Thanks to visit codestin.com
Credit goes to github.com

Skip to content

docs: add documentation for all policies #187

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
jackbuehner merged 1 commit into from
Nov 17, 2025
Merged

docs: add documentation for all policies #187

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions frontend/docs/(administration)/policies/alert-banners/index.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
---
title: $t{{ policies.App.Alerts.SignedInUser.title }}
nav_title: User and group folders
---

<PolicyDetails translationKeyPrefix="policies.App.Alerts.SignedInUser" open />
18 changes: 18 additions & 0 deletions frontend/docs/(administration)/policies/centralized-publishing/index.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
---
title: $t{{ policies.RegistryApps.Enabled.title }}
nav_title: Centralized publishing (registry)
---

Enable this policy to store published RemoteApps and desktops in their own collection in the registry. If you have RAWeb and RDWeb running on the same server or multiple installations of RAWeb, enabling the policy ensures that visibility settings for RemoteApps and desktops do not conflict between the installations.

This policy defaults to enabled, but older versions of RAWeb may have it disabled by default. If you are upgrading from an older version of RAWeb, you must enable this policy manually.

This policy must be enabled for RDP file property customizations to be available.

The TSWebAccess option in RemoteApp Tool only works when this policy is disabled.

The option to show the system desktop in the web interface and in Workspace clients is only available when this policy is enabled.

For instructions on managing published RemoteApps and desktops, see [Publish RemoteApps and Desktops](/docs/publish-resources/).

<PolicyDetails translationKeyPrefix="policies.RegistryApps.Enabled" open />
26 changes: 26 additions & 0 deletions frontend/docs/(administration)/policies/change-password/index.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
---
title: $t{{ policies.PasswordChange.Enabled.title }}
nav_title: Change passwords via RAWeb
---

RAWeb allows users to change their passwords directly through the web interface. This feature can be enabled or disabled based on your organization's policies.

Allowing password changes via RAWeb is particularly useful in environments where a user may have an expired password and is unable to sign in to RAWeb or connect to remote resources until they update their password.

<PolicyDetails translationKeyPrefix="policies.PasswordChange.Enabled" />

## Accessing the password change feature

When the password change feature is enabled, users will see the password change option in the following locations:

### Profile menu

Any signed in user can access the password change feature from their profile menu in the top-right corner of the RAWeb interface.

<img width="260" src="./profile-menu-change-password.webp" />

### Sign in

If a user's password has expired or an administrator has chosen to force a password change, they will be prompted to change their password directly from the sign-in screen.

<img width="504" src="./sign-in-password-expired.webp" />
Binary file added ...ocs/(administration)/policies/change-password/profile-menu-change-password.webp
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added ...nd/docs/(administration)/policies/change-password/sign-in-password-expired.webp
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
6 changes: 6 additions & 0 deletions frontend/docs/(administration)/policies/combine-alike-apps/index.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
---
title: $t{{ policies.App.CombineTerminalServersModeEnabled.title }}
nav_title: Combine alike apps
---

<PolicyDetails translationKeyPrefix="policies.App.CombineTerminalServersModeEnabled" open />
2 changes: 2 additions & 0 deletions frontend/docs/(administration)/policies/configure-aliases/index.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,8 @@ _Using `<add key="TerminalServerAliases" value="WIN-SGPBICA0161=Win-RemoteApp;"
3. Click **Configure aliases for terminal servers**.
4. In the dialog, set the **State** to **Enabled**. Under **Options**, click **Add** to add a new alias. For **Key**, specify the name of the server. For **value**, specify the alias you want to use. Click **OK** to save the alias(es).

