Client Profiles
HySecure Gateway allows client settings to be applied for all users at the global level, to set to users, user groups or OU. It is possible to define multiple client setting configurations that can be applied to different subsets of users by defining a new type of ACL called Client Configuration. ACL can be applied to specific users, groups of users, or realms.
View Client Profiles
To view the list of Client Profiles and manage them:
- Log on to the Management Console.
- Go to Policies >Client Profiles.
- The page lists all the client profiles in a tabular manner with the following information:
| Field | Description |
|---|---|
| Configuration Name | Displays the identifier of the client profile configuration. |
| Status | Displays the current state of the configuration. |
| Inherited From | Displays whether the configuration is inherited from the Default Configuration. |
| Date of Modification | Displays the time stamp when the configuration was last modified. |
| Total Configurations | Displays the total count of client profiles configured. |
Add a new Client Profile Configuration
SELECT CLIENT CONFIGURATION
Choose a Configuration
Inherit from DEFAULT CONFIGURATION: A default client configuration applies to all the users. This configuration can be customized if required. There is no overlap between the Global Client Settings and this setting.
Clone from other Configurations: Explain InheritedDiv OR Clone ConfigDiv
Click Next.
Client Configuration
A new Client Configuration object can be created or inherited from the default configuration. All the configurations except the ones that are customized are inherited from default settings. This newly created client configuration object can then be applied to different users, user groups, or OU under Client Configuration ACL.
User Configurations
Endpoint Control Configurations
Basic Configurations
| Options | Description |
|---|---|
| Secure desktop by blocking printing, clipboard, USB connection | Enable to block printing, clipboard, and USB connection. |
| Enable Screenshot block | Enable to restrict users from taking any screen shots. |
| Unblock the blocked window's applications for screenshot after logout | Enable to remove the restriction of taking screenshots after logging out. |
| Disable user system proxy update | This tag is used to disable the system proxy on the user’s machine and keep it disabled if anyone tries to change it. |
| Disable HySecure system proxy update message | Configure message to display when the Proxy settings are changed on the user's machine or browser, after login. Note: This message is displayed only when the Disable HySecure system proxy update option is enabled. |
| Application list to bypass secure desktop | Specify the comma separated list of applications for which DLP settings/checks are to be bypassed. |
| Block internet post log-out from HySecure (Only for Nano OS.) | Enable to block the Internet even after logging out from the HySecure Gateway. |
| Enable clipboard control | Enable to set clipboard control configuration. |
| Block clipboard for all applications including printscreen. | Enable to block copy and paste as well as print screen for all the users. |
| Block clipboard for selective applications | Specify the comma separated list of applications for which copy and paste as well as print screen needs to be blocked, while they are logged in to HySecure. |
| List of process to allow internet if internet is blocked | Specify the comma separated list of processes for which Internet access is allowed even when the Internet block policy is enabled. |
| Clipboard block format | Enable to block the selected format i.e. text, bitmap, or all. |
| Close all opened application when user logouts | Specify comma separated list of applications that are to be closed when the user logs out. |
| Clear Cache of browser when browser has access to VPN | Select the value as True or False to allow whether the browser cache should be cleared or not on VPN access. |
| User list to bypass secure desktop | Specify the comma separated list of users for whom the DLP settings are to be bypassed. |
| Application list to bypass screenshot block | Specify comma separated list of applications for which screenshot block settings are to be bypassed. |
| Restrict applications on user system | Specify comma separated list of applications that are to be restricted on the user system. |
| Close all open application on user login | Enable to close all the applications that are open when the user logs in. |
| Disable IPv6 on user device | Enable to restrict the use of IPv6 addresses on user device. |
| Clear cache, history and cookies on logout | Enable to clear cache history and cookies when the user logs out. |
| Exit browser on logout | Enable to exit the browser when the user logs out. |
| Disable user to join multiple remote meeting | Enable to restrict users from joining multiple remote meetings. |
App Launch Configurations
| Options | Description |
|---|---|
| Launch Web application from Google Chrome only | Enable to launch Web applications only from the Google Chrome browser. |
| Specify browser to open applications | Specify the browser from which applications should be opened. |
| Launch all published app only from HySecure | Enable to open all published applications only from HySecure. |
