LogoLogo
LogoLogo
  • Welcome
    • Navigation
  • RealmJoin Deployment
    • Onboarding
    • Required Permissions
    • Infrastructure Considerations
      • Multi User Devices
    • Migration to RealmJoin vNext
  • User, Group and Device Management
    • Overview
    • User Profile
    • Organization Details
    • User, Group and Device Lists
      • Advanced Search
      • User Details
      • Group Details
      • Device Details
    • User and Group Settings
      • Available RealmJoin Policies
  • App Management
    • Packages
      • Package Store
        • Application Store Details
      • Package Management
      • Package Details
      • Package Assignments
        • Package Migration
      • Package Settings
      • Packaging Requests
        • Organic Packages
    • AVD Templates
  • Automation
    • Connecting Azure Automation
      • Required Permissions
      • Runbook Parameters
    • Runbooks
      • Runbook Customization
      • Runbook Permissions
      • Naming Conventions
      • Runbook Scheduling
      • Runbook Logs
        • Runbook Job Details
      • Runbooks Changelog
    • Requirements
    • Remediation Scripts
  • RealmJoin Agent
    • Features
      • Local Admin Password Solution (LAPS)
        • KeyVault
        • Application Insights
      • Notifications
      • AnyDesk Integration
        • AnyDesk configuration
      • App Deployment using the Agent
        • RealmJoin ESP
    • Deploying the Agent
    • User Interface
  • Logs
    • Connecting Azure Log Analytics Workspace
    • Audit Log
  • RealmJoin Settings
    • Overview
    • General
    • Roles and Permissions
      • Pre-defined Roles
      • Custom Roles
        • Available Permissions
    • Group Namespaces
    • Workplace Cloud Storage
    • Self Service Forms
  • Developer Reference
    • RealmJoin API
      • Authentication
    • Interacting with Runbooks
    • Simulating a Runbook Environment
    • Local Admin Password Management
  • Other
    • FAQ
      • Security
    • Troubleshooting
      • Package Installation Issues
        • Collecting Logfiles
        • Logfiles Structure
        • Analysing chocolatey.log
        • Troubleshooting failed chocolatey packages
        • Troubleshooting failed craft packages
        • Fixes for common issues
        • Intunewin Debugging
      • LAPS Issues
        • LAPS account passwords cannot be retrieved
        • Requested LAPS Accounts are not being created
    • Changelog
  • Legal
    • Licensing
    • Support
  • RealmJoin Website
Powered by GitBook
On this page
  • Allow users to access LAPS for their devices
  • Configure BranchCache for RJ packages
  • Configure DomainConnect for Legacy Domains
  • Configure RealmJoin release channel
  • Configure RealmJoin ESP
  • Allow downgrade of packages
  • AnyDesk Feature
  • ExecutionMonitor Feature
  • Notifier Feature
  • LocalAdminManagement Features
  • Weblinks for RealmJoin Tray
  • Access Restrictions
  • Various Toggles

Was this helpful?

Edit on GitHub
  1. User, Group and Device Management
  2. User and Group Settings

Available RealmJoin Policies

Last updated 1 month ago

Was this helpful?

The following article shows you a list of possible RealmJoin Client settings/policies. These can be configured and assigned per .

Allow users to access LAPS for their devices

Users may access different LAPS types for devices owned by visiting the RealmJoin portal.

Key

Allow.SelfLAPS

Value

"true"|"false"

or per account type

{
  "EmergencyAccount": true,
  "SupportAccount": true,
  "PrivilegedAccount": true
}

Configure BranchCache for RJ packages

This setting changes BranchCache mode for new clients.

Key BranchCache.Mode

Value

"Distributed"|"Undefined"

Configure DomainConnect for Legacy Domains

The following settings configure DomainConnect for legacy domains.

