Environment
Reflection for Secure IT Client for Windows
Situation
Reflection Group Policy support provides administrators with an added tool for customizing and securing Reflection applications. Examples of customizations that can be made using Group Policies include: enabling only secure, encrypted connections; disabling macros; disabling password saving; and disabling file transfers to or from host computers.
Windows Group Policy editor support is available for Windows 2000 and Windows 2003 server, and Windows 2000 and Windows XP workstations.
Resolution
Should I Use the Reflection Profiler or Group Policies?
Both Reflection Profilers and the Windows Group Policy editor enable you to lock down Reflection features. Although Active Directory is not a requirement, the administrator will gain the greatest benefits of Group Policy settings when implemented using Active Directory. If you want to take advantage of Active Directory, and the features you want to lock down are available through Reflection’s Group Policy settings, using Group Policies is easier and more flexible than using the Profilers.
Note: Profilers are available in all Reflection products except Reflection for Secure IT. (Reflection for Secure IT does support Windows Group Policies.)
For further information about using the Reflection Profiler or Windows Group Policies with the Reflection product(s) you are using, see the Reflection System Administrator Guide for your product at https://support.microfocus.com/manuals/.
Windows Group Policies Supported by Reflection
The following tables provide information about each policy supported by Reflection.
Note: By default, features associated with policies are available unless the feature is disabled by a policy, the Profiler, or through some other means.
Table Value Definitions
There are two policy values types noted in these tables:
Enable/Disable - These policies can be enabled or disabled. If the policy is disabled, these features are unavailable.
Configurable Setting - These policies require a value to be specified. If the policy is disabled, these settings are locked at their default value.
The following Reflection product abbreviations are used in the Applies To column of these tables.
RRG - Reflection for ReGIS Graphics
RHP - Reflection for HP
RIBM - Reflection for IBM
RX - Reflection X
RFTP - Reflection FTP Client utility
RSIT – Reflection for Secure IT
Reflection Settings
These policies are available from User Configuration > Administrative Templates > Reflection Settings.
Setting Name and Description |
Supported in Reflection Version |
Value Type |
Applies To |
Migration of settings from F-Secure to Reflection: This policy determines whether Reflection migrates (imports) F-Secure settings when a Reflection session starts. The migration is performed only once. You can also specify that the migration is performed silently. |
13.0-14.x |
Configurable Setting |
RHP RUO RSIT RRG |
Allow non-FIPS mode: If this policy is disabled, all Reflection products run in FIPS mode. When enabled, Reflection products are not run in FIPS mode. |
12.0.3-14.x |
Enable/ Disable |
RUO RRG RHP RIBM RX RFTP RSIT |
Allow files to be sent to host computers: If this policy is disabled, Reflection will not permit files to be sent to host computers. |
11.0-14.x |
Enable/ Disable |
RUO RRG RHP RIBM RFTP RSIT |
Allow files to be received from host computers: If this policy is disabled, Reflection will not permit files to be received from host computers. |
11.0-14.x |
Enable/ Disable |
RUO RRG RHP RIBM RFTP RSIT |
Allow Reflection to save passwords: If this policy is disabled, Reflection will not allow users to save passwords in scripts, macros or settings files. |
11.0-14.x |
Enable/ Disable |
RUO RRG RHP RIBM RX RFTP |
Allow sessions without settings files: If this policy is disabled, Reflection requires every Reflection session to be associated with a settings file. Users will be unable to create untitled sessions. Disabling this policy terminates untitled sessions created prior to the policy change. |
11.0-14.x |
Enable/ Disable |
RUO RRG RHP RIBM RSIT |
Allow start screen: If this policy is disabled, the splash screen is not displayed on Reflection startup. This policy does not affect the display of the About Box at startup. |
11.0-14.x |
Enable/ Disable |
RUO RRG RHP RIBM RX RFTP RSIT |
Allow tracing for troubleshooting: If this policy is disabled, Reflection will not permit tracing for troubleshooting. Use this policy if there is a significant concern that sensitive information could be revealed in traces. Using this policy may impede product support. This policy has no effect on RFTP logging. |
11.0-14.x |
Enable/ Disable |
RUO RRG RHP RIBM RX RSIT |
Allow unencrypted connections: If this policy is disabled, users are required to use encryption for all host connections and FTP transfers. Reflection X client connections also require encryption, unless the client is running locally on the same computer as Reflection X. |
11.0-14.x |
Enable/ Disable |
RUO RRG RHP RIBM RFTP RX |
Folder for the default auto update file: This policy controls whether and how Reflection looks for settings.rsu, settings.r1u, settings.r2u, or settings.r4u. If enabled, you can specify the folder where Reflection should look for this file. If you leave the folder name empty, Reflection will not look for the settings.r?u file. If disabled or not configured, Reflection will look for this file in the Reflection User Folder. This policy is ignored, and settings.r?u is ignored if a settings file has specified a value for the "Auto Update File" setting. You can use environment variables as in the following examples: %personalfolder%\Reflection |
12.0-14.x |
Configurable Setting |
RUO RRG RHP RIBM RSIT |
Folder for the shared macros settings file: This policy controls whether and how Reflection looks for SharedMacros.rsf, SharedMacros.r1w, SharedMacros.r2w or SharedMacros.r4w. If enabled, you can specify the folder where Reflection should look for SharedMacros.* files. If you leave the folder name empty, Reflection will not look for the SharedMacros.* files. If disabled, Reflection will look for SharedMacros.* in the Reflection User Folder. If not configured, Reflection will look for SharedMacros.* in the folder specified by the SharedMacrosFolder property. If the SharedMacrosFolder property is not set, Reflection will look for SharedMacros.* in the Reflection User Folder. Changes to this policy will not affect Reflection sessions that are already started. You can use environment variables as in the following examples: %personalfolder%\Reflection |
12.0-14.x |
Configurable Setting |
RUO RRG RHP RIBM |
Language override: When multiple user interface languages are installed, this policy overrides the way Reflection normally chooses which language to use. This is helpful if none of the installed languages matches the language configured for Windows. This policy has no effect if only one user interface language is installed. |
11.0-14.x |
Configurable Setting |
RUO RRG RHP RIBM RX RFTP RSIT |
Settings only in these folders: This policy prevents Reflection from opening settings files in folders not specifically listed. You can use Windows environment variables, such as %PersonalFolder%, to specify folders whose path specification may vary from user to user. Disabling this policy is equivalent to leaving it not configured. |
11.0-14.x |
Configurable Setting |
RUO RRG RHP RIBM RSIT |
When Reflection Exits
These policies are available from User Configuration > Administrative Templates > Reflection Settings > When Reflection Exits.
