Skip to content

Generador de Cliente Portátil

Aperçu

TSplus crée par défaut une icône pour le Générateur de Client Portable :

Screenshot 1-1 Se puede acceder también en la pestaña de Sesiones de la AdminTool:

Screenshot 1-2

It enables you to create 2 types of connection clients which can be copied to the users’ Desktop or onto a USB stick for portable use.
Nota Connection Clients are not compatible with Mac computers.

Since TSplus 11.40 release, the client generator has been redesigned to be numerically signed and to avoid false/positive antiviruses reactions. Instead of a “.exe” program, the new Client Generator is creating a flat encrypted file with the extension “.connect”.

Screenshot 1-3

Pre-requisito del lado del cliente

On the client side, each user will have to run a signed program named “Setup-ConnectionClient.exe” as a pre-requisite. This program is available on your server, in the TSplus program folder: TSplus\Clients\WindowsClient:

Screenshot 1-4

ou dans le dossier TSplus\Clients\www :

Screenshot 1-5 o por downloading it .


Aperçu détaillé

Cliquez sur un onglet pour accéder aux informations correspondantes :

Portable Client Generator

Main window - General Settings

When you launch the client generator, the first tab displayed is the general tab. Here you will find all of the essential connection settings that you need to get you started.

  • Dirección del servidor: Entrez l'adresse IP du serveur auquel vous souhaitez que le client se connecte.

  • Número de puerto: Entrez le numéro de port du serveur. La valeur par défaut est 3389.

  • Nom d'utilisateur et mot de passe : Si ingresas un nombre de usuario y una contraseña, el programa cliente no pedirá al usuario que lo vuelva a escribir en cada sesión. Para restablecer este guardado de inicio de sesión/contraseña, debes crear y editar un acceso directo del Cliente de Escritorio Remoto y agregar el -reset on switch à la fin du champ cible.


Identifiants

  • If you don’t want to save credentials, enter “nosavecredential” in the logon field of the Portable Client Generator.
  • If you don’t want to display the logon window with the user name, password and domain name, simply enter “nopassword” on the password field.
  • If you want to enable autologon, enter *SSO in the username field, the client program will just ask for username and password during the very first connection. It will save this information on the user’s workstation so that the user doesn’t have to identify himself ever again.
  • If you want the current local user’s name to be displayed as a logon for the session, enter **, or %USERNAME% in the logon field.

  • Nombre de dominio: Enter a domain name if any.

  • Modo de visualización preferido: Puedes elegir tu modo de visualización preferido entre las siguientes opciones:

    • El Classic Remote Desktop , affichant votre environnement de session à distance.

    • El Microsoft RemoteApp connection client , para mostrar sus aplicaciones remotas como si estuvieran instaladas localmente. Tiene un mejor rendimiento gráfico en comparación con las aplicaciones minimizadas.


  • Vitesse du réseau Vous pouvez choisir entre deux options en fonction de la vitesse de votre réseau :

    • Desactivar la visualización de fondo y las animaciones gráficas para redes de baja velocidad.
    • Enable background display and graphic animations for fiber optic or fast network.
  • Client location: Defina a localização do seu cliente gerado.

  • Nombre del cliente: Puedes nombrar a tu cliente como desees.

Afficher

Screenshot 1-4

En esta pestaña, puedes cambiar el color y la resolución de la pantalla de la sesión. También puedes adaptar tu sesión para pantallas duales, con o sin extensión. La opción de extensión te permite ampliar tu sesión en ambas pantallas. Puedes permitir el uso de la tecla TAB en la sesión.

Fonctionnalités du client de bureau à distance

On this tab, you can choose which resolution you want to enable for the user:

Screenshot 1-5

You can check the boxes to enable smart-sizing of the Remote Desktop, and if you want the Remote Desktop not to hide or overlap the local taskbar.

Ressources locales

Screenshot 1-6 La pestaña de recursos locales reúne todos los dispositivos que puedes redirigir en tu sesión remota.

