...

Administration – Settings

Estimated reading: 14 minutes

Introduction

The Settings tab allows configuration of domain-level options for user accounts. Key sections include:

  • Overview: Displays all modified settings for easy reversion.
  • General – Account: Manage domain administration, user and group creation, and domain settings access.
  • Computer Groups: Control creation, editing, and deletion of computer groups.
  • My Profile: Allows users to edit personal information like name, email, nickname, and time zone.
  • Admin Notes: Add internal notes about users.
  • License Usage: Set user or domain-wide license limits.
  • ISL Light: Enable or restrict remote session capabilities, operator info visibility, and manage session rules, IP filtering, and session durations.
  • Permissions – Invite Operator: Allow guest operators in sessions.
  • Remote Desktop: Control view, control, screen sharing, clipboard, and recording permissions.
  • Files: Manage file sending, receiving, and file manager access.
  • RDP / SSH: Configure tunneling options using Jumpbox functionality.
  • Plugins: Deprecated plugin settings for audio, video, printing, etc.
  • ISL AlwaysOn (Automatos Remote Control Viewer): Enable or disable access to unattended computers.
  • Remote Access Devices Limit: Set a hard limit on how many unattended devices users can manage.

Each setting helps control access, security, and user capabilities across the domain.

image 54 Administration - Settings

Overview

Administration> Settings> Overview

Licenses are consumed by simultaneous remote connections between operators, and when a session is terminated, it becomes available again for the same operator or another operator to take.

License Usage

Max license usage (hard limit)

This setting limits the combined peak license usage of all users within the domain. It also serves as an upper limit for the “Max license usage” setting (see below).
Note: The Hard Limit is related to the total number of licenses contracted and cannot be changed by the domain administrator, only by the Almaden team in case of contract changes.

Max license usage

This setting limits the number of licenses available to a user.
Note: This setting is limited (upper bound) by the “Max license usage (hard limit)” setting (see above).
This value is related to how many simultaneous remote connections the user can make.

General

Administration> Settings> General

Domain Administration

Domain Admin

Enable this to promote the user to domain admin. This grants the user access to the Administration Dashboard where they can edit users, computers, and settings for their domain. Using the permissions below, such as “Create, edit, and delete users (domain admin only)”, you can grant/revoke access to certain settings. For example, you can create a read-only domain admin by enabling “Domain Admin” and revoking all the permissions below.

Create, edit, and delete users (domain admin only)

This setting grants access to the “Users” tab in the Administration Dashboard. There, the user can view a list of users in their domain, create new users, update their settings, and delete existing ones. If you disable this permission, the user will not have access to the “Users” tab. Please note that the user must be a domain admin to access the Administration Dashboard (see the “Domain Admin” setting). 

Create, edit, and delete user groups (domain admin only)

This setting grants access to the “Groups” tab in the Administration Dashboard. There, the user can view a list of user groups in their domain, create new groups, change their members, and delete existing ones. If you disable this permission, the user will not have access to the “Groups” tab. Please note that the user must be a domain admin to access the Administration Dashboard (see the “Domain Admin” setting).

Edit domain settings (domain admin only)

This setting grants access to the “Settings” tab in the Administration Dashboard. There, the user can update domain settings. Domain settings are applied to all users within a domain. If you disable this permission, the user will not have access to the “Settings” tab. Please note that the user must already be a domain admin to access the Administration Dashboard (see the “Domain Admin” setting).

Computer Groups 

Create computer groups

When this setting is enabled, the user can create new computer groups. To add computers to the group, the user will also need “Edit computer groups” permission. You can learn more about the benefits of groups here.

Edit computer groups

The user can edit computer groups (add or remove computers, rename group, share group with other users) when enabled.

Delete computer groups

When this setting is enabled, the user can delete computer groups.

My Profile

Edit full name

When this setting is enabled, a user(s) can edit their full name in “Profile”. Disable this setting if you wish to prevent the user from editing their full name.

Edit e-mail

When this setting is enabled, a user(s) can edit their e-mail in “Profile”. Disable this setting if you wish to prevent the user from editing their e-mail.

Edit nickname

When this setting is enabled, a user(s) can edit their nickname in “Profile”. Disable this setting if you wish to prevent the user from editing their nickname.

Change time zone

When this setting is enabled, a user(s) can change their time zone in “Profile”. Disable this setting if you wish to prevent the user from changing their time zone.

Admin Notes

Notes

Use this field for storing notes about users. The notes will only be seen here and do not affect any functionality of services.

