New Version (version 5 onwards)
- Navigate to Settings > ZTNA > Policies > Actions
- Enable or disable options in "Action" section
Meaning of each options:
-
Allow clipboard
Enables copy-paste functionality between the user's local device and the remote session. -
Allow drive redirection
Lets users access their local drives (e.g., C:\ or USB storage) from within the remote session. -
Allow device redirection
Allows redirection of supported devices such as USB peripherals into the remote session. -
Allow printer redirection
Enables printing from the remote session using local printers connected to the user’s device. -
Use multiple monitors (not supported in Linux)
Allows the RDP session to span across multiple monitors. Note: This feature is not available when using Linux clients. -
Record session
Enables recording of the RDP session for audit or compliance purposes. -
Supervisor can join the application's active session
Allows a supervisor (with the right permissions) to join a user's live session for monitoring or assistance. -
Native session access will be valid for (minutes)
Sets a time limit (in minutes) for how long the user can access the session before being automatically disconnected. -
Allow camera
Permits the use of the local camera within the remote session. -
Allow audio output
Enables sound playback from the remote session on the user’s local device. -
Enforce session fingerprinting
Adds an extra layer of security by verifying the session with a unique fingerprint; prevents session hijacking. -
Allow COM redirection
Redirects serial (COM) ports to the remote session, useful for legacy hardware. -
Allow smart card redirection
Enables use of smart cards within the RDP session for authentication or encryption tasks. -
Log successful user access
Keeps a log entry each time a user successfully accesses the application, aiding in audit tracking and security review
Old Version (earlier than version 5)
- Navigate to Settings > ZTNA > Policies
- Click on New Policy button
- Once clicked, it will expand all the options available for application authorization policies.
- When you select an application of the RDP type, some configurations can be chosen.
Meaning of each options:
- Allow clipboard. Enabling the clipboard configuration allows you to choose whether to allow or disallow the clipboard/copy function during an RDP session on the remote node.
-
- The 'Allow drive redirection,' 'Allow device redirection,' 'Allow printer redirection,' and 'Allow camera' configurations can only be used if you are using the 'Native Access' connection method, which can be selected during RDP app creation. These options are similar to the settings in the Windows RDP client for 'local devices and resources.'
- The 'Use multiple monitors (not supported in Linux)' configuration can only be used properly if your target RDP app is running on a standard Windows OS, not a Linux OS with the RDP server protocol installed. This configuration is similar to the 'Display' settings in the Windows RDP client.
- Record Session allows you to record every session. Detailed information can be found here.
- Supervisor can interact with session. This function requires the 'supervised user' policy access to be enabled first. When enabled, the supervisor who approved the session can see what the requestor is doing and can interact with the session. A notification will appear at the bottom when supervision is active. Here’s an example (left: supervisor, right: user being supervised).
- The 'Allow audio input' configuration can only be used if you are using the 'Native Access' connection method, which can be selected during RDP app creation. This option is similar to the 'Remote Audio' settings in the Windows RDP client.
- Native session access token will be valid for (minutes)
Sets a time limit (in minutes) for how long the user can access the session before being automatically disconnected. - Enforce session fingerprinting
Adds an extra layer of security by verifying the session with a unique fingerprint; prevents session hijacking. - Allow COM redirection
Redirects serial (COM) ports to the remote session, useful for legacy hardware. - Allow smart card redirection
Enables use of smart cards within the RDP session for authentication or encryption tasks. - Log successful user access
Keeps a log entry each time a user successfully accesses the application, aiding in audit tracking and security review.
- The 'Allow drive redirection,' 'Allow device redirection,' 'Allow printer redirection,' and 'Allow camera' configurations can only be used if you are using the 'Native Access' connection method, which can be selected during RDP app creation. These options are similar to the settings in the Windows RDP client for 'local devices and resources.'