background image

Chapter 5. Remote Desktop Access

31

Figure 5-2. Remote Desktop Access for Administration

With the above access permissions, the administrator should be able to gain complete access to the

user’s desktop. This method has the further benefit that the user can observe the administrator control

the user’s desktop in real time. This technique can be particularly effective when combined with an-

other simultaneous, synchronous form of communication (such as a telephone conversation), thereby

providing a means for the user to learn to address the problem by on their own in the future. In some

remote administration cases, however, it would not be appropriate for the user to take part in the

administration.

5.2. Connecting Using vncviewer

To connect to the user’s desktop from a remote machine, the administrator need only issue the

command:

vncviewer

<

remote-hostname

>

:0

. For example, if the remote hostname is

linux.example.com

, the command would take the form:

vncviewer linux.example.com:0

vncviewer

also has a graphical interface that is available through

Applications

(the main menu on

the panel) =>

Accessories

=>

VNC Viewer

.

5.3. Connecting Using Terminal Server Client

In addition to

vncviewer

, you can also connect to a user’s Windows or Linux desktop using

Terminal

Server Client

, which is available through

Applications

(the main menu on the panel) =>

Internet

=>

Terminal Server Client

.

Summary of Contents for DESKTOP

Page 1: ...Red Hat Desktop Deployment Guide ...

Page 2: ... http www opencontent org openpub Distribution of substantively modified versions of this document is prohibited without the explicit permission of the copyright holder Distribution of the work or derivative of the work in any standard paper book form for commercial purposes is prohibited unless prior permission is obtained from the copyright holder Red Hat and the Red Hat Shadow Man logo are regi...

Page 3: ...1 4 Locking Down the Desktop Disabling GNOME Desktop Features 13 4 1 Disabling Lock Screen and Log Out 13 4 2 Disabling Ctrl Alt Delete 13 4 2 1 Window Manager Configuration 14 4 2 2 System Level Configuration 15 4 2 3 Disabling Ctrl Alt Backspace 15 4 3 Locking Down the Panel 15 4 3 1 Disabling Applets 16 4 4 Disabling Command Line Access 17 4 5 Restricting the Number of Workspaces 18 4 6 Removin...

Page 4: ......

Page 5: ...presented this way This style should indicate to you that you can type the word or phrase on the command line and press Enter to invoke a command Sometimes a command contains words that would be displayed in a different style on their own such as file names In these cases they are considered to be part of the command so the entire phrase is displayed as a command For example Use the cat testfile c...

Page 6: ... they are shown like the following example Go to Applications the main menu on the panel Programming Emacs Text Editor to start the Emacs text editor button on a GUI screen or window This style indicates that the text can be found on a clickable button on a GUI screen For example Click on the Back button to return to the webpage you last viewed computer output Text in this style indicates text dis...

Page 7: ...on is to your system these items are marked as a note tip important caution or warning For example Note Remember that Linux is case sensitive In other words a rose is not a ROSE is not a rOsE Tip The directory usr share doc contains additional documentation for packages installed on your system Important If you modify the DHCP configuration file the changes do not take effect until you restart the...

Page 8: ... login enables your access to Software updates errata and maintenance via Red Hat Network Red Hat technical support resources documentation and Knowledgebase If you have forgotten your Red Hat login you can search for your Red Hat login online at https rhn redhat com help forgot_password pxt 2 2 Provide Your Subscription Number Your subscription number is located in the package that came with your...

Page 9: ...submit a report in Bugzilla http bugzilla redhat com bugzilla against the component rhd dg When submitting a bug report be sure to mention the manual s identifier rhd dg EN 4 Print RHI 2005 03 09T16 26 If you have a suggestion for improving the documentation try to be as specific as possible when de scribing it If you have found an error please include the section number and some of the surroundin...

Page 10: ...vi Introduction ...

Page 11: ...tor in a terminal The GConf editor is also available through Applications the main menu on the panel System Tools Configuration Editor For more detailed information on GConf Editor refer to the Configuration Editor Manual through Applications the main menu on the panel Help and by selecting the Applications Category then the Utilities Category and finally by selecting the Configuration Editor Manu...

