Guacamole access disclosure plugins
In-browser RDP: guacamole-rdp
The guacamole-rdp Guacamole access disclosure plugin provides users with remote access to Windows server or client managed systems using Remote Desktop Connection (RDC). This control provides automatic connection to the managed system without the need to enter the administrative credentials for the managed account and is compatible with session recording.
You can modify the following default attributes to control the behavior of guacamole-rdp :
| Set the preferred color depth of the display in bits per pixel. Available values are 8, 16, 24 and 32. |
| Connect to the server as a console (admin) session. This is set to false by default. |
| Disable audio driver. This reduces the bandwidth of the session. This is set to true by default. |
| Set the domain the user account is a member of. This is set to See Domain and host values for further information. |
| Enable printing to a virtual PDF printer. This is set to false by default. |
| Set the URL of the Guacamole service. The format is |
| Set the height of the RDP window. |
| Set the IP or DNS of the server. This is set to See Domain and host values for further information. |
| If set to true, will enable searching on attribute ”host” when override is allowed for ”host”. This is set to false by default. |
| Ignore certificate from the RDP server. This is set to false by default. |
| Set the connection port of the server. |
| Set the security mode for the connection. This is set to |
| Set the width of the RDP window. |
Domain and host values
The domain and host values are used to connect to the remote system. Their values may depend on how the managed system is set up, and whether it is push or local service mode, manually or automatically discovered.
The domain must be the DNS Domain Name or NetBIOS name. It should not be an IP address. The reason is that the Windows logon requires the account ID and the context (domain/local machine) to identify the administrative user. If an IP address is used in place of a proper name, the connection will fail.
Bravura Privilege gets the replacement value for %host% from the managed system’s address, or the ’name’ attribute for discovered systems. You could choose to leave the value as an IP address. Windows Server 2008 and above supports an IP address for the host.
If the address does not contain the DNS name (for example, if it is an IP address) and you want it to, you have several options:
If the system is local service mode, use one of the substitution values
%NETBIOS%,%DNSHostname%, or%NetbiosDomain%depending on the type of account. Default is %NETBIOS% .If the system is push mode, and if using the Windows NT connector, enable WINNT_EMIT_INFO and use
%DNSHostname%. This allows the Windows NT connector to return the IP and DNS hostname on the reset operation.If the system is push mode, and if using a scripted connector (
agtssh,agtdos,agttelnet), configure the PSLang script to return the IP address and DNS hostname on the reset operation.Use a managed system attribute set by the API Service
ManageSystemAttrAddfunction. The key-values set for the managed system can then be used for the host/domain settings.Use a hardcoded value.
Let the user override the value.
When an user checks out a domain account, the user has the option to select from a list of domain member computers to connect to. To enable this, the ”host” attribute must have the ability to be overridden by the user, and the ”host search” attribute is set to true. As well, discovered systems must be listed from the Active Directory target.
Local service managed system values
The terminal services plugin connects to the domain set in the managed system’s address field by default.
When you install the Bravura Privilege local service, it transmits the information about the workstation, including:
DNS Domain name
NetBIOS domain name
Fully qualified DNS name
NetBIOS name
Physical DNS domain name
Physical fully qualified DNS name
Physical DNS host name
Physical NetBIOS name
You can view the information for a workstation by clicking Manage the system > Privileged access > Managed systems > < Workstation ID > , then scrolling down to the information table below the account table.
The attribute names can be used to substitute values for the domain and host attributes for the pswxtsvc ; for example you can set the domain value to %NETBIOS%, %DNSHostname%, or %NetbiosDomain%.
In-browser Remote App: guacamole-remote-app
The guacamole-remote-app Guacamole access disclosure plugin provides users with remote access to applications hosted on a Windows server or client managed system using Remote Desktop Connection (RDC). This control provides automatic connection to the managed system without the need to enter the administrative credentials for the managed account and is compatible with session recording.
