System information

ManualsBrandsVector ManualsComputer equipmentPC-Duo

PC-Duo Host Guide

Release 12.0

February 2012

Vector Networks Technologies

541 Tenth Street, Unit 123

Atlanta, GA 30318

(800) 330-5035

http://www.vector-networks.com

PC-Duo is a trademark of Vector Networks Technologies, and PROXY is a trademark of Proxy

Networks, Inc. Microsoft, Windows, Windows NT, Windows Server, and other Microsoft products

referenced herein are either trademarks or registered trademarks of the Microsoft Corporation in the

United States and other countries. Novell and NetWare are registered trademarks of Novell, Inc. All

other trademarks are the property of their respective owners.

This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit

(http://www.openssl.org), cryptographic software written by Eric Young (eay@cryptsoft.com), and

compression software from the ZLIB project (http://www.zlib.net/).

Summary of content (143 pages)

PAGE 1
PC-Duo Host Guide Release 12.0 February 2012 Vector Networks Technologies 541 Tenth Street, Unit 123 Atlanta, GA 30318 (800) 330-5035 http://www.vector-networks.com © Copyright 2012 Vector Networks Technologies and Proxy Networks, Inc. All rights reserved. PC-Duo is a trademark of Vector Networks Technologies, and PROXY is a trademark of Proxy Networks, Inc.
PAGE 2
Table of Contents PC-Duo overview .......................................................................................................................................... 6 What‟s New in PC-Duo 12.0 ...................................................................................................................... 7 What‟s New in PC-Duo 11.6 .................................................................................................................. 7 What‟s New in PC-Duo 11.3 ..................
PAGE 3
PC-Duo overview Requirements .......................................................................................................................................... 34 Operating system requirements ........................................................................................................... 34 Hardware requirements ....................................................................................................................... 34 Installation requirements ............................
PAGE 4
Move Down .......................................................................................................................................... 90 Details .................................................................................................................................................. 90 Resend Status ..................................................................................................................................... 90 View Error .....................................
PAGE 5
PC-Duo overview PHSETUP Tag parameters ............................................................................................................... 130 PHSETUP Terminal Services parameters ......................................................................................... 131 PHSETUP Windows Security parameters ......................................................................................... 132 Install Host with the MSIEXEC command line.....................................................
PAGE 6
PC-Duo overview Thank you for selecting PC-Duo remote desktop solutions. PC-Duo remote desktop solutions provide professional features that enable helpdesk technicians, network administrators, IT managers, and software trainers to deliver professional remote support for a fraction of the cost of hosted solutions. Some selected features include:  Remote Access: Reach anyone, anywhere, anytime using firewall- and NAT-friendly remote control connections.
PAGE 7
PC-Duo overview What’s New in PC-Duo 12.0 PC-Duo 12.0 introduces the following new features and capabilities:  Web Console: A new server-side application that enables browser-based access to the Gateway Server (see PC-Duo Web Console Operating Guide)  “Click Once” Remote Desktop Window: Ability to launch a Remote Desktop Window to a remote desktop through the Web Console without a Master.
PAGE 8
 Active Directory integration: PC-Duo 11.6 Deployment Tool can now be used to discover computers and OUs in Active Directory domains, install new PC-Duo software, upgrade existing software, and/or push configuration changes to existing software. What‟s New in PC-Duo 11.3  Remote Management service: PC-Duo 11.3 features a new service that allows Master user to generate inventory of hardware and software assets on a remote Host. Also allows Master user to query and change certain system settings.
PAGE 9
PC-Duo overview PC-Duo solutions Vector Networks provides two solutions for remote desktop support: PC-Duo Express PC-Duo Express is an easy-to-use remote desktop solution that uses simple peer-to-peer connections between helpdesk technicians and end-user remote computers. It is ideally suited for smaller companies and workgroups in which the number of remote computers being supported is small and manageable.
PAGE 10
PC-Duo applications The PC-Duo remote desktop solutions include some or all of the following applications: PC-Duo Applications PC-Duo Express PC-Duo Enterprise PC-Duo Host Yes Yes PC-Duo Master Yes Yes PC-Duo Gateway No Yes PC-Duo Web Console No Yes PC-Duo Deployment Tool Yes Yes PC-Duo Host PC-Duo Host is an agent application that enables remote support connections to be established to the machine on which it runs.
PAGE 11
PC-Duo overview PC-Duo Master PC-Duo Master is a console application that technicians can use to establish remote support connections to one or more Host computers. With PC-Duo Master, you can:  Make one or more peer-to-peer remote support connections to Host computers in your network.  Connect to PC-Duo Gateway and make one or more Gateway-managed remote support connections to Host computers from a directory of available Hosts.  View the entire screen of the remote computer.
PAGE 12
PC-Duo Gateway PC-Duo Gateway is an enterprise class server, which provides centralized administration, security and management for a network of remote support connections to Host computers in your environment. With PC-Duo Gateway configured as the hub of your remote support network, you can:  Organize large numbers of Host computers into logical groups for easier access and management.  Reach remote computers outside the network, behind firewalls or NAT-devices.
PAGE 13
PC-Duo overview PC-Duo Web Console PC-Duo Web Console is a web application that provides browser-based access to the PC-Duo Gateway Server. With PC-Duo Web Console:  Administrators can access and edit all the configuration information on the Gateway Server, including Groups, Security, Permissions, etc. The Administrative web account can be used in conjunction with or instead of the standalone Gateway Administrator application.
PAGE 14
PC-Duo Deployment Tool PC-Duo Deployment Tool is an easy-to-use software distribution utility that automates the deployment and installation of PC-Duo applications to remote computers in your network. With PC-Duo Deployment Tool, you can:  Automatically deploy an image of PC-Duo Host, Master or Gateway to one or more computers or groups of computers in your network and avoid manual effort of going to each machine.
PAGE 15
PC-Duo overview PC-Duo technologies PC-Duo remote desktop solutions utilize highly optimized technologies to deliver speed, performance and reliability, including:  Highly efficient screen capture algorithms. PC-Duo utilizes two kinds of screen capture technology:  Kernel-mode screen capture. This technology utilizes the PC-Duo mirror driver, which reproduces graphics drawing commands from the remote Host on the PCDuo Master user‟s screen quickly and efficiently.  User-mode screen capture.
PAGE 16
PC-Duo services PC-Duo remote desktop solutions offer technicians a number of professional-quality services for investigating and solving problems on Host remote computers, including:  Remote Control: ability to view screen activity on an end-user's remote machine, and with proper authorization, take control of and send keyboard/mouse inputs to the remote machine in real-time  Remote Clipboard: ability to copy selected items on the screen of a remote machine into the clipboard on the remote machine
PAGE 17
PC-Duo overview  Event Manager: provides a graphical view of the Application, Security and System logs kept on the remote Host computer.  Power Manager: provides a graphical view of the power management and power scheme management options for the remote Host computer, as well as ability to restart, reboot or shutdown the remote computer. For more information, see PC-Duo Master Guide.
PAGE 18
PC-Duo connection types PC-Duo services are performed over service connections between a PC-Duo Master (with appropriate access rights) and a PC-Duo Host. Service connections are established on demand, when a PC-Duo Master requests a service from a PC-Duo Host.
PAGE 19
PC-Duo overview In order to execute this feature, both the MAC address and the last known IP address of the remote computer must be known. Since the PC-Duo Gateway knows both of these pieces of information, it is in a position to send the Wake-on-LAN signal.
PAGE 20
Peer-to-peer connections from Master (M) to Host (H) The dotted and solid lines, shown in above depict two different sets of peer-to-peer connections between PC-Duo Masters to PC-Duo Hosts. PC-Duo's peer-to-peer connections enable the following:  PC-Duo Master users with proper credentials can securely access Host computers within the network.  When you permit full access to a Host computer, the PC-Duo Master user can monitor all activity on the Host computer.
PAGE 21
PC-Duo overview Gateway (G)-managed connections from Master (M) to Host (H) . Firewall-friendly connections When PC-Duo Master users need access to Hosts that are outside the domain, and/or behind a firewall or NAT-device, normal peer-to-peer or Gateway-managed connections will not work. In these cases, it is difficult to find and maintain a secure remote support connection because of dynamic port assignments and other network challenges.
PAGE 22
directly to PC-Duo Gateway for recording and/or further transmission to a PC-Duo Master. Note: Because TS sessions are captured at the Windows Server (and not at the end user device), PC-Duo Host effectively bypasses the technology used to remote the sessions to the end users, and will therefore be compatible with Microsoft Terminal Services clients as well as Citrix Presentation Server (now known as XenApp) clients.
PAGE 23
PC-Duo overview Due to technical limitations and the nature of Terminal Services sessions, the following Host features are not supported.
PAGE 24
PC-Duo security features One of the most valuable aspects of PC-Duo remote desktop solutions is the ability to create and enforce fine-grained access control policies, and to easily modify them to reflect changes in your organization.
PAGE 25
PC-Duo overview authenticate itself to the server. PC-Duo implements two types of authentication to support this:  "Identity Authentication"  "Endpoint Authentication" Identity Authentication In general, this operation answers the following security question: How does the server know who the client is? A PC-Duo application acting as a server will not provide access or information to any PC-Duo application acting as a client until it can validate that client's identity.
PAGE 26
 Simple password: Prior to making a connection, a custom password can be created on the Security tab of the Host and shared with PC-Duo Master user. This feature permits the PC-Duo Master user to connect to a Host without regard to PC-Duo Master user's Windows credentials. NOTE: Simple password applies only to peer-to-peer connections.
PAGE 27
PC-Duo overview Connection Client Server SSL Supported Peer-to-peer Master Host No Gateway-managed (Master & Host are in same domain)  Master-Gateway relationship Master Gateway Yes  Gateway-Host relationship Gateway Host No Gateway-managed (Master & Host are not in same domain)  Master-Gateway relationship Master Gateway Yes  Gateway-Host relationship Host Gateway Yes Authorization One of the strongest features of PC-Duo remote support solutions is the fine-grained access con
PAGE 28
transparent every time two PC-Duo 5.20 components or later are communicating with each other. By default, PC-Duo Express and PC-Duo Enterprise uses AES 256-bit encryption, however other encryption options can be set, including:  AES encryption (256-bit key) with SHA1 hash  AES encryption (192-bit key) with SHA1 hash  AES encryption (128-bit key) with SHA1 hash  Triple-DES (3DES) encryption (192-bit key) with SHA1 hash  RC4-compatible encryption (128-bit key) with MD5 hash NOTE: PC-Duo 5.
PAGE 29
PC-Duo overview PC-Duo networking features PC-Duo remote desktop solutions support several standard transport protocols for computer-to-computer communication, and two types of network addressing schemas. Network protocols PC-Duo products support most of the standard networking and transport protocols, including:  IP: IP is a general-purpose protocol supported on a wide variety of networks and servers.
PAGE 30
PC-Duo documentation and technical support Each of the five PC-Duo components has its own guide:  PC-Duo Master Guide  PC-Duo Host Guide  PC-Duo Gateway Server Guide  PC-Duo Web Console Operating Guide  PC-Duo Web Console Installation Guide  PC-Duo Deployment Tool Guide For more information about PC-Duo documentation and technical support, see:  "Typographical conventions"  "Technical support options" Typographical conventions in documentation PC-Duo documentation uses typographical
PAGE 31
PC-Duo overview Enter your name: YourName Password: YourPassword File names and computer text can also be displayed in italics to indicate that you should replace the values shown with values appropriate for your enterprise. Key names Names of keyboard keys appear in SMALL CAPS. When you need to press two or more keys simultaneously, the key names are joined by a + sign: Press RETURN. Press CTRL+ALT+DEL.
PAGE 32
PAGE 33
Host Installation PC-Duo Host can be installed on any computer that runs a supported operating system (OS) and meets the minimum requirements described in this section.
PAGE 34