Page 12: ...itable Storage Location The location in which the storage backend should store the preferences data The exact meaning of this storage location depends on the storage backend in use With the XML backend the location is the path to a filesystem directory By default there is a Mandatory Source a User Source and a Defaults Source They are xml readonly etc gconf gconf xml mandatory xml readwrite HOME g...

Page 13: ...2 Examples of each method are given below Caution You should make sure that all users are logged out before changing any system wide default or mandatory preference settings 1 2 1 Using GConf Editor When logged in as root you can use GConf editor to set system wide default and system wide mandatory settings by opening a special GConf editor window For example to set mandatory system wide settings ...

Page 14: ...conftool 2 you can set the system wide default number of workspaces to 5 by issuing the command gconftool 2 direct config source xml readwrite etc gconf gconf xml defaults xml readwrite etc gconf gconf xml defaults type int set apps metacity general num_workspaces 5 Tip Refer to the GConf Section of the GNOME Desktop System Administration Guide available through the online help system for more det...

Page 15: ...ose keys are organized Most of the panel configuration is stored in apps panel The general directory contains the following keys toplevel_id_list The list of panel identifiers Each identifier is also the name of the sub directory in the toplevels directory which contains the actual preferences for that panel object_id_list The list of panel object identifiers Each identifier is also the name of th...

Page 16: ..._iid OAFIID GNOME_ClockApplet 2 1 2 Default Configuration The default panel configuration is specified in etc gconf schemas panel default setup entries When the panel is installed the default configuration is loaded into the Defaults Source using the gconftool 2 load argument gconftool 2 config source xml readwrite etc gconf gconf xml defaults direct load etc gconf schemas panel default setup entr...

Page 17: ...ntries Edit local panel default setup entries removing the print_launcher entry from object_id_list and removing the print_launcher directory from the objects directory value string spreadsheet_launcher string value value string print_launcher string value list list value entry Print Launcher entry key objects print_launcher object_type key schema_key schemas apps panel objects object_type schema_...

Page 18: ...mode a rwx g rx o rx etc gconf local xml defaults It is important that your configuration source be created using the correct mode argument to ensure it is readable by all users GConf will use the permissions from this toplevel directory when creating new files or directories in the configuration source Load the new default setup into apps panel default_setup in the new configuration source gconft...

Page 19: ...us for individual users Removing submenus for all users 3 1 Overview of the Menu System Note This overview of the menu system is not intended to to be comprehensive in its scope For detailed information about the menu system refer to the various menu related specifications at the freedesk top org web site http www freedesktop org The Red Hat menu system is based on the the freedesktop org Desktop ...

Page 20: ...top files 3 2 Removing Menu Items for Individual Users The menu configuration files for a given user are located in the HOME config menus directory The menu files are XML configuration files that allow you to override the system menu defaults For example to remove the Calculator menu item from the Accessories submenu edit the applications menu file in the HOME config menus directory adding a new M...

Page 21: ...from the Applications menu Menu Name System Settings Name Deleted Menu END of System Settings removal content Menu The other submenus of the Applications can be removed in similar fashion Note that the name of the submenus can be determined from the files located in the usr share desktop directories directory 3 4 Removing Menu Items for All Users To remove the Dasher menu item from the Accessories...

Page 22: ...tc xdg menus applications menu by adding the following before the final Menu tag in the file Menu Name System Settings Name Deleted Menu Menu End Applications The other submenus of the Applications can be removed in similar fashion Note that the name of the submenus can be determined from the files located in the usr share desktop directories directory ...

Page 23: ...simple functions like web browsing This chapter provides the essential information needed by administrators to perform the various tasks related to locking down the desktop Most of the restricted access can be configured using GConf key value pairs hence these will be discussed first 4 1 Disabling Lock Screen and Log Out To disable the ability to log out and to lock the screen set the appropriate ...

