Tags
malware activity virus scope autoruns Proxy servers fallback flag Inactive discovered devices SNMP Apple Device Enrollment Program set up service explorer manually deploy Comodo EDR agent parent process multiple ticket selection selected tickets security events folder transfer discoveries network management remote folder TLS TLS1.2 pci dss pci compliance ITarian Portal Endpoint Manager vdi environment vdi clone environment instant clone documentation vendor notice security dashboard events resolution remote tool partner onboard itarian unknown file hunter TLS Encryption procedure parameters pass profiles history performance metrics real time remote endpoints download browse service URL Security Components system Global Software Inventory 2 minutes Integrate intagrate Active Directory Portable Interception SSL enable reporting Rule Threat Protection Rule Advance spam Customize archived outgoing incoming administrator validate domains add Antispam type PCI data loss Location Network information start software session extensions appoinments resource connection computers Comodo Rescue Disk infected opportunity opportunities custom relationship management quote COMODO-CRM protect mac device email notifications registry COM Quarantined point system restore msi contained applications processes security client events Release date department registration particular os section Two Factor Authentication Login interface dashboard report generate Direct Download Link One drive Google drive HIPS mode cleanup automatic suspicious suspicious certificates shellcode injection detect Elevated Access system user access default charging groups move current malware list store push IP address ip installer acronis auto-remediation server machine icon Product Logos Rebrand backup Device Control data Chromoting WebRTC ports Protocol skip offline manual time entries ticket assignee Help Guide Tour schedule Reschedule appointment unknown application protection virtual desktop Local Verdict server manage calculation cost configuration charging SD contract prepaid hours products classification inventory analyze Device list OS patches global search bar Tool bar Windows Defender Security Center file group white Citrix record SPF work billable time onsite email template template variables emails Gmail SMTP disable Add collaborators admin action Audit logs feature requests submit vote remotely Reset proxy swg secure web gateway dome error disk ticket detail page thread section tickets section internal notes Sub-help topic help topic features Application control white_list Patch Management child parent scheduled customized get to headers columns company restrict customer technician remote access list iOS devices field Reports iOS device APN Certificate MAC OS X options Linux block Comodo Client Communication (CCC) allow Comodo Client Security (CCS) network zones active component tray icon hide show packages additional install block port baseline installation package bulk implement restrict firewall endpoints security and communication global export virus import Database folders files define exclusions change staff admin rating check reassign assign permissions new role create for user of device enroll associated use how profile specific Removing Devices Uninstall windows profile Configuration templates latest version clients comodo file ratings monitoring custom All Devices Ratings Track widgets Agent valkyrie malware files Kill chain report automated establishing endpoint remote session Users prevent Android organization windows assets Mac OS billing identified threats Sort Closed inside Program executed containment service desk remote control Locally runs update scan antivirus SLA Business Hours control CCS Password access Client Auto Specific Device Response Application Third party Status View Logs intended devices alert fails Company Information Configure Verdict Patch Procedures Executable Comodo Internet Security ITSM Analysis Command Line Heuristic Filter Unrecognized Trusted File Rate Malicious Purge Calendar Device Exclusion USB Admin Panel Settings ticket Default system-wide Specific Path Details Monitor Multi Set Currency Connected Who Quick Actions Comparison Version Enterprise Managed Service Provider C1 Portal Remote management Comodo Remote Control ticket management staff panel assign tickets
More

How to configure virtual desktop settings in a Windows profile

Release Time
04/04/2019
Views
none

 

  • The virtual desktop is a sandbox environment in which users can run programs and browse the internet without fear those activities will damage the host computer.
     
  • Applications in the virtual desktop are isolated from other processes on the host computer, write to a virtual file system, and cannot access personal user data. Changes made to files and settings in the virtual desktop do not affect the originals on the host system.
     
  • Because of this, any attacks by internet-based malware cannot reach or compromise the host system. This makes the Virtual Desktop a highly secure environment for general workflows, and specifically for surfing the internet.
     
  • The virtual desktop can run any Windows program, so could be used as the default login environment for employees and guests. You can set a password to lock users into the virtual desktop. Users will need to enter the password before they can exit the desktop.
     
  • You can also white-label the virtual desktop with your own company branding.
     
  • This article explains how to:
     

Configure the virtual desktop section of a profile

  • Log into ITarian
     
  • Click 'Applications’ > ‘Endpoint Manager’
     
  • Click 'Configuration Templates' > 'Profiles'
  • Open the Windows profile applied to your target devices
     
    • Open the 'Containment' tab (if the section has been added to the profile)

      OR
       
    • Click 'Add Profile Section' > ''Containment' (if it hasn't yet been added)
       
  • Click the 'Virtual Desktop' tab


 

Automatically reset Virtual Desktop when session is terminated -  All data saved in the virtual desktop is deleted when the desktop is closed. All changes are reversed. This includes any files downloaded from the internet and any system changes.

  • End-users should save files in the 'Shared Space' folder when using the virtual desktop.
     
  • You can also enable removable media (external storage devices) for use with the virtual desktop. 
     