License Usage

Max license usage (hard limit)

This setting limits the combined peak license usage of all users within the domain. It also serves as an upper limit for the “Max license usage” setting (see below).
Note: The Hard Limit is related to the total number of licenses contracted and cannot be changed by the domain administrator, only by the Almaden team in case of contract changes.

Max license usage

This setting limits the number of licenses available to a user.
Note: This setting is limited (upper bound) by the “Max license usage (hard limit)” setting (see above).
This value is related to how many simultaneous remote connections the user can make.

ISL Light

Administration> Settings> ISL Light

Basic

ISL Light

Disabling this option will prevent the user(s) from starting any remote support sessions or connecting to unattended computers. The user(s) will also be unable to view the “Remote Support” tab on web pages.

Show operator’s information to remote user

This setting exposes the operator’s information to the remote side while joining a session. The following values can be set: “username”, “fullname”, “email” or “none” (to display none).

IP Filtering

Desk code request IP filter

Limits session code generation based on IP or MAC address. For a detailed guide on how to use filters please see the Using Filters manual.

Session Management

Scheduled sessions (in UTC)

This setting specifies the days of the week and times when the user is allowed to start a session. Outside of the schedule, new sessions will be rejected.

The time schedule can be set for individual days of week (1=10:00-14:00, 4=15:00-17:00) or for a range of days (5-7=11:00-12:00). Please note that day 1 is Sunday and day 7 is Saturday. For each day, multiple schedules can be specified with different time ranges (00:00-24:00) in UTC time standard.

When the setting is in the wrong format, all new connections to remote computers will be rejected and an error log will be appended to the server log file.

For more details and examples, please refer to the manual.

End active sessions at the scheduled end time

When this setting is enabled, existing sessions will be ended when the end time for scheduled sessions is reached.

When this setting is disabled, the user is allowed to continue with any active sessions when the end time for scheduled sessions is reached.

Maximum session duration (time limit in seconds)

Set the time limit (in seconds) after which a session will be ended. If this setting is left empty, no time limit is set.    
 

Permissions – Invite an Operator

Skip login authentication (guest operator)

When this setting is enabled, operators can invite guest operators (without a user account) into their sessions.

Remote Desktop

View Remote Desktop

When this setting is enabled, the operator can view the remote desktop (client). When the setting is disabled, the connection to the remote computer can be established, but the operator won’t be able to see the remote desktop.

Control Remote Desktop

When this setting is enabled, the operator can control the remote desktop (client). When the setting is disabled, the operator will be able to see the remote desktop, but won’t be able to control it.

Share My Screen

When this setting is enabled, the operator can share his screen to the remote computer (client). When the setting is disabled, the connection to the remote computer (client) can still be established, but the operator will be unable to share their screen with the client.

Control My Screen

When this setting is enabled, the remote computer (client) can control the operator’s computer. If the setting is disabled, the client will enter the session in whiteboard mode. This will allow them to see your desktop (if the “Share My Screen” setting is enabled), but they won’t be able to control it. For the client to control your computer, the client will need to request permission and the local (operator) side will have to grant it.

Clipboard

This setting enables clipboard sharing between the local and remote computers. The operator can utilize the Copy (Ctrl-C) command on the remote computer and Paste (Ctrl-V) it on the local computer or vice versa. This eliminates the need to send snippets of text via the text chat, or any other means of communication to the remote desktop (client).

Recording

When this setting is enabled, the operator can record sessions. When it is disabled, the operator cannot record sessions.

Files

Send Files

If this setting is disabled, the operator won’t be able to send any files to the remote computer (client). The operator will still be able to receive files (if the “Receive Files” setting is enabled).

Receive Files

If this setting is disabled, the operator won’t be able to receive any files from the remote computer (client). The operator will still be able to send files (if the “Send Files” setting is enabled).

File Manager

Enabling this setting allows the operator to use the File Manager functionality. Please note that when this setting is disabled, file transfer can still be performed unless the “Send Files” and “Receive Files” settings are also disabled.

RDP / SSH

Enable Jumpbox functionality

This setting enables the possibility to include tunnel endpoints, other than localhost, on either the operator side or the client side. The setting also requires the “Enable operator-side tunnel creation” setting to be enabled (the “Enable client-side tunnel creation” setting should also be enabled if using a reverse Jumpbox tunnel). Read more about Jumpbox functionality here.

Enable client-side tunnel creation

This setting enables the client to create tunnels to the operator side. Please note that when this setting is disabled, tunnels can still be created from the operator to the client unless the “Enable operator-side tunnel creation” setting is also disabled.