El campo editable junto al discos box permet de spécifier quels disques sont disponibles dans la session à distance. Vous devez simplement séparer chaque lettre de disque (C :, E: …) par une virgule. Lorsque la case des disques est cochée et qu'aucun disque n'est spécifié, tous les disques sont inclus dans la session à distance.

Imprimantes correspondent aux ports LPT, et les ports COM correspondent aux ports série. Depuis la version 11.50 de TSplus, ces périphériques locaux sont sélectionnés par défaut.

Unten können Sie Ihre Option zum Drucken mit dem universellen Drucker auswählen:

  • Local PDF Reader preview: El documento se generará como un PDF y se abrirá el archivo en el Acrobat Reader local. El usuario puede imprimirlo o guardar una copia en su disco duro local.
  • Imprimir en la impresora predeterminada del usuario: the document will be automatically pushed to the user’s default printer (the local print driver is included in the TSplus connection client).
  • Seleccionar una impresora local: The user can select one of his local printers (the local print driver is included in the TSplus connection client).

If you do not have a PDF Reader installed on your machine, we recommend the use of Foxit Reader. See our video tutorial sobre cómo imprimir.

Programa

Screenshot 1-7 You can set a startup application via the Portable Client Generator, and specify its path, directory and parameters, since the 11.30 release. However, we recommend you to use the AdminTool to assign the desired applications.

Sécurité

TSplus offre deux couches supplémentaires de sécurité physique pour protéger les connexions de vos utilisateurs. La connexion peut être verrouillée sur l'ID d'une clé USB, verrouillée sur un nom d'ordinateur, ou vous pouvez utiliser les deux couches de sécurité simultanément.

Option de sécurité avancée pour les clients

  • Si está bloqueado a una llave USB , el usuario puede iniciar una conexión desde cualquier computadora con Windows que cumpla con los requisitos insertando la llave USB y utilizando el programa de conexión colocado allí por el administrador.
  • If locked to a computer name the user can only successfully connect from the computer whose name has been registered with the server for that user’s portable client connection. If both security options are used, the user is limited to connecting from their specific device and only if the correct pre-configured USB key is in place.

In order to lock a connection client onto a USB key you can do so by copying the client generator located in : C:\Program Files (x86)\TSplus\Clients\WindowsClient Now double click on the client generator and check the lock on serial number box located on the security tab. Once it is done, you can delete the client generator from the USB key. The newly generated connection client will be placed on the desktop, don’t forget to copy it back to the USB key! You can delete the client generator that you copied on the USB key afterwards.

Screenshot 1-8

  • Vous pouvez définir le limite de tiempo from the first use date of a generated client by entering the value in the time limit box. (which is by default set to “no limit”).

  • Boxes below enable you to:

    • No mostrar la capacidad de guardar credenciales para un cliente generado.
      • Guardar solo el nombre de usuario.
      • Utiliser le chiffrement V2.

Support pour l'authentification à deux facteurs

El generador de clientes admite two-factor authentication since version 15.30.3.15. La prise en charge de l'authentification à deux facteurs nécessite également un Mobile Web Edition ou supérieur .

Veuillez vous référer à Two-Factor Authentication documentation page for more information on how to configure and enable Two-Factor Authentication for users and groups on your TSplus Remote Access installation.

Please note the following additional requirements to enable Two-Factor Authentication for a generated client:

  • Connection Client valida el código de autenticación contra el Portal Web utilizando el puerto HTTPS. Por lo tanto, Webportal moet operationeel zijn und über seinen HTTPS-Port von der Clientmaschine aus erreichbar.
  • If the HTTPS port of the Web portal is modified, then the generated clients enabled for Two-Factor Authentication must be generated again. Previously generated clients will fail to validate any Two-Factor Authentication.

Since version 15.30.3.15, any previously generated client and any new client generated without 2FA support enabled will behave the same as before. If a user enabled for two-factor authentication attempts to login using a client generated without explicit 2FA support, the login will be denied as two-factor authentication is not possible and therefore will fail.

Para agregar soporte para la autenticación de dos factores, consulte el Enable 2FA checkbox before generating your client file. As a result, two-factor authentication will be validated when connecting to the application server. If two-factor authentication is enabled on the application server and the connecting user is not configured, then the connection will be denied.

