4.6 Control Access to Settings and Controls with Microsoft Group Policy

As an administrator, you can limit users' ability to modify their workspace or session documents by setting permissions from the Microsoft Group Policy Management Console using group policy templates.

NOTE:To use this feature, you must be running Windows 8, Windows 7, Windows Vista or later on an administrative machine. For more information about managing group policy, see Managing Group Policy ADMX Files Step-by-Step Guide.

Reflection installs a set of group policy templates (ADM and ADMX files) to the following directory:

\Program Files\Micro Focus\Reflection\Configuration\GroupPolicy

ADMX files

ADMX files are divided into language-neutral files (.admx) and language-specific resource files (.adml), available to all Group Policy administrators. These factors allow Group Policy tools to adjust their UI according to the administrator's configured language.

Reflection setup.exe installs ADMX files to:

... \ install_dir \Configuration\GroupPolicy\ADMX

It installs ADML files to the following directory:

...\install_dir\Configuration\GroupPolicy\ADMX\en-us

Reflection provides the following ADMX Group Policy files. Each of these files has a corresponding ADML language file.

This file

Controls access to

ACTIONS.admx

Actions

APPLICATION.admx

Reflection Workspace

RD3X.admx

Mainframe terminal

RD5X.admx

AS/400 terminal

RDOX.admx

UNIX/OpenVMS terminal

ReflectionWorkspace.admx

Root-level ADMX file

NOTE:This directory also includes the ReflectionPCIDSS.admx file. This file is used to configure information privacy through Group Policy and is not used to control access.

ADM files

ADM files contain the Group Policy definitions and resource strings in the same file.

Reflection setup.exe installs ADM files to:

        ...
        \
        
          install_dir
        
        \Configuration\GroupPolicy\ADM\
      

ADM Group Policy files:

This file

Controls access to

ACTIONS.adm

Actions

APPLICATION.adm

Reflection Workspace

RD3X.adm

Mainframe terminal

RD5X.adm

AS/400 terminal

RDOX.adm

UNIX/OpenVMS terminal

4.6.1 Install Group Policy Templates

Before you deploy group policy definitions, set and test them on a local test machine.

To deploy ADMX & ADML files on a local test machine

  1. Copy the .admx files from …\install_dir\Configuration\GroupPolicy\ADMX to the central store (%systemroot%\PolicyDefinitions)

  2. Copy all required locale .adml files to: %systemroot%\PolicyDefinitions\<locale>

  3. Open the Group Policy Object Editor (gpedit.msc)

  4. Under either Computer Configuration or User Configuration, browse to Administrative Templates | Reflection Desktop.

  5. In the Group Policy Management Editor, navigate to the setting or feature you want to configure.

  6. Enable the Group Policy settings you want to restrict access to.

    NOTE:For more about using ADMX files to set group policy, see Managing Group Policy ADMX Files Step-by-Step Guide.

To install ADM files on a local test machine

  1. Copy all .adm files

    From:

    ... \ install_dir \Configuration\GroupPolicy\ADM\

    to:

    C:\Windows\inf

  2. Open Group Policy Object Editor (gpedit.msc)

  3. Under either User Configuration or Computer Configuration, Right-click on Administrative Templates and select Add/Remove Templates.

  4. Click Add, select the Reflection ADM files you need to add, and then click Open.

    The Reflection ADM files are listed in the Add/Remove Templates dialog box, in the Current Policy Templates list.

  5. Under either Computer Configuration or User Configuration, browse to Administrative Templates | Classic Administrative Templates (ADM) | Reflection Desktop.

  6. In the Group Policy Management Editor, navigate to the setting or feature you want to configure.

  7. Enable the Group Policy settings to which you want to restrict access.

    NOTE:Registry keys are added when policy settings are Enabled. When Not Configured, no key is present. When a setting is Disabled, the key is still present, and it's data is set to 0x00000000. The data is 0x00000004 when enabled.

    For more about using ADM files to set group policy, see Add or remove an Administrative Template (.adm file).

4.6.2 Set Access with Group Policy

To set access with Group Policy Object Editor

  1. In the Group Policy Management Editor, navigate to the setting or feature you want to configure.

    The following example shows all shipping ADMX files loaded into the GPO Editor under User Configuration. Group Policies can be set at the machine (Computer Configuration) or user (User Configuration) levels.

  2. Enable the Group Policy settings you want to use.

    The following example shows the following:

    • The current node is the RD3X Document\Connection\TN3270Basic group.

    • All the settings for this group are listed in the right-hand panel.

    • The Restrict ConnectionTimeout setting policy is Enabled. This setting for 3270 display sessions is restricted.

    Registry keys are added when policy settings are Enabled. These keys remain in the registry when policy settings are Disabled. No key is present when policy settings are Not Configured.