Properties that can be set in the target configuration
You can configure target properties either during or after installation. The operating system on the target system determines which properties can be configured. The target properties determine the actions that can be carried out during a peer-to-peer session. If you set a server URL and set the Managed property to Yes, the actions are determined by the policies that are set on the Remote Control server.
- Windows™ systems
- The target properties are saved in the target registry. Edit the target registry to modify the
properties:
- Edit the target registry and go to HKEY_LOCAL_MACHINE\SOFTWARE\IBM\Tivoli\Remote
Control\TargetNote: On a 64-bit system, all the 32-bit registry keys are under the Wow6432Node key. For example: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\IBM\Tivoli Remote Control\Target
- Right-click the required property and select Modify
- Set the required value and click OK.
- Restart the target service.
- Edit the target registry and go to HKEY_LOCAL_MACHINE\SOFTWARE\IBM\Tivoli\Remote
Control\Target
- Linux™ systems
- The target properties are saved to the /etc/ibmtrct.conf file. Edit the
file after installation to configure the target.
- Edit the ibmtrct.conf file.
- Modify the required properties.
- Save the file.
- Restart the target service.
- macOS devices
- You can configure the properties in the trc_target.cfg file when you
install the target. For more information, see Installing the BigFix Remote Control Target for macOS by using the .pkg file. The target properties are saved to
/Library/Preferences/com.ibm.bigfix.remotecontrol.target.plist. To modify a target
property, complete the following steps:
- Open the Terminal.app.
- To modify a property, enter the following command.
sudo defaults write /Library/Preferences/com.ibm.bigfix.remotecontrol.target.plist Keyword Value
Where Keyword is the property name and Value is the value for the property.
For example,sudo defaults write /Library/Preferences/com.ibm.bigfix.remotecontrol.target.plist LogLevel 4
- Restart the target.
- Click .
- Open the Remote Control Target.app.
Target property definitions
Target property |
Default |
Description |
---|---|---|
ServerURL | Blank | For the target to register with the server and take part in remote control
sessions that are started from the server, provide the BigFix® Remote
Control server URL in the
format: http://servername/trc, where
servername is the fully qualified name of yourBigFix® Remote
Control server. For example, http://trcserver.example.com/trc Note: If you provide a server URL and you want the target to take part only in remote control
sessions that are started from the server, set AllowP2P to No. |
ProxyURL | Blank | Host name or IP address for a proxy server, if you are using one. |
BrokerList | Blank | The list of host names or IP addresses of the brokers and their ports, that you want the target to connect to. In the format, hostname1:port,hostname2:port,hostname3:port. |
GroupLabel | Blank | A target group name that the target is made a member of when the configuration
is applied. This target group must exist in the BigFix® Remote
Control
database. Note: The GroupLabel property can be used only if the target is not
already registered with the server. If the target is already registered, it is not assigned to the
target group. The allow.target.group.override property in the
trc.properties file on the server must be set to Yes for the
GroupLabel property value to be applied. |
PortToListen | 888 | Specify the TCP port that the target listens on. The default value for the BigFix® Remote Control Target for macOS is 8787. |
AllowP2P | Yes | Used to enable peer-to-peer mode. Use this parameter to enable peer to peer
connections regardless of the server status. Default value is No
|
AllowP2PFailover | No | Use this parameter to enable failover to peer-to-peer mode when the server is
down or unreachable. AllowP2P must also be set to Yes.
Default value is No.
|
FIPSCompliance | No | Use this property to enable the use of a FIPS-certified cryptographic provider
for all cryptographic functions. For more information about enabling FIPS compliance, seeFederal information processing standard (FIPS 140-2) compliance in BigFix Remote Control. Note: If you enable FIPS compliance on
the target, you must also enable FIPS compliance on the controller components that are installed.
