หน้านี้ยังไม่พร้อมใช้งานในภาษาท้องถิ่นของคุณ เรากำลังพยายามอย่างหนักเพื่อเพิ่มเวอร์ชันภาษาอื่น ๆ เพิ่มเติม ขอบคุณสำหรับการสนับสนุนเสมอมา
- Product Bulletin
- Function Overview
- Service Overview
- Getting Started
-
User Guide (End Users)
- Getting to Know Workspace
- Introduction to Terminals
- Logging In to a Desktop Using an SC
- Logging In to a Desktop Using a TC
- Logging In to a Desktop Using a Mobile Terminal (Android)
- Desktop Assistant
- Changing the Login Password
- Forbidden Operations
- Configuring Dual-Screen Display
- Common Function Configuration
- Change History
-
User Guide (Administrators)
- Overview
-
Desktops
- Managing Desktops
- Collaborative Desktops
- Assigning Desktops
- Unbinding a User
- Viewing Desktops That Fail to Be Created
- Modifying Specifications
- Recomposing a System Disk
- Adding a Disk
- Expanding the Disk Capacity
- Deleting a Disk
- Managing Tags
- Converting a Desktop to an Image
- Configuring a Desktop Network
- Changing the Desktop Billing Mode
- Renewing a Yearly/Monthly-Billed Desktop
- Unsubscribing from a Desktop
-
Desktop Pools
- Managing Desktop Pools
- Viewing Desktops That Fail to Be Created in the Desktop Pool
- Modifying Specifications
- Adding a Desktop to a Desktop Pool
- Recomposing a System Disk
- Adding Disks
- Expanding the Disk Capacity
- Deleting Disks
- Creating an Image
- Adding Users or User Groups
- Removing Users or User Groups
- Renewing a Yearly/Monthly-Billed Desktop Pool
- Unsubscribing from a Desktop Pool
- Users
- User Groups
- Policy Management
- OU Management
-
Tenant Configuration
-
Basic Configuration
- Configuring an AD Domain
- Configuring AD Domain Certificate Authentication
- Changing the Domain Administrator Password
- Modifying Domain Configurations
- Changing the Internet Access Mode
- Changing the Service Subnet
- Canceling a Service
- Reactivating a Service
- Configuring Whether to Block Notification Emails for Desktop Unsubscription or Deletion
- Multiple VPCs for Workspace
- VPC Sharing for Workspace
- Enabling NAT Mapping for Direct Connect
- Configuring User Log Collection
- Upgrading Client and VM Components and Rotating Authentication Credentials
- Other
- Authentication Configuration
- Other
-
Basic Configuration
- Internet Access Management
- Monitoring and Analysis
- Tasks
- O&M
- Application Center
- Private Images
- Permission Management
- Data Backup and Restoration
- Common Function Configuration
- Monitoring
- Subscribing to an Event
- Change History
- Best Practices
-
FAQs
-
FAQs for Administrators
- What Are the Features and Advantages of Workspace?
- How Is Workspace Charged?
- How Do I Check My Quotas?
- How Do I Increase My Quotas?
- How Do I Add a Disk?
- How Do I Connect the Desktop to a Local Printer?
- How Do I Connect the Desktop to a Network Printer?
- How Do I Do If the Desktop Fails to Connect to the AD?
- Can I Change the User Authentication Mode of the Desktop?
- How do I Enable LDAPS on the AD Server?
- How do I Export the Root Certificate of an LDAPS-enabled AD server?
- What If I Fail to Purchase a Desktop?
- How Do I Do If the Functions of Purchasing a Desktop, Creating a User, Creating a Policy, and Enabling the Internet are Unavailable?
- Can I Use Private Images to Purchase Desktops?
- How Many Private Images Can Be Created on Workspace at Most?
- What Are the Network Requirements for Logging In to Desktops?
- How Do I Do If My Desktop Cannot Access the Internet?
- How Do I Configure Workspace to Access the Internet?
- How Do I Configure Workspace to Access the Enterprise Intranet?
- How Do I Enable the Internet on Other Cloud Service Pages?
- How Do I Copy Files Between a Desktop and a Local Storage Device?
- What If I Lost the Administrator Password?