Requirements PC-Duo Host can be installed and operated on any computer that runs a supported operating system (OS) and meets the minimum requirements described in this section. Before installing PC-Duo Host, note the following:  If you plan to use PC-Duo Host with PC-Duo Gateway, then install PC-Duo Host after you install PC-Duo Gateway. See the PC-Duo Gateway Server Guide before installing PC-Duo Host.
PAGE 35
Host Installation  Minimum requirements – Same as those specified by Microsoft for the respective operating system.  Recommended requirements – Same as those specified by Microsoft for the respective operating system. Installation requirements The following additional requirements are required or recommended for installation of PC-Duo Host:  Windows Installer 2.0 or later – Required by the installer. If needed, this upgrade is applied automatically when the setup.exe installer image is run.
PAGE 36
Installation notes The PC-Duo Host can be installed using any of the following methods:  “Install via command line utility”  “Install via internet download”  “Install via Deployment Tool”  “Install via 3rd-party imaging tools”  “Change station name with macros”  “Configure security settings”  “Configure Windows Firewall exceptions”  “Configure network settings for IPX” Install via msiexec command line utility PC-Duo Host can be installed manually by using the msiexec command line utility.
PAGE 37
Host Installation Generate unique HostIDs Each PC-Duo Host installation is identified by a unique identifier, called the HostID. This identifier is used by the PC-Duo Gateway to identify a Host, even as other information about the Host, such as the machine name, may change. This identifier contains no additional information and has no use other than to allow the PC-Duo Gateway to identify individual Hosts on the network.
PAGE 38
 -guid deletes the HostID only, but does not prepare the settings  -restart restarts the Host Service when compute; should only be used with „-guid‟ To prepare an installation for imaging, run hostprep.exe with no arguments, and press the “y” key when prompted. To delete the HostID on the local computer and cause a new one to be assigned immediately, run the command line “hostprep.exe –guid –restart”. HostPrep runs on all of the operating systems supported by the PC-Duo Host.
PAGE 39
Host Installation This example enumerates the machines on the network, and deletes the HostID of any installations that match the specified ID.  RmHostId {078A9A01-6931-42A3-9371-EA00F1DC7D99} MACHINE04 This example connects to the one machine named “Machine04”, and deletes the HostID on that machine if and only if it matches the specified ID.
PAGE 40
format %VER% External Host software version number (e.g. “v12.0.0.1800”) %INTVER% Internal Host software version number %PLATFORM% Host operating system platform (e.g. “Win7”) %PID% Process ID of the Host service %PROT% Network protocol (e.g. “IP” or “TCP”) %ADDR% Network address (e.g. “192.1612.0.15”) %PORT% Network port (e.g. “1505”) Macros for Terminal Services session Hosts The following macros are available for customizing station name for Hosts running in Terminal Services sessions.
PAGE 41
Host Installation  Optionally, set the Accounts: Guest account status policy to disabled to prevent problems with guest authentication to the Host computer. NOTE: Depending upon which version of Windows you are using, and your Windows UI settings, the procedure above may vary. Items may be named differently and navigating to them may be slightly different as well. Note that in XP Home Edition, these security settings cannot be set and you must use simple password authentication.
PAGE 42
Licensing If you download this software from the Vector Networks web site on a 30-day trial basis and want to continue using the product, you may purchase it by contacting a preferred reseller, or by contacting Vector Networks directly. Your purchase provides an appropriate license key to use with PC-Duo Host. The software does not need to be reinstalled after you purchase it. The product package contains a license key that you can add to your existing installation.
PAGE 43
Host Installation information).Note that the PC-Duo Host must be restarted in order for the terminal services support to be activated. Upgrade a license key If you are upgrading your license, you will receive an Upgrade license key, which you should add using the instructions above. Both the original product license and the upgrade license will be listed on the About tab.
PAGE 44
PAGE 45
Host Operation PC-Duo Host runs as a Windows service whenever you start up your computer. It can be configured to accept connections from a PC-Duo Master user in two different ways:  “Peer-to-peer connections” between a Master computer and a Host computer. With these connections, authentication and authorization are enforced by the PC-Duo Host.  “Gateway-managed connections” between a Master computer and a Host computer through a PC-Duo Gateway.
PAGE 46
 “Host Audit Log”: The ability to review a log of all connections to Host.
PAGE 47
Host Operation Host Tray Icon When the PC-Duo Host service is successfully started, a tray icon will appear in the bottom right hand corner of the Windows screen: Tray Icon Description Service is started; active connection Service is started; no connection
PAGE 48
Host Context Menu Right-clicking on the Host tray icon will cause a context menu to appear.
PAGE 49
Host Operation When you type a text message and click Send, the message will appear in a similar chat window on the Master display of any Masters connected to your Host. If the chat window is not already up on Master display, it will automatically be started to display the message. NOTE: Chat support requires that all components (Host, Master, Gateway) be version 11.2 or later.
PAGE 50
Note that in this example, there are 2 users (Masters) joined to the connection to this Host through the Gateway. Also note that the first client has input control, as indicated by the icon, and the second client is view only . Both clients have access to chat and the shared clipboard for this Host.
PAGE 51
Host Operation Popup Toast Notification If Popup Notifications > Enable connect/disconnect notifications option is enabled in the Host Control Panel (default = enabled), the Host will display a “popup toast” message when a new connection is made.
PAGE 52
Host Control Panel Configuration options are managed through the PC-Duo Host Control Panel. It can be accessed in any of the following ways:  Select Start > All Programs > Vector Networks > PC-Duo Host Control Panel.  Double-click the PC-Duo Host icon in your system tray (lower right corner of your monitor) and choose PC-Duo Host Properties.  Run the executable phost.exe located in the PC-Duo Host program directory. The PC-Duo Host Control Panel window appears.
PAGE 53
Host Operation Status tab The Status tab indicates the current status of any remote control connections to your computer. View the status of a remote connection to your Host computer as follows:  Whenever there is a remote connection to your Host computer, the network address and username will appear in the Connected to field.  When a PC-Duo Master user makes a direct peer-to-peer connection to your computer, the PC-Duo Master user‟s account name and the network address will appear.
PAGE 54
 When there is no remote connection to your computer, the field displays .  Disconnect any remote session by clicking Abort session.