Only the IBM®
Java™ Run-time Environment (JRE) is supported in FIPS-compliant
mode and the JRE is installed when you install the controller software. To enable FIPS compliance on
the controller, complete the following steps.
|
SP800131ACompliance | No | Select this option to enforce NIST SP800-131A-compliant algorithms and key
strengths for all cryptographic functions. For more information about enabling NIST SP800-131A
compliance, see NIST SP800-131A compliance in BigFix Remote Control. Note: If you enable
NIST SP800-131A compliance on the target, you must also enable NIST SP800-131A compliance on the
controller components that are installed. Only the IBM®
Java™ Run-time Environment (JRE) is supported in NIST
SP800-131A compliant mode and the JRE is installed when you install the controller software. To
enable NIST SP800-131A compliance on the controller, complete the following steps.
|
Accessibility | No | Select this option to enable the accessibility UI. Available only on Windows operating system. |
LogLevel | 2 |
The log level determines the types of entries and how much information is added to the log file. Default value is 2. 0 - Logging is set to a minimal level. 1 - Logging is set to ERROR level. 2 - Logging is set to INFO level. 4 - Logging is set to DEBUG level. Note: Use Log Level = 4 only by request from IBM®. support.
|
LogRollover | Daily |
Controls the period after which a new log file is started. This period must be shorter than the LogRotation period, therefore not all combinations are valid. LogRollover cannot be disabled. Default value is Daily.
|
LogRotation | Weekly |
Controls the period after which an older log file is overwritten. Log rotation can be disabled. Default value is Weekly.
|
Target property | Default Value | Description |
---|---|---|
AllowMonitor | Yes | Determines whether the target can take part in monitor peer-to-peer sessions.
For information about the different types of remote control session that can be established, see Types of remote control sessions that can be established.
|
AllowGuidance | Yes | Determines whether the target can take part in guidance peer-to-peer sessions.
|
AllowActive | Yes | Determines whether the target can take part in active peer-to-peer sessions.
|
DisableChat | No | Determines the ability to start a chat session with the target and also chat
to the controller user during a peer-to-peer session.
|
DisableFilePull | No | Determines the ability to transfer files from the target to the controller
during the session.
|
DisableFilePush | No | Determines the ability to transfer files from the controller to the target
during the session.
|
DisableClipboard | No | Determines the availability of the clipboard transfer menu in the controller
UI in a peer-to-peer session. Use the menu to transfer the clipboard content between the controller
and target during a remote control session.
|
AllowRecording | Yes | The controller user can make and save a local recording of the session in the
controlling system.
|
AllowCollaboration | Yes | Use this property to allow more than one controller to join a session.
Determines the availability of the collaboration icon on the controller window.
|
AllowHandover | Yes | The master controller in a collaboration session, can hand over control of the
session to a new controller. Determines the availability of the Handover
button on the collaboration control panel.
|
AllowForceDisconnect | No | Determines whether a Disconnect session button is
available in the message window that is displayed when you attempt to connect to the target. You can
use the Disconnect session option to disconnect the current session.
|
ForceDisconnectTimeout | 45 | Number of seconds you must wait for the controller user to respond to the prompt to disconnect the current session. If they do not respond in the time that is given, they are automatically disconnected from the session. The timer takes effect only when AllowForceDisconnect and CheckUserLogin are set to Yes. The default value is 45. |
AutoWinLogon | Yes | Determines whether a session can be started when no users are logged on
at the target.
|
RunPreScript | No | Determines whether a user-defined script is run before the remote control
session starts. The script is run just after the session is allowed but before the controller user
has access to the target. The outcome of running the script and the continuation of the session is
determined by the value that is set for Proceed on pre/post-script failure.
|
RunPostScript | No | Determines whether a user-defined script is run after the remote control
session finishes.
|
ProceedOnScriptFail | No | The cction to take if the pre-script or post-script execution fails. A
positive value or 0 is considered a successful run of the pre-script or post-session script. A
negative value, a script that is not found, or not finished running within 3 minutes is considered a
failure.
