Server session policies
You can configure the following session policies on the BigFix® Remote Control Server to determine what actions and features are available during a remote control session. The policies can be configured initially when you create a user or target group. However, the permission links set up between the user and target groups determine what policies and permissions are finally derived for the session.
For more information about groups and policies, see the following sections.
- Creating user groups
- Creating target groups
- How policies are determined for a remote control session
- Policy list definitions
- Security policies
- Reboot
- To send a restart request to the target computer, so that it can be restarted remotely.
Determines whether Reboot is available as a session mode option on the start
session screen. For more information about session types, see the BigFix® Remote Control Controller User's
Guide.
- Set to Yes.
- Reboot is shown as an option on the start session screen.
- Set to No.
- Reboot is not shown as an option on the start session screen.
- Allow multiple Controllers
- To enable collaboration so that multiple controllers can join a session. Determines the
availability of the collaboration option on the controller window. For more information about
collaboration sessions that involve multiple participants, see the BigFix® Remote Control Controller User's
Guide.
- Set to Yes.
- The collaboration icon is available for selection in the controller window.
- Set to No.
- The collaboration icon is not active in the controller window.
- Allow local recording
- To make and save a local recording of the session in the controlling system. Determines the
availability of the record option on the controller window. For more information about recording
sessions, see the BigFix® Remote Control Controller User's
Guide.
- Set to Yes.
- The record option is available for selection in the controller window.
- Set to No.
- The record option is not active in the controller window.
- Set target locked
- Determines whether the local input and display is locked for all
sessions. Therefore, the target user cannot use the mouse or keyboard
on the target while in a remote control session.
- Set to Yes.
- The target screen is blanked out when the session is started, preventing the target user from interacting with the screen while in the session. The target desktop is still visible to the controller user in the controller window.
- Set to No.
- The target screen is not blanked out when the session is started and the target user is able to interact with the screen.
- Allow input lock
- Determines whether the controller user can lock the local input and display of the target when
in a remote control session. Determines the visibility of the Enable Privacy
option on the controller window.
- Set to Yes.
- The Enable Privacy option is available in the Perform Action in target menu in the controller window. For more information about the controller window functions, see the BigFix® Remote Control Controller User's Guide.
- Set to No.
- The Enable Privacy option is not available in the Perform Action in target menu in the controller window.
- Connect at Logon
- Determines whether a session can be started when no users are logged on
at the target.
- Set to Yes.
- Session is started with the target.
- Set to No.
- Session is not started and the following message is displayed. Session rejected because there is no user logged to confirm the session
- Use Encryption
- Determines whether to encrypt the data that is being transmitted.
- Disable Panic Key
- Determines whether the Pause Break key can be used by the target
user to automatically end the remote control session.
- Set to Yes.
- The target user cannot use the Pause Break key to automatically end the remote control session.
- Set to No.
- The target user can use the Pause Break key to automatically end the remote control session.
- Enable On-screen Session Notification
- Determines whether a semi-transparent overlay is shown on the
target computer to indicate that a remote control session is in progress.
Use this policy when privacy is a concern so that the target user
is clearly notified when somebody is remotely viewing or controlling
their computer.
- Set to Yes.
- The semi-transparent overlay is shown on the target screen with the text Remote Control. The type of remote control session that is in progress is also displayed. The overlay does not intercept keyboard or mouse actions, therefore the user is still able to interact with their screen.
- Set to No.
- The overlay is not shown on the target computer.
Note: This policy is only supported on targets that have a Windows® operating system installed. - Allow input lock with visible screen
- This property works along with Allow input lock and on its own. Use
Allow input lock with visible screen to lock the target users mouse and
keyboard during a remote control session.
- Set to Yes.
- The lock target input menu item is enabled in the Perform action in target menu, in the controller window. Select lock target input to lock the target users mouse and keyboard during a remote control session. The target screen is still visible to the target user.
- Set to No.
- The lock target input menu item is not enabled in the Perform action in
target menu in the controller window.Note: If Enable Privacy is selected, during a session, the remote user input is automatically locked. It is not possible to enable privacy without also locking the input.
- Display screen on locked target
- Works along with Set target locked, which you can use to enable privacy
mode at session startup. You can use Display screen on locked target to
determine whether the target user can view their screen or not during a remote control session, when
privacy mode is enabled.
- Set to Yes.
- In privacy mode, the target screen is visible to the target user during the session, but their mouse and keyboard control is locked.
- Set to No.