You can modify the following default attributes to control the behavior of guacamole-remote-app :
| Set the preferred color depth of the display in bits per pixel. Available values are 8, 16, 24 and 32. |
| Disable audio driver. This reduces the bandwidth of the session. This is set to true by default. |
| Set the domain the user account is a member of. This is set to See Domain and host values for further information. |
| Enable printing to a virtual PDF printer. This is set to false by default. |
| Set the URL of the Guacamole service. The format is |
| Set the height of the RDP window. |
| Set the IP or DNS of the server. This is set to %server% by default. |
| Ignore certificate from the RDP server. This is set to False by default. |
| Set the connection port of the server. |
| Define the RemoteApp program. This should be in the format |
| Set the command line arguments of the RemoteApp program. |
| Set the working directory of the RemoteApp program. |
| Set the security mode for the connection. This is set to |
| Set the width of the RDP window. |
In-browser SSH: guacamole-ssh
The guacamole-ssh Guacamole access disclosure plugin provides users with remote access to a server using Secure Shell (SSH). This control provides automatic connection to the managed system without the need to enter the administrative credentials for the managed account and is compatible with session recording.
You can modify the following default attributes to control the behavior of guacamole-ssh :
| Set the color scheme to use for the terminal emulator. |
| Name of font to render on the terminal emulator. By default, a monospace font will be used. |
| Size of font to render on the terminal emulator. By default, the font will be set to size 12. |
| Set the url of the Guacamole service. The format is ’ <address> : <port> / <webappname> ’. |
| Set the IP or DNS of the server. This is set to %server% by default. See Domain and host values for further information. |
| Set the passphrase to use with a private key, if required. |
| Set the connection port of the server. |
| Set the private key to use when connecting, if required. |
In-browser Telnet: guacamole-telnet
The guacamole-telnet Guacamole access disclosure plugin provides users with remote access to a server using Telnet. This control provides automatic connection to the managed system without the need to enter the administrative credentials for the managed account and is compatible with session recording.
To use this control, Telnet must be installed and enabled on the managed system.
You can modify the following default attributes to control the behavior of guacamole-telnet :
| Set the color scheme to use for the terminal emulator. |
| Name of font to render on the terminal emulator. By default, a monospace font will be used. |
| Size of font to render on the terminal emulator. By default, the font will be set to size 12. |
| Set the URL of the Guacamole service. The format is ’ |
| Set the IP or DNS of the server. This is set to %server% by default. See Domain and host values for further information. |
| The regular expression to use when searching for where to enter the managed account password. By default, this is set to [Pp]assword: . If unspecified, Guacamole will use a reasonable default value. |
| Set the connection port of the server. |
| The regular expression to use when searching for where to enter the managed account username. By default, this is set to [Ll]ogin: . If unspecified, Guacamole will use a reasonable default value. |
In-browser VNC: guacamole-vnc
The guacamole-vnc Guacamole access disclosure plugin provides users with remote access to a server using Virtual Network Computing (VNC). This control provides automatic connection to the managed system without the need to enter the administrative credentials for the managed account and is compatible with session recording.
In order to use this control, VNC must be installed and enabled on the managed system.
You can modify the following default attributes to control the behavior of guacamole-vnc :
autoretry | Set the number of times to retry connection before failing. This is set to 0 by default. |
color-depth | Set the preferred color depth of the display in bits per pixel. Available values are 8, 16, 24 and 32. |
cursor | Set whether to render a mouse cursor locally or remotely. This is set to local by default. |
encodings | Space-delimited list of encoding to use by libvncclient. Guacamole will use supported encodings by default. |
guacamole-url | Set the url of the Guacamole service. The format is ’ <address> : <port> / <webappname> ’. |
hostname | Set the IP or DNS of the server. This is set to %server% by default. See Domain and host values for further information. |
port | Set the connection port of the server. |
read-only | Allows the user to view the display but not make any modifications. This is set to false by default. |
swap-red-blue | Swaps colors of red and blue, used to correct incorrect displays. This is set to false by default. |