After clicking the policy on the ‘Security Policies’ window, users and groups from the Access Control list appear in the bottom part of the window:

The menu displayed by right-clicking the user/group from the list provides the following options:

1. Edit Application Access Control – opens the ‘truePass Application Access Control’ window for editing (for more details see chapter 2.3.2.2.3 Configure Application Access Control)

2. Edit Applications Access and Permissions – opens selected service properties window for editing:

Next sections are available:
- Related Computers
- RDP Access Restriction
- RDP Device and Resources Restriction
2.1. Related Computers – allows to find Active Directory computers by computer attributes, groups and users attributes.
To use the search check ‘Related Computers enabled‘ checkbox.
2.1.1. Computer Attributes – find AD computers related to logged in users in ‘Computer Attributes’.

Example:
AD computer have a ‘Description’ attribute with some username:

Select ‘Computer Attributes’ and put some attributes names into ‘Computer Attributes’ text input and press ‘Test’:

Type username and domain name (UPN) and press ‘OK’ button:


If Active Directory computer is found, the results will be shown in the following message box:

2.1.2. Computer Groups – find AD computers related to logged in users in ‘Computer Groups’.

Example:
Active Directory computer is related with users group:

Select ‘Computer Groups’ and type groups names into ‘Runtime Variable’ text input and press ‘Test’:

Type username and domain name (UPN) and press ‘OK’ button:

If Active Directory computer is found, the results will be shown in the following message box:

2.1.3. User Attributes – find AD computers related to logged in users in ‘User Attributes’.

Example:
Select ‘Advanced Features‘ option from ‘View‘ menu of Active Directory to enable to see and modify user attributes:

Active Directory computer is related with users group:

User attributes list contains ‘company’ and ‘info’ values with some IP addresses:


Select ‘User Attributes’ and type regex pattern with IP address to ‘Runtime Variable’. Type user attributes into ‘User Attribetes’ text input and press ‘Test’:

Type username and domain name (UPN) and press ‘OK’ button:

If Active Directory computer is found, the results will be shown in the following message box:

2.2. RDP Access Restriction – configuring an access for specific users with MFA enabled or disabled state.
Example configuration
Access for domain admins from different domains with disabled MFA, disabled access expiration date:

2.3. RDP Device and Resources Restriction – allow to configure redirection via RDP connection for
- Clipboard – specifies whether to prevent the sharing of Clipboard contents (Clipboard redirection) between a remote computer and a client computer during a Remote Desktop Services session;
- Smartcard – allows to control the redirection of smart card devices in a Remote Desktop Services session;
- Drivers – specifies whether to prevent the mapping of client drives in a Remote Desktop Services session (drive redirection);
- Printers – allows to specify whether to prevent the mapping of client printers in Remote Desktop Services sessions;
- Ports – specifies whether to prevent the redirection of data to client COM and LTP ports from the remote computer in a Remote Desktop Services session;
- PnP – allows to control the redirection of supported Plug and Play and RemoteFX USB devices, such as Windows Portable Devices, to the remote computer in a Remote Desktop Services session;
Example configuration:
Access for domain admins from different domains with disabled MFA, disabled drivers and clipboard redirection:

3. Workflow Policy Validation – runs a test of access for the selected user:

4. Generate RDP Access Token – generates an access token to allow access to the specified network resource:

5. Generate IPSec Desktop Client – opens the ‘true-Pass IPSec Portable Desktop Agent’ window for generating IPSec client with pre-defined configuration:
