Policies

On this page, you can assign policies for pre-existing user groups that you can set up in Parallels My Account. Each user group is a sublicense of your main Parallels Desktop Enterprise Edition license with a unique key. Read this chapter to learn more.

To create user groups and populate them with users, please refer to this page. If you plan on using Single Sign-On for license activation, refer additionally to this page.

Creating a New Policy

To create a new policy, click on the Add button in the top left corner of the page. This will launch the multi-page policy creation process where you will have to provide the following information:

General Information

1. Name. Use a unique descriptive name in case the number of policies increases in the future.

2. Description.

3. Policy applies to. This setting allows you to add and remove the groups (as defined by secondary license keys) that the policy applies to. Note: At any given time, each group may only have ONE policy applied to it, so you won't be able to add groups that already have other policies that apply to them. If you don't divide your Parallels users into groups, or have users assigned to the primary license key, you may assign a policy to the primary license key. To add a group, use the drop-down menu as indicated in the image above. To remove one already added, click on the (X) symbol next to the one already listed. Note: You may choose to apply a specific policy to the users whose copies of Parallels Desktop are activated with the primary license key. These settings will not affect any users who are on secondary license keys or have been included in one of the SSO user groups.

4. Click Next.

Throughout the policy creation process, you may use the Next and Previous buttons to move between the various steps and check settings.

Golden Image

Each policy includes a dedicated Golden Image thay you may want to tailor to that group's specific needs.

Use the drop-down menu to select the preferred Golden Image and click Next.

Security Controls

At this step, you need to select specific limitations that will apply to this group of users. Presently, policies only define what users from your organization can do with their Parallels Desktop setups and not their virtual machines. The available controls are:

• Limit users to provisioned VMs only. This policy prevents users from setting up new virtual machines from sources other than your organization’s Golden Images, as well as importing or cloning pre-existing ones. You may want to enact this policy to prevent members of your organization from setting up virtual machines for their own extracurricular activities;

• Limit the number of providioned VMs per user to one. This setting prevents users from installing any more virtual machines from the approved sources (i.e., your organization’s Golden Images). Note: If you select this option alone, without the previous option, users will still be able to add new virtual machines using third-party sources, such as the default images available through Parallels Desktop.

• Do not allow removing provisioned VMs.

• Do not allow upgrading to the next major Parallels Desktop version. This setting will still allow users to update their Parallels Desktop installations to a minor version (e.g., 26.0.1 to 26.1) but will prevent them from upgrading to a major version (e.g., from 20.x to 26.x) when it becomes available. Enabling this setting will allow you to first ensure that a major new version suits your needs before proceeding with a fleet-wide upgrade. Note: This setting will have no effect if your organization is running a local update server, or your update policies are managed via an MDM solution.

• Do not allow editing Parallels Desktop preferences. This setting prevents users from changing the preferences for their Parallels Desktop setups. To learn more about the settings that can be changed in the Parallels Desktop Preferences panel, read this section of the Parallels Desktop's user guide.

• Do not allow running VMs without this company's Parallels license. This setting prevents users from transferring and launching their virtual machines (as well as Golden Images) to Parallels Desktop installations that don't have your organization's Enterprise license. Read more on virtual machine encryption here. Note: The initial application of this setting to existing Parallels Desktop installations already running provisioned virtual machines will trigger a re-encryption procedure that will temporarily render those virtual machines unavailable for use. The users will receive a clear message when attempting to launch such virtual machines. Encrypting virtual machines using a command-line interface will become unavailable.

Select the required settings and click Next.

Once you have filled out all the settings, click Add to enable the policy. You won't be able to create it unless all mandatory fields are filled.

Changing or Deleting an Existing Policy

The default view of the main Policies screen shows you the list of all the policies under your management, citing their names as provided during the setup process, their descriptions, and the list of groups they apply to. Right-clicking on a policy from the list allows you to edit or delete it.

If a policy is marked as "not applied", it either means that no groups were selected during the creation, or the group(s) it initially applied to was (were) deleted.