<PolicyDetails translationKeyPrefix="policies.TerminalServerAliases" />

# Method 2: IIS Manager

1. Once RAWeb is installed, open **IIS Manager** and expand the tree in the **Connections pane** on the left side until you can see the **RAWeb** application. The default name is **RAWeb**, but it may have a different name if you performed a manual installation to a different folder. Click on the **RAWeb** application.
Expand Down
6 changes: 6 additions & 0 deletions frontend/docs/(administration)/policies/favorites/index.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
---
title: $t{{ policies.App.FavoritesEnabled.title }}
nav_title: Favorites
---

<PolicyDetails translationKeyPrefix="policies.App.FavoritesEnabled" open />
6 changes: 6 additions & 0 deletions frontend/docs/(administration)/policies/flatten-folders/index.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
---
title: $t{{ policies.App.FlatModeEnabled.title }}
nav_title: Flatten folders
---

<PolicyDetails translationKeyPrefix="policies.App.FlatModeEnabled" open />
6 changes: 6 additions & 0 deletions frontend/docs/(administration)/policies/fulladdress-override/index.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
---
title: $t{{ policies.RegistryApps.FullAddressOverride.title }}
nav_title: Override full address
---

<PolicyDetails translationKeyPrefix="policies.RegistryApps.FullAddressOverride" open />
6 changes: 6 additions & 0 deletions frontend/docs/(administration)/policies/hide-ports/index.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
---
title: $t{{ policies.App.HidePortsEnabled.title }}
nav_title: Hide ports
---

<PolicyDetails translationKeyPrefix="policies.App.HidePortsEnabled" open />
6 changes: 6 additions & 0 deletions frontend/docs/(administration)/policies/icon-backgrounds/index.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
---
title: $t{{ policies.App.IconBackgroundsEnabled.title }}
nav_title: Icon backgrounds
---

<PolicyDetails translationKeyPrefix="policies.App.IconBackgroundsEnabled" open />
6 changes: 6 additions & 0 deletions frontend/docs/(administration)/policies/inject-rdp-properties/index.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
---
title: $t{{ policies.RegistryApps.AdditionalProperties.title }}
nav_title: Additional RemoteApp properties
---

<PolicyDetails translationKeyPrefix="policies.RegistryApps.AdditionalProperties" open />
6 changes: 6 additions & 0 deletions frontend/docs/(administration)/policies/show-multiuser-names/index.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
---
title: $t{{ policies.Workspace.ShowMultiuserResourcesUserAndGroupNames.title }}
nav_title: User and group folders
---

<PolicyDetails translationKeyPrefix="policies.Workspace.ShowMultiuserResourcesUserAndGroupNames" open />
6 changes: 6 additions & 0 deletions frontend/docs/(administration)/policies/simple-mode/index.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
---
title: $t{{ policies.App.SimpleModeEnabled.title }}
nav_title: Simple mode
---

<PolicyDetails translationKeyPrefix="policies.App.SimpleModeEnabled" open />
25 changes: 25 additions & 0 deletions frontend/docs/(administration)/policies/user-cache/index.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
---
title: Configure the user cache
nav_title: User cache
---

## Enable the user cache

The user cache stores details about a user every time they sign in, and RAWeb will fall back to the details in the user cache if the domain controller cannot be reached. If RAWeb is unable to load group memberships from the domain, the group membership cached in the user cache is used instead.

For domain-joined Windows machines, when the user cache is enabled and the domain controller cannot be accessed, the authentication mechanism will populate RAWeb's user cache with the [cached domain logon information](https://learn.microsoft.com/en-us/troubleshoot/windows-server/user-profiles-and-logon/cached-domain-logon-information) stored by Windows, if available. By default, Windows caches the credentials of the last 10 users who have logged on to the machine.

RAWeb's mechanism for verifying user and group information may be unable to access user information if the machine with RAWeb is in a domain environment with one-way trust relationships. In such environments, if the domain controller for the user's domain cannot be reached, RAWeb will only be able to populate the user cache upon initial logon.

When the `UserCache.Enabled` appSetting (policy) is enabled, a SQLite database is created in the App_Data folder that contains username, full name, domain, user sid, and group names and sids.