Page 24: ...tion Setting the following gconf keys will prevent Ctrl Alt Delete from displaying the Log Out dia log 1 Note in Figure 4 2 that the default global keybinding for Ctrl Alt Delete is attached to the gconf key run_command_1 Figure 4 2 Default Metacity Action for Ctrl Alt Delete 2 To change the window manager s interpretation of Ctrl Alt Delete change the run_command_1 key value from gnome session sa...

Page 25: ...below Trap CTRL ALT DELETE ca ctrlaltdel sbin shutdown t3 r now 4 2 3 Disabling Ctrl Alt Backspace To disable the Ctrl Alt Backspace key combo from terminating the X session add a Serverflags section to the X configuration file etc X11 xorg conf and add a DontZap option to the section Section Serverflags Option DontZap yes EndSection 4 3 Locking Down the Panel To disable changes to the configurati...

Page 26: ...ts To disable certain applets from loading or appearing in the applet menu you can specify which applets you wish to disable by adding the appropriate applet IID to the apps panel global disabled_applets key For example to disable the Show Desktop applet add the applet IID OAFIID GNOME_ShowDesktopApplet to the apps panel global disabled_applets key as shown in Figure 4 5 ...

Page 27: ... changes in a number of different contexts Set the disable_command_line gconf key which prevents the user from accessing the terminal or specifying a command line to be executed Disable the Command Line Mini Commander applet Disable console switching by editing etc X11 xorg conf Remove the Open Terminal menu item from the desktop background menu These steps are described below Setting the disable_...

Page 28: ...the Serverflags section in the X configuration file etc X11 xorg conf Section Serverflags Option DontVTSwitch yes EndSection Removing the Open Terminal menu item from the desktop background menu The menu containing the Open Terminal menu item will automatically be removed when all desktop icons are removed by unsetting the apps nautilus preferences show_desktop key When this key is unset Nautilus ...

Page 29: ...ng GNOME Desktop Features 19 Figure 4 7 Setting the Number of Workspaces 4 6 Removing Desktop Icons To remove one or more of the default icons from the desktop unset the appropriate key apps nautilus desktop _icon_visible as shown in Figure 4 8 ...

Page 30: ...Disabling GNOME Desktop Features Figure 4 8 Removing the Computer Desktop Icon To prevent the appearance of icons representing mounted media such as cdroms unset the following key apps nautilus desktop volumes_visible as shown in Figure 4 9 ...

Page 31: ...own the Desktop Disabling GNOME Desktop Features 21 Figure 4 9 Removing Desktop Volumes Icons To eliminate all icons from the desktop unset the following key apps nautilus preferences show_desktop as shown in Figure 4 10 ...

Page 32: ...This section documents a number of configuration tasks an administrator might find useful in setting up a machine to serve as a public kiosk Tip Removing the top panel or its Main Menu is recommended for kiosk operation To remove the top Panel right click on it with the mouse and choose Delete This Panel from the Panel menu 4 7 1 Preventing Automounting of Drives To prevent all drives such as flop...

Page 33: ...ME Desktop Features 23 Figure 4 11 Disabling Automounting 4 7 2 Disabling Printing Functionality To disable printing and printing setup set the following keys desktop gnome lockdown printing desktop gnome lockdown print setup as shown in Figure 4 12 ...

Page 34: ...GNOME Desktop Features Figure 4 12 Disabling Printing Functionality 4 7 3 Disabling File Saving To prevent a user from saving files to disk and from access to all Save As dialogs set the desktop gnome lockdown save_to_disk key as shown in Figure 4 13 ...

Page 35: ...atures 25 Figure 4 13 Disabling Writing to Disk 4 7 4 Disabling Application Force Quit To prevent the user from forcing an application to quit by eliminating access to the force quit button set the apps panel global disable_force_quit key as shown in Figure 4 14 ...

Page 36: ... start an X session The automatic login process is enabled through the configuration of gdm the Gnome Display Manager Specifically the automatic login functionality is set in the gdm configuration file etc X11 gdm gdm conf The automatic login process can be enabled by directly editing etc X11 gdm gdm conf or by using the graphical Login Screen Setup tool Both techniques are described below Note Co...

