NoMachine Support

Your questions answered

Knowledge Base

Searching in: Feature Requests
Filter the search results
Target version:
Last update:
Searching in: Feature Requests
ID: FR02Q03788
Added on:  2019-02-26
Last update: 2020-05-13
Priority: Low
Products: NoMachine Server
Target: 6
Status:  Approved
Adding the possibility to propagate profile rules in a multi-server environment

NoMachine Cloud Server (CS) is designed to allow access to subservers. When there is a significant number of subservers (child servers), managing profiles from one central point becomes a realistic need, and allows to control users, services and resources in a much more efficient way. For example, according to company policies it could be necessary to disable globally services like device sharing, file transfer and copy&paste.

Implementation will be based on propagating rules set on the Cloud Server to a particular subserver, group of subserver or all subservers. As a further benefit, rules will be applied also when connecting to a child server which doesn't support the profile itself when working as a standalone server and without CS control (Enterprise Desktop is here a good example). Profile rules set globally on the Cloud Server overrides the correspondent rule or configuration set on the child server.

Note that these rules will be applied only if users connect via the Cloud Server and via any of its available forward methods ('token', 'system' or 'tunnel'). If users connect directly to any of the child servers, the server configuration or profile rules (if supported) set on that subserver will be applied.


Server usage:

--ruleadd --class <class> --type <type> --value yes|no|<value>
  --system | --user <username> | --guest | --node <node:port> |
  --group <groupname> | --nodegroup <groupname> | --address <IP> |
  --server <server:port>

  Add a rule if server supports profiles. <class> is a class of rule
  like session, node, service or feature. <type> qualifies the class,
  e.g. '--class session --type unix-gnome'. With --value,allow or deny
  or set the value for the class type. If no additional parameter is
  specified, the rule is applied to all users. This corresponds to the
  --system option. In alternative, use the --user option to apply the
  rule only to the specified user, or --guest to set the rule for all
  guests accounts, or --group to define the rule for a certain group
  of users. To set the rule on a per-node basis, use --node instead
  or provide --nodegroup to apply the rule to a group of nodes. Use
  --address to apply the rule on per-client IP basis. Use --server
  to propagate rule on a specific server.

--rulelist [--system | --user <username> | --guest | --node<node:port> |
            --group <groupname> | --nodegroup <groupname> | --address <IP> |
            --server <server:port>]

  List all rules set. If --system is provided, list rules defined for
  the NoMachine system. Use --user or --guest to list only rules set
  for the given user or for guest accounts respectively. If --node
  is given, list all rules set for the node. With --group, list all
  rules set for the specified group of users. List the rules set for
  nodes groups by using the --nodegroup option or those set for the
  given group of nodes. Use --address <IP> to list all the rules
  associated to the given client IP. Use --server to see all rules
  set for the server.

--ruledel [--class <class> --type <type>] --system | --user <username> |
  --guest | --node <node:port> | --group <groupname> | --nodegroup
  <groupname> | --address <IP> | --server <server:port>]

  If --class and --type are not provided, delete all rules set for the
  system (--system) or the given user (--user) or guests (--guest) or
  the given node (--node) or the given group of users (--group) or of
  nodes (--nodegroup). Use --class and --type to delete this specific
  rule from the system (--system can be omitted) or provide any of the
  available options to delete it on a per-user/guests/node/groups of
  users/group of nodes basis. Use --address to delete all the rules
  associated to the given client IP. Use --server to delete all rules
  on a specific server.


Notify me when the FR is implemented.