Configuring a Terminal Service Resource Policy (NSM Procedure)
When you enable the terminal services feature for a role, you
need to create resource policies that specify which remote servers
a user can access.
To configure a terminal services resource
policy:
- In the navigation tree, select Device Manager > Devices. Click the Device Tree tab, and then double-click the Secure
Access device for which you want to configure a terminal services
resource policy.
- Click the Configuration tab.
Select Users > Resource Policies > Terminal Services.
- Add or modify settings as specified in Table 1.
- Click one:
- OK—Saves the changes.
- Cancel—Cancels the modifications.
Table 1: Configuring Terminal Service Resource Policy Details
| Option |
Function |
Your Action |
| Access
Control > General tab |
Name
|
Specifies the name for the policy.
|
Enter the name.
|
Description
|
Describes the policy.
|
Enter the description.
|
Resources
|
Specifies the servers to which this policy applies.
|
Enter the server path.
|
Applies to roles
|
Applies the policy to all the roles, and to the roles
that are mapped and not mapped in the Role Selection section.
|
Select one of the following options from the drop-down
list:
- All—Applies the policy to all
users.
- Selected—Applies the policy
only to users who are mapped to roles in the Role Selection section.
- Except those selected—Applies
this policy to all users except for those who map to the roles in
the Role Selection section.
|
Action
|
Allows or denies access to the servers specified in the
Resources list.
|
Select one of the following options from the drop-down
list.
- Allow—Allows access to the
servers specified in the Resources list.
- Deny—Denies access to the servers
specified in the Resources list.
- Detailed Rules—Allows you to
specify one or more detailed rules for this policy.
|
| Role
Selections tab |
Role Selections
|
Maps roles to the resource policy.
Note:
The Role Selection tab is enabled only when you select
the Selected or Except the selected option from the Applies to role drop-down list.
|
Select a role and click Add to add
roles from Non-members to Members list.
|
| Detailed
Rules tab |
Name
|
Specifies the detailed rule name.
Note:
This Detailed Rules tab is enabled only when you select Detailed Rules option from the Action drop-down list.
|
Enter a name.
|
Action
|
Specifies the action you want to perform if the user
request matches a resource in the Resource list (optional).
|
Select one of the following options from the drop-down
list:
- Allow—Allows the user to access
the resource.
- Deny—Denies the user to access
the resource.
|
New Resources
|
Specifies the resource to which detailed rule applies.
|
Specify one of the following options:
- The same or a partial list of the resources specified
on the General tab.
- A specific path or file on the server(s) specified on
the General tab, using wildcards when appropriate.
- A file type, preceded by a path if appropriate or just
specify */*.file_extension to indicate files with the specified extension
within any path on the server(s) specified on the General tab.
|
Conditions
|
Specifies one or more expressions to evaluate to perform
the action.
|
Specify one of the following options:
- Boolean expressions: Using system variables, write one
or more Boolean expressions using the NOT, OR, or AND operators.
- Custom expressions: Using the custom expression syntax,
write one or more custom expressions.
|
| Options |
IP based matching for Hostname based policy resources
|
The Secure Access device compares the IP to its cached
list of IP addresses to determine if a hostname matches an IP address.
If there is a match, then the Secure Access device accepts the match
as a policy match and applies the action specified for the resource
policy.
|
Select Options > IP based matching for
Hostname based policy resources to enable this feature.
|
Published: 2009-08-20
