NoMachine Support

Your questions answered

Knowledge Base

Searching in: Feature Requests
Filter the search results
Target version:
Products:
Status:
Last update:
Searching in: Feature Requests
ID: FR04O03402
Added on:  2017-04-24
Last update: 2018-12-07
Priority: High
Products: NoMachine Server
Target: 6
Status:  Implemented
Limiting trusted users to specific users' desktops

On server side, administrators could need to be able to limit the access' authorization of a trusted user (or a trusted group) to only those desktops (virtual and physical ones) owned by a certain user. 

For example, allow the trusted user B to connect without authorization's request to virtual desktops owned by user A.

This provides a more granular control over 'trusted users', which by default can connect to the remote desktops of all the other users without any distinction and without the need of their approval.

 

Note that users will be also able to define their personal list of trusted users via the GUI. See: https://www.nomachine.com/FR12L02849


Server's usage

--useradd <username> [--system [--home <homedir> | --nohome]
                        [--gid <gid>]  [--uid <uid>]]
                        [--administrator]
                        [--redirect <server:port>]
                        [--group <groupname>]
                        [--trusted [virtual | physical]
                        [--node <node:port>]
                        [--per-user <username>]|
                        [--screensharing yes|no]
                        [--forward-connection <server:port>|<UUID>]

  Add the user to the NoMachine backend when a system account already
  exists for this user. Inserting a password is requested if server is
  configured to use the NoMachine password. Specify --system to create
  the system account if it doesn't exist yet. In this case --home or
  --nohome, --gid and --uid can be given to override system or server
  configuration. These options are not available on Windows platforms.
  Specify --administrator to grant NoMachine administrative rights to
  the user. If server supports redirection, use --redirect to set IP
  or hostname and port for the NoMachine server where connections run
  by this user are forwarded. Specify --group to add the user to an
  already existent group of users. Use --trusted to allow the given
  user to connect to another user's desktop without the need for the
  owner's approval. Specify 'virtual' or 'physical' for limiting the
  --trusted authorization to connections to physical desktops or to
  virtual desktops only. By default this applies to all nodes of a
  multi-node environment and all users in system. Assign trusted
  permissions for a given node or a comma-separated list of nodes by
  specifying also the --node option. Assign trusted permission for
  a specified user or a comma-separated list of users be using the
  --per-user option.
When sharing the physical desktop is enabled
  in the server configuration, use --screensharing to preconfigure
  personal user's settings and allow or forbid connections to the
  user's physical desktop. The user will be still able to change this
  setting from the NoMachine Monitor menu. Use --forward-connection
  to forward the user's connection to a federated server identified
  by its name (i.e. <server:port>) or id (<uuid>) as it appears in
  the output of the 'nxserver --serverlist --extended' command.

--useredit <username> --redirect <server:port> | --group <groupname> |
                      --trusted [virtual|physical|none][[--node <node:port>]|
                      [--per-user <username>]|
                      --administrator [yes | no] |
                      --screensharing yes|no
                      --forward-connection <server:port>|<UUID>

  Use --redirect to modify IP or hostname and port for the NoMachine
  server where connections run by the user are redirected. Specify
  '--redirect none' to disable redirection for this user. Use --group
  to add the user to a group of users and '--group none' to remove the
  user from that group. Use --trusted to allow the user to connect to
  another user's desktop without the need for the owner's approval.
  Specify 'virtual' or 'physical' to limit the --trusted authorization
  to connections to physical desktops or to virtual desktops only.
  Provide 'none' instead to remove this ability. By default trusted
  permissions apply to all nodes of a multi-node environment and all
  users in system.
Assign them for a given node or a comma-separated
  list of nodes by means of the additional --node parameter. Assign
  trusted permission for a specified user or a comma-separated list
  of users by using the --per-user option. Remove trusted permissions
  for a node or a list of nodes, by using '--trusted none' with the
  --node option. Similar in case of users use option --per-user with
  username or comma-separated user list.
Provide --administrator to
  grant NoMachine administrative rights to the user, or specify 'no'
  to remove them. When sharing the physical desktop is enabled in the
  server configuration, use screensharing to configure personal user's
  settings and allow or forbid connections to physical desktop of the
  user. The user will be still able to change this setting from the
  NoMachine Monitor menu. Use --forward-connection to forward the
  user's connection to a federated server identified by its name
  (<server:port>) or id(<uuid>) as it appears in the output of the
  'nxserver --serverlist --extended' command. In order to disable
  auto-forwarding for this user, use '--forward-connection none'.

--groupadd <groupname> [--priority <priority>] [--redirect <server:port>]
                       [--trusted [virtual | physical][[--node <node:port>]|
                       [--per-user <username>]|
                       [--forward-connection <server:port>|<UUID>]

  Create a group. Users can be added to the group via the --useradd
  command. Use --priority to set a level of priority to the group.
  Profile rules can be applied on per-group basis. If user belongs to
  more than one group, rules of the group with highest priority over-
  write all the rules set for the other groups. If server supports
  redirection, use --redirect to set IP or hostname and port for the
  NoMachine server where connections run by users belonging to that
  group are forwarded. Use --trusted to allow all members of the given
  group to connect to another user's desktop without the need for the
  owner's approval. Specify 'virtual' or 'physical' for limiting the
  --trusted authorization to connections to physical desktops or to
  virtual desktops only. By default this applies to all nodes of a
  multi-node environment and all users in system. Assign trusted
  permissions for a given node or a comma-separated list of nodes
  by specifying also the --node option. Assign trusted permission for
  a specified user or a comma-separated list of users be using the
  --per-user option
. Use --forward-connection to forward user's
  connections to any of the federated server identified by its name
  (<server:port>) or id (<uuid>) as it appears in the output of
  'nxserver --serverlist--extended' command.

--groupedit <groupname> --redirect <server:port> | --priority <priority> |
                        --trusted [virtual|physical|none][[--node <node:port>]|
                       [--per-user <username>]|
                        --forward-connection <server:port>|<UUID>

  Use the --redirect option to modify IP or hostname and port for the
  NoMachine server where connections run by any of users belonging to
  this group are redirected. Provide '--redirect none' to disable re-
  direction for this group. Set a different level of priority for the
  group by using --priority. Specify --trusted to allow all members
  of the group to connect to another user's desktop without the need
  for the owner's approval. Use 'none' instead to remove this ability.
  By default trusted permissions apply to all nodes of a multi-node
  environment and all users in system. Assign them for a given node
  or a comma-separated list of nodes by means of the additional --node
  parameter. Assign trusted permission for a specified user or a
  comma-separated list of users by using the --per-user option. Remove
  trusted permissions for a node or a list of nodes, by using the
  command '--trusted none' with the --node option. Similar in case of
  users use option --per-user with username or comma-separated user
  list. Specify 'virtual' or 'physical' to limit trusted authorization

  to connections to physical desktops or to virtual desktops only.
  Provide --forward-connection in order to forward users' connections
  to a federated server identified by its name (<server:port>) or id
  (<uuid>) as it appears in the output of the 'nxserver --serverlist
  --extended' command. Use '--forward-connection none' to disable
  auto-forwarding for users belonging to this group.