- How Does an Administrator Unlock an End User Account?
- How Do I Do If an End User Fails to Log In to a Desktop?
- How Do I Back Up and Restore a Desktop?
- How Do I Do If a Message Is Displayed Indicating Duplicate Policy Names During Policy Import?
- How Do I Do If a User Cannot Be Bound to a Client Using the Dynamic Verification Code of the Previously Bound MFA Device?
- How Do I Do If the Message "Insufficient permissions for the IAM account. Security Administrator permissions required." Is Displayed When I Enable an Agency?
- How Do I Do If a User Does Not Receive an Email for Creating a Desktop or Assigning a User?
- How Do I Add Resources to or Remove Resources from an Enterprise Project After Purchasing Workspace?
- Why Can't I Start a Pay-per-Use Cloud Desktop?
- How Do I Enable IPv6 on Workspace?
- How Do I Enable RDP on Workspace?
- How Do I Configure Security Group Rules When Using a Custom Security Group?
-
FAQs for End Users
-
Desktop Usage Issues
- How Do I Do If the Desktop Freezes?
- How Do I Do If the Disk Space Is Insufficient?
- How Do I Enter the CLI Mode?
- How Do I Do If My Desktop Cannot Connect to the Internet?
- Do Cloud Desktops Support Personalized Settings?
- How Do I Take a Screenshot?
- How Do I Do If the Printer Cannot Be Used?
- What If I Can't Use Network Printers on Workspace?
- How Do I Download the Software?
- How Do I Do If Data Disks of a Windows Desktop Cannot Be Found After Recomposing the System Disk?
- What Do I Do If I Cannot Copy Files Between a Desktop and a Local Storage Device?
- How Do I Do If the Desktop Screen Cannot Be Adapted?
- How Do I Do If I Cannot Receive an Email for Creating a Desktop or Assigning a User?
- How Do I Manually Configure Time Synchronization on a Windows Desktop?
-
Login Issues
- How Do I Do If I Forget the Password?
- What If the Account Is Locked?
- What Devices Can Be Used to Log In to a Desktop?
- What If I Fail to Log in to a Desktop?
- How Do I Do If I Cannot Pass Multi-Factor Authentication?
- How Do I Do If the System Displays a Message Indicating that the Login Fails Due to Policy Restrictions?
- Terminal Binding Problems
-
OS Issues
- Can I Update the Desktop OS?
- What OSs Can Run on Workspace?
- Which Software Cannot Be Uninstalled?
- Which Files Cannot Be Deleted?
- Which Software Cannot Be Upgraded?
- Which Ports Cannot Be Deleted?
- Which Commands Cannot Be Executed?
- How Do I Query the System Information?
- Is There Any Help Document for OSs?
-
Desktop Usage Issues
- Change History
-
FAQs for Administrators
- SDK Reference
-
API Reference
- Before You Start
- Overview
- Calling APIs
-
Workspace APIs
- Huawei Cloud Workspace
-
Desktop
- Creates a desktop.
- Queries desktops.
- Deletes one desktop.
- Queries details about one desktop.
- Deletes desktops in batches.
- Deregistering Desktops in Batches
- Queries the desktop details list.
- Performs operations on the desktop.
- Modifies specifications.
- Rebuild a Desktop
- Query the Desktop Network
- Switching a Desktop Network
- Desktop Statistics
- User
- User Group
- Disk
- Connection information
- Access policy
- Product Packages
- Authentication configuration
- Quota
- Image
- AZ
- Desktop Tag
- Task.
- Network
-
Binds a terminal to a desktop.
- Queries the configuration of the switch for binding a terminal to a desktop.
- Configures the switch for binding a terminal to a desktop.
- Queries terminal-desktop binding configurations.
- Adds a terminal-desktop binding configuration.
- Modifies a terminal-desktop binding configuration.
- Deletes a terminal-desktop binding configuration.