PAGE 55
Host Operation General tab Use the General tab to change preferences. Change the following from the General tab:  Station name: Modify the name by which your Host computer identifies itself to PC- Duo Gateways and/or PC-Duo Masters. To use macros to change the Station name automatically, see "Change Station name".
PAGE 56
 Beeping: Set auditory cues to indicate when a PC-Duo Master user requests to connect to your Host computer.  Select Beep on connect/disconnect to hear a quick series of three tones rising in pitch whenever a remote connection succeeds. With this option, a series of tones falling in pitch will be made when the remote connection is terminated.  Select Beep while connected every...seconds to hear a short tone, periodically throughout the duration of any remote connection.
PAGE 57
Host Operation Security tab To authenticate the identity of PC-Duo Master users who request a connection to the Host, choose your preferred authentication method in the Security tab.
PAGE 58
For authentication that does not require network-based credentials, use a simple password to check the identity of PC-Duo Master users who request access to your Host computer. Select Allow connection with a simple password and enter the password you would like to use to authenticate an incoming connection request.
PAGE 59
Host Operation One of the strongest features of PC-Duo is the availability of fine-grained permissions. PC-Duo Master users or groups can be added or deleted from three different sets of permissions:  “Service Security tab”, defines permissions for services on this Host for the user or group selected.  “Admin Security tab”, defines permissions for access to the PC-Duo Host Control Panel window.
PAGE 60
Default Host security settings The following PC-Duo Host security settings are set by default for Windows authentication:  Service Security: The local machine‟s Administrators group and the default PC-Duo Gateway domain user account (RemoteControlGateway) have full access to all the PC-Duo services. Also, any new accounts created on Gateways known to the Host will have full access.
PAGE 61
Host Operation In the Service Security tab, you can perform the following tasks:  Click Add to add a new PC-Duo Master user or group for which you want to specify permissions.  Select an existing PC-Duo Master user or group that has permissions and click Remove to remove it.  Select a PC-Duo Master user or group and click Allow or Deny in the list of Permissions. The individual permissions can be seen on the Advanced page.
PAGE 62
 Special Permissions: Indicates a non-standard grouping of permissions not exactly matching one or more of the previously described groups. See “Permission Entry window - Service Security”.  Click Advanced to specify permissions and open the Advanced Security Settings window. Advanced Security Settings window - Service Security In the Permissions tab of the Advanced Security Settings window, select an entry for which you want to assign advanced permissions and click Edit.
PAGE 63
Host Operation Permission Entry window - Service Security Each advanced permission is treated individually; click Allow or Deny for any of them. The following permissions exist:  Connect for Services determines whether a domain account or machine-local account has permission to connect to this PC-Duo Host computer.
PAGE 64
controlled by the Windows Security settings for files and directories, so you must have read permission on the files and directories you want to access.  File Transfer Write determines whether a PC-Duo Master user or a group has the ability to write files to the Host computer. Without this permission, PC-Duo Master users cannot make any changes to files or directories on the Host computer. This permission gives you the right to use the File Transfer feature to write files.
PAGE 65
Host Operation In the Admin Security tab, you can perform the following tasks:  Click Add to add a PC-Duo Master user or group for which you will specify permissions.  Select an existing PC-Duo Master user or group that has permissions and click Remove to remove it.  Select a PC-Duo Master user or group and click Allow or Deny for the list of Permissions, each of is a common grouping of individual permissions. The individual permissions can be seen on the Advanced page.
PAGE 66
Advanced Security Settings window - Admin Security In the Permissions tab of the Advanced Security Settings window, select an entry for which you want to assign advanced permissions and click Edit.
PAGE 67
Host Operation Permission Entry window - Admin Security Each advanced permission is treated individually; click Allow or Deny for any of them. The following permissions exist:  Connect for Admin on Local Machine determines whether a PC-Duo Master user or a group has permission to connect to PC-Duo Host settings. This setting does not determine what a PC-Duo Master user can do once connected to PC-Duo Host for administration.
PAGE 68
 Remote Management determines whether a PC-Duo Master user or a group can access the information and features on the Remote Management tab in the Master Remote Desktop Window.  Read Permissions determines whether a PC-Duo Master user or a group can view the Admin Security tab of the PC-Duo Host Security Settings window.  Change Permissions determines whether a PC-Duo Master user or a group can modify the Admin Security tab permissions.
PAGE 69
Host Operation  Select an existing PC-Duo Master user or group that has permissions and click Remove to remove it.  Select a PC-Duo Master user or group and click Allow or Deny for the list of Permissions, each of is a common grouping of individual permissions. The individual permissions can be seen on the Advanced page. The following common groupings exist:  Full Control/Administration: Includes every permission in the list.
PAGE 70
In the Permissions tab of the Advanced Security Settings window, select an entry for which you want to assign advanced permissions and click Edit.
PAGE 71
Host Operation Each advanced permission is treated individually; click Allow or Deny for any of them. The following permissions exist:  View Basic Settings determines whether a PC-Duo Master user or group can view the basic PC-Duo Host settings.  Modify Basic Settings determines whether a PC-Duo Master user or group can modify basic PC-Duo Host settings.
PAGE 72
 Change Permissions determines whether a PC-Duo Master user or group can modify permissions on the Settings Security tab.  Take Ownership determines whether a PC-Duo Master user or group can take ownership.  View Gateway Configurations determines whether a PC-Duo Master user or group can read the settings on the Gateways tab.  Modify Gateway Configurations determines whether a PC-Duo Master user or group can modify the settings on the Gateways tab.
PAGE 73
Host Operation transfer, remote Host administration, and remote management), that require the Master end-user to authenticate directly to the Host. We refer to this as end-to-end authentication: If the current credentials (i.e. the credentials the Master used to authenticate to the Gateway) do not suffice at the Host, the user will now be prompted to enter another set of credentials (previously these services were not accessible).
PAGE 74
