To open the Settings window, click the Application button in the upper left hand of Goverlan and select General Settings.
Database Settings
The Goverlan Reach Operator Console requires a database back-end. By default, a file-based database will be used. However, you can change it to an MS-SQL server of your choice.
See: Database Configuration – Operator Side
Network Security
- Validate System Name before connecting – Enable to validate the system name reported by the machine versus the system name resolved by DNS.
- Use this option if you have DNS resolution issues and want Goverlan to confirm that you are connected to the correct machine.
- Do not use this option if you use DNS CNAME Aliases.
- Always test connectivity before connecting to a machine – Enable to have Goverlan ping a device before attempting to connect to it. If the ping fails, the machine is considered unreachable.
- Enable to avoid long connection time-out if a machine is offline.
- Configure the latency value to take into consideration your network topology.
- Disable if your firewall blocks ICMP requests.
- Resolve IP addresses to NetBIOS names – Enable to have Goverlan automatically resolve an IP address to a NetBIOS name when appropriate. Disable to prevent Goverlan from resolving IP addresses.
- Convert computer names to DNS names – Enable to have Goverlan automatically convert a computer name to its DNS name. This feature may use reverse name resolution. Disable this option if some machine names are resolved to incorrect DNS names.
Alternate Credentials
Goverlan can automatically prompt you for alternate credentials if you are executing an action with a user account which doesn’t hold enough privileges to complete it. To enable this feature, check Automatically prompt for alternate credentials.
If Microsoft LAPS is implemented in your Active Directory, check the Enable Microsoft LAPS Support option.
You can use the Credential Manager to view, modify, add or delete alternate credentials.
For more information, see the Using Alternate Credentials in Goverlan.
Goverlan Reach Server
The Goverlan Reach Server(GRS) settings section can be used to view the detection status of your Goverlan Reach Server. This section displays the detected Goverlan Reach Server and method of detection (DNS Zone or GPO).
Remember that a DNS SRV configuration takes precedence over a GPO configuration, so if both exist, you will not see the GPO configured servers, only the DNS configured server.
If neither a DNS nor GPO configuration is detected, Goverlan will allow you to enter a GRS configuration manually. This is allowed in the event you are using Goverlan outside of your primary DNS zone and wish to still connect to a GRS.
- Refresh – Detects/Refreshes Goverlan Reach Server Configuration/Status.
- Manually add a server – Gives you the ability to add a Goverlan Reach Server manually. Format: MY-GRS-SERVER.mycorp.com:PORT (Default Port is 22100). **Appears when a GRS is not detected.
- Delete – Deletes any highlighted Goverlan Reach Server in the list.
- Open Server Tester – Opens the Goverlan Reach Server Tester utility.
Reach Gateway Service
These are the settings used to point your console to the in-house Goverlan Reach Gateway Service.
These settings are usually automatically populated by policies. However, they can be manually configured if Global Policies are not used.
- Name of this Organization
Enter the name of your organization in this field (for instance ‘Corp XYZ, Inc.’). This name will be used during On-Demand Support Sessions to brand the package for the remote client. Its also used as the default Reach container for corporate clients that are connected from outside of your private network. - Public Facing Reach Address
Enter the Public DNS Name exposed to the public-facing side of your network(or IP address if no Public DNS name is available), as well as the port number to be used for communication. It is strongly recommended to associate an identity certificate to your Reach public-facing address. See: Goverlan Reach Gateway Security. - Private Facing Reach Address
Enter the FQDN or IP address of the local server, as well as the port number to be used for communication. This address will be used by Goverlan Reach Operator Consoles and Client Agents within your network to communicate with the Reach Server.
For security reasons, Goverlan Operators can only use Reach Services when connected on the same network as the Private Facing Reach Address.
Client Agents
Communication Port – Modify the TCP socket port used by Goverlan to communicate with the Goverlan Agents on a remote machine.
Agent Installation Policy / Update Policy
Configure the behavior to adopt when Goverlan establishes a connection to a remote machine which is not equipped with the Goverlan Agents or is equipped with a different version of the Goverlan Agents.
