Managing Client Policies in version 16.5

0 users found this article helpful

As from version 16.5 upwards, the client policy settings are split into groups with the ability to configure and enforce each group on the client side individually.

 

 

Adding a new client policy

To add a new client policy:

  1. Select the Policies category and then click Tasks > Add in the right pane. The Policy Properties dialog opens.
  2. The left pane contains a navigation tree allowing you to select a group of options to configure.
  3. Make sure the Policy node is selected and then specify a policy name and an optional description.
  4. In the Browse Mode drop-down list, select how you want to browse for users and groups. The preferred mode is Secure Identifier (default). Other options exist for backward compatibility
  5. In the Apply policy to section, click Tasks > Add (or click the plus sign icon) and specify the target users and/or groups.

 

Configure criteria for the client policy

By default, a client policy applies to the configured users and groups in all situations. You can optionally define a criteria when the policy should apply. This functionality allows you to create different policies for the same user, which will be applied depending on where the user is connecting from and from which device.

 

To create a new criteria:

  1. Select Criteria (under the Policy node) in the left pane.
  2. In the "gateway criteria" section, select the criteria type in the first drop-down list and then specify the values (if applicable) in the second drop-down list.
  3. In the "MAC address criteria" section, select the criteria type in the first drop-down list and then specify the values (if applicable) in the second drop-down list.
  4. In the "Parallels Clients" section, select the version of Parallels Client to which this policy should apply.

 

Configure Session Settings

Items under the Session node in the Policy Properties dialog include connection, display, printing, network, and other settings that will be enforced on a client if defined and enabled.

For a particular group of settings to be enforced on a client device, it must be selected (checked). Unselected groups will not be enforced, so end users will be able to configure them themselves. For example, you can check the Connection node, but only check the Primary connection and Secondary connections groups under it. This will enforce only the two selected groups of settings on client devices.

 

Connection

To configure connection properties, select the Connection node and then go through each child node configuring their respective properties.

 

Primary connection

The primary connection always defaults to the primary RAS Secure Client Gateway, but you can modify the following connection properties:

  1. Specify a friendly name for the connection.
  2. Select the Auto Logon option to enable Parallels Client to connect automatically without displaying the Logon dialog every time a user connects to a remote server.
  3. In the Authentication type drop-down list, select the desired method of authentication:
  1. Select or clear Save password as needed (if credentials are used for authentication). This means forcing a client to save the password for this connection.
  2. Specify the domain name (if credentials are used for authentication).

Secondary Connection

If you have more than one RAS Secure Client Gateway, you can define a secondary connection, which will be used as a backup connection in case the primary gateway connection fails.

To add a secondary connection:

  1. Select the Secondary connections item.
  2. In the Secondary connections pane, click Tasks > Add and specify a server name or IP address.
  3. Select the connection mode and modify the default port number if necessary.

If you have multiple secondary connections, you can move them up or down in the list. If the primary connection cannot be established, Parallels Client will use secondary connections in the order listed.

Reconnection

In this pane, specify what to do if the connection is dropped. Select Reconnect if connection is dropped and set the number of Connection retries. If a connection is dropped, the Parallels Client will automatically try to reconnect. The Connection banner option specifies the time period in seconds after which the connection banner will be displayed.

Computer name

Specify the name that a computer will use during a remote desktop session. If set, this will override the default computer name. Any filtering set by the administrator on the server side will make use of the Override computer name setting.

Advanced settings

 

Display

To configure display settings, select the Display node and then configure the groups of settings described below.

 

Settings

Select the desired video acceleration mode and color depth.

Multi-monitor

Specify whether all monitors should be used for a desktop session if more than one monitor is connected to the user's computer.

Published applications

Select the Use primary monitor only option to start published applications on the primary monitor. Other monitors connected to a user's computer will not be used.

Desktop options

Specify the desktop options as follows:

Browser

This section applies to Parallels HTML5 client only. Specify whether a remote application should open in the same or a new tab page in a web browser by default.

Printing

The Printing pane allows you to configure printing options.

 

In the Technology section, select the technology to use when redirecting printers to a remote computer:

RAS Universal Printing

If you selected RAS Universal Printing technology, use the Redirect Printers drop-down list to specify whether to redirect all printer on the client side, default printer only, or specific printers.

If you select Specific only in the step above, click Tasks > Add. Type a printer name and then click the Options button. In the dialog that opens, specify settings described below.

In the Choose Format drop-down list, select a data format for printing:

In the Client printer preferences section, select one of the following:

Default printer settings

To configure default printer settings, click the Change Default Printer settings button.

The default printer list shows printers that can be redirected by the client to the remote computer:

Select Match exact printer name to match the name exactly as inserted in the Custom field. Please note that the remote printer name may not match the original printer name. Also note that local printers may not redirect due to server settings or policies.

The Force Default printer for option specifies the the time period, during which a printer will be forced as default. If the default printer is changed during this time after the connection is established, the printer is reset as default.

Select the Update the remote default printer if the local default printer is changed option to change the remote default printer automatically when the local default printer is changed. Please note that the new printer must have been previously redirected.

 

Scanning

On the Scanning pane, you can specify a scanner that should be used when one is required by a published application:

 

 

Audio Playback

This pane allows you to configure remote audio settings.