Page 37: ...Setup tool will appear on your screen To enable automatic login check the box labelled Login a user automatically on first bootup and enter a valid system user name in the Automatic login username text entry box Figure 4 15 demonstrates this configuration for a fictional user named sam Figure 4 15 Enabling Automatic Login with the Login Screen Setup Tool 4 7 6 2 Editing the gdm conf Configuration ...

Page 38: ...28 Chapter 4 Locking Down the Desktop Disabling GNOME Desktop Features ...

Page 39: ...c While vncviewer is primarily for connecting to a Linux desktop Terminal Server Client can be used to access both Windows and Linux desktops Note These tools only allow you to connect to a user s existing session If the user is not logged in the connection will fail Important All remote desktop connections described in this chapter use unencrypted connections thereby sending authentication inform...

Page 40: ...ol your desktop When a user tries to view or control your desktop Ask you for confirmation Require the user to enter this password followed by a text input box 5 1 1 Gaining Remote Administrative Access For remote administration it is recommended that the administrator check all the boxes in the Remote Desktop dialog and set a required password for the administrator to gain access This recommended...

Page 41: ...some remote administration cases however it would not be appropriate for the user to take part in the administration 5 2 Connecting Using vncviewer To connect to the user s desktop from a remote machine the administrator need only issue the command vncviewer remote hostname 0 For example if the remote hostname is linux example com the command would take the form vncviewer linux example com 0 vncvi...

Page 42: ...E 2 application for remotely accessing Microsoft Windows NT 2000 Terminal Services and XP Remote Desktop Sharing using the Remote Desktop Pro tocol RDP It also supports connections using other remote desktop methods such as vnc Xnest and the Citrix ICA client 5 3 1 Connecting to a Remote Linux Desktop The minimal configuration for a user named sam connecting to a Linux desktop named linux example ...

Page 43: ...l Server Client Using VNC to Connect to a Linux Desktop 5 3 2 Connecting to a Remote Windows Desktop The minimal configuration for a user named sam connecting to a Windows 2000 desktop named win example com using the RDPv5 protocol is shown in Figure 5 3 ...

Page 44: ...ient Using RDP to Connect to a Windows Desktop After choosing Connect you will be prompted for a user name and password Note The user account with which you connect to the terminal server must have administrative privileges on the machine to which you are connecting ...

Page 45: ...ry files definition 9 disabling automounting 22 disk writes 24 file saving 24 force quit 25 printing 23 disk writes disabling 24 F feedback contact information for this manual v file saving disabling 24 Firefox lockdown 26 force quit disabling 25 G gconf configuration sources 1 reference 1 GConf editor 1 introduction 3 GConf Overview gconf 1 gconftool 2 4 and panel configuration 6 gdm auto login 2...

Page 46: ...t configuration 6 disabling applets 16 locking down 15 modifying defaults 6 preferences default 3 mandatory 3 printing disabling 23 R registering your subscription iv remote desktop access 29 administration 29 Remote Desktop dialog 29 gaining adminstrative access 30 rdesktop 31 settings 29 Terminal Server Client 31 vncviewer 31 remote desktop access 29 S subscription registration iv T Terminal Ser...

Page 47: ...ed Hat Enterprise Linux Installation Guide for x86 Itanium AMD64 and Intel Extended Memory 64 Technology Intel EM64T Karsten Wade Primary Writer Maintainer of the Red Hat SELinux Guide Contributing Writer to the Red Hat Enterprise Linux System Administration Guide Andrius T Benokraitis Primary Writer Maintainer of the Red Hat Enterprise Linux Reference Guide Co writer Co maintainer of the Red Hat ...

Page 48: ...38 Nadine Richter German translations Audrey Simons French translations Francesco Valente Italian translations Sarah Wang Simplified Chinese translations Ben Hung Pin Wu Traditional Chinese translations ...

Reviews: