deviceTRUST for Windows and the deviceTRUST Client Extension for IGEL OS 12 and macOS are now available.
×
Search

Custom Properties Settings

The Custom Properties Settings defines scripts that can be launched during a session to determine additional properties of the local agent or remote device before the context is first evaluated.

Local Agent Custom Properties

When defined for the local agent, scripts are launched on Logon, Reconnect (or Unlock), and Service Start.

Custom Properties for the Local Agent.
Custom Properties for the Local Agent.

The following controls are available for the Local Agent:

  • Embedded Script - Defines the script that will be evaluated on the local agent.
  • Embedded Script Language - Set to either PowerShell, VBScript or Batch, and defines the scripting language used by the embedded script.
  • Delay execution until properties are available - When checked, will execute the script after the all properties have been determined. The properties are available either from the Windows Registry, or as environment variables within the script.
  • Hash returned property values - When checked, any returned custom properties are converted to a SHA256 hash.
  • Persist custom properties across reconnects - When checked, the script is only evaluated on Logon and Service Start. Any custom properties that are created remain unchanged if a user Reconnects to a virtual session. When unchecked, any custom properties are discarded when the session is disconnected and the script is relaunched on a Reconnect.
  • Override PowerShell execution policy - When checked, any PowerShell scripts are launched with an execution policy set to Unrestricted.
  • Bypass Microsoft AppLocker policy - When checked, any PowerShell based Microsoft AppLocker rules are bypassed by the executed script.
  • Run as System - When checked, the script is launched as the System user. When unchecked, the script is launched as the user logging into the session.
  • Wait for the process to terminate up to timeout - Defines a timeout period after which the Logon or Reconnect process will no longer be held up if the script has not completed.

Remote Windows Device Custom Properties

When defined for the Remote Windows Device, scripts are launched at the start of the virtual session.

Custom Properties for the Remote Windows Device.
Custom Properties for the Remote Windows Device.

The following controls are available for the Remote Windows Device:

  • Embedded Script - Defines the script that will be evaluated on the remote Windows device.
  • Embedded Script Language - Set to either PowerShell, VBScript or Batch, and defines the scripting language used by the embedded script.
  • Hash returned property values - When checked, any returned custom properties are converted to a SHA256 hash.
  • Override PowerShell execution policy - When checked, any PowerShell scripts are launched with an execution policy set to Unrestricted.
  • Wait for the process to terminate up to timeout - Defines a timeout period after which the Logon or Reconnect process will no longer be held up if the script has not completed.

Creating Custom Properties

Custom Properties scripts can create a custom property by writing either LOCAL_CUSTOM_<NAME>=<VALUE>, or REMOTE_CUSTOM_<NAME>=<VALUE> to the output by calling Write-Host in PowerShell, WScript.Echo in VBScript or echo within a Batch script.

Custom Properties scripts can stay resident in memory for the lifetime of the session, perhaps by entering a loop or by registering for events. Custom properties can be created in the usual way, or deleted by outputing DELETE LOCAL_CUSTOM_<NAME> or DELETE REMOTE_CUSTOM_<NAME>. After all properties are emitted to the output, a single line stating CONTINUE should be written to the output.

The Wait for the process to terminate up to timeout option should be unchecked for resident scripts. Any custom properties scripts that are still executing will be terminated when it is no longer needed.