 

Use the Remote computer drop-down list to select one of the following remote audio playback options:

Use the Quality drop-down list to adjust the audio quality:

The Recording (if applicable) option allows you to enable audio recording on the remote computer. For example, you can speak into a microphone on the local computer and use a sound recording application on the remote computer to record yourself.

 

Keyboard

On the Keyboard pane, select how you want to apply key combinations (e.g. Alt+Tab) that you press on the keyboard:

 

Select or clear the Send unicode characters as needed.

 

Local Devices and Resources

Use the Local devices and resources pane to configure how local resources are used in a remote session.

 

Clipboard

Select the Allow clipboard redirection option to enable the local clipboard in a remote session.

Disk drives

Select the Allow disk drives redirection option and select local drives you want to redirect, or select Use all disk drives available.

If you select the Use also disk drives that I plug in later option, disk drives that you connect to a local computer later will be automatically available in a remote session. Note that this option applies to Parallels Client for Windows only.

Devices

On this pane, specify whether to redirect local devices in general, use all devices available, and also devices that will be plugged in later.

Local devices that can be redirected include supported Plug and Play devices, media players based on the Media Transfer Protocol (MTP), and digital cameras based on the Picture Transfer Protocol (PTP).

Please note that disk drives and smart cards are redirected using dedicated Disk drives and Smart cards options.

Ports

Select whether to redirect LPT and COM ports.

Smart cards

Select whether to redirect smart cards.

File transfer

Select whether to allow remote file transfer. For additional information, see Enabling or Disabling Remote File Transfer

 

Experience

 

The Experience pane allows you to tweak the connection speed to optimize the performance of the connection with the remote server. If you are connecting to a remote server on a local network that runs at 100 Mbps or higher, it is usually safe to have all of the experience options turned on.

It is also recommended to enable compression to have a more efficient connection. The following compression options are available.

Enable RDP Compression: Enables compression for RDP connections.

Universal printing compression policy: The compression type should be selected based on your environment specifics. You can choose from the following options:

Universal scanning compression policy: This drop-down list has the same options as the universal printing compression above. Select the compression type based on your environment specifics.

 

Network

 

Use the Network pane to configure a proxy server if you have one.

Select the Use proxy server option and then select the protocol from the following list:

Specify the proxy host's domain name or IP address and the port number.

For SOCKS5 and HTTP 1.1 protocols, select the Proxy requires authentication option. For authentication, select the Use user logon credentials option or specify a user name and password in the fields provided.

 

Server Authentication

Use the Server authentication pane to specify what should happen if authentication of an RD Session Host, Remote PC, or Guest VM fails.

 

In the If authentication fails drop-down list, select one of the following options:

 

Advanced Settings

The Advanced Settings pane allows you to customize the default behavior or Parallels Client.

 

You can specify the following properties:

 

Configure Client Policy Option

The Client options node allows you configure client policy options. Select the node and then select and configure individual items under it as described below.

 

Connection

On the Connection pane, specify the following options:

Update

Select Check for updates on startup and specify an update URL if you want Parallels Client to check for updates when it starts. The URL can point to the Parallels website or you can store updates on your local network and use this local URL. For the information on how to configure a local update server, please read https://kb.parallels.com/123658.

 

PC keyboard

To force a particular keyboard to be used, select the Force use PC keyboard and select a keyboard layout from the drop-down list. Note that the selected layout can and will only be used in a Parallels Client version that supports this particular layout.

Single Sign-On

Parallels Client for Windows comes with its own SSO component that you can install and use to sign in to Parallels RAS. However, if you already use a third-party credential provider component on your Windows computers, you need to configure Parallels RAS and Parallels Client to use the Parallels RAS SSO component to function as a wrapper for the third-party credential provider component.

To specify a third-party component, select the Force to wrap third party credential provider component option and specify the component's GUID in the field provided. You can obtain the GUID in Parallels Client as follows:

  1. Install Parallels Client on a computer that has the third-party component installed.
  2. In Parallels Client, navigating to Tools > Options > Single Sign-On (tab page).
  3. Select the "Force to wrap..." option and then select your provider in the drop-down list.
  4. Click the Copy GUID to Clipboard button to obtain the component's GUID.

You will also need to specify the component's GUID when setting up an invitation email in the RAS Console. If you haven't set up an invitation email yet, you can do it as follows:

  1. In the RAS Console, select the Start category and then click the Invite Users item in the right pane.
  2. On the second page of the wizard (target platform and connection options), click the Advanced button.
  3. In the dialog that opens, select the  Force to wrap third party SSO component option and specify the GUID of the component.

After the policies are applied on Windows computers, Parallels Client will be automatically configured to use the specified third-party credentials provider.

Advanced

Use this pane to specify advanced client option:

 

Configure Control Settings

 

Control settings options allow you to control various actions on the client side. These options affect the following Parallels Clients:

Connections

On the Connections pane, select (or clear) the following options:

Password

On the Password pane, specify the following options:

Import and export

On the Import and Export tab page:

 

Configure Gateway Redirection

 

Redirection options allow you to move your existing users from one RAS Secure Client Gateway to another gateway within the same farm, or you can even redirect users to a gateway in a different farm.

To configure redirection options:

  1. Select the Redirection node in the left pane of the Policy Properties dialog.
  2. In the right pane, specify the new connection properties, including:

When you apply this policy to user devices, the following will happen:

Was this article helpful?

Tell us how we can improve it.