Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Items under the Session node in the Policy Properties dialog include connection, display, printing, network, and other settings that will be enforced on a client if defined and enabled.
For a particular group of settings to be enforced on a client device, it must be selected (checked). Unselected groups will not be enforced, so end users will be able to configure them themselves. For example, you can check the Connection node, but only check the Primary connection and Secondary connections groups under it. This will enforce only the two selected groups of settings on client devices.
To configure the appearance of Parallels Client, select the Appearance node and then configure the groups of settings described below.
Parallels Client interface. Select the style of interface for Parallels Client for Windows.
Prompt user to switch to Modern interface. Select this option if you want the user to see a prompt that allows them to switch to Modern interface.
The Printing node in the Policy Properties dialog allows you to configure printing options.
In the Technology section, select the technology to use when redirecting printers to a remote computer:
None. No printer redirection will be used.
RAS Universal Printing technology. Select this option if you want to use RAS Universal Printing technology.
Microsoft Basic Printing Redirection technology. Select this option if you want to use Microsoft Basic printing technology.
RAS Universal Printing and Microsoft Basic redirection technologies. Select this option to use both Parallels RAS and Microsoft technologies.
Note: The following rules apply when using printing in RAS HTML 5 Client. If None or Microsoft Basic Printing is selected, then no printing redirection will be available in a remote session. If RAS Universal Printing or RAS Universal Printing and Microsoft Basic Printing is selected, then RAS Universal Printing will be used in a remote session.
If you selected RAS Universal Printing technology, use the Redirect Printers drop-down list to specify whether to redirect all printer on the client side, default printer only, or specific printers.
If you select Specific only in the step above, click Tasks > Add. Type a printer name and then click the Options button. In the dialog that opens, specify settings described below.
In the Choose Format drop-down list, select a data format for printing:
Print Portable Document Format (PDF). Adobe PDF. This option does not require you to install any local applications capable of printing a PDF document. All the necessary libraries are already installed together with Parallels Client.
View PDF with external application. To use this option you must have a local application installed which is capable of viewing a PDF document. Note that not all applications are supported. For example, the built-in PDF viewer in Windows is not supported, so you must have Adobe Acrobat Reader (or a similar application) installed.
Print PDF with external application. This option works similar to the View PDF option above. It also requires an application capable of printing a PDF document installed locally.
Enhanced Meta File (EMF). Use vector format and embedded fonts.
Bitmap (BMP). Bitmap images.
In the Client printer preferences section, select one of the following:
Use server preferences for all printers. If this option is selected, a generic printer preferences dialog will be shown when a user clicks Print in a remote application. The dialog has only a minimal set of options that they can choose.
Use client preferences for all printers. With this option selected, a local printer preferences dialog will open when a user clicks Print in an application. The dialog will contain a full set of options for a particular printer that the user has installed on their local computer. If they have more than one printer installed, a native preferences dialog will open for any particular printer that they choose to print to.
Use client preferences for the following printers. This option works similar to the Use client preferences for all printers option (above), but allows users to select which printers should use it. Select this option and then select one or more printer in the list below. If a printer is not selected, it will use the generic printer preferences dialog, similar to the first option in this list.
To configure default printer settings, click the Change Default Printer settings button.
The default printer list shows printers that can be redirected by the client to the remote computer:
To disable the default printer, select <none>.
To redirect the default local printer, select <defaultlocalprinter>.
When <custom printer> is selected, you can specify a custom printer. The first local printer that matches the printer name inserted in the Custom field will be set as the default printer on the remote computer.
Select Match exact printer name to match the name exactly as inserted in the Custom field. Please note that the remote printer name may not match the original printer name. Also note that local printers may not redirect due to server settings or policies.
The Force Default printer for option specifies the time period, during which a printer will be forced as default. If the default printer is changed during this time after the connection is established, the printer is reset as default.
Select the Update the remote default printer if the local default printer is changed option to change the remote default printer automatically when the local default printer is changed. Please note that the new printer must have been previously redirected.