Options tab Use the Options tab to specify what happens to the keyboard, mouse, and display on your Host computer during a remote control connection. Three types of options can be configured from the Options tab:  “Action on Disconnect or Termination”  “Keyboard and Mouse suppression” NOTE: Some of these options render your Host computer unusable by local PC-Duo Master users, but you can override them. For more information, see “Confirm Host Options Settings”.
PAGE 75
Host Operation  Select None for the termination of a Master user connection to have no effect on the Host computer (this is the default setting).  Select Lock Workstation to lock the Host computer when a Master user connection is terminated. (It can be unlocked or restarted using Windows commands).  Select Reboot computer, terminating all programs to reboot the Host computer upon the termination of a Master user connection.
PAGE 76
From the time the Confirm PC-Duo Host Options Settings window appears, you have 30 seconds to click Enable Local Use of Computer. If you click Continue, any preemptive settings configured at Host startup time (see checkbox options) will apply and you may lose local use of the Host computer when the Master user connects.
PAGE 77
Host Operation Access tab Restrict access and require explicit permission to connect through settings on the Access tab. Restrict access with the following options:  “Access restrictions”: lock out connections to this Host.  “Connection permission”: require explicit permission to connect to this Host.
PAGE 78
 Select Permit connection (default) to permit remote connections from any authenticated PC-Duo Master users to your Host computer.  Select Lock out connection to prevent remote connections from any PC-Duo Master users to your Host computer.  Select Lock out or Permit connection based on time zone to permit or prevent remote connections to your Host computer based on the day of the week and the time of day. You can specify permitted access by time when you click Time Zone Settings.
PAGE 79
Host Operation  Select No permission required (default) to allow remote control connections to your Host computer from any authenticated PC-Duo Master user at any time.  Select Permission must be granted by Host if you want to grant an authenticated PCDuo Master user explicit permission to connect to your Host computer. From the Host‟s user must respond within drop-down list, select the time (10 seconds, 30 seconds, 1 minute, or 2 minutes) within which you want to make a decision.
PAGE 80
Effects tab Graphical effects on the Host screen during remote control connections can be configured through settings on the Effects tab. By disabling visual effects, for example, the amount of screen data that is captured and transmitted over the network can be greatly reduced, improving speed and performance.
PAGE 81
Host Operation  Disable some or all visual effects on the Host computer whenever a remote control connection is made: Select Always disable the selected effects. Check any options under Visual Effects which you want PC-Duo Master user to have control over.
PAGE 82
Protocols tab Configure the network protocols and ports for communication with PC-Duo Host in the Protocols tab. The UDP/IP, TCP/IP, and IPX check boxes enable/disable the network protocols that can be used for peer-to-peer or Gateway-managed connections to the Host. To the right of each check box is a Port list. Use the Port list to select or enter the specific port number on which the Host computer should listen for each enabled protocol.
PAGE 83
Host Operation If you check Use Encryption, data exchanged over remote control connections are protected with an encryption algorithm negotiated with the client (see the “Selecting ciphers” for more information about encryption). NOTE: PC-Duo Host can be installed on a computer that is also running PC-Duo Gateway. Both programs can have the IP protocol enabled, because they use different UDP ports (Host uses 1505, Gateway uses 2303). However, the two programs must compete for a single IPX port.
PAGE 84
 Click OK. TCP/IP address restrictions Access to the PC-Duo Host over TCP can be restricted according to the IP address of the Gateway or PC-Duo Master trying to connect with it. Press Restrictions to specify a policy for granting Host computer access according to IP address: Grant or deny access by default and then specify a list of exceptions according to specific IP address.
PAGE 85
Host Operation There are five options available:  Select Single Computer (at one IPv4 address) and enter an IP address in the Address field.  Select Group of computers (by IPv4 subnet mask) and enter the appropriate values into Address and Mask.  Select Group of computers (by IPv4 start address & count), enter the first address in a range in the Address field, and enter the number of addresses in the range in the Number of addresses field.
PAGE 86
Gateways tab PC-Duo Hosts can be configured to report to one or more PC-Duo Gateways. For security purposes, all connection attempts can be forced to go through the specified Gateways by selecting Permit connection only through listed Gateways on the Gateways tab. With this option, administrators can take advantage of Gateway-based security policies and prevent unauthorized connections via peer-to-peer or unlisted Gateways.
PAGE 87
Host Operation  “Move Up”  “Move Down”  “Details”  “Resend Status”  “View Error” The Host Workstation ID is a unique identifier generated at installation time, which PCDuo Gateway uses for reporting and reference purposes. Manage Gateway order The ability to control the order of the Gateway list allows the PC-Duo Master user to control the order in which connections are attempted. The Host will automatically go down the list in order to establish a connection and report to a PC-Duo Gateway.
PAGE 88
 If you do not know the station name and/or address of the PC-Duo Gateway to which you want to connect, click Find Gateway. The Find Gateway Wizard appears. Follow the instructions on the wizard and click Finish when you are done.  If you know the station name and/or address of the PC-Duo Gateway to which you want to connect, follow these steps: i Select the protocol to use from this list. ii Specify the port number if it is not standard (default standard port is 2303).
PAGE 89
Host Operation Duo Gateway can always talk back over that connection to the Host and use it to deliver other services such as remote control, file transfer, etc. The potential downside of always maintaining the reverse connection is the overhead necessary to maintain these persistent connections. When multiple hosts are involved this overhead can add up to an unacceptable level for some LANs. (3) Automatically determine if reverse connection is necessary.
PAGE 90
Move Up To move a specific Gateway up on list of Gateways, follow these steps: 1 Select any Gateway listed on the Gateways tab. 2 Click Move Up on the Gateways tab. For more information about the significance of the order of listed Gateways, see Manage Gateway order. Move Down To move a specific Gateway down on list of Gateways, follow these steps: 1 Select any PC-Duo Gateway listed on the Gateways tab. 2 Click Move Down on the Gateways tab.
PAGE 91
