Session policies for unregistered targets

The set of session policies available for unregistered targets is divided into two sections. The core policies cater for remote support actions during a session. The extended policies cater for the session administration actions during a session. The core policies are always visible on the Set Permissions for Unregistered Targets screen. Click Show in the More permissions section to set values for the extended policies.

Core policies

For more information about setting session policies, see Setting session permissions for unregistered targets.

Policy list definitions

Security policies

Reboot

To send a restart request to the target computer to allow it to be rebooted remotely. Determines whether Reboot is available as a session mode option on the start session panel.

Set to Yes: Reboot is displayed as an option on the start session panel.
Set to No: Reboot is not displayed as an option on the start session panel.

Allow multiple Controllers

To enable collaboration to allow more than one controller to join a session. Determines the availability of the collaboration option on the controller window. For details about collaboration sessions that involve multiple participants, see the BigFix® Remote Control Controller User's Guide.

Set to Yes: The collaboration icon is available in the controller window.
Set to No: The collaboration icon is not available in the controller window.

Allow local recording

To make and save a local recording of the session on the controlling system. Determines the availability of the record icon in the controller window. For details of recording sessions, see the BigFix® Remote Control Controller User's Guide.

Set to Yes: The record icon is available in the controller window.
Set to No: The record icon is not available in the controller window.

Enable On-screen Session Notification

Determines whether a semitransparent overlay is displayed on the target computer, indicating that a remote control session is in progress. Must be used when privacy is a concern to ensure that the target user is clearly notified when somebody is remotely viewing or controlling their computer.

Set to Yes

The semitransparent overlay is displayed on the target screen, together with the text Remote Control. The type of remote control session that is in progress is also displayed. The overlay does not intercept keyboard or mouse actions, therefore the user can still interact with their screen.

Set to No

The overlay is not displayed on the target computer.

Note: This policy is only supported on targets that have a Windows™ operating system installed.

Inactivity timeout

Number of seconds to wait until the connection ends if there is no session activity. Set this value to 0 to disable the timer so that the session does not end automatically. The minimum timeout value is 60 seconds. For values 1 - 59, the session times out after 60 seconds of inactivity.

Note: The inactivity timeout value applies to Active session mode only. The session does not end automatically when other session modes are used.

The default value is 0.

Auditing policies

Force session recording

All sessions are recorded and the session recordings are uploaded and saved to the server.

Set to Yes: A recording of the session is saved to the server when the session ends. A link for playing the recording is also available on the session details panel.
Set to No: No recording is stored and therefore no link is available on the session details panel.

Force session audit

A log of auditable events is automatically stored on the server. Determines the visibility of these events on the session details panel.

Set to Yes: Controller and target events that took place during the session are displayed on the session details panel.
Set to No: Controller and target events are not displayed on the session details panel.

Control policies

Enable user acceptance for system information

Use this policy to display the user acceptance window on the target computer when the controller user selects to view the target system information.

Set to Yes: When the controller user clicks the system information icon in the controller window, the user acceptance window is displayed. The target user must accept or refuse the request to view the target system information. If the target user clicks accept, the target system information is displayed in a separate window on the controller system. If they click refuse, a message is displayed on the controller and the system information is not displayed.
Set to No: The target system information is displayed automatically when the controller user clicks the system information icon.

Enable user acceptance for file transfers

Use to display the user acceptance window on the target computer when the controller user selects to transfer a file from the target to the controller system.

Set to Yes

The acceptance window is displayed in the following two cases. The target user must accept or refuse the file transfer.

If the controller user selects pull file from the file transfer menu in the controller window.
Note: The target user must select the file that is to be transferred after they accept the request.
If the controller user selects send file to controller from the Actions menu in the target window.

Set to No

The acceptance window is not displayed and files are transferred automatically from the target to the controller system when requested.

Enable user acceptance for mode changes

Use to display the user acceptance window on the target computer when the controller user selects a different session mode from the session mode list.

Set to Yes: The user acceptance window is displayed each time a session mode change is requested and the target user must accept or refuse the request.
Set to No: The user acceptance window is not displayed and the session mode is changed automatically.