Agent Install and Update policies are in two main categories.
- If the agent must be INSTALLED – This policy will take effect if the Reach Console does not detect an agent on the remote system.
- If the Agent can be UPDATED – This policy will take effect if the Reach Console encounters a system with a different version of the agent.
Agent Deployment for MacOS – Enable this setting if you are managing MacOS endpoints and would like to push agents to them. For more information See Goverlan Reach MacOS Client Agent.
These settings may be controlled by a Goverlan Reach Server policy. See Goverlan Policy Management
For more information, see Goverlan Client Agent Deployment and Management.
Intel vPro Settings
Use these settings if you have Intel vPro workstations on your network.
- Some machines use TLS – Enable this setting if you are using TLS in your network but not all are configured to authenticate with TLS. NOTE: These settings are not necessary if your organization has an Enterprise Certificate Authority system in place.
- Trusted Root Certificate Authority – Use this setting to import a certificate to the Windows Certificate Store for use with Intel vPro workstations.
- Remote Client Certificate – Import a PEM format certificate with optional password.
- HTTP/SOCKS Proxy Settings – If you are behind a proxy and need to connect to Intel vPro workstations, supply the credentials here.
See Configuring Goverlan for Intel vPro for more information
Application Directories
These are the directories used by the Goverlan Application. Make sure that the configured directories are accessible and can be written into by Goverlan.
- Application Data – Defines the directory used by Goverlan to store Application Data like Scope Actions.
- Output Data – Defines the directory used by Goverlan to store output data files. For instance, this path is used as the default location to store Scope Action report and log files.
- Temporary Data – Defines the directory used by Goverlan to store temporary data files.
Active Directory
- Enable Active Directory Integration – Enable if you have one or more Active Directory forest that you wish to manage. Disable if no Active Directory is available at your site (note that disabling this option will remove Users & Groups management)
- Sort Active Directory result sets – When you query the objects contained within an Active Directory container, they are returned in the order they were created. Enable this option to have the result set sorted before it is displayed. NOTE:
For some network configurations, enabling sorting will result in failed attempts when listing objects in an active directory container. In such cases, disable this option.
- Object Query Page Size – If your Active Directory Containers contain large number of objects, increase this value to speed-up opening these containers. This value should be set to about 1/10th of the total number of objects in the largest container of your domain.
- Open the Forest Manager – If Goverlan is installed on a stand-alone machine, or if multiple active directory forests exist, you can configure Goverlan to bind to individual AD hierarchy using the Goverlan AD Forest Selector.For more information, see Managing Multiple Domains and Forests.
Administration & Diagnostic
User Management Settings
- Allow Goverlan to store data in user’s roaming profiles
- Enable if you do not have a Goverlan Reach Server implemented, and if your user accounts are configured with a roaming profile.
- Disable if you have a Goverlan Reach Server implemented.
- Enable DFS shares detection – Enable if your users are configured with a roaming profile path which points to a DFS share.
See: Workstation Detection with fastConnect
Computer Management Settings
- Query and display OS information for visible machines
When using the Computers view, Goverlan sends a small network call to all machines visible in the view to query its status and OS information (see Managing Computers – Overview). To prevent Goverlan from querying information on all visible computer objects, disable this option.NOTE:If you disable this option, the status and OS information of remote machines are not displayed.
- Live Machine Status
If enabled, machine dynamic information (Ping status, Logged in username) is reported live, removing the need to press the Refresh List button. If disabled, the F5 button can be used to refresh the live status of the machine. - Automatically update the Wake On LAN cache
Goverlan keeps a cache of all resolved MAC Addresses for an IP (see Power Options). In order to keep a more accurate Wake On LAN cache, Goverlan can automatically execute an IP to MAC address resolution for each computer visible in the Machines view. To disable automatic Wake On LAN Cache updates, disable this option. Note: This option is automatically disabled if the Query and display OS information option is disabled. To access and manage the Wake On LAN cache, click on the Wake On LAN Cache Manager link.