- Appendix
- Change History
-
User Guide (Application Streaming)
- Overview
-
Administrator Operation Guide
- Operation Procedure
- Logging In to the Workspace Application Streaming Console
- Enabling the Service
- Creating a User
- Applications and Images
- Server Groups
- Application Groups
- User Management
- Policy Groups
- Monitoring Analysis
- OU Management
- Application Internet Access Management
- Upgrading Protocol Components
- Scheduled Tasks
- Storage
- Tenant Configuration
- Private Images
- Configuring Personalized Data
- Subscribing to an Event
- Permissions Management
- Configuring Common Functions
-
FAQs
- What Is the Relationship Between Workspace Application Streaming and Workspace?
- What Types of Applications Can Be Published?
- What Can I Do If an Application Fails to Be Published?
- How Do I Deploy a Windows AD Server?
- How Do I Deploy an RD Licensing Server?
- How Do I Configure RDS Licensing and Security Policies?
- How Do I Create a User OU on the AD Server?
- How Do I Create a User Group on the AD Server?
- How Do I Create a User on the AD Server?
- How Do I Configure Network Connection Between Workspace Application Streaming and the Windows AD?
- How Do I Log in to an APS?
- How Do I Purchase the NAT and EIP Services to Enable Cloud Applications to Be Accessed Through the Internet?
- How Do I Check My Quotas?
- How Do I Increase My Quotas?
- How Do I Do If the Application Operation Page Has Black Borders and Cannot Be Moved?
- How Do I Do If an End User Fails to Log In to a Cloud Application?
- How Do I Reset a User Password?
- How Do I Do If I Fail to Add a Computer Back to the Domain?
- How Do I Add an ECS to the Domain of an APS?
- How Do I Use the GPO Group Policy to Make a Domain User Become a Local Administrator of a PC?
- How Do I Install Sandbox Software?
- How Do I Do If There Is No Sound or the Screen Is Frozen While There Is Sound When Using Google Chrome or Bilibili Player for Video Playback?
- How Do I Do If the Window Cannot Be Dragged When the Sandbox Application Is Started?
- RD License Server Fails to Be Added to the AD domain
- Error Code 6030/6047 Reported When Accessing a Shared Desktop Application
- File Resources on the APS Cannot Be Automatically Refreshed During Workspace Application Streaming Operations
- How Do I Update or Add an Application?
- How Do I Authorize an IAM User to Use Workspace Application Streaming?
- How Do I Calculate the Number of Concurrent Sessions of a Cloud Application?
- What If I Can't Open a Cloud Application?
-
Terminal User Operation Guide
- Process
- Using an Application on a Soft Client
- Using an Application on a Thin Client
-
FAQs
- How Do I Do If the Cloud Application Cannot Be Used?
- How Do I Do If I Cannot View Cloud Applications on Desktops?
- How Do I Do If I Forget the Password?
- How Do I Do If the Account is Locked?
- How Do I Do If I Fail to Log In to the Client?
- How Do I Enable a Local Storage Device to Copy Files to an APS?
- How Do I Recover Important Files and Documents from the Sandbox to the Local Computer?
- How Do I Delete a Sandbox?
- How Do I Remove the Yellow Border of an Application After the Sandbox Application Is Started?
- Change History
- General Reference
Show all
Copied.
How Do I Configure RDS Licensing and Security Policies?
Scenarios
This section describes how to configure RDS licensing and security policies on the AD domain server by setting group policies.
After VMs are added to an application group, you need to configure the RDS service authorization function of the APS on the AD domain server to ensure that users obtain RDS service authorization of the RD Licensing server when accessing applications published by the APS. Otherwise, users cannot use remote applications after a trial period of 120 days.
Before publishing applications on the APS, harden the security by configuring security policies of the APS to ensure secure access of authorized users.
Prerequisites
- You have logged in to the AD domain server as an administrator.
- You have obtained RDS service licensing options and security policies.
Data
Table 1 lists the data to be obtained.
|
Parameter |
Description |
Example Value |
|---|---|---|
|
Name |
Identifies an APS organization unit (OU) in the cloud application scenario. |
SBCOU |
|
Name of the group policy |
Identifies a group policy of the APS. The name consists of digits, letters, and underscores (_), and cannot exceed 30 characters. |
SBCGRP |
|
IP address of the license server to use |
Specifies the server that provides the RDS service licensing function to the APS, that is, the RD Licensing server. |
192.168.1.60 |
Procedure
Creating an APS OU
In the cloud application scenario, control authorization and configure security policies for the APS by configuring group policies. In this case, an independent OU must be created for the APS.