- In privacy mode, the target screen is not visible to the target user and the privacy bitmap is displayed during the session. The target users mouse and keyboard input is also disabled.
Note: For Display screen on locked target to take effect set Set target locked to Yes. - Denied Program Execution List
- To specify a list of programs that a controller user cannot run
on the target during an active session with the target. These programs
must be entered as a comma-separated list. The following points must
be noted. Note:
- This feature works only on the following operating systems
- Windows® 2000, all editions
- Windows® XP, 32-bit editions only
- Windows® Server 2003, 32-bit editions only
- The programs can be entered with or without a path defined.
For example c:\notepad.exe or notepad.exe are both acceptable.
- Any program with a space in its name must be enclosed in double
quotation marks.
my prog.exe should be entered as "my prog.exe"
- If you enter any of the Remote Control specific programs in the list, for example trc_dsp, trc_base or trc_gui, they are ignored.
- If any of the programs that are listed are already running on the target when the session is started, they continue to run. However, any new instances of the program are not started.
- This feature works only on the following operating systems
- Inactivity timeout
- Number of seconds to wait until the connection ends if there is no session activity. Set this value to 0 to disable the timer so that the session does not end automatically. The minimum timeout value is 60 seconds. For values 1 - 59, the session times out after 60 seconds of inactivity.The default value is 0.Note: The inactivity timeout value applies to Active session mode only. The session does not end automatically when other session modes are used.
- Auditing
- Force session recording
- All sessions are recorded and the session recordings are uploaded
and saved to the server.
- Set to Yes.
- A recording of the session is saved to the server when the session ends. A link for playing the recording is also available on the session details screen.
- Set to No.
- No recording is stored and therefore no link is available on the session details screen.
- Local Audit
- Use to create a log of auditable events that take place during
the remote control session. The log is created on both the controller
and target computer.
- Set to Yes.
- The trcaudit log file is created and stored
on the controller computer in the home directory of the currently
logged on user.
The log can be viewed on a Windows target computer by using the event viewer. To access the Application Event Viewer click /var/log directory.
. On a Linux target, the events are stored in the messages file that is in the - Set to No.
- No log is created or stored on the controller or target computer.
- Force session audit
- A log of auditable events is automatically stored on the server.
Determines the visibility of these events on the session details screen.
- Set to Yes.
- Controller and target events that took place during the session are displayed on the session details screen.
- Set to No.
- Controller and target events are not displayed on the session details screen.
- Keep session recording in the target system
- Determines whether a copy of the session recording that was done on the target and successfully
uploaded to the BigFix® Remote Control
Server is also saved
on the target system. The location of the saved recording is determined by the location that is set
in the target property RecordingDir. Note: This policy is only valid if Record the session in the target system is set to Yes.
- Set to Yes.
- If Record the session in the target system is set to Yes and the session recording is successfully uploaded to the BigFix® Remote Control Server, a copy of the recording is also saved on the target system.
- Set to No.
- If Record the session in the target system is set to Yes and the session is recorded, a copy of the recording is not saved on the target system.
- Record the session in the target system
- Determines whether the session recording is done on the target system instead of the controller,
when the Force session recording policy is also set to Yes.
- Set to Yes.
- The session is recorded on the target and uploaded to the BigFix® Remote Control
Server.
Note: However, if Force session recording is set to No, the session is not recorded.
- Set to No.
- The session is recorded on the controller and uploaded to the BigFix® Remote Control Server.
- Control
- Enable high quality colors
Determines whether the target desktop is displayed in high-quality colors in the controller window at the start of a session. Used together with Lock color quality.
- Set to Yes.
- The target desktop is displayed in true color 24-bit mode at the start of the session. Partial screen updates are also enabled.
- Set to No.
- The target desktop is displayed in 8-bit color mode at the start of the session. Partial screen updates are also enabled. This value is the default value.
- Allow registry key lookup
- Determines the availability of the Enter key item in the Registry
keys menu on the controller window, during a guidance
and active session.
- Set to Yes.
- The Enter key option is available in the Registry keys menu. Use the Enter key option to enter a registry key and lookup the value that is defined for it on the target. For more information about the Registry keys menu, see the BigFix® Remote Control Controller User's Guide.
- Set to No.
- The Enter key option is not available and the controller user cannot find out the values of the targets registry keys.
- View registry key list
- Determines the availability of the defined registry keys list
in the Registry keys menu on the controller
window.
- Set to Yes.