Key DomainConnect.CredentialName

Value

"RealmJoin (domain)"

Key DomainConnect.Domain

Value

"domain.contoso.net"

Key DomainConnect.NetBIOS

Value

"contoso"

Configure RealmJoin release channel

This setting changes the user's / user group's channel with the next update of the RealmJoin Client.

Key Environment.Channel

Value

"release" | "beta" | "canary"

Configure RealmJoin ESP

Change if the default reboot after initial RealmJoin agent installation.

Key

FirstRun.AfterSuccessAction

Value

"none" | "logoff" | "restart"

Change if the RJ ESP is displayed.

Key

FirstRun.DisableDeploymentScreen

Value

"true" | "false"

Show deployment screen on restricted or secure desktop.

Key

FirstRun.EnableSecureDesktop

Value

"true" | "false"

Allow downgrade of packages

Allows downgrade of already installed applications via auto upgrade, if the version number is changed. Applies to all packages assigned to group.

Key

SoftwarePackaging.AutoUpgradeCanDowngrade

Value

"true" | "false"

AnyDesk Feature

This setting enables or disables the AnyDesk feature.

Key Integration.AnyDesk

Value

{
"Enabled": true | false,
"BootstrapperUrl": "https://.../.../AnyDesk.exe"
}

ExecutionMonitor Feature

This setting enables or disables the ExecutionMonitor Feature.

Key Integration.ExecutionMonitor

Value

{
"Enabled": true | false,
"UpdateInterval": "08:00"
}

Notifier Feature

This setting enables or disables the Notifier feature and it also activates or deactivates the editor UI.

Key Integration.Notification

Value

{
"Enabled": true | false,
"SourceUrl": "URL_PROVIDED_BY_GK",
"FallbackCulture": "en"
}

LocalAdminManagement Features

Key LocalAdminManagement.Inactive

Value

false

Key LocalAdminManagement.CheckInterval

Value

"00:05"

Key LocalAdminManagement.EmergencyAccount

Value

{
    "MaxStaleness": "00:45",
    "NamePattern": "ADM-{HEX:4}",
    "Display": "Local Emergency Account",
    "PasswordCharSet": "1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz",
    "PasswordLength": 14
}

Key LocalAdminManagement.SupportAccount

{
    "MaxStaleness": "00:45",
    "NamePattern": "ADM-{HEX:4}",
    "DisplayName": "Local Support Administrator",
    "PasswordCharSet": "1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz",
    "PasswordLength": 14,
    "OnDemand": true | false
}

Weblinks for RealmJoin Tray

The following setting generates a weblink in the tray.

Key WebLinks

Value

[
  {
    "Name": "My Azure Account",
    "Target": "https://account.activedirectory.windowsazure.com/r/#/profile",
    "Platform": "any"
  },
  {
    "Name": "Outlook Web Access",
    "Target": "https://outlook.office365.com/owa/?realm=contoso.onmicrosoft.com",
    "Platform": "any"
  }
]

Access Restrictions

Currently only LAPS is supported

Key Restrict.LAPS

Value

{
  "Admin": [
    "11-cf35-49dd-a862-123123",
    "11-2ec2-47ee-8cb8-123123"
  ],
  "Supporter": [
    "23-cf35-49dd-a862-231"
  ],
  "Deny": []
}

Attach Restriction: keys of targeted user groups. This list is inclusive: Only the listed Admin and Support groups are allowed to use LAPS. Additionally user groups can be excluded from the list.

Various Toggles

This section shows you four policies for RealmJoin.

Key Policies.DisableNetworkLocationWizard

Value

true | false

Key Policies.RequireSecurityFeatures.BitlockerEnabled

Value

true | false

Key Policies.SetCurrentUserAdministrator

Value

true | false

Key Policies.SetTimeserver

Value

["time.windows.com", "time.apple.com", "pool.ntp.org"]

This section shows you all necessary settings for the LocalAdminManagement features. For more details about this feature read the .

user or group
Local Admin Password Solution article