Enable user acceptance for incoming connections

Use this policy to display the user acceptance window on the target computer when a remote control session is requested. The target user must accept or refuse the session.

Note: This policy works with Acceptance Grace Time and Acceptance timeout action

Set to Yes

The acceptance window is displayed and the target user has the number of seconds defined for Acceptance Grace time to accept or refuse the session.

Note:

The target user also has the option of selecting a different session mode in the Acceptance window.
The target user can hide any running applications by choosing the Hide applications option on the acceptance window. For more information about hiding applications, see the BigFix® Remote Control Controller User's Guide.
Note: The "Allow to show/hide selected windows during the session" feature has been deprecated for all versions above Windows 7.
When set to Yes, the Acceptance Grace time must be greater than 0 to give the target user time to accept or refuse the session.

Accept: The session starts.
Refuse: The session is not started and a message is displayed.

Set to No

The session is automatically established and the Acceptance window is not displayed on the target.

Allow clipboard transfer

Determines the availability of the clipboard transfer icon in the controller session window.

Set to Yes: The clipboard transfer icon is available for use in the controller window. Use this icon to transfer the clipboard content between the controller and the target.
Set to No: The clipboard transfer icon is not available for use in the controller window.

Allow session handover

The master controller in a collaboration session can use this feature to hand over control of the session to a new controller. Determines the availability of the Handover option on the collaboration control panel. For more information about the handover feature, see the BigFix® Remote Control Controller User's Guide.

Set to Yes: The Handover option is displayed in the collaboration control panel.
Set to No: The Handover option is not displayed in the collaboration control panel.

Enable user acceptance for collaboration requests

Use this policy to display the user acceptance window on the target computer when another controller tries to join a collaboration session. For details about joining collaboration sessions, see the BigFix® Remote Control Controller User's Guide.

Set to Yes

The user acceptance window is displayed on the target computer after the master controller accepts to share the session for collaboration. The target users response determines whether the additional controller is allowed to join the session.

Accept: The additional controller now joins the collaboration session.
Refuse: A message is displayed to the additional controller to inform them that the target refused the session, and they do not join the collaboration session.

If the target user does not respond to the user acceptance within the time that is defined in Acceptance Grace Time a message is displayed to the additional controller informing them that the target has refused the session and they do not join the collaboration session.

Set to No

The user acceptance window is not displayed on the target computer after the master controller accepts to share the session for collaboration. The additional controller automatically joins the session.

Enable user acceptance for local recording

Use this feature to display the user acceptance window when a controller user clicks the record icon in the controller window. The target user must accept or refuse the request to make a local recording of the remote control session.

Set to Yes

When the controller user clicks the record icon on the controller window, a message window is displayed. If the target user clicks Accept, the controller user can select a location to save the recording to. If the target user clicks Refuse, a refusal message is displayed to the controller user.

After the target user accepts the request, the acceptance window is not displayed again if the controller user stops and restarts a local recording in the same session.

Set to No

When the controller user clicks the record icon in the controller window, the controller user can select a location to save the recording to. The message window is not displayed.

Configuration policies

Active

Determines whether the target computer can take part in active sessions and also whether Active is available as a session mode on the start session panel. For details of the Active session mode, see the BigFix® Remote Control Controller User's Guide.

Set to Yes: Active is available for selection as a session mode in the start session panel.
Set to No: Active is not available for selection as a session mode in the start session panel.

Guidance

Determines whether the target computer can take part in guidance sessions and also whether Guidance is available as a session mode on the start session panel. For details of the Guidance session mode, see the BigFix® Remote Control Controller User's Guide.

Set to Yes: Guidance is available for selection as a session mode in the start session panel
Set to No: Guidance is not available for selection as a session mode in the start session panel

Monitor

Determines whether the target computer can take part in monitor sessions and also whether Monitor is available as a session mode on the start session panel. For details about the Monitor session mode, see the BigFix® Remote Control Controller User's Guide.

Set to Yes: The Monitor option is available as a session mode on the start session panel.
Set to No: The Monitor option is not available as a session mode on the start session panel.

Chat

Determines whether the target computer can take part in chat-only sessions and whether Chat is available as a session mode on the start session panel. For details about the Chat session mode, see the BigFix® Remote Control Controller User's Guide.