|
WorkaroundW2K3RDP | No | Automatically reset the console after a Remote Desktop console session. When a
Remote Desktop user uses the /admin or /console option to
start a Remote Desktop session with a Windows™ Server 2003
system and a user starts a remote control session with this target before, during or after the
Remote Desktop session, remote control is unable to capture the display. The result is that a gray
screen is shown in the controller. This issue is a limitation in Windows™ Server 2003 operating systems. Therefore, this property introduces a workaround that
will reset the Windows™ session either after each Remote
Desktop session ends, or before a remote control session starts, depending on the value Yes.
|
EnableTrueColor | No |
Determines whether the target desktop is displayed in high-quality colors in the controller window at the start of a session. Used together with Lock color quality.
|
LockColorDepth | No |
Determines whether the color quality that a remote control session is started with can be changed during the session. Used together with Enable high quality colors.
|
RemoveBackground | No | If a desktop background image is set on the target, this property can be used
to remove the background from view during a remote control session.
|
NoScreenSaver | No | Stops the target from sending screen updates when it detects that the screen
saver is active.
|
Managed | Yes | Determines whether the target registers with the Remote Control server.
|
Target property |
Default |
Description |
---|---|---|
ConfirmTakeOver | Yes | Determines whether the acceptance window is displayed on the target, when a
remote control session is requested.
|
ConfirmModeChange | Yes | Determines whether the user acceptance window is displayed when the controller
user selects a different session mode from the session mode list on the controller window.
|
ConfirmFileTransfer | Yes | Determines whether the user acceptance window is displayed when the controller
user selects to transfer files between the target and the controller.
|
ConfirmSysInfo | Yes | Determines whether the user acceptance window is displayed when the controller
user requests to view the target system information.
|
ConfirmRecording | Yes | Determines whether the user acceptance window is displayed when the controller
user clicks the record icon on the controller window.
|
ConfirmCollaboration | Yes | Determines whether the user acceptance window is displayed when another
controller user requests to join a collaboration session with a target.
|
AcceptanceGraceTime | 45 | Sets the number of seconds to wait for the target user to respond before a
session starts or times out, used with Confirm incoming connections.
Note: If Confirm incoming connections is Yes, Acceptance grace
time must be set to a value >0 to provide the target user with enough time to
respond. |
AcceptanceProceed | No | The action to take if the user acceptance window timeout lapses. The target
user did not click accept or refuse within the number of seconds defined for Acceptance
grace time.
|
HideWindows | No | Determines whether the Hide windows check box is
displayed on the user acceptance window when Confirm incoming connections is
also set to Yes.
|
Target property | Default Value | Description |
---|---|---|
CheckUserLogin | Yes | Determines whether a logon window is displayed when the controller user clicks
a session type button on the Open Connection window.
|
CheckUserGroup | see description | Default value.
When CheckUserGroup has a value set, the user name that is used for
authentication must be a member of one of the groups that are listed. If the user is not a member,
the session is refused. Multiple groups must be separated with a semicolon. For example,
Note: By default, on Windows™ systems, only the
Administrator user is granted access. On Linux™ systems, by
default no users are granted access. To resolve this issue, complete one of the following steps.
|
AuditToSystem | Yes | Determines whether the actions that are carried out during remote control
sessions are logged to the application event log on the target. This file can be used for audit
purposes.
|
AutoSaveChat | No | Determines whether the chat text, entered during a chat session, can be saved.
|
EnableFileTransferSystemAccess | No | Determines whether the file transfer session allows for target file system
access using System privileges (Windows) or root privileges (Linux). This option is valid for peer
to peer sessions only.
