1. Home
  2. Docs
  3. Protected: truePass Hybrid
  4. Admin configurations
  5. 2.3.3 Access Control List for Workflow Policy (Users and Groups List)

2.3.3 Access Control List for Workflow Policy (Users and Groups List)

After clicking the policy on the ‘Security Policies’ window, users and groups from the Access Control list appear in the bottom part of the window:

The menu displayed by right-clicking the user/group from the list provides the following options:

1. Edit Application Access Control – opens the ‘truePass Application Access Control’ window for editing (for more details see chapter 2.3.2.2.3 Configure Application Access Control)

2. Edit Applications Access and Permissions – opens selected service properties window for editing:

Next sections are available:

  • Related Computers
  • RDP Access Restriction
  • RDP Device and Resources Restriction

2.1. Related Computers – allows to find Active Directory computers by computer attributes, groups and users attributes.

To use the search check ‘Related Computers enabled‘ checkbox.

2.1.1. Computer Attributes – find AD computers related to logged in users in ‘Computer Attributes’.

Example:

AD computer have a ‘Description’ attribute with some username:

Select ‘Computer Attributes’ and put some attributes names into ‘Computer Attributes’ text input and press ‘Test’:

Type username and domain name (UPN) and press ‘OK’ button:

If Active Directory computer is found, the results will be shown in the following message box:

2.1.2. Computer Groups – find AD computers related to logged in users in ‘Computer Groups’.

Example:

Active Directory computer is related with users group:

Select ‘Computer Groups’ and type groups names into ‘Runtime Variable’ text input and press ‘Test’:

Type username and domain name (UPN) and press ‘OK’ button:

If Active Directory computer is found, the results will be shown in the following message box:

2.1.3. User Attributes – find AD computers related to logged in users in ‘User Attributes’.

Example:

Select ‘Advanced Features‘ option from ‘View‘ menu of Active Directory to enable to see and modify user attributes:

Active Directory computer is related with users group:

User attributes list contains ‘company’ and ‘info’ values with some IP addresses:

Select ‘User Attributes’ and type regex pattern with IP address to ‘Runtime Variable’. Type user attributes into ‘User Attribetes’ text input and press ‘Test’:

Type username and domain name (UPN) and press ‘OK’ button:

If Active Directory computer is found, the results will be shown in the following message box:

2.2. RDP Access Restriction – configuring an access for specific users with MFA enabled or disabled state.

Example configuration

Access for domain admins from different domains with disabled MFA, disabled access expiration date:

2.3. RDP Device and Resources Restriction – allow to configure redirection via RDP connection for

  • Clipboard – specifies whether to prevent the sharing of Clipboard contents (Clipboard redirection) between a remote computer and a client computer during a Remote Desktop Services session;
  • Smartcard – allows to control the redirection of smart card devices in a Remote Desktop Services session;
  • Drivers – specifies whether to prevent the mapping of client drives in a Remote Desktop Services session (drive redirection);
  • Printers – allows to specify whether to prevent the mapping of client printers in Remote Desktop Services sessions;
  • Ports – specifies whether to prevent the redirection of data to client COM and LTP ports from the remote computer in a Remote Desktop Services session;
  • PnP – allows to control the redirection of supported Plug and Play and RemoteFX USB devices, such as Windows Portable Devices, to the remote computer in a Remote Desktop Services session;

Example configuration:

Access for domain admins from different domains with disabled MFA, disabled drivers and clipboard redirection:

3. Workflow Policy Validation – runs a test of access for the selected user:

4. Generate RDP Access Token – generates an access token to allow access to the specified network resource:

5. Generate IPSec Desktop Client – opens the ‘true-Pass IPSec Portable Desktop Agent’ window for generating IPSec client with pre-defined configuration:

Was this article helpful to you? Yes No

How can we help?