Policies
      Back to home
      1. Support Center
      2. Safous ZTA Admin Guide
      3. Policies

      Supported Policy for RDP App

      New Version (version 5 onwards)

      • Navigate to Settings > ZTNA > Policies > Actions
      • Enable or disable options in "Action" section

      Meaning of each options: 

      1. Allow clipboard
        Enables copy-paste functionality between the user's local device and the remote session.

      2. Allow drive redirection
        Lets users access their local drives (e.g., C:\ or USB storage) from within the remote session.

      3. Allow device redirection
        Allows redirection of supported devices such as USB peripherals into the remote session.

      4. Allow printer redirection
        Enables printing from the remote session using local printers connected to the user’s device.

      5. Use multiple monitors (not supported in Linux)
        Allows the RDP session to span across multiple monitors. Note: This feature is not available when using Linux clients.

      6. Record session
        Enables recording of the RDP session for audit or compliance purposes.

      7. Supervisor can join the application's active session
        Allows a supervisor (with the right permissions) to join a user's live session for monitoring or assistance.

      8. Native session access will be valid for (minutes)
        Sets a time limit (in minutes) for how long the user can access the session before being automatically disconnected.

      9. Allow camera
        Permits the use of the local camera within the remote session.

      10. Allow audio output
        Enables sound playback from the remote session on the user’s local device.

      11. Enforce session fingerprinting
        Adds an extra layer of security by verifying the session with a unique fingerprint; prevents session hijacking.

      12. Allow COM redirection
        Redirects serial (COM) ports to the remote session, useful for legacy hardware.

      13. Allow smart card redirection
        Enables use of smart cards within the RDP session for authentication or encryption tasks.

      14. Log successful user access
        Keeps a log entry each time a user successfully accesses the application, aiding in audit tracking and security review

      Old Version (earlier than version 5)

      1. Navigate to Settings > ZTNA > Policies
      2. Click on New Policy button
      3. Once clicked, it will expand all the options available for application authorization policies.
      4. When you select an application of the RDP type, some configurations can be chosen.

        Meaning of each options:
        1. Allow clipboard. Enabling the clipboard configuration allows you to choose whether to allow or disallow the clipboard/copy function during an RDP session on the remote node.
        1. The 'Allow drive redirection,' 'Allow device redirection,' 'Allow printer redirection,' and 'Allow camera' configurations can only be used if you are using the 'Native Access' connection method, which can be selected during RDP app creation. These options are similar to the settings in the Windows RDP client for 'local devices and resources.'
        2. The 'Use multiple monitors (not supported in Linux)' configuration can only be used properly if your target RDP app is running on a standard Windows OS, not a Linux OS with the RDP server protocol installed. This configuration is similar to the 'Display' settings in the Windows RDP client.
        3. Record Session allows you to record every session. Detailed information can be found here.
        4. Supervisor can interact with session. This function requires the 'supervised user' policy access to be enabled first. When enabled, the supervisor who approved the session can see what the requestor is doing and can interact with the session. A notification will appear at the bottom when supervision is active. Here’s an example (left: supervisor, right: user being supervised).
        5. The 'Allow audio input' configuration can only be used if you are using the 'Native Access' connection method, which can be selected during RDP app creation. This option is similar to the 'Remote Audio' settings in the Windows RDP client.
        6. Native session access token will be valid for (minutes)
          Sets a time limit (in minutes) for how long the user can access the session before being automatically disconnected.
        7. Enforce session fingerprinting
          Adds an extra layer of security by verifying the session with a unique fingerprint; prevents session hijacking.
        8. Allow COM redirection
          Redirects serial (COM) ports to the remote session, useful for legacy hardware.
        9. Allow smart card redirection
          Enables use of smart cards within the RDP session for authentication or encryption tasks.
        10. Log successful user access
          Keeps a log entry each time a user successfully accesses the application, aiding in audit tracking and security review.