- The list of up to 10 registry keys, which can be defined in the trc.properties file,
is visible in the Registry keys menu. The controller
user can select one to view the value for it on the target. For more
information about editing the properties files, see Editing the properties files. Note: If you set this policy to Yes, you must make sure that you define registry keys in the trc.properties file. Otherwise, if you click the menu item, nothing is shown.
- Set to No.
- The defined list of registry keys is not visible in the Registry keys menu.
- Enable user acceptance for system information
- Use this policy to display the user acceptance window on the target
computer when the controller user selects to view the target system
information.
- Set to Yes.
- When the controller user clicks the system information icon in the controller window, the user acceptance window is displayed. The target user must accept or refuse the request to view the target system information. If the target user clicks accept, the target system information is displayed in a separate window on the controller system. If they click refuse, a message is displayed on the controller and the system information is not displayed.
- Set to No.
- The target system information is displayed automatically when the controller user clicks the system information icon.
- Enable user acceptance for file transfers
- Use this policy to display the user acceptance window on the target
computer when the controller user wants to transfer a file from the
target to the controller system.
- Set to Yes.
- The acceptance window is displayed in the following two cases.
The target user must accept or refuse the file transfer.
- If the controller user selects pull file from
the file transfer menu on the controller window. Note: The target user must select the file that is to be transferred, after they accept the request.
- If the controller user selects send file to controller from the Actions menu in the target window
- If the controller user selects pull file from
the file transfer menu on the controller window.
- Set to No.
- The acceptance window is not displayed and files are transferred automatically from the target to the controller system when requested.
- Enable user acceptance for mode changes
- Use this policy to display the user acceptance window on the target
computer when the controller user selects a different session mode.
- Set to Yes.
- The user acceptance window is displayed each time the controller user selects a new session mode. The target user must accept or refuse the request.
- Set to No.
- The user acceptance window is not displayed and the session mode is changed automatically.
- Enable user acceptance for incoming connections
- Use this policy to display the user acceptance window on the target
computer when a remote control session is requested. The target user
must accept or refuse the session. Note: This policy works along with Acceptance Grace Time and Acceptance timeout action.
- Set to Yes.
- The acceptance window is displayed and the target user has the
number of seconds defined for Acceptance Grace time to
accept or refuse the session. Note:
- The target user can also select a different session mode on the User Acceptance window.
- The target user can hide any running applications by choosing the Hide
applications option on the acceptance window. For more information about
hiding applications, see the BigFix® Remote Control Controller User's
Guide. Note: The "Allow to show/hide selected windows during the session" feature has been deprecated for all versions above Windows 7.
- When set to Yes, the Acceptance Grace time must be > 0 to give the target user time to accept or refuse the session
- Accept
- The session is established.
- Refuse
- The session is not started and a message is displayed.
- Set to No.
- The session is started automatically and the User Acceptance window is not displayed on the target.
- Run post-session script
-
Determines whether a user-defined script is run after the remote control session finishes.
- Set to Yes.
- When a remote control session ends, the user-defined script is run. Complete the following steps
to set up the scripts.
The script must be given the following name.
Where {ext} is .cmd on a Windows™ system and .sh in UNIX™ or Linux™ systems.post_script. {ext}
The script must be placed in the following directory on the target.
- Windows™ systems.
- \%SYSTEMROOT%\scripts
Where SYSTEMROOT is the relevant Windows™ operating system directory.
- UNIX™ or Linux™ systems.
- /etc/scripts
Note: This directory must be owned by root and have the permissions 700 so that root can read, write, or execute. All other users must have no permissions. Otherwise, the script does not run and it fails. The success or failure of the execution of this script is logged in the audit log by the target. - Set to No.
- No script is run after the session.
- Run pre-session script
-
Determines whether a user-defined script is run before the remote control session starts. The script is run just after the session is allowed but before the controller user has access to the target. This policy is connected to Pre-script fail operation. The outcome of running the script and the continuation of the session is determined by the value that is set forPre-script fail operation.
- Set to Yes.
- When a Remote Control Session is requested, the defined script is run before the controller user
has access to the target.
Defining Pre and Post scripts.
The script development is free from any constraint. Except for the need to allow them to run unattended and to use exit codes that can be correctly interpreted by Remote Control. Pre-scripts and post-scripts are supported on the following operating systems.
- Windows® (XP, 2003, Vista, 7)
- Linux® (SLES, RHLE)
- Define the scripts as batch files on a Windows® system (with extension .cmd) and as shell files on a Linux® system (with extension .sh).