Windows 10 and 11 have a feature that automatically sets the default printer to the one used most recently or more often. This can break the default printer control on RD Sessions Hosts, guest VMs, and Remote PCs. To resolve this issue, the default printer management in Windows 10 and 11 should be disabled. To disable this feature using the Group Policy, do the following:
Open the group policy editor.
Navigate to User Configuration > Administrative Templates > Control Panel > Printers.
Find the Turn off Windows default printer management policy and enable it.
Force the group policy to all computers attached to the domain.
You can also disable the default printer management in Windows 10 and 11 locally by using the GUI or the registry editor:
On a Windows 10 or 11 computer, click Start, then click the "gear" icon which will open the Settings page.
On the Printers and Scanners tab, set the Let Windows manage my default printer option to OFF.
Using the registry editor:
Open the registry editor (regedit).
Navigate to HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows.
Create a new DWORD item and name it LegacyDefaultPrinterMode.
Change the item's Value data to hexadecimal and set the value data to 1.
In addition to disabling the default printer management, the Download over metered connections option should be enabled in Settings > Devices > Printers & Scanners.
On the Keyboard node in the Policy Properties dialog, select how you want to apply key combinations (e.g. Alt+Tab) that you press on the keyboard:
On the local computer. Key combinations will be applied to Windows running on the local computer.
On the remote computer. Key combinations will be applied to Windows running on the remote computer.
In full screen mode only. Key combinations will be applied to the remote computer only when in the full-screen mode.
Select or clear the Send unicode characters as needed.
To configure display settings, select the Display node and then configure the groups of settings described below.
Select the desired video acceleration mode and color depth.
Specify which monitors should be used for a session if more than one monitor is connected to the user's computer.
The following options are available:
All: All displays.
Primary: User's primary display.
Selected: User can select one or several displays manually. To use this option for a published desktop, you need to select Full Screen in Publishing category > select the published desktop > Desktop tab > Desktop Size.
Specify the options as follows:
Use primary monitor only. Select this option to start published applications on the primary monitor. Other monitors connected to a user's computer will not be used.
Use dynamic desktop resizing. Select this option if you want published resources to use the display settings of the local desktop.
Specify the desktop options as follows:
Smart-sizing: Choose a smart sizing option. The Scale (fit to window) option scales a remote desktop to fit the connection window. The Resize (update resolution) option updates the resolution dynamically (without the need to reconnect) based on the window size. To disable smart sizing, select Disabled.
Embed desktop in launcher. Enable this option to access a published desktop inside Parallels Client.
Span desktop across all monitors. Enable this option to span published desktops across all connected monitors.
Connection bar in full screen. Specify whether the connection bar should be pinned, unpinned, or hidden when connecting in full-screen mode.
This section applies to Parallels Web Client only. Specify whether a remote application should open in the same or a new tab in a web browser by default.
Use the Local devices and resources node in the Policy Properties dialog to configure how local resources are used in a remote session.
Enable or disable the clipboard in a remote session. In the right pane, choose one of the following clipboard redirection options:
Client to server only: Copy and paste from client to a server app only.
Server to client only: Copy and paste from a server app to client only.
Bidirectional: Copy and paste in both directions.
Disabled: The clipboard is disabled.
The Limit clipboard to text only drop-down menu allows you to limit the functionality of the clipboard:
No limit: All types of files can be copied in both directions.
Client to server: Only plain text can be copied from the client to the server.
Server to client: Only plain text can be copied from the server to the client.
Both directions: Only plain text can be copied in both directions.
Note: Clearing the Clipboard option also disables the Remote Clipboard functionality for affected users in Parallels Web Client. For more information, please see Using the remote clipboard.
Select the Allow disk drives and folders redirection option and select local drives you want to redirect, or select Use all disk drives available.
Select the Redirect as read-only drives option to redirect all selected disk drives in read-only mode.
