Parallels RAS 19 Administrator's Guide - Add a new client policy

Introduction
- Parallels RAS 19 release history
- About Parallels RAS
- About this guide
- What's new
- Terms and abbreviations used in this guide
Installing Parallels RAS
- System requirements
- Install Parallels RAS
- Log in and activate Parallels RAS
Getting Started with Parallels RAS
- The Parallels RAS Console
- Set up a basic Parallels RAS Farm
Farm and Sites
- Connecting to a Parallels RAS Farm
- About Sites
- Sites in the RAS Console
- Adding a Site to the Farm
- Replicating Site settings
- Managing Licensing Site
- Managing administrator accounts
RAS Connection Broker
- Configuring RAS Connection Brokers
- Secondary Connection Brokers
- Managing Secondary Connection Brokers
- Using computer management tools
RAS Secure Gateway
- Overview
- Adding a RAS Secure Gateway
- Manually adding a RAS Secure Gateway
- Checking the RAS Secure Gateway status
- Configuring a RAS Secure Gateway
- Secure Gateway tunneling policies
- Configure logging
- Viewing Secure Gateway summary and metrics
- Using computer management tools
RD Session Hosts
- RD Session Host types
- Add an RD Session Host
  - Installing the agent manually
- Add a template-based RD Session Host
- Manage RD Session Hosts
- Planning for high availability
- Managing logons
- Using computer management tools
- Publishing from an RD Session Host
- Viewing published resources
Virtual Desktop Infrastructure (VDI)
- Supported providers
- Add a provider
- Manage VDI
- Configure logging
- Enabling high availability for VDI
- Site defaults (VDI)
- Using computer management tools
- Viewing Provider summary
- Remote PC pools
Azure Virtual Desktop
- Introduction
- Prerequisites
- Deploy Azure Virtual Desktop
- Manage Azure Virtual Desktop
- Site defaults (Azure Virtual Desktop)
  - Site defaults for single-session hosts
  - Site defaults for multi-session hosts
- Using Parallels Client with Azure Virtual Desktop
- Verify the deployment
Remote PCs
- Overview
- Adding a Remote PC to a Farm
  - Admin-initiated Remote PC enrollment
  - Self-service Remote PC enrollment
- Configuring a Remote PC
- Viewing Remote PC summary
- Using computer management tools
Publishing
- Overview
- Publishing a desktop
- Publishing an application
- Publishing an application with MSIX app attach
- Publishing a web application
- Publishing a network folder
- Publishing a document
- General management tasks
- Manage published applications
- Manage published desktops
- Manage published documents
- Manage folders
- Site defaults (Publishing)
- Using filtering rules
- Configuring preferred routing
- Understanding session prelaunch
- Checking effective access
- Specifying client settings
- Quick keypad
Session Management
- Overview
- Session information
- Monitoring settings
- Managing sessions
- The Resources tab
SSL Certificate Management
- Generating a self-signed certificate
- Generating a certificate signing request (CSR)
- Let's Encrypt certificates
  - Requesting a Let's Encrypt Certificate
  - How Parallels RAS requests certificates from Let's Encrypt
- Importing a certificate
- Exporting a certificate
- Assigning a certificate to Secure Gateways and HALBs
- Auditing certificates
- Permissions to manage certificates
- Upgrading from an older RAS version
Connection and Authentication Settings
- RAS Connection Broker connection settings
- Remote session settings
- Logon hours settings
- Restricting access by Parallels Client type and build number
- Multi-factor authentication
- Allowing users to change domain password
- Allowing users to discover RAS connections via email address
Load Balancing and HALB
- Resource based & round robin load balancing
  - Configure CPU optimization
- High availability load balancing (HALB)
RAS Multi-Tenant Architecture
- Overview
- Architecture description
  - Implementation overview
  - User connection flow
- Deploying Tenant Broker and Tenants
- Managing Tenants
- Shared Gateways
- Third-party network load balancers
- Web Client and Themes
- Monitoring Tenants
- Tenant Broker compatibility and updates
- Upgrading from an older RAS version
- Configuring notifications
- Communication ports
SAML SSO Authentication
- Introduction
- System requirements
- SAML basics
- SAML configuration
- Parallels Client configuration
- Parallels client policy configuration
- Test the SAML SSO deployment
- Error messages
Parallels Web Client and User Portal
- Configure Web Client
- Configure Themes
- Open Parallels Web Client
- Main menu options
- Running remote applications and desktops
- Auto login
- Direct App access
- Using the toolbar
Universal Printing
- Managing Universal Printing settings
- Universal Printing drivers
- Font management
Universal Scanning
- Managing Universal Scanning
- Adding scanning applications
User Device Management and Client Policies
- Inviting users to connect to Parallels RAS
- Mass configuring user devices
- Enabling Help Desk support
- Monitoring devices
  - Getting additional device information
- Windows device groups
- Managing Windows devices
  - Windows desktop replacement
- Scheduling Windows devices & groups power cycles
- Client Policies
- Configuring remote file transfer
Reporting
- System requirements
- Install Microsoft SQL Server
  - Install Microsoft SQL Server 2016 or earlier
  - Install Microsoft SQL Server 2017 or 2019
- Install Parallels RAS Reporting
- Running Parallels RAS reports
- GDPR compliance
Performance Monitor
- Overview
- Install RAS Performance Monitor
- Using Parallels RAS Performance Monitor
- Configure RAS Performance Monitor Security
- Updating RAS Performance Monitor
Common Management Tasks
- Recovery - add a root administrator
- Host name resolution
- Computer management tools
- Site information
- Site settings
- Using MSIX application packages
- Using template versions
- Settings audit
- Upgrading RAS agents
- Licensing
- Configure HTTP proxy settings
- System event notifications
- RAS session variables
- Maintenance and backup
  - Exporting and importing Farm settings from the command line
- Problem reporting and troubleshooting
- Logging
- Suggest a feature
Parallels RAS Management Portal
- Overview
- Prerequisites
- Installation
- Log in to RAS Management Portal
- Configure RAS Web Administration Service
- RAS Management Portal user interface
Parallels RAS APIs
- RAS PowerShell API
- RAS REST API
- RAS Web Client API and Parallels Client URL scheme
Appendix
- Microsoft license requirements in Parallels RAS
- Port reference
- RAS performance counters