| Launch RDP apps only from HySecure | Enable to open only RDP applications from HySecure. |
| Launch Web application only from HySecure | Enable to launch Web applications only from HySecure. |
| Use Default Windows app for RDP app launch | Enable the use of default Windows app to launch RDP app. |
| Use Default browser for web application | Enable to use default browser while launching published Web applications. If the option is not checked, Internet Explorer will be used as a default browser to launch published Web applications. |
| Map shared folders as local drives on user machine | Enable to map published path (as part of a FileShare type of application) with a local drive on the user machine. |
| Add additional information for RDP | Specify any additional information for establishing the RDP connection. |
| Launch App Control | Enable to launch App control. |
| Corporate Proxy server | Specify proxy server details. |
DNS Configurations
| Options | Description |
|---|---|
| Apply DNS Blocked list before allowed list | Select the value as True or False whether to apply DNS Blocked list before the allowed list. |
| Enter DNS list to allow | Enter comma separated list of domain names that should be resolved. Enter * to allow name resolution for all domains. |
| Enter DNS list to block | Enter comma separated list of domain names that should not be resolved for name. |
| Enter DNS list to bypass | Enter comma separated domain list that needs to be resolved by the local system's DNS server and not the Gateway's DNS server. |
| Enter DNS NetBios list | Specify the NetBIOS names list which should be resolved through the client system's WINS server |
| Enter DNS list to redirect | When the name resolution method is DNS Server mode then certain DNS names need to be redirected to the gateway for resolution from the internal corporate DNS/AD server. |
| Enable DNS Proxy | Enable to allow selected DNS queries through a tunnel interface. |
| Enter domain redirect suffix list | Enter comma separated list of domain suffixes that should be redirected. Enter * to redirect all domains. |
| Enter domain name suffix list | All name resolution will be requested with each of the entries in the list. E.g. if the list contains microsoft.com and accops.com then the name is resolved for name.microsoft.com and then name.accops.com. |
| Enforce DNS server name resolution | Set the following option as per the need: Enable: Selecting this value will force the use of the DNS server of Gateway, for name resolution. Disable: Selecting this value will disable the use of DNS server for name resolution. Not Set: Selecting this value will have the name resolution mechanism same as the one that is selected in the Preferences section of the client. |
Profile Configurations
| Options | Description |
|---|---|
| Enable Network Profile Detection | Check this option if the network profile of the connecting user is being used as an Office Profile or Roaming Profile. This needs to be detected for controlling access to printing, USB, clipboard etc. |
| Network Profile Detection Interval | Displays the time interval of network profile detection, default value is 120 seconds. |
| Local Network IP Address to allow connection | Specify a comma or '-' separated list of IP/subnet of local network for which the Internet Block Policy (EPS) will get bypassed. It also supports specifying port number or port range. |
| IP Address of websites to allow internet if internet is blocked | Specify a comma or '-' separated list of IP/subnet of websites for which the Internet Block Policy will get bypassed. It also supports specifying port number or port range. |
Office Profile
These settings do not apply to HyLite.
| Options | Description |
|---|---|
| Enable above local LAN IP address bypass | Enable if the list of IP addresses or subnets, as indicated in the Profile settings, should bypass the Internet Block Policy. Specify a comma or "-" separated list or subnet of Local Network IP Addresses to allow connection. This will be effective for the user whose profile is detected as an Office Profile. |
| Enable above internet IP address bypass | Enable if the list of IP addresses or subnets, as indicated in the Profile settings, should bypass the Internet Block Policy. Specify a comma or "-" separated list or subnet of IP Addresses of websites to allow the internet. This will be effective for the user whose profile is detected as an Office Profile. |
| Block printing | Enable if printing is to be blocked for the user after logging in to the Gateway. This option is effective for the user whose profile is detected as an Office Profile. |
| Block USB | Enable if USB detection is to be blocked for the user after logging in to the Gateway. This option is effective for the user whose profile is detected as an Office Profile. Note: If USB is detected before logging into HySecure Gateway, then it will automatically get disabled when the user logs in. |
| Block clipboard | Enable this option if Copy and Paste, PrintScreen is to be blocked for the user after gateway log in. |
| Disable VPN Service | If the user is detected in the Office Profile, then the network traffic should be routed or not. |
Roaming Profile
These settings do not apply to HyLite.
