Skip to main content
Kofax

About the Lock Screen action

Article # 3040788 - Page views: 38

Issue

About the Lock Screen action

Solution

Lock Screen and the Initiate Session functionality are implemented through the kapowlock program. I will refer to this program here in the general scenarios, and only refer to the individual functionality where it is relevant for that functionality.

kapowlock is a customized version of the FreeRDP RDP client. It runs as a headless client by disabling the graphical representation of the session and all methods to interact with the session through the client. Further customizations are limited to configuration and startup/credentials input functionality. The basic RDP client connectivity parts are not modified. RPA includes versions of kapowlock compiled for both the Windows and Linux platforms as required.

kapowlock's functionality is to simply perform a remote login into a system and keep that session active. Running it will either create a new login session or take over an existing one, if the user matching the credentials was already logged on (this can also be another kapowlock session) . It will *not* run any software on the remote system, but it can trigger auto-run scripts, auto-start programs and scheduled tasks that are based on the user logging in -- these are part of the normal user login processing by Windows.

Since the DAS systray application registers itself as an auto-start application on the desktop, this is usually used with the Initiate Session step to ensure that DAS is running on a remote system. Any interaction that the RPA products might perform on a remote system is done through robots using a remote DAS, not through the kapowlock program - kapowlock is strictly fire-and-forget.

If kapowlock takes over an existing session, it will either close the session (another remote login) or lock the console (if the session was logged in on the console). This is standard behavior of the Windows RDP server, and we use it to implement the 'lock screen' functionality.

Whether or not kapowlock can start a new session depends on the licensing of the Windows SKU it connects to. Workstation SKUs are usually limited to 1 session. Servers SKUs might allow 2 sessions and require a Terminal Server license to exceed that limit.

In this case it is important to note that Fast User Switching is **NOT** supported by DAS due to the way this is implemented in Windows.

Lock Screen (either from the context menu or the step) will also connect over RDP to the system to take over the session. As a result, this will either lock the screen or disconnect the remote session the user had when activating the functionality. It will keep the RDP session running until the screen is unlocked or the session is taken over again by another client.

When setting up a new connection kapowlock will pass the settings from the system it runs on to the remote RDP server to set up this new session. These can be overridden with parameters on the Initiate Session step. Some settings could be ignored or overridden by the Windows RDP server. As far as we are aware kapowlock will not change the resolution of a existing session -- this attempt is rejected/ignored by the Windows RDP server.

The 'legal notice' is a feature of the Windows RDP server (or the login process -- I am not sure of the exact underlying details -- possibly the customer's Windows administrators are aware of the details). It can be configured through policies / registry to show a popup with (usually a legal) message, think something like '... this system is property of ...., access is restricted to authorized personnel... ' that must be confirmed before the login is completed.

Level of Complexity 

Moderate

Applies to  

Product Version Build Environment Hardware
         
  • Was this article helpful?