whether the local input and display are locked for all sessions. Therefore, the target user cannot interact with the target screen during a remote control session. Selected. The target screen is blanked out by the privacy bitmap when the session starts. The target user cannot interact with the screen during the session. The target desktop is still visible to the controller user in the controller window. Not selected. The target screen is not blanked out when the session starts and the target user can interact with the screen.
Enable input lock when session starts	EnableInputLock	Not selected.	This property works with Enable privacy. Use Enable input lock to determine whether the target user can view their screen or not during a remote control session when privacy mode is enabled. Selected. The target screen is visible to the target user during the session, while in privacy mode but their mouse and keyboard control is locked. Not selected. The target screen is not visible to the target user and the privacy bitmap is displayed on the target during the session. The target users mouse and keyboard are also disabled. Note: Enable privacy must be selected. to allow Enable input lock to take effect.
Enable on-screen session notification	EnableOSSN	Not selected.	Determines whether a semi-transparent layer is placed onto the target screen. The layer displays text that indicates that a remote control session is in progress. Can be used when privacy is a concern, so that the user is clearly notified when somebody remotely views or controls their PC. Selected. The semi-transparent layer is displayed on the target screen. The text indicates which type of remote control session is in progress. `For example : IBM BigFix Remote Control - Active Mode.` The layer does not intercept keyboard or mouse actions, therefore the user is still able to interact with their screen. Not selected. A semi-transparent layer is not displayed on the target screen. Note: This policy is only supported on targets that have a Windows operating system installed.
Disable Panic Key	DisablePanicKey	Not selected.	Determines whether the target user can use the Pause Break key to automatically end the remote control session. Selected. The target user cannot use the Pause Break key to automatically end the remote control session. Not selected. The target user can o use the Pause Break key to automatically end the remote control session.
Inactivity timeout	IdleTimeout	360	Number of seconds to wait until the connection ends if there is no session activity. Set this value to 0 to disable the timer so that the session does not end automatically. The minimum timeout value is 60 seconds. For values 1 - 59, the session times out after 60 seconds of inactivity. Note: The inactivity timeout value applies to Active session mode only. The session does not end automatically when other session modes are used. The default value is 360.

User acceptance policies

Table 4. Peer to peer policy descriptions - User acceptance policies.
Installer screen names.	Target property.	Default Value.	Description.
Take over session	ConfirmTakeOver	Selected.	Determines whether the user acceptance window is displayed when a remote control session is requested. Selected. The user acceptance window is displayed to the target user who can accept or refuse the session. Not selected. The user acceptance window is not displayed and the session is established.
Change session mode	ConfirmModeChange	Selected.	Determines whether the user acceptance window is displayed when the controller user selects a different session mode from the session mode list on the controller window. Selected. The user acceptance window is displayed each time a session mode change is requested. The target user must accept or refuse the request. Not selected. The user acceptance window is not displayed and the session mode is changed automatically.
File transfers	ConfirmFileTransfer	Selected.	Determines whether the user acceptance window is displayed when the controller user transfers files between the target and the controller. Selected. The acceptance window is displayed when the following options are selected. The target user must accept or refuse the file transfer. If the controller user selects pull file from the file transfer menu on the controller window. Note: After they accept the request, the target user must select the file, that is to be transferred. If the controller user selects send file to controller from the Actions menu in the target window Not selected. The acceptance window is not displayed and files are transferred automatically from the target to the controller system when requested.
System information	ConfirmSysInfo	Selected.	Determines whether the user acceptance window is displayed when the controller user requests to view the target system information. Selected. The user acceptance window is displayed when the controller user clicks the system information icon in the controller window. The target user must accept or refuse the request to view the target system information. Not selected. The target system information is displayed automatically when the controller user clicks the system information icon.
Local recording	ConfirmRecording	Selected.	Determines whether the user acceptance window is displayed when the controller user clicks the record icon on the controller window. Selected. A user acceptance window is displayed when the controller user clicks the record icon on the controller window. If the target user clicks Accept, the controller user can select where to save the recording to. If the target user clicks Refuse, a refusal message is displayed to the controller. Note: After the target user accepts the request for recording, the acceptance window is not displayed again if the controller user stops and then restarts local recording in the same session. Also, the refusal message is displayed in English and is not translated. Not selected. When the controller user clicks the record icon on the controller window, the user acceptance window is not displayed. The controller user can then select where to save the recording to.
Collaboration	ConfirmCollaboration	Selected.	Determines whether the user acceptance window is displayed when another controller user requests to join a collaboration session with a target. Selected. The user acceptance window is displayed when the controller user tries to join the collaboration session. The target user must accept or refuse the request. If the target user clicks Accept, the additional controller joins the collaboration session. If they click Refuse, a message is displayed on the controller and the additional controller cannot join the collaboration session. Not selected. The additional controller automatically joins the collaboration session.
User acceptance grace time	AcceptanceGraceTime	45	Sets the number of seconds to wait for the target user to respond before a session starts or times out. Used with Take over session. Acceptable values 0 - 60 - If set to 0 the activity starts without displaying the message box for user acceptance on the target. Note: If Take over session is selected., User acceptance grace time must be set to a value >0 to allow the target user time to respond.
Proceed on acceptance timeout	AcceptanceProceed	Not selected.	Action to take if the user acceptance timeout lapses. The target user does not click accept or refuse within the number of seconds defined for Acceptance grace time. Selected. The session starts. Not selected. The session does not start.
Do not prompt for user acceptance when user is not logged on.	AutoWinLogon	Selected.	Determines whether the user acceptance window is displayed on the target, at session start, when the target user is not logged on. Selected. The acceptance window is not displayed on the target and the session is established. Not selected. The session is refused because the target user is not logged on and therefore cannot accept the session request.
Enable Hide windows	HideWindows	Not selected.	Determines whether the Hide windows check box is displayed on the user acceptance window when Confirm incoming connections is also selected. Selected. The Hide windows check box is displayed on the user acceptance window. Not selected. The Hide windows check box is not displayed on the user acceptance window.

Session scripts

Table 5. Peer to peer policy descriptions - Session scripts policies.
Installer screen names.	Target property.	Default Value.	Description.
Run pre-session script	RunPreScript	Not selected.	Determines whether a user-defined script must be run before the remote control session starts. It is run just after the session is authorized but before the controller user has access to the target. The outcome of running the script and the continuation of the session is determined by the value set for Proceed on pre/post-script failure. Selected. When a remote control session is requested, the defined script is run before the controller user has access to the target. Not selected. No script is run before the session. For details of setting up pre-session scripts and post session scripts, see the Session policies chapter in the IBM BigFix Remote Control Administrator's Guide.
Run post-session script	RunPostScript	Not selected.	Determines whether a user-defined script is run after the remote control session finishes. Selected. When a remote control session ends, the user-defined script is run. Not selected. No script is run after the session. For details of setting up pre and post session scripts, see the Session policies chapter in the IBM BigFix Remote Control Administrator's Guide.
Proceed with session when script fails	ProceedOnScriptFail	Not selected.	Action to take if the pre-script or post script execution fails. A positive value or 0 is considered a successful run of the pre-script or post session script. A negative value, a script not found error, or a script that does not finish within 3 minutes is considered a failure. Selected. If the pre-script or post script run is a fail, the session continues. Not selected. If the pre-script or post script run is a fail, the session does not continue ends immediately.

Click Install to begin the installation.
When the installation is complete, click Finish.