Note: When you select the Redirect as read-only drives option, the drag-and-drop functionality in Parallels Client for Windows becomes limited. Users will be able to use drag-and-drop only for copying file paths from local to remote computers.
Note: When you select the Redirect as read-only drives option, the drag-and-drop functionality in Parallels Client for Mac becomes limited. Users will be able to use drag-and-drop only for copying data from local to remote computers.
If you select the Use also disk drives that I plug in later option, disk drives that you connect to a local computer later will be automatically available in a remote session.
Note: This option applies to Parallels Client for Windows only.
In the Cache drop-down list, you can select whether to enable drive redirection cache hat makes file browsing and navigation on the redirected drives much faster:
Disable: Drive redirection cache is disabled.
Enable: Drive redirection cache is enabled.
Fast mode: Same as above, but certain decorative features of File Explorer are disabled in favor of faster browsing.
Note: This option applies to Parallels Client for Windows only.
On this pane, specify whether to redirect local devices in general, use all devices available, and also devices that will be plugged in later.
Local devices that can be redirected include supported Plug and Play devices, media players based on the Media Transfer Protocol (MTP), and digital cameras based on the Picture Transfer Protocol (PTP).
Please note that disk drives and smart cards are redirected using dedicated Disk drives and folders and Smart cards options.
Specifies video capture devices to redirect from a user device to the remote session. This is a high-level redirection that allows to redirect a composite USB device, such as a webcam with a microphone.
Allow devices redirection: Allows to choose which video capture devices to redirect.
Use all devices available: Redirect all available devices.
Use also devices that I plug in later: A device that is plugged in after a session is started will also be used. Note that if this option is disabled, you will need to restart a session for a newly plugged in device to become available.
Select whether to redirect LPT and COM ports.
Select whether to redirect smart cards. Note that if smart card is selected as the authentication type in the Primary connection pane, the smart card redirection is automatically enabled and this option is grayed out.
Enables or disables the following functions:
Pen input redirection with pressure sensitivity support.
Windows touch input redirection. Windows touch input redirection allows users to use Windows native touch gestures from touch-enabled devices, including touch, hold, and release actions. The actions are redirected to remote applications and desktops as corresponding mouse clicks. This option allows you to disable touch input redirection in case of app compatibility issues.
Note: This policy is applicable to Parallels Client for Windows and Parallels Web Client only.
Allows to watch video content played in a browser on a remote Azure Virtual Desktop host. To use this feature, you also need to configure redirection on your AVD hosts as described at https://learn.microsoft.com/en-us/azure/virtual-desktop/multimedia-redirection?tabs=edge#requirements.
Note: This policy is applicable to Parallels Client for Windows 10 1909 and later, and Windows 11. Note: Multimedia redirection on Azure Virtual Desktop is not available when using the Advanced client feature set. Note: Multimedia redirection on Azure Virtual Desktop is currently in preview. For the list of websites that support multimedia redirection, see https://learn.microsoft.com/en-us/azure/virtual-desktop/multimedia-redirection-intro.
Enables file transfer in a remote session. To enable file transfer, select this node and then select a desired option in the Allow file transfer drop-down list in the right pane. For additional information, see Configuring remote file transfer.
This node in the Policy Properties dialog allows you to configure remote audio playback and recording settings.
In the Remote audio playback section, Use the Where drop-down list to select one of the following remote audio playback options:
Bring to this computer. Audio from the remote computer will play on your local computer.
Do not play. Audio from the remote computer will not play on your local computer and will be muted on the remote computer as well.
Leave at remote computer. Audio will not play on your local computer but will play normally on the remote computer.
Use the Quality drop-down list to adjust the audio quality:
Dynamically adjust based on available bandwidth. This option will increase or decrease the audio quality based on your connection speed. The faster the connection, the higher audio quality setting will be used.
Always use medium audio quality. The audio quality is fixed at the medium level. You can use this option when you don't require the best possible audio quality and would rather use the available bandwidth for graphics.
