Organizations do not live on Windows alone. Many of them depend on mainframe terminal servers, which means they depend on some type of terminal emulation application such as Attachmate Extra! X-treme.
Which also means they need some way to lock down that terminal emulation program to prevent users from modifying setting values. After all, if all of your company’s data is resides on the mainframe, you can’t afford for your users to be unable to connect to the mainframe and sit idle while your help desk figures out what setting got messed up.
That’s where PolicyPak comes in. We enforce and lock down the optimum settings values that you, the administrator, want them to have. PolicyPak sets and enforces expectations for your users’ applications, so that they get the same experience, every time they launch it, especially for a life line application such as this.
Keep your Attachmate Extra! configuration settings delivered,enforced and automatically remediated with PolicyPak. Check out this video to see how it’s done:
With PolicyPak, you’re the one in control.
Besides, once you’re using PolicyPak to manage Attachmate Extra!, you’ll also get to manage all your other enterprise desktop applications the same way: Flash, Lync, Java, Firefox, and any custom applications you have. They’re 100% included – absolutely free.
It’s all included when you’re a PolicyPak Professional customer.
PolicyPak was designed by Group Policy MVP Jeremy Moskowitz – who “wrote the book” on Group Policy, runs GPanswers.com, and lives and breathes Group Policy and enterprise software deployments and desktop lockdown.
When you’re ready to get serious about managing Attachmate Extra X-treme, PolicyPak is ready for you.
Lockdown Attachmate Extra! Xtreme Video Transcript
Hi, this is Jeremy Moskowitz, Group Policy MVP and Founder of PolicyPak Software. In this video, we’re going to learn how to configure Attachmate Extra! Extreme using PolicyPak.
I’ve already got Attachmate installed on my computer, and I’m just a regular user here. As you can see, I’m logged on as a guy called “eastsalesuser4.” I’ll open up Attachmate and go to Options – Global Preferences, and examine the configuration settings a user has access to. Here on the General tab, I’ve got some key settings such as auto-saving user sessions and event logging and on Central Management I have the option for users to use their Windows Logon.
The configuration settings for this application reside in the registry which means that registry savvy users have the ability to modify your delivered settings within the registry itself. I have the settings file location already open so let’s change the “Prompt for Disconnection” setting within it and save it which you can clearly see eastsalesuser4 was able to. If users know how to navigate to the settings file, they can easily alter your settings.
Let’s see how we can ensure compliance and perform desktop management of settings quickly using PolicyPak. I’ll go ahead and switch over to my Management Station computer.
We’ll go ahead and right click over our “East Sales Users”, “Create a GPO” and we’re going to call it “Lockdown Attachmate.” So this GPO is now associated with the “East Sales Users.” I’ll right click over it. I’ll click “Edit…” I’ll dive down under “User Configuration,” “PolicyPak/Applications/New/Application.” There it is, “PolicyPak for Attachmate Extra! Xtreme” along with other applications like “Java,” “Flash” “Firefox,” “Skype” and lots of other important desktop applications that your users utilize every day (and you want to make more secure).
Let’s start with “General” and let’s make sure that “Auto-save Session Settings” is always selected under “On close session/application exit.” Then to make sure this is always selected, I will right click on this dropdown menu and select “Disable corresponding control for target application.” This disables the setting completely and ensures that your users can’t change it. Then let’s make sure that “Prompt for Disconnection” is always checked. Notice how when I initially change these settings that the text becomes underlined. This means that these setting values will be delivered by PolicyPak. Now I’m going to right click on this setting and select “Perform ACL Lockdown” which will lock these settings within the registry itself so it cannot be altered by users.
If I look here at “Files/Directories” I see some important file locations that I don’t even want my users to access at all so I’m going to just right click on the tab itself and select “Disable whole tab in target application.”
Now I will go back to my client machine, we’ll get a command prompt and run “gpupdate.” Now you could envision the user logging on for the very first time, using a Terminal Services or Citrix machine, using a VDI session, changing job roles, or getting a new computer. I just happen to be using gpupdate.
Now that that’s done, let’s expand the application and review the application preferences once again. Notice that the General tab settings have been delivered. You can see “Prompt for disconnection” has been checked and that “Auto-save session settings” is not only selected, but I can’t even click on the menu at all. Notice too that “Files/Directories” is completely disabled as well.
Now, let’s do the final test and reopen the registry location and attempt to modify the setting that the standard user — Mr. East Sales User 4 successfully did earlier. As you can see, you’ve prevented him from making changes to the “Enable Document Recovery” settings when you use PolicyPak’s ACL Lockdown™ feature.
And we are done. That is how incredibly easy it is for you to use PolicyPak to lockdown Attachmate Extra! Xtremeas well as tons of other desktop applications.
If you’re looking for a trial of PolicyPak, just click on the “Webinar / Download” button on the right.
Thanks so much for watching, and get in touch with us if you’re looking to get started. Talk to you soon.