Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Configuring a Terminal Service Resource Policy (NSM Procedure)

    When you enable the terminal services feature for a role, you need to create resource policies that specify which remote servers a user can access.

    To configure a terminal services resource policy:

    1. In the navigation tree, select Device Manager > Devices. Click the Device Tree tab, and then double-click the Secure Access device for which you want to configure a terminal services resource policy.
    2. Click the Configuration tab. Select Users > Resource Policies > Terminal Services.
    3. Add or modify settings as specified in Table 1.
    4. Click one:
      • OK—Saves the changes.
      • Cancel—Cancels the modifications.

    Table 1: Configuring Terminal Service Resource Policy Details

    OptionFunctionYour Action
    Access Control > General tab

    Name

    Specifies the name for the policy.

    Enter the name.

    Description

    Describes the policy.

    Enter the description.

    Resources

    Specifies the servers to which this policy applies.

    Enter the server path.

    Applies to roles

    Applies the policy to all the roles, and to the roles that are mapped and not mapped in the Role Selection section.

    Select one of the following options from the drop-down list:

    • All—Applies the policy to all users.
    • Selected—Applies the policy only to users who are mapped to roles in the Role Selection section.
    • Except those selected—Applies this policy to all users except for those who map to the roles in the Role Selection section.

    Action

    Allows or denies access to the servers specified in the Resources list.

    Select one of the following options from the drop-down list.

    • Allow—Allows access to the servers specified in the Resources list.
    • Deny—Denies access to the servers specified in the Resources list.
    • Detailed Rules—Allows you to specify one or more detailed rules for this policy.
    Role Selections tab

    Role Selections

    Maps roles to the resource policy.

    Note: The Role Selection tab is enabled only when you select the Selected or Except the selected option from the Applies to role drop-down list.

    Select a role and click Add to add roles from Non-members to Members list.

    Detailed Rules tab

    Name

    Specifies the detailed rule name.

    Note: This Detailed Rules tab is enabled only when you select Detailed Rules option from the Action drop-down list.

    Enter a name.

    Action

    Specifies the action you want to perform if the user request matches a resource in the Resource list (optional).

    Select one of the following options from the drop-down list:

    • Allow—Allows the user to access the resource.
    • Deny—Denies the user to access the resource.

    New Resources

    Specifies the resource to which detailed rule applies.

    Specify one of the following options:

    • The same or a partial list of the resources specified on the General tab.
    • A specific path or file on the server(s) specified on the General tab, using wildcards when appropriate.
    • A file type, preceded by a path if appropriate or just specify */*.file_extension to indicate files with the specified extension within any path on the server(s) specified on the General tab.

    Conditions

    Specifies one or more expressions to evaluate to perform the action.

    Specify one of the following options:

    • Boolean expressions: Using system variables, write one or more Boolean expressions using the NOT, OR, or AND operators.
    • Custom expressions: Using the custom expression syntax, write one or more custom expressions.
    Options

    IP based matching for Hostname based policy resources

    The Secure Access device compares the IP to its cached list of IP addresses to determine if a hostname matches an IP address. If there is a match, then the Secure Access device accepts the match as a policy match and applies the action specified for the resource policy.

    Select Options > IP based matching for Hostname based policy resources to enable this feature.

    Published: 2013-01-03