| Options | Description |
|---|---|
| Enable above local LAN IP address bypass | Check this option if the list of IP addresses/subnet as indicated in the Profile setting Specify comma or "-" separated list or subnet of Local Network IP Address to allow connection should bypass the Internet Block Policy. This will be effective for the user whose profile is detected as a Roaming Profile. |
| Enable above internet IP address bypass | Check this option if the list of IP addresses/subnet as indicated in the Profile setting Specify comma or "-" separated list or subnet of IP Address of websites to allow internet if internet is blocked should bypass the Internet Block Policy. This will be effective for the user whose profile is detected as a Roaming Profile. |
| Block printing | Check this option if printing is to be blocked for the user after s/he logs in to the Gateway. This option is effective for the user whose profile is detected as a Roaming Profile. |
| Block USB | Check this option if USB detection is to be blocked for the user after s/he logs in to the Gateway. This option is effective for the user whose profile is detected as a Roaming Profile. Note: If USB is detected before login into HySecure Gateway, then it will automatically get disabled when user logs in. |
| Block clipboard | Check this option if Copy/Paste/PrintScreen is to be blocked for the user after s/he logs in to the Gateway. This option is effective for the user whose profile is detected as a Roaming Profile. |
| Disable VPN Service | If the user is detected in the RoamingProfile, then the network traffic should be routed or not. |
Hylite Configurations
Basic Configurations
| Options | Description |
|---|---|
| Hide Windows logon process when launching virtual applications or virtual desktop | Whenever a user logs into a Windows PC then during the login process multiple channels are created. Enable to hide Windows login procedure while these channels are being created. |
| Network level authentication | Specify whether to use network-level authentication for the user or not. |
| Choose your connection speed to optimize performance | This tag is used for choosing connection speed to optimize connection performance on the HyLite portal. HySecure Admin can choose and set connection speed based on specified options. |
| Special Key-combinations with Ctrl key | This tag is used to specify the keyboard keys mapping with connect Remote Session via Hylite or RMS Console. Hence specified keys should mapped with a particular key which is mentioned in ctrl key mapping Example: if CTRL+b keys is mapped with CTRL+w for closing the browser in a connected RDP session, hence, if the user use CTRL+W key then its work like user using CTRL+B. |
| Enable HyPrint PDF Printer redirection | Enable if HyPrint PDF Printer redirection is required. |
| Enable fast-path input and output | Enable if fast path input and output is required. |
| Enable Persistent bitmap caching | This tag is used for bit map caching for connected remote applications via Hylite Portal. |
| Enable Desktop background | Enable to allow desktop background. |
| Enable Desktop composition | Enable to allow desktop composition. |
| Enable Font smoothing | Enable to allow font smoothing. |
| Enable Shared Drive Redirection | Enable to allow shared drive redirection. |
| Shared Disk Name | Specify the name of the shared disk. |
| Choose options for file Uploading/Downloading | This tag is used for specifying the permission to download and upload files on or from Shared Drive which is connected to a remote application using the Hylite Portal. These are common settings for Hylite as well as HylitePro. |
| Enable Menu and window animation | This tag is used for enable menu and window automation for connected remote applications via Hylite Portal. |
| Enable Printing | Enable to allow printing. |
| Enable RemoteFX | Select to allow RemoteFX. |
| Enable Show window contents while dragging | This tag is use for enable show content while dragging on connected remote application via Hylite Portal.If this tag is true then if user dragging any application in connected remote application then it will show the content of that application while dragging. |
| Enable Theme | This tag is used to enable background theme for connected remote desktop application from Hylite Portal. |
| Enable RDP virtual channel for advanced RDP functions | When user is logged into HySecure, WTS value is set in registry and SSO enabler will work. |
| Remote printer name | Specify the printer name. |
| Enable RDP plugins redirection | Select to enable RDP plugin redirection. |
| Enable Clipboard | Enable to set clipboard control configurations. |
| Deny copy-paste from Local machine to Remote application in Hylite Portal | Set the value as True to restrict copy and paste from Local machine to Remote applications. Set the value as False to allow copy and paste from Local machine to Remote applications. |