Setting Name and Description |
Supported in Reflection Version |
Value Type |
Applies To |
If there are unsaved changes: This policy specifies what to do if the user exits Reflection before changes have been saved. |
11.0-14.x |
Configurable Setting |
RUO RRG RHP RIBM RX RSIT |
Prompt if connected when user exits Reflection: If a host connection is active when the user exits Reflection, this policy specifies whether a confirmation prompt is displayed. |
11.0-14.x |
Configurable Setting |
RUO RRG RHP RIBM RX RFTP RSIT |
Prompt when exiting all Reflection sessions: If the user chooses to exit all Reflection sessions, this policy specifies whether a confirmation prompt is displayed. |
11.0-14.x |
Configurable Setting |
RUO RRG RHP RIBM RSIT |
Application Programming Interfaces
These policies are available from User Configuration > Administrative Templates > Reflection Settings > Application Programming Interfaces.
Setting Name and Description |
Supported in Reflection Version |
Value Type |
Applies To |
Allow scripts and macros on the startup command line: If this policy is disabled, Reflection will not run scripts, macros or commands specified on the startup command line. |
11.0-14.x |
Enable/ Disable |
RUO RRG RHP RIBM RFTP |
Allow other applications to use Reflection's DLL API: If this policy is disabled, Reflection will not permit other applications to use Reflection's DLL API. |
11.0-14.x |
Enable/ Disable |
RIBM |
Allow other applications to use Reflection's HLLAPI interface: If this policy is disabled, Reflection will not permit other applications to use Reflection's HLLAPI interface. |
11.0-14.x |
Enable/ Disable |
RIBM |
Allow other applications to use Reflection's OLE automation interface: If this policy is disabled, Reflection will not permit other applications to use Reflection's OLE automation interface. |
11.0-14.x |
Enable/ Disable |
RUO RRG RHP RIBM RFTP |
Allow Reflection FTP Client scripting: If this policy is disabled, the Reflection FTP client will not run RFS scripts. |
11.0-14.x |
Enable/ Disable |
RFTP |
Allow Reflection to process DDE requests: If this policy is disabled, Reflection will not process DDE requests from other applications. |
11.0-14.x |
Enable/ Disable |
RUO RRG RHP RIBM |
Allow Reflection to run Reflection Basic scripts: This policy allows host programs to run Reflection Basic scripts in Reflection. If disabled, Reflection will not run Reflection Basic scripts. Note: Host-initiated scripting is available only when Reflection is emulating a VT or HP terminal. |
11.0-14.x |
Enable/ Disable |
RUO RRG RHP RIBM |
Allow Reflection to run RCL scripts: This policy permits host programs to run RCL scripts in Reflection. If disabled, Reflection will not run RCL (Reflection Command Language) scripts. |
11.0-14.x |
Enable/ Disable |
RUO RRG RHP |
Allow Reflection to run Visual Basic for Applications macros: If this policy is disabled, Reflection will not run Visual Basic for Applications macros. |
11.0-14.x |
Enable/ Disable |
RUO RRG RHP RIBM |
Client Metering
This policy is available from Computer Configuration > Administrative Templates > Reflection Settings > Client Metering.
Setting Name and Description |
Supported in Reflection Version |
Value Type |
Applies To |
Client metering, Require connection to metering server, and Metering web server: If this policy is enabled, Reflection attempts to contact the Reflection metering server at the specified URL. If Reflection cannot contact the metering server and "Require connection to metering server" is checked, Reflection exits after issuing an error message. This policy is configured from Computer Policy > Computer Configuration > Administrative Templates > Reflection Settings > Client Metering. |
12.0-14.x |
Enable/ Disable |
RUO RRG RHP RIBM RX RSIT |