Manual Chapter : About Windows Protected Workspace

Applies To:

Show Versions Show Versions

BIG-IP APM

  • 15.0.0
Manual Chapter

About Windows Protected Workspace

The Windows Protected Workspace action configures a temporary Windows user workspace for a session. This workspace contains temporary Desktop and My Documents folders. The protected workspace control deletes the temporary workspace and all of the folder contents at the end of the session.
The Windows Protected Workspace and the Windows Cache and Session Control actions are not compatible and should not be used in the same session.
Close Google Desktop Search
Specifies whether to close Google Desktop Search before starting protected workspace.
Allow user to temporarily switch from Protected Workspace
Specifies whether a user can switch from the protected workspace. When set to
Enabled
, the action provides a link so that the user can temporarily switch from the protected workspace.
Allow user to use printers
Specifies whether a user can use printers.
Allow write access to USB flash drives
Specifies whether a user can write from the protected workspace to USB flash drives:
  • Disabled
    does not allow users to write to any USB flash drives from the protected workspace.
  • All USB flash drives
    allows a user to write to any USB flash drive from the protected workspace.
  • Only IronKey Secure Flash Drives
    allows a user to write only to specialized, highly secured flash drives created by IronKey, Inc., from the protected workspace.
Allow user to burn CDs
Specifies whether a user can burn CDs from within the protected workspace.
Allow user to choose storage location
Specifies whether a user can choose the storage location for protected workspace files:
  • Enabled
    allows users to select a storage location.
  • Disabled
    stores files in the user's Document and Settings directory.
Enable persistent storage
Specifies whether data is saved on the system after the Protected Workspace session is closed:
  • Enabled
    allows users to save encrypted data from the Protected Workspace session on the local system after the session exits. The files are automatically decrypted and available in the next Protected Workspace session.
  • Disabled
    prevents users from storing Protected Workspace data in persistent storage.
Password protect new storage
Specifies whether the protected workspace requires a password to access data in persistent storage.
  • Enabled
    requires the user to set a password to access persistent storage data.
  • Disabled
    uses the default encryption and decryption, which is based on the server group name and storage device volume serial number.
Clean memory on exit from PWS
Specifies whether, upon exit, Protected Workspace tries to clean up the system paging file and RAM to remedy information leaks.
  • Enabled
    allows Protected Workspace to perform a cleanup. The cleanup procedure stresses the system and can considerably increase session cleaning time.
  • Disabled
    allows Protected Workspace to skip the cleanup.
Server group name
Specifies a group name for the server. This name is arbitrary, but limits persistent storage to that group name. For example, if a user connects to a protected workspace on a server with group name GroupA, and persistent storage is enabled, the user data is available when reconnecting to a server with the group nameGroupA. However, if the user then connects to a server with persistent storage enabled, and the server group name GroupB, persistent data from the GroupAProtected Workspace session is not available in the new session, and a new persistent storage is defined