| Deny copy-paste from remote application to local machine | Set the value as True to restrict copy and paste from remote application to local machine. Set the value as False to allow copy and paste from remote application to local machine. |
| Logout message is in Hybrid mode | Show a custom message when portal logout happens, and the Client is terminated in the hybrid mode. |
| Open application in separate window from HyLite | Specify whether the application is to be opened in a separate window from HyLite or not. |
Advance Configurations
| Options | Description |
|---|---|
| Register Accops Virtual Channel | There is virtual channel plugin developed by Accops which requires registration/installation with MSRDP. whether do register the Accops virtual channel or not is decided with this flag. |
| Display download folder in shared drive temporary folder | It is used to hide download folder in shared drive redirection. |
| Set the hostname of the user’s PC to the virtual desktop of the user | This tag is used to set the hostname of the remote machine of the user. |
| Client Name (Default is “Accops Server”) | This tag is used to customize the shared drive name. Default is Accops Server. |
| Enable custom height and width for small screen | To enable custom height and width for RDP screen ex: - as desktop size. |
| Minimum dimensions required for Remote screen. | Minimum dimensions that are required to configure the custom height and width for RDP screen. |
| Custom dimensions required for Remote screen | After enabling custom height and width we can set custom height and width for RDP screen ex:- as desktop size. |
| Enable Display update on Remote Server | It is used to apply automatically the optimal resolution of the screen. |
| The name of the redirected printer driver that is passed through to the RDP session | It is used to customize the printer driver's name that is passed through to the RDP session. |
| Enable persistent Offscreen caching | It allows the session to use data already in the local cache files to provide a smoother user experience and reduce network bandwidth. |
| Enable Persistent glyph caching | It stores unique bitmaps representing characters available in a font set. |
| Fast copy in remote applications | This tag is used for enabling copy (seamless copy-paste) in connected remote application using Hylite Portal. |
| Quality of audio | This tag is used for specifying the audio quality as low or high for remote audio. |
| Remote audio playback | This tag is used to specify the Remote Audio Playback setting using Hylite Portal. HySecure Admin can set Remote Playback setting as "Play On this computer, do not play and Play on remote computer" |
| Color depth | This tag is used for specifying color depth for Remote app for display setting as 8 bit,15 bit,16 bit ,24 bit and 32 bit .HySecure Admin can set this setting from HyLite Configuration console. Hence User should get specified setting while connecting to Remote applications via HyLite portal |
| Enable Touchpad mode (Relative mouse movement) | This tag is used for enabling relative cursor movement on connected Remote Application via Hylite Portal. HySecure Admin must enable this setting from HyLite Configuration page. |
| Enable to hide window login procedure | Select to hide the window while login procedure. |
| Do not send these keys to remote machine if pressed along with CTRL key | This tag is used to block the Control Key + (any key ) event example : ctrl + w in the Fullscreen. |
| Add proxy bypass list | Select to allow adding the proxy bypass list. Corporate proxy feature is used when the proxy by list is already present on the user's machine and to decide whether it be appended or not. |
| Proxy bypass list | When the corporate proxy feature is used then, the proxy bypass list needs to be pushed by the admin. |
Client Configuration
Basic Configuration
| Options | Description |
|---|---|
| User Idle Timeout | Configure this option to Enable the User Idle timeout configured as part of the Global Settings. In this case, the client would send a logout on the idle timeout. Configure this option to Disable if the user idle timeout logic is to be followed at the HySecure Gateway. |
| Early notification of idle timeout | This tag is used to enable early notification of idle timeouts. |
| Notify about idle timeout before (In Mins) | Time to be mentioned in minutes where a user will be notified before getting timed out. |
| Use client-side host file for name resolution | When the user logs into HySecure Client, it will give automatically the client application entry in the user’s machine host file. On logout, it will automatically remove the client application entry. |