- On the active AD domain server, choose
> Administrative Tools > Active Directory Users and Computers.
NOTE:
This section uses a Windows AD domain server running Windows Server 2016 as an example to describe the configuration procedure.
The Active Directory Users and Computers window is displayed.
- In the navigation pane, right-click a domain name and choose New > Organizational Unit.
The New Object-Organizational Unit dialog box is displayed.
- Enter the name of the application virtualization OU to be created, for example, SBCOU, and click OK.
- Add the APS to the new OU.
Creating an APS group policy
- On the active AD domain server, click
.
The Windows PowerShell dialog box is displayed.
- Enter gpmc.msc to open the Group Policy Management window.
- Right-click the selected OU and choose Create a GPO in this domain, and Link it here.
- In the displayed dialog box, enter the group policy name, for example, SBCGRP.
- Click OK.
Configuring the RDS service licensing function of the APS
- Right-click the new group policy and choose Edit from the shortcut menu.
The Group Policy Management Editor window is displayed.
- In the navigation pane, choose Computer Configuration > Policy > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Licensing.
- In the Licensing area, right-click Use the specified Remote Desktop license servers and choose Edit.
The Use the specified Remote Desktop license servers dialog box is displayed.
- Set parameters as shown in Figure 1, and click OK.
- In the Licensing area, right-click Set the Remote Desktop licensing mode and choose Edit.
The Set the Remote Desktop licensing mode dialog box is displayed.
- Set parameters as shown in Figure 2, and click OK.
NOTICE:
Security policies are mandatory if users have specific security requirements.
For the APS, two security policies are available. Table 2 provides the specific operations and application scenarios of the two security policies.
|
Security Policy |
Operation |
Scenario |
|---|---|---|
|
Common office mode |
|
Scenarios that require the advantages of cloud applications for efficient office and that do not require high security. |
|
Security isolation mode |
|
Scenarios that have high security requirements and must strictly control application and session rights |
- Right-click the new group policy and choose Edit from the shortcut menu.
The Group Policy Management Editor window is displayed.
- Set an APS security policy for common office or security isolation mode. For details about how to configure security policies of the APS, see the following file.
Submit a service ticket for technical support of security policies.
- The following uses the Prohibit access to the Control Panel policy as an example to describe how to configure security policies.
- In the navigation pane of the Local Group Policy Management Editor window, choose User Configuration > Policies > Administrative Templates > Control Panel.
- In the right pane, right-click Prohibit access to the Control Panel and choose Edit.
- Select Enabled and click OK.
Denying Apply group policy to the APS domain account
- In the navigation pane of the Group Policy Management window, choose Forest:Domain name > Domains > Domain name > APS OU > Group policy name.
NOTE:
The APS group policy has been created in Creating the APS group policies, for example, SBCGRP.
The Group Policy Management Console dialog box is displayed.
- Click OK.
The APS group policy is displayed in the right pane.
- Click the Delegation tab and then click Add.
The Select User, Computer, or Group dialog box is displayed.
NOTE:
This policy applies to all users by default. You need to deny this policy to the APS domain account to facilitate the APS maintenance.
- Enter the APS domain account and click Check Names.
The queried domain account is displayed.
- Click OK.
The Add Group or User dialog box is displayed.
- Grant the Read permission for a group or user, and click OK.
The APS group policy window is displayed.
- Click Advanced.
The Group policy name Security Settings dialog box is displayed.
- Select the APS domain account, and select Deny in Apply group policy, as shown in Figure 3.
- Click Apply.
The Windows Security window is displayed.
- In the displayed dialog box, click Yes.
- Click OK.
Refreshing the policy
- Click
.
The Windows PowerShell dialog box is displayed.
- Run the following command to refresh the policy:
gpupdate /force
- Press Enter. The task is complete.
If the following information is displayed, the policy is successfully refreshed:
Updating Policy... User Policy update has completed successfully. Computer Policy update has completed successfully.
NOTE:
- Other component servers will synchronize the new policy. The synchronization mechanism determines the specific synchronization time.
- The new policy is synchronized after component servers are restarted.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