Always use uncompressed audio quality. The audio quality is fixed at the highest level. Select this option if you have a very fast connection and require the best possible audio quality.
The Enable recording (if applicable) option allows you to enable audio recording on the remote computer. For example, you can speak into a microphone on the local computer and use a sound recording application on the remote computer to record yourself.
Use the Server authentication node in the Policy Properties dialog to specify what should happen if authentication of an RD Session Host, Remote PC, or Guest VM fails.
In the If authentication fails drop-down list, select one of the following options:
Connect. The user can ignore the certificate of the server and still connect.
Warn. The user is alerted about the certificate and still has the ability to choose whether to connect or not.
Do not connect. The user is not allowed to connect.
On the Scanning node in the Policy Properties dialog, you can specify a scanner that should be used when one is required by a published application:
Use. Allows you to select a scanning technology. RAS Universal Scanning uses TWAIN and WIA redirection allowing an application to use either technology depending on the hardware type connected to the local computer. If you select None, scanning will disabled.
Redirect Scanners. Select scanners attached to your computer for redirection. You can select All (all attached scanners will be redirected) or Specific only (only the scanners you select in the provided list will be redirected).
The Experience node in the Policy Properties dialog allows you to tweak connection speed and compression.
Choose your connection speed to optimize performance: Choose a connection type according to your situation and then select experience options you want enabled. If you are connecting to a remote server on a local network that runs at 100 Mbps or higher, it is usually safe to have all of the experience options enabled. If you choose Detect connection quality automatically, the experience options will be enabled by default, but some may be dynamically disabled depending on the actual connection speed.
Enhance windows move/size: Enable this option if your users experience graphics artifacts (dark squares) while moving or resizing a remote application window on their desktops. The issue may manifest itself when a remote application is hosted on a Windows Server 2016, 2019 or 2022 and when the Show contents of window while dragging option is enabled. The issue does not appear with any other versions of Windows.
It is recommended to enable compression to have a more efficient connection. The available compression options are described below.
Enable RDP Compression: Enables compression for RDP connections.
Universal printing compression policy: The compression type should be selected based on your environment specifics. You can choose from the following options:
Compression disabled. No compression is used.
Best speed (uses less CPU). Compression is optimized for best speed.
Best size (uses less network traffic). Compression is optimized to save network traffic.
Based on connection speed. The faster the connection speed, the lower compression level and the minimum data size to compress are used.
Universal scanning compression policy: This drop-down list has the same options as the universal printing compression above. Select the compression type based on your environment specifics.
Use the Network node in the Policy Properties dialog to configure a proxy server for Parallels Client.
Select the Use proxy server option and then select the protocol from the following list:
SOCKS4. Enable this option to transparently use the service of a network firewall.
SOCKS4A. Enable this option to allow a client that cannot connect to resolve the destination host’s name to specify it.
SOCKS5. Enable this option to be able to connect using authentication.
HTTP 1.1. Enable this option to connect using a standard HTTP 1.1 protocol connection.
Specify the proxy host's domain name or IP address and the port number.
For SOCKS5 and HTTP 1.1 protocols, select the Proxy requires authentication option. For authentication, select the Use user logon credentials option or specify a user name and password in the fields provided.
The Advanced Settings node in the Policy Properties dialog allows you to customize the default behavior or Parallels Client.
You can specify the following properties:
Use client system colors: Enable this option to use the client system colors instead of those specified on the remote desktop.
Use client system settings: Enable this option to use the client system settings instead of those specified on the RD Session Host.
Create shortcuts configured on server: For each published application, the administrator can configure shortcuts that can be created on the client's desktop and the Start menu. Select this option to create the shortcuts, or clear the option if you don't want to create them.
Register file extensions associated from the server: For each published application, the administrator can create file extension associations. Use this option to either register the associated file extensions or not.
Redirect URLs to the client device: Enable this option to use the local web browser when opening 'http:" links.