Note: If the option is set to No, and there is no logged on user on the target during the file
transfer session, an error message is displayed. |
SessionDisconnect | No | Determines whether the target computer is automatically locked when the remote
control session ends. Allowed value: lock. When you set the value to lock, the target computer is automatically locked at the end of the session. If the property is blank or set to another value, the target computer is not automatically locked at the end of the session. |
AllowPrivacy | Yes | Determines whether a controller user can lock the local input and screen of
the target in a remote control session. Determines the visibility of the Enable
Privacy option on the controller window.
|
AllowInputLock | Yes | This property works with Allow privacy and on its own.
You can use Allow input lock to lock the target users mouse and keyboard
during a remote control session.
Note: If the option to Enable Privacy is Yes during a session, the remote
user input is automatically locked. It is not possible to enable privacy without also locking the
input.
|
EnablePrivacy | No | Determines whether the local input and screen are locked for all sessions.
Therefore, the target user cannot input or do anything on the target while in a remote control
session.
|
EnableInputLock | No | This property works with Enable privacy. When privacy
mode is enabled, use Enable input lock to determine whether the target user can
view their screen, during a remote control session.
Note: Enable privacy must be Yes for Enable input lock to
take effect. |
DisablePanicKey | No | Determines whether the Pause Break key can be used by the target user to
automatically end the remote control session.
|
EnableOSSN | No | Determines whether a semi-transparent overlay is displayed on the target
computer to indicate that a remote control session is in progress. Use this property when privacy is
a concern so that the user is clearly notified when somebody can remotely view or control their
computer.
Note: This policy is only supported on targets where a Windows™ operating system installed. |
DisableGUI | No | Determines whether the target UI is visible when the remote control session is
starting and also during the session. Note: This option works only when the target is installed in
peer-to-peer mode and the Managed target property is set to No. This option is
ignored when applied to any targets that were installed by using the BigFix® Remote
Control server mode when
a server URL was supplied.
|
Operating systems that the property is configurable in
Property name | Windows™ | Linux™ | macOS - available from V9.1.4 |
---|---|---|---|
ServerURL | * | * | |
ProxyURL | * | * | |
BrokerList | * | * | * |
GroupLabel | * | * | |
PortToListen | * | * | * |
AllowP2P | * | * | |
AllowP2PFailover | * | * | |
FIPSCompliance | * | * | |
SP800131ACompliance | * | * | |
Accessibility | * | ||
LogLevel | * | * | * |
LogRollover | * | * | * |
LogRotation | * | * | * |
AllowMonitor | * | * | * |
AllowGuidance | * | * | |
AllowActive | * | * | * |
DisableChat | * | * | |
DisableFilePull | * | * | * |
DisableFilePush | * | * | * |
DisableClipboard | * | * | |
AllowRecording | * | * | * |
AllowCollaboration | * | * | * |
AllowHandover | * | * | * |
AllowForceDisconnect | * | * | |
ForceDisconnectTimeout | * | * | |
AutoWinLogon | * | * | |
RunPreScript | * | * | |
RunPostScript | * | * | |
ProceedOnScriptFail | * | * | |
WorkaroundW2K3RDP | * | ||
EnableTrueColor | * | * | * |
LockColorDepth | * | * | * |
RemoveBackground | * | ||
NoScreenSaver | * | ||
Managed | * | * | |
ConfirmTakeOver | * | * | * |
ConfirmModeChange | * | * | * |
ConfirmFileTransfer | * | * | * |
ConfirmSysInfo | * | * | * |
ConfirmRecording | * | * | * |
ConfirmCollaboration | * | * | * |
AcceptanceGraceTime | * | * | * |
AcceptanceProceed | * | * | * |
HideWindows | * | * | |
CheckUserLogin | * | * | |
CheckUserGroup | * | * | |
AuditToSystem | * | * | * |
AutoSaveChat | * | * | |
EnableFileTransferSystemAccess | * | * | |
SessionDisconnect | * | * | |
AllowPrivacy | * | ||
AllowInputLock | * | ||
EnablePrivacy | * | ||
EnableInputLock | * | ||
DisablePanicKey | * | ||
EnableOSSN | * | ||
DisableGUI | * |