- On Windows® systems, the scripts must be named pre_script.cmd and post_script.cmd. On Linux systems,™ they must be named pre_script.sh and post_script.sh.
- Copy the scripts into a directory that is called scripts that is in the
installation directory of the Remote Control target. Make sure
that they are executable just by root to avoid security exposures in Linux®. Note: This directory must be owned by root and have the permissions 700 so that root can read, write, or execute. All other users must have no permissions. Otherwise, the script does not run and it fails. The success or failure of the execution of this script is logged in the audit log by the target.
- The pre-script and post-scripts are run with system privileges and without validation to protect
them from unauthorized access. Note: The installer creates the script directory with access just for administrators and localsystem on a Windows® system and for read/write/execute just for root on a Linux® system.
- Ensure that the scripts end within 3 minutes. If they run for longer, they cannot return a valid execution code. The administrator at the controller is notified that the timeout elapsed and an error occurred. The execution code indicates whether the script did run.
- Define a non-negative (greater than or equal to 0) exit code for the script to indicate that the script ran with success. Define a negative exit code to indicate that it ran with errors. Whenever an error occurs a message is reported to the controller. The exit code is shown and session fails to start.
You can use the following environment variables in the pre-script and post-script.
- RC_TIVOLI_ADMIN_NAME= Tivoli_administrator_name.
- Where Tivoli_administrator_name specifies the Tivoli® administrator name on the controller as provided by the server.
- RC_TIVOLI_ADMIN_LOGIN = Tivoli_administrator_name.
- Where Tivoli_administrator_name specifies the Tivoli® administrator name on the controller as provided by the server.
- RC_ACTION=action.
- Where action specifies the following actions:
- 0
- No actions.
- 1
- Remote Control (Active, Guidance, or Monitor)
- 2
- File Transfer.
- 3
- Chat
- 4
- Reboot
- RC_GRACE_PERIOD= duration.
- Where duration specifies the number of seconds to wait for the target user to respond before an activity starts or times out.
- RC_PROCEED_IF_TIMEOUT= timeout.
- Where timeout determines whether to start a session if the target user does
not respond within the grace period. Possible values are,
- 1
- Starts the session if the grace period times out.
- 0
- Cancels the session if the grace period times out.
- RC_STARTUP_STATE = startup_state .
- Where startup_state specifies the initial state of a Remote Control action.
Possible values are,
- 0
- The action is started in monitor state (Monitor or Guidance).
- 1
- The action is started in active state (Active).
- RC_CHANGE_STATE= change_state
- Where change_state determines whether the target user can change the state
during a remote control session. Possible values are,
- 0
- Not enabled.
- 1
- Enabled (user can change from Active to Monitor/Guidance or vice versa).
- Set to No.
- No script is run before the session.
- Allow automatic session handover
- Determines whether a collaboration session is automatically handed over to another participant
when the master controller loses connection to the broker. The policy applies only to collaboration
sessions that you start through a broker. For more information about session resilience, see the
BigFix® Remote Control Controller User's
Guide.
- Set to Yes.
- If the master controller does not reconnect to the broker within 3 minutes, session control automatically passes to another participant. However, if user acceptance is enabled, the target user must accept or refuse the new master controller.
- Set to No.
- If the master controller does not reconnect to the broker within 10 minutes, the session terminates. This value is the default value.
- Allow clipboard transfer
- Determines the availability of the clipboard transfer icon in the
controller session window. For more information about this feature, see the BigFix® Remote Control Controller User's
Guide.
- Set to Yes.
- The clipboard transfer icon is available for use in the controller window. The controller user can transfer the clipboard content between the controller and the target.
- Set to No.
- The clipboard transfer icon is not available for use in the controller window.
- Allow session handover
- The master controller in a collaboration session can use this feature to hand over control of
the session to a new controller. Determines the availability of the Handover
option on the collaboration control panel. For more information about the handover function, see the
BigFix® Remote Control Controller User's
Guide.
- Set to Yes.
- The Handover option is displayed in the Collaboration control panel.
- Set to No.
- The Handover option is not displayed in the Collaboration control panel.
- Enable user acceptance for collaboration requests
- Use this policy to display the user acceptance window on the target computer when another
controller requests to join a collaboration session. For more information about joining a
collaboration session, see the BigFix® Remote Control Controller User's
Guide.
- Set to Yes.
- The user acceptance window is displayed on the target computer after the master controller
accepts to share the session for collaboration. The target users response determines whether the
additional controller is allowed to join the session.