Redirect MAILTO to the client device: Enable this option to use the local mail client when opening ‘mailto:’ links.
Always ask for credentials when starting applications: If this option is enabled, a user will be asked to enter credentials when starting an application even if the session is still active. You can use this option as added security to prevent unauthorized users to access applications. For example, if a user disconnects from a session, no one else will be able to take over the session and run remote applications. As another example, if a user leaves a device with an open User Portal displaying the app listing (with or without running RDP sessions) then any user who tries to open a new application or another instance of a running application will be prompted for credentials. Please note that the option must be disabled for this functionality to work; otherwise saved credentials will be used automatically.
Allow Server to send commands to be executed by client: Enable this option to allow commands being received from the server to be executed by the client.
Confirm Server commands before executing them: If this option is enabled, a message is displayed on the client to confirm any commands before they are executed from the server.
Network Level Authentication: Check this option to enable network level authentication, which will require the client to authenticate before connecting to the server.
Redirect POS devices: Enables the Point of Service (POS) devices such as bar code scanners or magnetic readers that are attached to the local computer to be used in the remote connection.
Use Pre Windows 2000 login format: If this option is selected, it allows you to use legacy (pre-Windows 2000) login format.
Disable RDP-UDP for gateway connections: Disables RDP UDP data tunneling on the client side. You can use this option when some clients experience random disconnects when RDP UDP data tunneling is enabled on the RAS Secure Gateway (the Network tab in the gateway Properties dialog), while other clients are not.
Do not show drive redirection dialog: This option affects Parallels Client for Mac. By default, the Grant access to Home folder (drive redirection) dialog opens automatically when a Mac user connects to Parallels RAS. This happens when this option is disabled or when there's no client policy at all. The dialog allows the user to configure which folders on the local disk drive should be available to remote applications. If you enable this option, the dialog will not be shown a user. Read below for more explanation.
Drive redirection cannot be configured via client policies, so Mac users have to do this themselves. By automatically showing the dialog, you can invite the user to go through the local folder configuration procedure. On the other hand, if there's no need for your users to redirect their local drives, you can disable the automatic opening of the dialog. Note that the dialog can still be run manually in Parallels Client for Mac at any time by opening Connection Properties > Local Resources, selecting the Disk drives option and clicking Configure.
When the option is disabled (or when there's no client policy defined), the dialog opens at least once when the user connects to Parallels RAS for the first time. At that time, the user can either configure local folders or select the Never ask me again option. In both cases, the dialog will not be shown to the user anymore. The Mac user can reset the Never ask me selection by going to Connection Properties > Advanced and clearing the Do not show drive redirection dialog option.
To configure connection properties, select the Connection node and then go through each child node configuring their respective properties.
The primary connection always defaults to the primary RAS Secure Gateway, but you can modify the following connection properties:
Specify a friendly name for the connection.
Auto login: Enable or disable auto login in RAS User Portal. If the option is disabled, auto login will be disabled in User Portal and the user will not be able to change it. For more information, see Auto Login.
In the Authentication type drop-down list, select the desired method of authentication:
Credentials. The user will have to enter credentials to log on.
Single Sign-On. This option will be included in the list only if the Single Sign-On module is installed during Parallels Client installation. The credentials that the user used to log on will be used to connect to the remote server.
Smart Card. Select this option to authenticate using a smart card. When connecting to the remote server, a user will need to insert a smart card into the card reader and then enter a PIN when prompted.
Web. If selected, the SAML SSO authentication is allowed. For more information, see SAML SSO Authentication.
Web + Credentials. The same as Web, but users are prompted to enter credentials when they launch a published application. To enable the Web + Credentials method, you must configure your IdP and RAS as described in IdP side configuration and SP side configuration.
Note: Smart card authentication is not supported in Parallels Client for Linux.
Note: The Web + Credentials method works only in Parallels Client for Windows.
Note: The allowed authentication type(s) must be specified in RAS Console in Connection > Authentication.
