1. Home
  2. Docs
  3. Protected: truePass Hybrid
  4. Admin configurations
  5. 2.3.3 Access Control List for Workflow Policy (Users & Groups List)

2.3.3 Access Control List for Workflow Policy (Users & Groups List)

After clicking the policy on the ‘Security Policies’ window, users and groups from the Access Control list appear in the bottom part of the window:

The menu displayed by right-clicking the user/group from the list provides the following options:

1. Edit Application Access Control – opens the ‘truePass Application Access Control’ window for editing (for more details see chapter 2.3.2.2.3 Configure Application Access Control)

2. Edit Applications Access and Permissions – opens selected service properties window for editing:

Next sections are available:

  • Related Computers
  • RDP Access Restriction
  • RDP Device and Resources Restriction

2.1. Related Computers – allows to find Active Directory computers by computer attributes, groups and users attributes.

To use the search check ‘Related Computers enabled‘ checkbox.

2.1.1. Computer Attributes – find AD computers related to logged in users in ‘Computer Attributes’.

Example:

AD computer have a ‘Description’ attribute with some username:

Select ‘Computer Attributes’ and put some attributes names into ‘Computer Attributes’ text input and press ‘Test’:

Type username and domain name (UPN) and press ‘OK’ button:

If Active Directory computer is found, the results will be shown in the following message box:

2.1.2. Computer Groups – find AD computers related to logged in users in ‘Computer Groups’.

Example:

Active Directory computer is related with users group:

Select ‘Computer Groups’ and type groups names into ‘Runtime Variable’ text input and press ‘Test’:

Type username and domain name (UPN) and press ‘OK’ button:

If Active Directory computer is found, the results will be shown in the following message box:

2.1.3. User Attributes – find AD computers related to logged in users in ‘User Attributes’.

Example:

Select ‘Advanced Features‘ option from ‘View‘ menu of Active Directory to enable to see and modify user attributes:

Active Directory computer is related with users group:

User attributes list contains ‘company’ and ‘info’ values with some IP addresses:

Select ‘User Attributes’ and type regex pattern with IP address to ‘Runtime Variable’. Type user attributes into ‘User Attribetes’ text input and press ‘Test’:

Type username and domain name (UPN) and press ‘OK’ button:

If Active Directory computer is found, the results will be shown in the following message box:

2.2. RDP Access Restriction – configuring an access for specific users with MFA enabled or disabled state.

Example configuration

Access for domain admins from different domains with disabled MFA, disabled access expiration date:

2.3. RDP Device and Resources Restriction – allow to configure redirection via RDP connection for

  • Clipboard – specifies whether to prevent the sharing of Clipboard contents (Clipboard redirection) between a remote computer and a client computer during a Remote Desktop Services session;
  • Smartcard – allows to control the redirection of smart card devices in a Remote Desktop Services session;
  • Drivers – specifies whether to prevent the mapping of client drives in a Remote Desktop Services session (drive redirection);
  • Printers – allows to specify whether to prevent the mapping of client printers in Remote Desktop Services sessions;
  • Ports – specifies whether to prevent the redirection of data to client COM and LTP ports from the remote computer in a Remote Desktop Services session;
  • PnP – allows to control the redirection of supported Plug and Play and RemoteFX USB devices, such as Windows Portable Devices, to the remote computer in a Remote Desktop Services session;

Example configuration:

Access for domain admins from different domains with disabled MFA, disabled drivers and clipboard redirection:

3. Workflow Policy Validation – runs a test of access for the selected user:

4. Generate RDP Access Token – generates an access token to allow access to the specified network resource:

5. Generate IPSec Desktop Client – opens the ‘true-Pass IPSec Portable Desktop Agent’ window for generating IPSec client with pre-defined configuration:

Was this article helpful to you? Yes No

How can we help?