Set to Yes: Chat is available for selection as a session mode in the start session panel.
Set to No: Chat is not available for selection as a session mode in the start session panel.

Allow file transfer in session

Controls the transfer of files while in an Active session. Its value determines the availability of the Send file and Pull file options in the File Transfer menu within the controller window. For details about transferring files, see the BigFix® Remote Control Controller User's Guide.

Set to NONE: The Send file and Pull file options are not available. Files cannot be transferred.
Set to BOTH: The Send file and Pull file options are available for selection. Files can be transferred to the target and transferred from the target. Default value.
Set to PULL: Only the Pull file option is available. Files can be transferred from the target.
Set to SEND: Only the Send file option is available. Files can be transferred to the target.

Extended policies

Policy list definitions

Security policies

Set target locked

Determines whether the local input and display are locked for all sessions. The target user cannot use the mouse or keyboard on the target while in a remote control session.

Set to Yes: The target screen is blanked out when the session is started, preventing the target user from interacting with the screen while in the session. The target desktop is still visible to the controller user in the controller window.
Set to No: The target screen is not blanked out when the session is started and the target user is able to interact with the screen.

Allow input lock

Determines whether the controller user can lock the local input and display of the target when in a remote control session. Determines the visibility of the Enable Privacy option in the controller window.

Set to Yes: The Enable Privacy option is available in the Perform Action in target menu in the controller window. For more details about the controller window functions, see the BigFix® Remote Control Controller User's Guide.
Set to No: The Enable Privacy option is not available in the Perform Action in target menu in the controller window.

Allow input lock with visible screen

This property works both with Allow input lock and on its own. Use Allow input lock with visible screen to lock the target user's mouse and keyboard during a remote control session.

Set to Yes: The lock target input menu item is enabled in the Perform action in target menu, in the controller window. Select lock target input to lock the target user's mouse and keyboard during a remote control session. The target screen is still visible to the target user.
Set to No: The lock target input menu item is not enabled in the Perform action in target menu in the controller window.

Note: If Enable Privacy is selected during a session, the remote user input is automatically locked. It is not possible to enable privacy without also locking the input.

Display screen on locked target

Works with Set target locked, which you can use to enable privacy mode at session startup. Use Display screen on locked target to determine whether or not the target user can view their screen during a remote control session, when privacy mode is enabled.

Set to Yes: The target screen is visible to the target user during the session, while in privacy mode, but their mouse and keyboard control is locked.
Set to No: The target screen is not visible to the target user and the privacy bitmap is displayed during the session. The target user's mouse and keyboard input is also disabled.

Note: For Display screen on locked target to take effect, Set target locked must be set to Yes.

Disable Panic Key

Determines whether the Pause Break key can be used by the target user to automatically end the remote control session.

Set to Yes: The target user cannot use the Pause Break key to automatically end the remote control session.
Set to No: The target user can use the Pause Break key to automatically end the remote control session.

Auditing policies

Local Audit

Use to create a log of auditable events that take place during the remote control session. A trcaudit_date_time.log file is created, where date_time is the date and time that the session took place. For example, trcaudit_20130805_132527.log.

Set to Yes: Audit log is created and stored on the controller and target computer in the home directory of the currently logged on user.
Set to No: No log is created or stored on the controller or target computer.

Control policies

Enable high quality colors

Determines whether the target desktop is displayed in high-quality colors in the controller window at the start of a session. Used together with Lock color quality.

Set to Yes: The target desktop is displayed in true color 24-bit mode at the start of the session. Partial screen updates are also enabled.
Set to No: The target desktop is displayed in 8-bit color mode at the start of the session. Partial screen updates are also enabled. This value is the default value.

Stop screen updates when screen saver is active

Stops the target from sending screen updates when it detects that the screen saver is active.

Set to Yes: While the screen saver is active on the target system, the target stops transmitting screen updates. The controller displays a simulated screen saver to make the controller user aware that a screen saver is active on the remote display. The controller user can close the screen saver in the usual way by pressing a key or moving the mouse.
Set to No: No simulated screen saver is displayed in the session window. The target screen is displayed as normal and the target continues to transmit screen updates.