- Accept
- The additional controller joins the collaboration session.
- Refuse
- A refusal message is displayed on the controller and the additional controller cannot join the collaboration session.
- Timeout
- If the target user does not respond to the user acceptance within the time that is defined in Acceptance Grace Time, a refusal message is displayed to the additional controller. The additional controller does not join the collaboration session.
- Set to No.
- The user acceptance window is not displayed on the target computer. After the master controller accepts to share the session for collaboration, the additional controller joins the session.
- Stop screen updates when screen saver is active
- Stops the target from sending screen updates when it detects that the screen saver is active.
- Set to Yes.
- While the screen saver is active on the target system, the target stops transmitting screen updates. A simulated screen saver is displayed on the controller computer so that the controller user knows that a screen saver is active on the remote screen. The controller user can close the screen saver by pressing a key or moving the mouse.
- Set to No.
- No simulated screen saver is displayed in the session window. The target screen is displayed as normal and the target continues to transmit screen updates.
- Enable user acceptance for local recording
- Use this feature to display the user acceptance window when a controller user clicks the record
icon on the controller window. The target user can accept or refuse the request to make a local
recording of the remote control session.
- Set to Yes.
- When the controller user clicks the record icon on the controller window, a message dialog is
displayed. If the target user clicks Accept, the controller user can select a
directory to save the recording to. If the target user clicks Refuse, a
recording refused message is displayed to the controller. Note: After the target user accepts the request for recording, if the controller user stops and restarts local recording, the acceptance window is not displayed.
- Set to No.
- When the controller user clicks the record icon on the controller window, the message window is not displayed. The controller user can select a directory to save the recording to.
- Hide windows
- Note: The "Allow to show/hide selected windows during the session" feature has been deprecated for all versions above Windows 7.Determines whether the Hide windows check box is displayed on the user acceptance window when Enable user acceptance for incoming connections is also set to Yes.
- Set to Yes.
- The Hide windows check box is displayed on the user acceptance window.
- Set to No.
- The Hide windows check box is not displayed on the user acceptance window.
- Remove desktop background
- Determines
whether a desktop background image can be removed from view during
a remote control session.
- Set to Yes.
- The desktop background image on the target is not visible during a remote control session.
- Set to No.
- The desktop background image on the target is visible during a remote control session.
- Lock color quality
Determines whether the color quality that a remote control session is started with can be changed during the session. Used together with Enable high quality colors.
- Set to Yes.
- The initial color quality, for the remote control session, is locked and cannot be changed during the session. The Performance settings icon is disabled in the controller window. The controller user cannot change settings to improve the session performance if their network is slow.
- Set to No.
- The color quality can be changed during the session. The Performance settings icon is enabled in the controller window.
- Pre/post - script fail operation
- Action to take if the pre-script or post-script execution fails.
A positive value or 0 is considered a successful run of the pre-script
or post-session script. A negative value, script that is not found
or not finished running within 3 minutes is considered a failure.
- Abort
- If the pre-script or post-script run is a fail, the session does not continue.
- Proceed
- If the pre-script or post-script run is a fail, the session continues.
- Acceptance timeout action
-
Action to take if the user acceptance window timeout lapses. The target user did not click accept or refuse within the number of seconds defined for Acceptance Grace time.
- Abort
- Session is not established. This value is the default value.
- Proceed
- Session is established.
- Acceptance Grace Time
- Sets the number of seconds to wait for the target user to respond
before a session starts or times out. Used along with Enable
User Acceptance for incoming connections. Note: If Enable user acceptance for incoming connections is set to Yes, Acceptance Grace Time must be set to a value >0 to give the target user time to respond.
- Configuration
- File Transfer
- Determines whether File Transfer is available as a session mode on the start session window so
that files can be sent or received during the session. For more information about File Transfer
session mode, see the BigFix® Remote Control Controller User's
Guide.
- Set to Yes.
- File Transfer is available as a session mode in the start session window.
- Set to No.
- File Transfer is not available as a session mode in the start session window.
- Allow chat in session
- Determines whether chat functions are available while in a remote control session and the also
the availability of the chat icon in the controller window. For details of the Chat function, see
the BigFix® Remote Control Controller User's
Guide.
- Set to Yes.
- Chat icon is available for selection in the controller window.
- Set to No.
- Chat icon is disabled in the controller window.