| Uninstall LSP on logout | Select to uninstall LSP on client logout. |
| Additional HTTP Headers to Communication with HySecure gateway | This configuration is needed in a special case where the HySecure Gateway is behind a firewall and the firewall expects some header key-value pairs as part of App Hello, to allow connections to the Gateway. The expected header key-value pair is configured in the form header key: header value. Multiple such key-value pairs can be entered and separated by \r\n. |
| Use RDP Clipboard | Set to enable if RDP clipboard setting is to be configured. |
| Allow remote support to SO user only | Set to enable if SO user is to provide remote support. |
| Specify users for remote support | Specify comma separated list of users who can give remote support. |
| File transfer between remote users | Enable to allow file transfer between remote users. |
| Use remote cursor | Enable if the remote user’s cursor needs to be used while sharing the screen. |
| Broadcast post login message | This tag is used for broadcast text messages after logging into HySecure Client. The specified message will appear on HySecure Client after the user successfully logs into HySecure Client. |
| Enable Watermark | Select to enable and specify the watermark message. |
| Watermark display message | Enter the custom message to display in the watermark. |
Advanced Configuration
| Options | Description |
|---|---|
| Enable USB Service | Select to enable USB service. |
| enable client to listen on 0.0.0.0 | It is used to enable client/application proxies to be listening on any ip addresses to route the traffic to gateway. |
| Listen on Primary IP and redirect on 127.0.0.0 | It is used to enable the client/application proxies to be listening on primary IP and redirect it to 127.0.0.0 |
| Allow access from current session | This option caters to a Windows specific use case where a user accesses a published application after logging in to the Gateway. On switching to another user on the same machine without logging out, the session would remain open, and the application can be accessed if the URL is known. |
| Deny access to the process | Select this option, if the above case is to be avoided. |
| Application access time interval | Configure the list of applications which are not expected to be executed after logging in to HySecure Gateway. The applications exe names need to be entered in a comma separated manner. This option is primarily used for the case where a published application is not expected to be launched OR accessed through another application on the local system. |
| Allow SSO on HyWorks Applications | For a single application, after how much time should app hello be with sent again with flag ("is_already_access" =1) to generate Activity Log entry again. (Only applicable for client using single proxy model (Ubuntu,MAC). This is used for enabling single sign on for Hyworks application and by default this tag must be always true. Note: This should be set per domain, as of now global. |
| Select Default logon mode. | Choose the default logon mode. |
| Enable client exit on logout | Select to exit client automatically on user logout. |
| Enable Always On in HySecure Client. | Select to keep the HySecure client running even after the user logs out. If the user intends to login after logging out, user can open the login page either by clicking on the pinned app OR by right clicking the client icon in the System tray and then clicking the “Login” option. This option is available to ensure that the user is never logged out due to inactivity. |
| Uninstall NSP on logout | Select to uninstall NSP on client logout. |
| Enable HySecure logout on Hyworks license error. | Select to automatically log out the user from HySecure, if there is an error related to HyWorks license. For e.g. the HyWorks license gets expired. |
| Enable new clipboard algorithm | This tag should be on by default. With the new clipboard algorithm clipboard is blocked along with named/multiple processes. |
| Keep Application minimized on user system | Enable to keep Application minimized on user system. |
| Allowed Applications List | Specify comma separated list of applications that are allowed. |
| Show low battery notification | Check and Show a low battery message to user. |
| Notification message on low battery | Custom message to display user on Low battery. |
| Ask Domain password for SSO Login. | Select to specify domain password while using SSO login. |
| Create Remote meeting shortcut on Desktop | Enable to create remote meeting shortcut on desktop and specify shortcut name. |
| Shortcut name | Specify the Remote meeting shortcut name. |
Customized Options
| Field | Description |
|---|---|
| Please provide Custom option here | Specify custom tags (Entries must be ';' separated and in the form of "tag=value" Example : tag1=true;tag2=false;). |