Hide windows (Deprecated)

Determines whether the Hide windows check box is displayed in the user acceptance window when Enable user acceptance for incoming connections is also set to Yes.

Note: The "Allow to show/hide selected windows during the session" feature has been deprecated for all versions above Windows 7.

Set to Yes: The Hide windows check box is displayed in the user acceptance window.
Set to No: The Hide windows check box is not displayed in the user acceptance window.

Remove desktop background

Use this policy to remove the target's desktop background image from view during a remote control session.

Set to Yes: The desktop background image on the target is not visible during a remote control session.
Set to No: The desktop background image on the target is visible during a remote control session.

Lock color quality

Determines whether the color quality that a remote control session is started with can be changed during the session. Used together with Enable high quality colors.

Set to Yes: The initial color quality, for the remote control session, is locked and cannot be changed during the session. The Performance settings icon is disabled in the controller window. The controller user cannot change settings to improve the session performance if their network is slow.
Set to No: The color quality can be changed during the session. The Performance settings icon is enabled in the controller window.

Acceptance timeout action

Action to take if the user acceptance window timeout lapses. The target user did not click accept or refuse within the number of seconds defined for Acceptance Grace time.

Abort: Session is not established. Default is Abort.
Proceed: Session is established.

Acceptance Grace Time

Sets the number of seconds to wait for the target user to respond before a session starts or times out. Used with Enable User Acceptance for incoming connections.

Note: If the Enable user acceptance for incoming connections policy is set to Yes, Acceptance Grace Time must be set to a value greater than 0 to give the target user time to respond.

Configuration policies

Allow automatic session handover

Determines whether a collaboration session is automatically handed over to another participant when the master controller loses connection to the broker. The policy applies only to collaboration sessions that you start through a broker. For more information about session resilience, see the BigFix® Remote Control Controller User's Guide.

Set to Yes.: If the master controller does not reconnect to the broker within 3 minutes, session control automatically passes to another participant. However, if user acceptance is enabled, the target user must accept or refuse the new master controller.
Set to No.: If the master controller does not reconnect to the broker within 10 minutes, the session terminates. This value is the default value.

Allow chat in session

Determines whether chat functions are available while in a remote control session and also the availability of the chat icon in the controller window. For details about the Chat function, see the BigFix® Remote Control Controller User's Guide.

Set to Yes: Chat icon is available for selection in the controller window.
Set to No: Chat icon is disabled in the controller window.

Policy List Values

Table 1. Acceptable and default policy values
Policy	Possible Values	Default value
Reboot	yes \| no	yes
Allow multiple controllers	yes \| no	yes
Allow local recording	yes \| no	no
Set target locked	yes \| no	no
Allow input lock	yes \| no	no
Enable on-screen session notification	yes \| no	yes
Allow input lock with visible screen	yes \| no	no
Display screen on locked target	yes \| no	no
Inactivity timeout	number of seconds	360
Force session recording	yes \| no	no
Local audit	yes \| no	yes
Force session audit	yes \| no (live audit on server)	yes
Disable Panic key	yes \| no	no
Enable high quality colors	yes \| no	no
Enable user acceptance for system information	yes \| no	yes
Enable user acceptance for file transfers	yes \| no	yes
Enable user acceptance for mode changes	yes \| no	yes
Enable user acceptance for incoming connections	yes \| no	yes
Allow clipboard transfer	yes \| no	yes
Allow session handover	yes \| no	yes
Enable user acceptance for collaboration requests	yes \| no	yes
Stop screen updates when screen saver is active	yes \| no	yes
Enable user acceptance for local recording	yes \| no	yes
Hide windows	yes \| no	no
Remove desktop background	yes \| no	no
Lock color quality	yes \| no	no
Acceptance timeout action	abort \| proceed	abort
Acceptance Grace Time	number of seconds	180
Allow chat in session	yes \| no	yes
Allow automatic session handover	yes \| no	no
Active	yes \| no	yes
Guidance	yes \| no	yes
Monitor	yes \| no	yes
Chat	yes \| no	yes
Allow file transfer in session	none \| pull \| send \| both	both