INTERACT_WITH_DESKTOP - UEM Server configuration option

Description

The INTERACT_WITH_DESKTOP option specifies whether or not event handler processes are allowed to interact with the current console logon session.

If event handler processes are allowed to interact, they are run in a context that permits the current interactive console session to interact with them. This interaction can go both ways, as the process may invoke system functions that access desktop elements (for example, Windows, menus, and buttons) associated with the session. This is considered a security risk, in that it creates an opportunity for malicious code to hijack the desktop. If the security context of the interactive session is higher than that of the process, the process could invoke code using an elevated security context.

If event handler processes are not allowed to interact, they execute in a context that is isolated from the current interactive logon session. Unless event handler processes requiring user interaction are executed, this is the recommended value.


A Stonebranch Tip

This option applies only when the LOGON_METHOD option is set to interactive.

If user accounts are authenticated using the BATCH logon method, the established security context already disallows all interaction with the desktop.

Usage

Method

Syntax

IBM i

HP NonStop

UNIX

Windows

z/OS

Configuration File Keyword

interact_with_desktop option

(tick)

UEM Load Override

n/a

UEM Manager Override

n/a

Value

option is the specification for whether or not the event handler processes are allowed to interact:

Valid values for option are:

  • yes
    Allow event handler processes to interact with the current console logon session.
  • no
    Do not allow event handler processes to interact with the current console logon session.

Default is no.