<PolicyDetails translationKeyPrefix="policies.UserCache.Enabled" />

## Leverge the user cache for faster load times

The user cache also improves the time it takes for RAWeb to load user details. When the user cache is enabled, RAWeb will use the cached user details while it revalidates the details in the background. This can significantly improve performance in environments with a large number of groups or slow domain controllers.

By default, RAWeb will use the cached user details for up to 1 minute before requiring revalidation. This duration can be adjusted using the `UserCache.StaleWhileRevalidate` policy. \
If RAWeb is unable to revalidate the user details (for example, if the domain controller is unreachable), it will continue to use the cached details until revalidation is successful.

<PolicyDetails translationKeyPrefix="policies.UserCache.StaleWhileRevalidate" />
20 changes: 12 additions & 8 deletions frontend/docs/(administration)/publish-resources/index.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -152,15 +152,19 @@ See [Configuring user-based and group‐based access to resources](/docs/publish
RAWeb allows you to customize most RDP file properties for managed resources. This allows you to optimize the experience for individual RemoteApps and desktops.

<InfoBar severity="caution">
Properties will be ignored and possibly overwritten for any properties specified in the policy: <b>Add additional RDP file properties to RemoteApps listed in the registry</b>.

Properties will be ignored and possibly overwritten for any properties specified in the policy: [Add additional RDP file properties to RemoteApps listed in the registry](/docs/policies/inject-rdp-properties/).

</InfoBar>

1. Navigate to **Policies**.
2. At the top of the **Policies** page, click **Manage resources** to open the RemoteApps and desktops manager dialog.
3. Click the RemoteApp for which you want to configure RDP file properties.
4. In the **Advanced** group, click the **Edit RDP file** button.
<InfoBar severity="attention">
If you do not see the <b>Edit RDP file</b> button, make sure the <b>Use a dedicated collection for RemoteApps in the registry instead of the global list </b> policy is set to <b>Disabled</b> or <b>Not configured</b>.

If you do not see the **Edit RDP file** button, make sure the [Use a dedicated collection for RemoteApps in the registry instead of the global list](/docs/policies/centralized-publishing/) policy is set to **Disabled** or **Not configured**.

</InfoBar>
5. You will see a dialog where you can edit supported RDP file properties. Properties related to settings that are available in the main RemoteApp properties dialog are disabled in this dialog. If you want to test the properties before you save them, click the **Download** button to download a test RDP file.\
<img width="580" alt="" src="./rdp-file-properties-editor.webp" />
Expand All @@ -183,7 +187,9 @@ RAWeb allows you to customize most RDP file properties for managed resources. Th
RAWeb can publish RDP files from `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\TSAppAllowList\Applications`. Only applications with the `ShowInTSWA` DWORD set to `1` will be published. This behavior is not the preferred method of adding registry RemoteApps, and support may be removed in a future release. Use the RemoteApps and desktops manager in RAWeb's web interface instead.

<InfoBar severity="attention" title="Policy configuration required">
You must set the <b>Use a dedicated collection for RemoteApps in the registry instead of the global list </b> policy to <b>Disabled</b> in order for RAWeb to publish RemoteApps from the registry path <code>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\TSAppAllowList\Applications</code>.

You must set the [Use a dedicated collection for RemoteApps in the registry instead of the global list](/docs/policies/centralized-publishing/) policy to **Disabled** in order for RAWeb to publish RemoteApps from the registry path `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\TSAppAllowList\Applications`.

</InfoBar>

Use [RemoteApp Tool](https://github.com/kimmknight/remoteapptool) to add, remove, and configure RemoteApps in the registry.
Expand Down Expand Up @@ -216,7 +222,9 @@ Publishing the host system desktop also makes it easy to access any application
</InfoBar>

<InfoBar severity="attention" title="Policy configuration required">
If you do not see the host system desktop in the resources manager, make sure the <b>Use a dedicated collection for RemoteApps in the registry instead of the global list </b> policy is set to <b>Disabled</b> or <b>Not configured</b>.

