You can open Permissions Manager from the Installation Customization Tool to lock down access. When you use this approach, the resulting .access files are automatically added to the correct directory in the package (MSI file).
NOTE:These files are not saved to your local machine. They are saved only in your MSI database. To make changes to these files, you will need to use the same approach to edit them as you used to create them. You’ll need to open the MSI file in the Installation Customization Tool and then open Permissions Manager from the tool.
To set user and group access with the Installation Customization Tool
From your administrative installation point, open the Installation Customization Tool from a shortcut or by typing the following command line:
<path_to_setup> \setup.exe /admin
In thedialog box, select .
On the left pane, select.
Under, select whether to install the settings to all users of a machine or only for the user who installs it.
NOTE:Only actions.access, application.access, and security.access files can be deployed to all users.
In the left pane, select.
NOTE:Under, the Permissions Manager displays groups of configurable items. These items are listed by their internal names, which may not exactly match the user interface item. The item's indicates whether the user can configure the item ( ) or if administrator assistance is required to configure the item ( ).
In thepane, select one of the .access options and click .
In Permissions Manager, under Document\Connection\TN3270Basic)., select the group of settings you want to control access to (for example,
In thebox, in the column for the item (or items) you want to restrict, click and then select from the drop down menu.
NOTE:The Accessibility drop down menu includes three items:
Full: All users can configure the item.
Restricted: Only administrators of the system can configure the item. These items have the Windows access shield added to their icons.
Read-only: No users of the system can configure the item. These items are grayed out.
Under, select how to control session file encryption:
To do this
Configure all sessions so that users can open only encrypted display session files.
Configure all sessions so that users can save a display session only if it is encrypted.
From themenu, choose and save the companion installer package.
If you selected .access file to [AppDataFolder] The full path of the Roaming folder for the current user. The default is C:\Users\username\AppData\Roaming\. \Micro Focus\Reflection\Desktop\v17.0.when you specified install locations, the companion installer package automatically specifies to deploy this
If you selected .access file to [CommonAppDataFolder] The full path to application data for all users. The default is C:\ProgramData. \Micro Focus\Reflection\Desktop\v17.0., it specifies to deploy the
Make sure to set file access rights on .access files to prevent users from deleting, replacing, or editing them.
To deploy files to the [AppDataFolder] The full path of the Roaming folder for the current user. The default is C:\Users\username\AppData\Roaming\. \Micro Focus\Reflection\Desktop\v17.0 folder, you will need to use a deployment tool that allows you to install the companion installer package as the user.
When accessing a setting via an API, such as executing a macro, a setting with restricted access cannot be modified. (When attempting to set a restricted setting via an API, an error is logged.)
Setting session encryption options in an *.access file affects only the associated session type. For example, limiting users to opening only encrypted session files in rd3x.access affects only 3270 terminal session files, and not 5250 session files.