Add a new client policy

To add a new client policy:

Select the Policies category and then click Tasks > Add in the right pane. The Policy Properties dialog opens.
The left pane contains a navigation tree allowing you to select a group of options to configure. You can search for options using the Find field in the upper left corner of the dialog. If multiple options are found, you can navigate between them using arrows.
Make sure the Policy node is selected and then specify a policy name and an optional description.
In the Apply policy to section, click Tasks > Add (or click the plus sign icon) and specify rules that define what object the policy applies to (see below).

Configure rules for the client policy

By default, a client policy applies to configured users, computers, and groups in all situations. Optionally, you can specify rules that define when the policy should be applied. This functionality allows you to create different policies for the same user or computer, which will be applied depending on where the user is connecting from and from which device. Each rule consists of one or several criteria for matching against user connections. In turn, each criteria consists of one or several specific objects that can be matched.

You can match the following objects:

User, a group the user belongs to, or the computer the user connects from.
Secure Gateway the user connects to.
Client device operating system.
IP address.
Hardware ID. The format of a hardware ID depends on the operating system of the client.

Notice the following about the rules:

Criteria are connected by the AND operator. For example, if a rule has a criteria that matches certain IP addresses and a criteria that matches client device operating systems, the rule will be applied when a user connection matches one of the IP addresses AND one of the client operating systems.
Objects are connected by the OR operator. For example, if you only create a criteria for matching client device operating systems, the rule will be applied if one of the operating systems matches the client connection.
The rules are compared to a user connection starting from the top. Because of this, the priority of a rule depends on its place in the rule list. Parallels RAS will apply the first rule that matches the user connection.
The default rule is used when no other rule is matched. You can set it to either Apply policy if no other rule matches or Do not apply policy if no other rule matches, but no criteria is available for this rule.

To create a new rule:

Select the Policy node.
In the Apply policy to section, click Tasks > Add. The New rule properties dialog opens.
Specify the name and the description of the rule.
In the Criteria section, specify criteria for the rule. You will find the following controls:

Apply policy if and Do not apply policy if: specifies whether the policy is applied or not applied when a user connection matches all the criteria. Click on the link to switch between the two options.
(+): adds a new criteria. If you want to match a Secure Gateway, a client device operating system, an IP address, or a hardware ID, click (+). In the context menu that appears, select the type of an object that you want to match and add the specific objects in the dialog that appears. The new criteria appears on the next line.
(X): Deletes a specific object from matching. For example, you want to delete IP address 198.51.100.1 from matching, click (X) next to it. This control appears when at least one object is added. If all objects in a criteria are deleted, the criteria is removed.
is and is not: specifies whether the policy is applied or not applied when a user connection matches the criteria. Click on the link to switch between the two options. This control appears when at least one object is added.
configure: edits the list of objects to be matched. Click this link to add or delete new objects. Note that for the first criteria (User, group or computer) this link is called everyone. It will change to configure once you specify objects for this criteria.

Was this topic helpful?

Yes No

Client Policies

Configure session settings