Host Operation Screen tab PC-Duo includes two different types of screen capture technology: Kernel-mode and user-mode. Kernel-mode Screen Capture The kernel-mode screen capture driver is a mirror driver that can be used to capture the remote desktop for Windows 7, Vista, Windows 2008 Server and older platforms.
PAGE 92
always be used on this Host. Note also that the use of the kernel-mode screen capture driver will result in Aero Glass effects being disabled on Hosts running Windows 7. The user can further specify that the kernel-mode screen capture driver be preloaded at Host startup time by clicking on the checkbox next to Attach kernel-mode mirror display driver at Host startup; otherwise, the mirror driver will be attached and unattached with each connection to the Host, which may be disruptive for the user.
PAGE 93
Host Operation Each profile consists of the following information:  Description string  Image type (two choices -- Hextile (default), or JPEG). The Host will automatically use JPEG compression if the connected Master doesn‟t support Hextile. For Hextile encoding, the „image compression quality‟ value is not used because Hextile is a lossless compression.
PAGE 94
Description High Quality Medium MediumLow (recording) Low (recording) Image Type Hextile Hextile Hextile Hextile Compression Quality 100 100 100 100 Polling Frequency 9/8/6 7/6/4 4/5/4 2/2/2 Bandwidth Limit Unlimited 100 Kbyte/sec 60 Kbyte/sec 30 Kbyte/sec The Medium-Low and Low profiles are appropriate for high volume screen recording environments, when screen quality can be traded off for lower screen capture rates, smaller screen recording file sizes and restricted bandwidth
PAGE 95
Host Operation Tags tab rd Administrators and/or 3 party application providers can define one or more name/value pairs to specify custom information for one or more Hosts. When applied, this information will appear in the Tags tab of the Host Control Panel. Each name is limited to 128 characters, and each corresponding value is limited to 1024 characters.
PAGE 96
The PhSetup command line program includes the following keywords to manage the tags: o o o “addtag:name,value” adds a tag with “name” and “value” “removetag:name” removes a tag with the name matching “name” “removetag:*” removes all tags Tag Security Considerations The Host Settings security tab includes a new item for managing access to the extension tags: Read/Modify Extension Tags.
PAGE 97
Host Operation About tab View product and license key information in the About tab NOTE: To configure a Host to support one or more Terminal Services sessions, the Host must have a special Terminal Services license key. This key will enable the Terminal Services tab in the Host Control Panel and will enable the Host to support a specified number of Terminal Services sessions simultaneously.
PAGE 98
Add a license key To add a license key to the License(s) list, follow these steps: 1 Click Add License. The Add License Key window appears. 2 Enter a license key in the field provided. 3 Click OK. Generate a System Information report For auditing and technical support purposes, PC-Duo Host includes a utility to generate a dump file of configuration information about the Host computer. Click System Information on the About tab create this detailed report.
PAGE 99
Host Operation The system information report is automatically generated and saved as a plain text file on your desktop. The name of the text file is derived from your computer name and ends with _Config.txt.
PAGE 100
Terminal Services tab PC-Duo Host can be configured to allow remote viewing and remote control of one or more simultaneous Terminal Services sessions, as well as the Terminal Services server console. A standard PC-Duo Host with a special TS license key must be installed and configured on the server console to serve as the "root". When a new Terminal Services session is started, it will execute the Startup procedure inherited from the server console, which includes a task to start a Host service.
PAGE 101
Host Operation Most of the configuration options are the same as those available on the standard Host Control Panel, although the About and Status tabs are not present because the settings on these tabs are not directly applicable to TS session Hosts. Set Users The administrator can restrict Host instances generated by the root Host to specific users or groups of users. To do this, click on the Set Users button, select a user or group of users and assign permissions.
PAGE 102
Terminal Services Session Host Control Panel Once the Host service for a specific Terminal Services session is started, you can view the effective settings for this Host service by clicking on the Host Control Panel icon in the TS session: Note that the title bar shows the session number. Each root Host is capable of supporting as many simultaneous sessions as the license key allows. You can view information about the root Host by selecting Connect to root.
PAGE 103
Host Operation Panel will attempt to use the credentials that were used to log into the console session; if this is disabled (either by deselecting this option under Simple Password Configuration on the Security tab or disabling the Access Host Tray Icon permission on the Admin Security tab for Windows Authentication Configuration), the Host Control Panel user will be asked to authenticate directly to the Root Host for access.
PAGE 104
General tab Same as the General tab for installed Host except the station name refers to the TS Host instance and terminal server it is running on. Security tab Same as the Security tab for installed Host. Options tab Same as Options tab for installed Host except that keyboard and mouse suppression option is not available.
PAGE 105
Host Operation For security purposes, all connection attempts can be forced to go through the specified Gateways by selecting Permit connection only through listed Gateways on the Gateways tab. With this option, administrators can take advantage of Gateway-based security policies and prevent unauthorized connections via peer-to-peer or unlisted Gateways. Screen tab Same as the Screen tab for installed Host except user-mode screen capture algorithm is the only option.
PAGE 106
Remote Printing One of the key services provided by PC-Duo remote support solutions is remote printing. PC-Duo Master users will usually use this service to redirect a print command on the Host to a printer that is connected locally to the Master. However, in order to enable this service, the Host computer must be configured for remote printing.
PAGE 107
Host Operation Restart in Safe Mode For diagnostic and troubleshooting purposes, it may be necessary to operate a computer in Safe mode. In Safe mode, typically the operating system will load and run the minimum set of executable functions necessary for the computer to run. This allows a technician to quickly isolate the root cause of problems observed in Normal mode, remove dangerous and/or unnecessary software, and fix/maintain other parts of the system.
PAGE 108
Host Audit Log The connection message generated when the first user connects to a Host will be recorded in the Application Event Log section of the Windows system event log. In addition, corresponding messages for any subsequent users who either join or leave the connection will be recorded. Finally, the disconnection message generated when the last user disconnects from a Host will be recorded.