  • See this help page for more help on containment settings 

Protect paused Virtual Desktop session with PIN - Generates a session-specific PIN number at virtual desktop startup. The PIN is required to resume the session from a paused state. This is useful on shared computers as it prevents other users from accessing the session.


 

  • Users can view this number by clicking the PIN button   at the bottom-right of the virtual desktop

Duration of paused Virtual Desktop session before its automatic termination - Set the maximum time that a virtual desktop session can be left in a paused state. The session gets automatically terminated when this period elapses.

Request password when exiting Virtual Desktop - Create an 'exit' password for the virtual desktop.

  • Users need to enter the password in order to close the virtual desktop, as shown below:

  • This prevents users from closing the virtual desktop and accessing the host, potentially exposing the computer to danger.
     
  • Type a password that cannot easily be guessed. Passwords must be 8-16 characters and contain a mix of upper case letters, lower case letters, numbers, and special characters.
     
  • Re-enter the password for confirmation.

Show disclaimer upon Virtual Desktop startup - Create a legal disclaimer which is shown when the virtual desktop starts. Users must accept the disclaimer before they can access the virtual desktop.

Note - This setting is only of value if you are rebranding the virtual desktop. You can safely ignore this setting if you do not plan to rebrand.

  • Enter the disclaimer message
     
  • The message is shown when the virtual desktop starts.
     
  • Users should read the disclaimer and click 'Accept'. An example is shown below:


 

Allow user to override Virtual Desktop settings - Changes to virtual desktop settings at the endpoint are not reversed by Endpoint Manager.

  • By default, EM checks devices to see if the local CCS settings match those in the profile. It will re-implement the profile settings if it detects any deviation.
     
  • Enabling this option stops the process described above. The EM profile does not apply any virtual desktop settings. Only the virtual desktop settings in CCS on the endpoint are applied to the device.
     
  • See this wiki page for help to locally configure the virtual desktop in CCS.
     
    • Note 1. This option complements the existing override option in the ‘Client Access Control’ section of a profile, which allows local changes to *every* CCS setting. You can allow local override of just the virtual desktop settings while preventing changes to other CCS settings.
       
    • Note 2. If you enable this option, you effectively cancel all Virtual Desktop settings that come from the profile. For example, ‘Exit Password’, ‘Reset Virtual Desktop’ and ‘Duration’ settings will not get applied.

Users

Specify user groups for whom the virtual desktop should start automatically after login. This means the virtual desktop is the users’ default environment, instead of the host operating system. This setting is especially useful for guest users and for public computers in libraries / class-rooms etc.

  • Click 'Add' under the 'Users' section



     
  • Select a user group from the drop-down then click 'OK'.


 

The selected user group is added to the list:
 

  • Use the ‘ON/OFF' switches to enable or disable the feature for a particular group.
     
  • Repeat the process to add more user groups

Click 'Save' to apply your changes to the profile.

Rebrand the virtual desktop

You can white label virtual desktop with your own custom application name and brand logos. This is especially useful if you set the virtual desktop to launch automatically instead of the Windows desktop. See the 'users' section for more on this.

  • Click 'Configuration Templates' > 'Profiles'
  • Open the Windows profile applied to your target devices
     
    • Open the 'UI Settings' tab and click 'Edit' (if the section has been added to the profile)

      OR
       
    • Click 'Add Profile Section' > ''UI Settings' (if it hasn't yet been added)
       
  • Click the 'Comodo Client Security Rebranding' tab



     
  • Scroll down to 'Comodo Virtual Desktop'




     
  • Client Name - Enter a custom name for the application. This will be shown in the interface and will be used as the product name in the Windows 'Start' menu.

                        You can use letters, numbers and special characters. Maximum = 25 characters.

  • Wallpaper icon - Shown on the virtual desktop main screen.

                     Accepted image size = 128 x 128 pixels

                     Accepted image file format = .png

  • Start menu icon - Windows start menu and shortcut icon.

                  Accepted image size = 32 x 32 pixels

                  Accepted image file format = .png

  • Widget icon - Logo shown on the header of the virtual desktop widget.

                 Accepted image size = 24 x 24 pixels

                 Accepted image file format = .png

  • Click 'Save' to apply your settings to the profile.

Show only virtual desktop settings on the device

You can configure the 'UI Settings' section of a profile to show only virtual desktop options, and block access to the rest of CCS.

  • Click 'Configuration Templates' > 'Profiles'
     
  • Open the Windows profile applied to your target devices
     
    • Open the 'UI Settings' tab then click 'Edit'

      OR
       
    • Click 'Add Profile Section' > 'UI Settings' (if it hasn't yet been added)
       
  • Click the 'General Settings' tab

Enable 'Show Virtual Desktop settings only in security client interface'


 

This means:

  • The CCS tray icon and the widget are hidden on the endpoint.
     
  • The CCS desktop and start menu shortcuts only show virtual desktop options:


 

  • Run Virtual Desktop - Opens the virtual desktop
     
  • Open Virtual Desktop Settings – Opens the virtual desktop settings area in CCS ('Settings' > 'Containment' > 'Virtual Desktop')
     
  • Click 'Save' for your settings to take effect.