If you do not see the host system desktop in the resources manager, make sure the [Use a dedicated collection for RemoteApps in the registry instead of the global list](/docs/policies/centralized-publishing/) policy is set to **Disabled** or **Not configured**.

</InfoBar>

To publishing the host system desktop, follow these steps:
Expand Down Expand Up @@ -276,7 +284,3 @@ RAWeb uses standard Windows security descriptors when determining user access to
#### Use folder-based permissions

You can optionally provide different RemoteApps and desktops to different users based on their username or group membership via **App_Data\multiuser-resources**. See [Configuring user and group access via folder-based permissions](/docs/publish-resources/resource-folder-permissions/#multiuser-resources).

<script setup>
import { InfoBar } from '$components';
</script>
1 change: 1 addition & 0 deletions frontend/lib/components/NavigationView/TreeView.vue
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -283,6 +283,7 @@
.tree-view :deep(.tree-view) {
flex-grow: 0;
flex-shrink: 0;
overflow: unset;
}

hr {
Expand Down
29 changes: 29 additions & 0 deletions frontend/lib/components/PolicyDetails/PolicyDetails.vue
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
<script setup lang="ts">
import { TextBlock } from '$components';
import { useTranslation } from 'i18next-vue';
import { computed } from 'vue';

const { translationKeyPrefix, translationLang = 'en-US' } = defineProps<{
translationKeyPrefix: string;
translationLang?: string;
initialOpen?: boolean;
}>();

const { t } = useTranslation(undefined, { lng: translationLang, keyPrefix: translationKeyPrefix });
const title = computed(() => t('title'));
const description = computed(() => t('help'));
</script>

<template>
<details :open="initialOpen">
<summary>Policy details in RAWeb</summary>

<p><TextBlock variant="bodyStrong">Policy title:</TextBlock> {{ title }}</p>

<p>
<TextBlock variant="body" style="white-space: break-spaces; overflow-wrap: anywhere">
<TextBlock variant="bodyStrong">Policy description:</TextBlock> {{ description }}
</TextBlock>
</p>
</details>
</template>
2 changes: 2 additions & 0 deletions frontend/lib/components/index.mjs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ import { default as NavigationRail } from './Navigation/NavigationRail.vue';
import { default as NavigationPane } from './NavigationView/NavigationPane.vue';
import { default as TreeView } from './NavigationView/TreeView.vue';
import { default as PickerItem } from './PickerItem/PickerItem.vue';
import { default as PolicyDetails } from './PolicyDetails/PolicyDetails.vue';
import { default as PolicyDialog } from './PolicyDialog/PolicyDialog.vue';
import { default as ProgressRing } from './ProgressRing/ProgressRing.vue';
import { default as RadioButton } from './RadioButton/RadioButton.vue';
Expand Down Expand Up @@ -43,6 +44,7 @@ export {
NavigationPane,
NavigationRail,
PickerItem,
PolicyDetails,
PolicyDialog,
ProgressRing,
RadioButton,
Expand Down
26 changes: 23 additions & 3 deletions frontend/lib/docs-entry.dist.mjs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,9 +4,12 @@ import { createApp, reactive } from 'vue';
import { createRouter, createWebHistory } from 'vue-router';
import NotFound from './404.vue';
import Documentation from './Documentation.vue';
import i18n from './i18n.ts';
import i18n, { i18nextPromise } from './i18n.ts';
import { useCoreDataStore } from './stores/index.mjs';

const app = i18n(createApp(Documentation));
const t = await i18nextPromise;

/** @type {Record<string, Record<string, unknown>>} */
const docsPages = import.meta.glob('../docs/**/*.md', { eager: true });

Expand All @@ -17,6 +20,23 @@ const docsMarkdownRoutes = await Promise.all(
name = 'index';
}