PAGE 109
Command Line Configuration The following combination of PC-Duo Host and Windows tools can be used to customize and automatically deploy PC-Duo Host to one or more target machines in your network:  Use the command line utility PHSETUP to set PC-Duo Host configuration options from a command line. See "Configure Host from the command line."  In addition to specifying options in the PC-Duo Host Control Panel window, use PHSETUP to lock down other PC-Duo Host features. See “Lock-down settings”.
PAGE 110
Configure Host from the command line After installation, PC-Duo Host can be configured using the PHSETUP command line utility. Settings that do not explicitly change in the command line retain their current values. PHSETUP updates the settings in the registry, and updates any copy of the PCDuo Host that is currently running on the computer on which you execute PHSETUP.
PAGE 111
Command Line Configuration PHSETUP Command line syntax Set PHSETUP parameters directly from the command line, separating each parameter name and its value with a colon, as in the following: phsetup param1:value1 param2:value2 ... paramn:valuen The following is a specific example: phsetup name:"JOE's PC" connectbeep:yes Different parameters require different formats, as shown below.
PAGE 112
PHSETUP Syntax examples The following examples illustrate how you can use PHSETUP to configure PC-Duo Host:  phsetup name:HowdyDoody sets the Host computer station name to HowdyDoody.  phsetup name:"Julia's Game Machine" sets the Host computer station name to Julia’s Game Machine.  phsetup name:"Julia’s ""little"" machine" sets the Host computer station name to Julia’s "little" Machine.
PAGE 113
Command Line Configuration PHSETUP Access parameters The following PHSETUP parameters correspond to the "Access tab" settings in PC-Duo Host. Parameter Definition Set access restrictions. access:permit access:locked access:time Set to permit to allow access to the Host computer after security is checked. Set to locked to deny all remote control access to the Host computer. Set to time to require a timezone setting (that you must also specify).
PAGE 114
the Host computer. Set this number between 1 and 999. Set the time zone settings. These settings lock or permit access if you also specify access:time. You must specify a sequence of hexadecimal digits for hexnum. timezone:hexnum In the string, bits set to 0 permit access and bits set to 1 lock access. The loworder bit of the first byte represents Sunday at 12AM and the bits continue in sequence through Sunday and the subsequent days of the week. See “Time zone settings”.
PAGE 115
Command Line Configuration PHSETUP Control parameters The table below lists and defines PHSETUP control parameters. Parameter @path&filename Definition Create a text file the includes a series of PHSETUP commands. Use this parameter with a call to PHSETUP to run the text file (command line script) (referred to here as filename), and process the PHSETUP commands listed in the text file exactly as if you were to call them directly from PHSETUP .
PAGE 116
/s (peer-to-peer) Specify the station when connecting directly to a Host computer for the purpose of configuring it. This value is in quotes, and is the string value for the station name, DNS name, or network address specifier for peer-to-peer connections. The peer-to-peer syntax depends on your protocol specification. The following are some protocol-specific examples: /pUDP /pTCP /pTCP /pIPX /S192.168.160.138 /Sjackson /Sjackson.acme.
PAGE 117
Command Line Configuration /u“domain\username " When configuring a Host computer, specify a user account name to use when connecting to the Host computer (either peer-to-peer, or through a PC-Duo Gateway). You need only specify the user account name when your logged in credentials are not sufficient for configuring the Host computer (either directly, or through a PC-Duo Gateway).
PAGE 118
PHSETUP Effects parameters The following PHSETUP parameters correspond to the "Effects tab" settings in PC-Duo Host. Parameter managevisualeffects: always managevisualeffects: permit managevisualeffects: off managevisualeffects: never Definition Set to always to disable visual effects whenever a remote connection is established. Set visualeffects flags when you use this setting. Set to never or off to deny remote users from controlling visual effects.
PAGE 119
Command Line Configuration PHSETUP Error Handling parameters One or more of the following error messages may be returned if you supply mode:interactive at the beginning of the command line call to PHSETUP.  If you pass bad credentials to the /u or /x parameters, PHSETUP detects the failure to connect to the settings, displays an error message, and then exits. Note that if you use a bad user account name in adding an ACE (access control entry) to a security descriptor, PHSETUP does not detect any problem.
PAGE 120
PHSETUP Gateways parameters The following PHSETUP parameters correspond to the "Gateways tab" settings in PC-Duo Host. Parameter Definition Set to yes to require that all remote control connections to this Host computer pass through a PC-Duo Gateway. requiregateway: yes Set addgateway when you use this setting. Set to no (default behavior) to allow peerto-peer remote control connections that do not pass through a PC-Duo Gateway. Add a specified Gateway to which PC-Duo Host can report.
PAGE 121
Command Line Configuration Remove a specified Gateway to which PC-Duo Host is configured to report. You can use the following values: protocol = TCP, UDP, SSL or IPX NOTE: You can also specify the port, as in “ addgateway: “protocol|port”, “station_specifier” ”.
PAGE 122
PHSETUP General parameters The following PHSETUP parameters correspond to the "General tab" settings in PC-Duo Host. Parameter beepevery:number Definition Use this parameter to set a beeper to sound every number seconds. No beeper sounds if you set number to 0. Supply a number in the range 0 to 9999. connappear:hidden connappear:icon connectbeep:on connectbeep:off idleappear:hidden idleappear:icon Set to hidden to hide the PC-Duo Host icon when a connection is active.
PAGE 123
Command Line Configuration $USER$ Logged in user at the Host machine console $VER$ External Host software version number (e.g. “v12.0.0.1800”) $INTVER$ Internal Host software version number $PLATFORM$ Host operating system platform (e.g. “Win7”) Macros are evaluated and inserted statically at the time that you run PHSETUP. To change station name dynamically at runtime, use the % macros as described in "Change station name with macros". NOTE: Macro names are not case sensitive.
PAGE 124
PHSETUP License parameter The following PHSETUP parameter corresponds to the "About tab" settings in PC-Duo Host. Parameter Definition addlicense:string Add a license string (that you specify with the value string) to the current copy of PC-Duo Host.
PAGE 125
Command Line Configuration PHSETUP Options parameters The following PHSETUP parameters correspond to the "Options tab" settings in PC-Duo Host. Parameter lockworkstationondisconnect: yes rebootondisconnect:on Definition Set to yes to lock the Host computer when a remote user‟s session is over. Set to on to restart the Host computer when a remote session is over. Otherwise set to off (default PC-Duo Host behavior). Sets "permit screen blanking" and "blank screen on startup" options.