Select or clear Save password as needed (if credentials are used for authentication). This means forcing a client to save the password for this connection.
Specify the domain name (if credentials are used for authentication).
If you have more than one RAS Secure Gateway, you can define a secondary connection, which will be used as a backup connection in case the primary gateway connection fails.
To add a secondary connection:
Select the Secondary connections item.
In the Secondary connections pane, click Tasks > Add and specify a server name or IP address.
Select the connection mode and modify the default port number if necessary.
If you have multiple secondary connections, you can move them up or down in the list. If the primary connection cannot be established, Parallels Client will use secondary connections in the order listed.
In this pane, specify what to do if the connection is dropped:
Reconnect if connection is dropped. if this option is selected, Parallels Client will try to reconnect if the connection is dropped. The Connection retries property specifies the number of retries.
Show connection banner if reconnection is not established within. Specifies the number of seconds after which the connection banner will be displayed in Parallels Client. This will inform the user that the connection was dropped and will allow them to take actions on their own.
Specify the name that a computer will use during a remote desktop session. If set, this will override the default computer name. Any filtering set by the administrator on the server side will make use of the Override computer name setting.
Connection timeout. The Parallels Client connection timeout value.
Show connection banner if connection is not established within. Specifies the number of seconds after which the connection banner will be displayed. This will inform the user that the connection cannot be established and will allow them to take actions on their own.
Show desktop if published application does not start within. If a published application is not launched within the time period specified in this field, the host server desktop will be shown instead. This is helpful if an error occurs on the server side while launching an application. By showing the server desktop, the user can see the error message.
Select or clear the Use default OS browser option. If the option is selected, the SAML SSO login dialog on the client side will open in the default browser. If the option is cleared, the browser built into the Parallels Client will be used.
The Open browser window to complete log out option is used when the built-in browser is used. In this case, there's no control over the SAML log out, so when this option is selected, a URL will open to perform the logout from SAML. By default, this web page will not be displayed, but if you need to interact with the browser, you can enable this option.
For more info, see SAML SSO Authentication.
When a user opens a remote application, a session must first be launched. Launching a session can take time, which will result in the user waiting for the application to start. To improve user experience, a session can be launched ahead of time, before the user actually opens an application.
To enable (or disable) session prelaunch, choose one of the following in the Mode drop-down list:
Off. No session prelaunch is used.
Basic. A session is prelaunched as soon as the user gets the application listing. The assumption is, the user will open an application within the next few minutes. The session will stay active for 10 minutes. If the user doesn't open an application during that time, the client will disconnect from the session.
Machine Learning. When the application listing is acquired, a session is prelaunched based on user habits. With this option enabled, Parallels Client will record and analyze the user habits of launching applications on a given day of the week. A session is started a few minutes before the user usually opens an application.
When a session is prelaunched, it will all happen in the background, so the user will not see any windows or message boxes on the screen. When the user starts an application, it will open using the prelaunched session, so it will start very quickly.
You can configure rules when session prelaunch must not be used. The following options are available:
Use the Exclude sessions prelaunch list to specify dates on which the prelaunch must not be used. Click on the plus-sign icon and select a date. The list can contain multiple entries.
You can also exclude a published resource from the session prelaunching scheme altogether. This way, the resource is excluded from the analysis and is never considered by Parallels Client when making a decision whether to prelaunch a session. For example, when you have a server on which you never want to prelaunch sessions, you can flag all published resources hosted by that server as to be excluded from session prelaunch. To exclude a published resource from session prelaunch, in the RAS Console, navigate to Published Resources, select a resource and then select the Exclude from session prelaunch option.
The setting in this section specifies to which IP address to bind the local RDP proxy. Select the Use 127.0.01 IP address when using Gateway mode in VPN scenarios option. You should have this setting enabled. Disabling it may lead to users not being able to open applications or desktops when using a VPN. This setting applies to Parallels Client for Windows only.