Enable operator-side tunnel creation

This setting enables the operator to create tunnels to the client side. Please note that when this setting is disabled, tunnels can still be created from the client to the operator unless the “Enable client-side tunnel creation” setting is also disabled.

Plugins

Desktop plugin

This setting controls the desktop plugin. Please note that this setting is deprecated.

File transfer plugin

This setting controls the file_transfer plugin. Please note that this setting is deprecated.

Video plugin

This setting controls the video plugin. Please note that this setting is deprecated.

Audio plugin

This setting controls the audio plugin. Please note that this setting is deprecated.

Printing plugin

This setting controls the printing plugin. Please note that this setting is deprecated.

Recording plugin

This setting controls the recording plugin. Please note that this setting is deprecated.

ISL AlwaysOn

Administration> Settings> AlwaysOn

Basic

ISL AlwaysOn (Automatos Remote Control Viewer)

Disabling this option will prevent the user(s) from adding or connecting to unattended computers. The computers are not permanently deleted, so the setting can be reverted. The user(s) will also be unable to view the “Remote Access” tab on web pages.

Owned Remote Access Devices Limit

Maximum number of owned remote access devices within domain (hard limit)

This setting imposes a hard limit on the total number of owned remote access devices for all the users within the domain. Attempting to add additional devices beyond this limit will trigger an error message indicating that the maximum number of owned devices has been reached.

Note: This setting serves as a hard limit for the settings listed in this section.

Maximum number of owned remote access Android devices within domain

This setting limits the number of owned remote-access Android devices for all the users within the domain. Attempting to add additional Android devices beyond this limit will trigger an error message indicating that the maximum number of owned devices has been reached. Android devices that are shared with the user do not count towards the limit.

Note: This setting is limited (upper bound) by the “Maximum number of owned remote access devices within a domain (hard limit)”.

Maximum number of owned remote access devices per user

This setting limits the number of owned remote access devices for the individual user. Attempting to add additional devices will trigger an error message indicating that the maximum number of owned devices has been reached. Devices that are shared with the user do not count towards the limit.

Note: This setting is limited (upper bound) by the “Maximum number of owned remote access devices within a domain (hard limit)”.

If the limit is reached, the following error is displayed when trying to grant access to the user:

image 55 Administration - Settings

 

Access Management

Scheduled access (in UTC)

This setting specifies the days of the week and times when the user is allowed to connect to ISL AlwaysOn (Automatos Remote Control Server) computers. Outside of the schedule, new connections to remote computers will be rejected, however, existing connections will remain active.

The schedule can be set for individual days of the week (1=10:00-14:00, 4=15:00-17:00) or a range of days (5-7=11:00-12:00). Please note that day 1 is Sunday and day 7 is Saturday. For each day, multiple schedules can be specified with different time ranges (00:00-23:59) in UTC standard.

When the setting is in the wrong format, all new connections to remote computers will be rejected and an error log will be appended to the server log file.

For more details and examples, please refer to the Scheduled access manual.

End active sessions at the scheduled end time

When this setting is enabled, existing sessions will be ended when the end time for scheduled access is reached.

When this setting is disabled, the user can continue with any active sessions when the end time for scheduled access is reached.

Maximum session duration (time limit in seconds)

Set the time limit (in seconds) after which an ISL AlwaysOn (Automatos Remote Control Viewer) session will be ended. If this setting is left empty, no time limit is set.

ISL Pronto (Not used)

ISL Groop (Not used)

Security – Authentication

Administration> Settings> Security

Two-factor Authentication

Login without configured Two-Factor Authentication

Disabling this option will force Two-Factor Authentication for the user(s). This will require the user(s) to configure Two-Factor Authentication on their next login attempt if they do not have at least one Two-Factor Authentication method set.

“Don’t ask again on this device” option for 2-Factor authentication

Disabling this option will remove the “Don’t ask again on this device” checkbox from the GUI, and the user(s) will no longer be able to skip Two-Factor Authentication on any devices.

Password

Note: Password management must be done in CIQ ITAM (SmartCenter).

Security – Session Management

User Sessions

View own session

When this setting is enabled, the user can list and query their own sessions.

Control own session

When this setting is enabled, the user can terminate their sessions. Please note that the “View own sessions” setting also needs to be enabled.

Domain Sessions

View domain sessions

When this setting is enabled, the user can list and query sessions in their domain.

Control domain sessions

When this setting is enabled, the user can terminate sessions in their own domain. Please note that the “View domain sessions” setting also needs to be enabled.

Articles

Administration - Previous Administration – Audit Next - Administration Administration – Reports
Share this Doc

Administration – Settings

Or copy link

Table of Contents
Scroll to Top