PAGE 126
PHSETUP Protocol parameters The following PHSETUP parameters correspond to the "Protocols tab" settings in PC-Duo Host. Parameter Definition encryption:on encryption:off Set to on to encrypt all remote data exchanges. ip:on ip:off Specify whether (on) or not (off) this Host computer „listens‟ on the UDP/IP protocol, or accepts connections on that protocol. Specify ipport when you set this on. ipport:number Set the port number for IP usage.
PAGE 127
Command Line Configuration Set exceptions to your tcpaccessmode policy. Specify the addresses parameter as a single entry, or a set of entries separated by commas. Use one of the following formats for the variable: tcprestrictions: addresses IPAddress, IPAddress (count), or IPAddress[IPAddressmask] For example: tcprestrictions = "111.111.111.111, 222.222.222.222(5), 111.112.113.0[255.255.255.
PAGE 128
PHSETUP Screen parameters The following PHSETUP parameter corresponds to the "Screen tab" settings in PC-Duo Host. Parameter preferusermode:yes|no Definition By default, this setting is set to no on Windows XP, Windows 2003 Server and older platforms so that kernelmode screen capture is used. Set this setting to yes to user user-mode screen capture on thost platforms. By default, this setting is set to yes on Windows Vista, Windows Server 2008 and later platforms.
PAGE 129
Command Line Configuration PHSETUP Security parameters The PHSETUP parameters in this section correspond to "Security tab" settings in PC-Duo Host. usewindowssecurity:yes The usewindowsecurity:yes command lets you use Windows security mechanisms for PC-Duo Host authentication. When set to yes, the adminpassword, password and adminpasswordrequired settings that are described in the next section are ignored.
PAGE 130
PHSETUP Tag parameters The PHSETUP parameters in this section correspond to "Tags tab" settings in PC-Duo Host. Parameter Definition addtag:name,value Add a tag with “name” and “value”.
PAGE 131
Command Line Configuration PHSETUP Terminal Services parameters The following PHSETUP parameters correspond to Windows security settings on the "Set Users..." dialog on the Terminal Services tab in the Host Control Panel. NOTE: These settings apply to the Root Host settings, not the Terminal Services Template, and so cannot be used in conjunction with the "mode:terminalservices" keyword.
PAGE 132
PHSETUP Windows Security parameters The following PHSETUP parameters correspond to Windows security settings on the "Security tab" in PC-Duo Host. Parameter Definition addservicesecurityace:user,flags Set flags to specify service security options (in hexadecimal format) for a given user account name. See “Service Security tab”.
PAGE 133
Command Line Configuration addadminsecurityace:user,flags Set flags to specify the administration security rights (in hexadecimal format) for a given user account. See “Admin Security tab”.
PAGE 134
Use this to remove settings security rights for a given user (use the domain\username syntax). removesettingssecurityace:user Use the * wildcard to remove settings security rights for all users, or *\user for the user in all domains, or domain\* for all userusers in the named domain.
PAGE 135
Command Line Configuration Install Host with the MSIEXEC command line MSIEXEC is an executable Microsoft program that interprets packages and installs products. You can install or uninstall PC-Duo Host from the command line using standard MSIEXEC commands. This section describes a partial list of the MSIEXEC commands. For a detailed list of commands, check the Microsoft web site (http://www.microsoft.com), and enter “msiexec command line” as a Search item.
PAGE 136
Specifypath to log file. Flags indicate which information to log. /le Log all error messages to a file /lv Verbose output /l* Wildcard; Log all /l e|v|* logfile information, except verbose mode /l*v Wildcard; Log all information including verbose mode. This is the recommended logging level to use when you are troubleshooting installation issues. Example: msiexec /i example.msi /le logfile.
PAGE 137
Command Line Configuration SETUP.EXE options The following table contains a partial list of MSIEXEC setup options: Option Command Line Description Run the /s setup.exe /s setup.exe portion of the MSI in silent mode. /a setup.exe /a Run MSI installation in administrative mode /x setup.exe /x Uninstall the application Force setup.exe to /w setup.exe /w wait until the installation is complete before exiting. Pass the parameters to msiexec.exe. /v setup.
PAGE 138
MSIEXEC variables Any of the following MSIEXEC parameters can be included when you implement command line installation of PC-Duo Host. Modify these directly in the.MSI file or apply them to a .MST transform file. NOTE: These property values are case sensitive. Do not change other values in the .MSI file. Property Description LICENSE The required PC-Duo Host license key that is distributed with the purchase of the software.
PAGE 139
Command Line Configuration NOFIREWALLCONFIG Turn off automatic registration of PCDuo Host as an exception to Windows Firewall. If this is set to a non-blank value, no firewall configuration is done by the installer. The default is that this property is not set, and the installer does the firewall configuration. NOTE: By default, when the PC-Duo Host Installer runs in silent mode (no user interface), it restarts the target computer after PC-Duo Host is installed.
PAGE 140
Examples The following examples use command lines to install PC-Duo Host:  MSIEXEC  SETUP  Start/Wait MSIEXEC The following two examples use command lines to install PC-Duo Host using msiexec.  The first example silently runs the PC-Duo Host installer file located in the C:\Program Files\Vector Networks\Host directory and suppresses the REBOOT at the end of the installation, and then, through PHSETUP commands, assigns the Host computer name to “apple,” sets the password to “core.
PAGE 141
Command Line Configuration The following example is identical to the msiexec example, except that it uses the start/wait syntax to wait for the installation to be complete before continuing in a batch file. start/wait msiexec /qn /I Host.
PAGE 142
Lock-down settings Use the PC-Duo Host lock-down feature to set individual settings to permanent values.  "Lock Host settings"  "Unlock Host settings" The lock-down feature differs from setting permissions in several ways:  Settings lock-down is granular. Individual settings can be locked down. The security features work on groups of settings, not individual ones.  Settings lock-down is permanent. Once a setting is locked down, it cannot be changed again (without resetting the entire lock-down).
PAGE 143
Command Line Configuration That group must be have the same authority (local machine or domain) as the original lockdown. Before you do so, stop the PC-Duo Host service, from Control Panel > Administrative Tools > Services. To unlock PC-Duo Host settings, follow these steps: 1 Run regedit, and navigate to HKLM\Software\Funk Software, Inc.\Proxy v5\Proxy Host Restrictions. 2 Remove this registry key which stores the settings lock-down. 3 Restart the PC-Duo Host service. NOTE: This registry key is protected.