Adding Support For Two-factor Authentication Be mindful that adding 2FA support to a generated client later is not supported. For example, adding 2FA support through command line against the generated .connect file is not supported.

Once a user has configured his account in an authenticator app, he or she will be able to connect using its password and the code provided by its authenticator app or by SMS.

Login Using Two-factor Authentication From Generated Client #### Option de connexion avancée

If the targeted server possesses a specific and accessible domain name, as well as a valid SSL/TLS certificate installed, you can enable the “Use the targeted server as a Remote Desktop Gateway (RDG) to encrypt data transfer”.

Cette option rend le transfert de données RDP pendant la connexion crypté en utilisant l'encapsulation TLS, ce qui en fait une alternative appropriée à tout VPN en termes de cryptage des données.

Um Windows SSO-Authentifizierung für generierte Clients zu aktivieren:

Update TSplus Remote Access to the latest version on a server joined to the domain.

Generate a client from the Client Generator, checking the “Enable Single Sign-On (SSO)” box in the “Security” tab.

Connectez-vous depuis une machine jointe au domaine en utilisant le client généré.

SSO

Configurar la Política de Grupo para el Inicio de Sesión Único (SSO) de Windows a través del Cliente de Escritorio Remoto

Desde el controlador de dominio:

  1. Open the Group Policy Management Console.

  2. Right-click on the Organizational Unit (OU) where the Group Policy Object (GPO) should be applied and select “Create a GPO in this domain, and Link it here…”.

  3. Name the GPO (e.g., SSO_RDS_MY_SERVER) and click “OK”.

  4. Right-click on the created policy and select “Edit”.

  5. Navigate to the following location: “Configuración del equipo / Políticas / Plantillas administrativas / Sistema / Delegación de credenciales.”

  6. Doppelklicken Sie auf „Standardanmeldeinformationen delegieren erlauben“, um die Einstellungen zu öffnen.

  7. Enable the setting and click “Show…”

  8. In the Value field, enter the server(s) in the format TERMSRV/server_fully_qualified_domain_name and click “OK”.

  9. Click “Apply” and “OK” to close the window. From the client machine:

  10. Update group policies by running the following command as an administrator: gpupdate /force.

Utilisez mstsc à la place pour vous connecter au RD Gateway

You can also use this feature through mstsc configuration without using a generated client if the prerequisites mentioned above are met.

Para hacerlo, primero ve a la pestaña avanzada, luego en la sección "Conectar desde cualquier lugar" haz clic en "Configuración" y configura el Gateway de Escritorio Remoto en:

  • Ticking the “Utiliser ces paramètres de serveur RD Gateway” option
  • Replacing the server name with the targeted server domain name (without https://)
  • Selecting the Logon method “Allow me to select later”
  • Unticking the “Bypass RD Gateway server for local addresses” option
  • Ticking the “Use my RD Gateway credentials for the remote computer” option
  • Clicking “OK” to save these settings

mstsc advanced RDG configuration Then go to the “General” tab, and :

  • Replace the computer name with “127.0.0.2:3389”, and change the port “3389” if you are using a different one
  • Replace the username with the username you want to connect with ( important: specifying the domain is mandatory )
  • Klicken Sie auf „Verbinden“

mstsc advanced RDG configuration ### Équilibrage de charge

You can also enable the Load Balancing to connect to one server of your farm. Do not check the “Use Load-Balancing” box if you did not activate the Load-Balancing feature on your server. You will need to enter the Gateway Web port, which should be the same as the default web port used on all the servers of your farm.

Screenshot 1-9 ----------------------------------------------

Screenshot 1-9 Client Customization is possible. See the corresponding documentation on cómo modificar el icono del cliente y edit or delete its parameters .

Logs pour le client de connexion

You can enable the logs for Connection Client on the client side by adding the following registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Digital River\ConnectionClient “Debug”=“true”

Les journaux se trouvent dans C:\Users RDP6\logs directory if installation is per user or in C:\Program Files (x86)\Connection Client\RDP6\logs directory if installation is for all users.