After clicking the policy on the ‘Security Policies’ window, users and groups from the Access Control list appear in the bottom part of the window:
The menu displayed by right-clicking the user/group from the list provides the following options:
1. Edit Application Access Control – opens the ‘truePass Application Access Control’ window for editing (for more details see chapter 2.3.2.2.3 Configure Application Access Control)
2. Edit Applications Access and Permissions – opens selected service properties window for editing:
Next sections are available:
- Related Computers
- RDP Access Restriction
- RDP Device and Resources Restriction
2.1. Related Computers – allows to find Active Directory computers by computer attributes, groups and users attributes.
To use the search check ‘Related Computers enabled‘ checkbox.
2.1.1. Computer Attributes – find AD computers related to logged in users in ‘Computer Attributes’.
Example:
AD computer have a ‘Description’ attribute with some username:
Select ‘Computer Attributes’ and put some attributes names into ‘Computer Attributes’ text input and press ‘Test’:
Type username and domain name (UPN) and press ‘OK’ button:
If Active Directory computer is found, the results will be shown in the following message box:
2.1.2. Computer Groups – find AD computers related to logged in users in ‘Computer Groups’.
Example:
Active Directory computer is related with users group:
Select ‘Computer Groups’ and type groups names into ‘Runtime Variable’ text input and press ‘Test’:
Type username and domain name (UPN) and press ‘OK’ button:
If Active Directory computer is found, the results will be shown in the following message box:
2.1.3. User Attributes – find AD computers related to logged in users in ‘User Attributes’.
Example:
Select ‘Advanced Features‘ option from ‘View‘ menu of Active Directory to enable to see and modify user attributes:
Active Directory computer is related with users group:
User attributes list contains ‘company’ and ‘info’ values with some IP addresses:
Select ‘User Attributes’ and type regex pattern with IP address to ‘Runtime Variable’. Type user attributes into ‘User Attribetes’ text input and press ‘Test’:
Type username and domain name (UPN) and press ‘OK’ button:
If Active Directory computer is found, the results will be shown in the following message box:
2.2. RDP Access Restriction – configuring an access for specific users with MFA enabled or disabled state.
Example configuration
Access for domain admins from different domains with disabled MFA, disabled access expiration date:
2.3. RDP Device and Resources Restriction – allow to configure redirection via RDP connection for
- Clipboard – specifies whether to prevent the sharing of Clipboard contents (Clipboard redirection) between a remote computer and a client computer during a Remote Desktop Services session;
- Smartcard – allows to control the redirection of smart card devices in a Remote Desktop Services session;
- Drivers – specifies whether to prevent the mapping of client drives in a Remote Desktop Services session (drive redirection);
- Printers – allows to specify whether to prevent the mapping of client printers in Remote Desktop Services sessions;
- Ports – specifies whether to prevent the redirection of data to client COM and LTP ports from the remote computer in a Remote Desktop Services session;
- PnP – allows to control the redirection of supported Plug and Play and RemoteFX USB devices, such as Windows Portable Devices, to the remote computer in a Remote Desktop Services session;
Example configuration:
Access for domain admins from different domains with disabled MFA, disabled drivers and clipboard redirection:
3. Workflow Policy Validation – runs a test of access for the selected user:
4. Generate RDP Access Token – generates an access token to allow access to the specified network resource:
5. Generate IPSec Desktop Client – opens the ‘true-Pass IPSec Portable Desktop Agent’ window for generating IPSec client with pre-defined configuration:
