Advance Configurations
Direct RDP/Console Block
In some deployments, it is required to block direct access (console/RDP) of users. The feature is integrated in HyWorks v3.3, administrator will be able to configure access block:
Registry key for Direct RDP Block: (default: false)
HKLM\SOFTWARE\Accops\DVMAgent\DirectRdpBlocked
Registry key for Direct Console Block: (default: false)
HKLM\SOFTWARE\Accops\DVMAgent\DirectConsoleBlocked
Registry key for Direct RDP/Console Block Timeout: (default: 15 seconds)
HKLM\SOFTWARE\Accops\DVMAgent\DirectRdpBlockTimeoutSec
Registry key for Direct RDP/Console Block for Admin users: (default: false)
HKLM\SOFTWARE\Accops\DVMAgent\DirectRdpAdminBlocked
External log Settings
In some deployments, it is required to get user session monitoring for audit purpose, the feature is integrated in HyWorks v3.3. Two types of monitoring are available:
- User Session Monitoring
- Process Monitoring
Registry Base:
HKLM\SOFTWARE\Accops\DVMAgent\EXTERNAL LOG SETTINGS
The administrator will be able to configure the session monitoring via updating the registry entries. Details about the registry key values are as follow.
| Key Name | Default Value | Type | Value Range |
|---|---|---|---|
| EventType | 0 | String | 0: Disabled 1: User Session Monitoring 2: Process Monitoring 3: Both |
| LogType | 0 | String | Set as 2 to enable SyLog server logging |
| IgnoreList | C:\Windows\System32* | Multi String | Processes/folders to be ignored for process tracking |
| SyslogHost | 0.0.0.0 | String | Syslog server or Accops ARS Server IP address or Hostname |
| SyslogPort | 514 | String | Syslog server or Accops ARS Server Port number |
Session change event scripts support
In some deployments, it is required to execute some scripts in case of session change events, the feature is integrated in HyWorks v3.3. Six types of session change event types are supported here:
- CONNECT
- DISCONNECT
- LOCK
- LOGOUT
- RECONNECT
- UNLOCK
Registry Base:
HKLM\SOFTWARE\Accops\DVMAgent\
The administrator will be able to configure the session change event via updating the registry entries. Details about the registry key values are as follow.
| Key Name | Name | Value | Type | Meaning |
|---|---|---|---|---|
| EVENTS | EnableForAdmins | FALSE | String | Set this flag as True to enable Session Change Events scripts execution for Admin users too. |
| EVENTS\CONNECT | ISENABLED | FALSE | String | Set this flag as True to enable Connect Event script execution. |
| EVENTS\DISCONNECT | ISENABLED | FALSE | String | Set this flag as True to enable Disconnect Event script execution. |
| EVENTS\LOCK | ISENABLED | FALSE | String | Set this flag as True to enable Lock Event script execution. |
| EVENTS\LOGOUT | ISENABLED | FALSE | String | Set this flag as True to enable Logout Event script execution. |
| EVENTS\RECONNECT | ISENABLED | FALSE | String | Set this flag as True to enable Reconnect Event script execution. |
| EVENTS\UNLOCK | ISENABLED | FALSE | String | Set this flag as True to enable Unlock Event script execution. |
Accops Session Recording module is driven by these scripts which are having default calls added. The same scripts can be updated for more other custom usage. Scripts root folder:
C:\Program Files (x86)\Accops\HyWorks Desktop Agent\scripts\
| Script Name | Description |
|---|---|
| Connect_System.bat | The script is used execute batch commands in System context while Connect event. |
| Connect_User.bat | The script is used execute batch commands in User context while Connect event. |
| Disconnect_System.bat | The script is used execute batch commands in System context while Disconnect event. |
| Disconnect_User.bat | The script is used execute batch commands in User context while Disconnect event. |
| Lock_System.bat | The script is used execute batch commands in System context while Lock event. |
| Lock_User.bat | The script is used execute batch commands in User context while Lock event. |
| Logout_System.bat | The script is used execute batch commands in System context while Logout event. |
| Reconnect_System.bat | The script is used execute batch commands in System context while Reconnect event. |
| Reconnect_User.bat | The script is used execute batch commands in User context while Reconnect event. |
| Unlock_System.bat | The script is used execute batch commands in System context while Unlock event. |
| Unlock_User.bat | The script is used execute batch commands in User context while Unlock event. |
Allow calls from authorized controller(s) only
In some deployments, it is required to block unauthorized access to the DVM Agent service. The feature is integrated in HyWorks v3.3, administrator will be able to configure unauthorized access block by updating authorized controller IPs list at: (default value: '*')
HKLM\SOFTWARE\Accops\DVMAgent\AuthorizedControllerIPs
Note
- Default value is set as '*', which means all controllers are open to connect
- Replacing '*' with one or more (multi-string) controller IPs results in allowing only those listed controller(s) to communicate with the local DVM Agent Service
- In case, if unauthorized controller try to communicate an error log will come into both DVM Agent and controller logs
Pre-Post OS Customization Batch Scripts
In some deployments, it is required to execute some scripts before the OS customization (SysPrep or HyPrep) executes, the feature is integrated in HyWorks v3.3. Two types of customization scripts are supported here:
- Pre-customization [Pre_Customization_System.bat]
- Post-customization [Post_Customization_System.bat]
Path:
C:\Program Files (x86)\Accops\HyWorks Desktop Agent\scripts
Post Reset Computer Domain Trust Batch Script
In some deployments, it is required to execute some scripts after broken domain trust is being reset, the feature is integrated in HyWorks v3.3. The path of the script is as follow:
C:\Program Files (x86)\Accops\HyWorks Desktop Agent\scripts\Post_Reset_ComputerDomainTrust.bat