// if the frontmatter contains $t, look for translation keys and replace them
if (frontmatter) {
for (const [key, value] of Object.entries(frontmatter)) {
if (!value || typeof value !== 'string' || !value.includes('$t{{')) {
continue;
}

// the $t{{ some.key }} syntax may appear multiple times in a string,
// so extract and replace all matches
const regex = /\$t\{\{\s*([^\}]+)\s*\}\}/g;
frontmatter[key] = value.replaceAll(regex, (_, translationKey) => {
const translation = t(translationKey.trim(), { lng: 'en-US' });
return translation;
});
}
}

return {
path:
'/docs/' +
Expand Down Expand Up @@ -63,7 +83,6 @@ const router = createRouter({
}
}

console.log(to.hash);
// scroll to the hash if it exists
if (to.hash) {
// wait for the element to exist before scrolling
Expand Down Expand Up @@ -158,10 +177,11 @@ router.afterEach((to) => {
const pinia = createPinia();
await useCoreDataStore(pinia).fetchData(); // fetch core data before mounting the app

const app = i18n(createApp(Documentation));
app.use(pinia);
app.use(router);
app.component('CodeBlock', (await import('$components')).CodeBlock);
app.component('PolicyDetails', (await import('$components')).PolicyDetails);
app.component('InfoBar', (await import('$components')).InfoBar);
app.provide('docsNavigationContext', docsNavigationContext);

app.directive('swap', (el, binding) => {
Expand Down
4 changes: 2 additions & 2 deletions frontend/lib/public/locales/en.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -153,7 +153,7 @@
},
"RegistryApps.FullAddressOverride": {
"title": "Override the full address for generated RDP files for RemoteApps listed in the registry",
"help": "Replace the default 'full address' in generated RDP files for registry RemoteApps. By default, the 'full address' is formed by the terminal server's IPv4 address and RDP port. \n\nIf enabled, the 'full address' will be set to the value of the origin option. \n\nIf disabled or not configured, the full address will not be changed from the default.\n\nThe origin option should be a well-formed origin, such as https://example.com:3389. The port is optional, and if not specified, the default RDP port (3389) will be used by most clients. \n\nThis option is useful when the terminal server is behind a reverse proxy or should be accessed via a specific hostname or IP address."
"help": "Replace the default 'full address' in generated RDP files for managed RemoteApps. By default, the 'full address' is formed by the terminal server's IPv4 address and RDP port. \n\nIf enabled, the 'full address' will be set to the value of the origin option. \n\nIf disabled or not configured, the full address will not be changed from the default.\n\nThe origin option should be a well-formed origin, such as https://example.com:3389. The port is optional, and if not specified, the default RDP port (3389) will be used by most clients. \n\nThis option is useful when the terminal server is behind a reverse proxy or should be accessed via a specific hostname or IP address."
},
"RegistryApps.AdditionalProperties": {
"title": "Add additional RDP file properties to RemoteApps listed in the registry",
Expand All @@ -177,7 +177,7 @@
},
"App.Alerts.SignedInUser": {
"title": "Configure alerts or announcements at the top of every route for signed-in users",
"help": "Configure custom alerts to be displayed at the top of the web client. \n\nIf enabled, alerts will be shown to users if they are sign in. \n\nIf disabled or not configured, no alerts will be shown. \n\nAlerts may contain a title, message, and hyperlink. Multiple alerts may be displayed. The link will appear at the end of the alert message on a new line and will open in a popup window or new tab. The link will not appear unless the text and URL are specified."
"help": "Configure custom alerts to be displayed at the top of the web client. \n\nIf enabled, alerts will be shown to users if they are signed in. \n\nIf disabled or not configured, no alerts will be shown. \n\nAlerts may contain a title, message, and hyperlink. Multiple alerts may be displayed. The link will appear at the end of the alert message on a new line and will open in a popup window or new tab. The link will not appear unless the text and URL are specified."
}
},
"wiki": {
Expand Down