- Active
- Determines whether the target system can take part in active sessions. Also determines whether
Active is available as a session mode on the start session window. For more information about the
Active session mode, see the BigFix® Remote Control Controller User's
Guide.
- Set to Yes.
- Active is available as a session mode in the start session window.
- Set to No.
- Active is not available as a session mode in the start session window.
- Guidance
- Determines whether the target system can take part in guidance sessions. Also determines whether
Guidance is available as a session mode on the start session window. For more information about the
Guidance session mode, see the BigFix® Remote Control Controller User's
Guide.
- Set to Yes.
- Guidance is available for selection as a session mode in the start session window.
- Set to No.
- Guidance is not available for selection as a session mode in the start session window.
- Monitor
- Determines whether the target system can take part in monitor sessions. Also determines whether
Monitor is available as a session mode on the start session window. For more information about the
Monitor session mode, see the BigFix® Remote Control Controller User's
Guide.
- Set to Yes.
- Monitor is available for selection as a session mode in the start session window.
- Set to No.
- Monitor is not available for selection as a session mode in the start session window.
- Chat
- Determines whether the target system can take part in chat only sessions. Also determines
whether Chat is available as a session mode on the start session window. For more information about
the Chat session mode, see the BigFix® Remote Control Controller User's
Guide.
- Set to Yes.
- Chat is available as a session mode in the start session window.
- Set to No.
- Chat is not available as a session mode in the start session window.
- Command
- Determines whether the target system can take part in Command sessions. Also determines
whether Command is available as a session mode on the start session window. For more
information about the Command session mode, see BigFix® Remote Control Controller User's
Guide.
- Set to Yes.
- Command is available as a session mode in the start session window.
- Set to No.
- Command is not available as a session mode in the start session window.
- File Transfer Actions
- Determines the actions that can be carried out on a file during
a File Transfer session. If no value is set, the file transfer action
is determined by the default.rc_def_ft_actions property
in the trc.properties file.
- Set to Send.
- You can transfer files only to the target during a File Transfer session.
- Set to Pull.
- You can transfer files only from the target during a File Transfer session.
- Set to Both.
- You can transfer files to and from the target during a File Transfer session.
- Allow file transfer in session
- Controls the transfer of files while in an Active session. Its value determines the availability
of the Send file / Pull file options in the
File Transfer menu within the Controller window. For
more information about transferring files, see the BigFix® Remote Control Controller User's
Guide.
- Set to NONE.
- The Send file and Pull file options are not available for selection. No file transfers can be initiated.
- Set to BOTH.
- The Send file and Pull file options are available. Files can be transferred to the target and transferred from the target. This value is the default value.
- Set to PULL.
- Only the Pull file option is available. Files can be transferred only from the target.
- Set to SEND.
- Only the Send file option is available. Files can be transferred only to the target.
- Policy List Values
-
Table 1. Policy acceptable and default values. Policy Possible values. Default value. Reboot yes | no yes Allow multiple controllers yes | no yes Allow local recording yes | no yes Set target locked yes | no no Allow input lock yes | no yes Connect at logon yes | no yes Use encryption yes | no yes Disable Panic Key yes | no no Enable on-screen session notification yes | no no Allow input lock with visible screen yes | no no Display screen on locked target yes | no no Denied Program Execution List blank blank Inactivity timeout number of seconds 0 Force session recording yes | no no Local audit yes | no yes Force session audit yes | no (live audit on server) yes Keep session recording in the target system yes | no no Record the session in the target system yes | no yes Enable high quality colors yes | no no Allow registry key lookup yes | no no View registry key list yes | no no Enable user acceptance for system information yes | no no Enable user acceptance for file transfers yes | no no Enable user acceptance for mode changes yes | no no Enable user acceptance for incoming connections yes | no no Run post-session script yes | no no Run pre-session script yes | no no Allow automatic session handover yes | no no Allow clipboard transfer yes | no yes Allow session handover yes | no yes Enable user acceptance for collaboration requests yes | no no Stop screen updates when screen saver is active yes | no no Enable user acceptance for local recording yes | no no Hide windows yes | no no Remove desktop background yes | no no Lock color quality yes | no no Pre / post -script fail operation abort | proceed abort Acceptance timeout action abort | proceed abort Acceptance Grace Time number of seconds 45 File transfer yes | no yes Allow chat in session yes | no yes Active yes | no yes Guidance yes | no yes Monitor yes | no yes Chat yes | no yes Command yes | no no File transfer actions pull | send | both both Allow file transfer in session none | pull | send | both both