Connection settings window
The Connection settings window lets you customize how IAP Desktop connects to your VMs. You can configure connection settings for individual VMs or entire zones or projects.
Connection settings support inheritance: If you configure a connection setting for a project, this setting applies to all zones and VMs in the project. Similarly, if you configure a connection setting for a zone, it applies to all VMs in that zone:
You can override inherited settings at lower levels. Whenever a setting deviates from the (inherited) default, its value is shown in bold typeface.
Connection settings are stored on your local computer and don't affect the configuration of the remote VM.
Windows Credentials
These settings control which user account you log on with. If you don't configure Windows credentials, IAP Desktop might prompt you for credentials when you first try to connect.
You can use the following types of user accounts:
- a local Windows user account
- an Active Directory user account
The user account must have permission to use Remote Desktop. Typically, this requires that the user is either a member of the Administrators group or the Remote Desktop users group.
| Setting | Description | Required |
|---|---|---|
| Username | Username or UPN, for example bob or bob@example.com. |
No |
| Password | Account password | No |
| Domain |
|
No |
Remote Desktop Connection
These settings control how IAP Desktop connects to your VM. You can let IAP Desktop connect in one of two ways:
- IAP Tunnel: By default, IAP Desktop connects to the internal IP address of your VM through an IAP-TCP forwarding tunnel .
- VPN/Interconnect: Alternatively, you can let IAP Desktop connect to the VM's internal IP address through Cloud VPN or Interconnect. If you use this option, IAP Desktop doesn't use IAP-TCP forwarding.
| Setting | Description | Default |
|---|---|---|
| Connect via | Controls how IAP Desktop connects to your VM, see description above. | |
| Connection timeout | Timeout for connecting to the VM, in seconds. | 30 seconds |
| Server port | Port to connect to. | 3389 |
Remote Desktop Display
These settings control the display settings for Remote Desktop.
| Setting | Description | Default |
|---|---|---|
| Color depth | Color depth to use. | True color (24-bit) |
| Connection bar | Controls the behavior of the connection bar that's shown when you set the Remote Desktop session to full-screen. | Auto hide |
| Display resolution |
Controls the screen resolution and size of the remote desktop.
|
Adjust automatically |
| Display scaling |
Controls whether to scale the size of texts, fonts, and apps on the remote desktop.
|
Disabled (100%) |
Remote Desktop Resources
These settings control which local and remote resources you want to share.
| Setting | Description | Default |
|---|---|---|
| Audio mode | Controls where to play back audio. | On this computer |
| Apply Windows shortcuts | Controls whether IAP Desktop should send Windows shortcuts (such as Win+R) to the VM:
|
Only in full-screen mode |
| Redirect clipboard | Share the local clipboard with the remote VM. | Enabled |
| Redirect printers | Share local printers with the remote VM. | Disabled |
| Redirect smart cards | Share local smart cards with the remote VM. | Disabled |
| Redirect local ports | Share local ports with the remote VM. | Disabled |
| Redirect drives | Share local drives with the remote VM. | Disabled |
| Redirect devices | Share local devices with the remote VM. | Disabled |
| Redirect WebAuthn authenticators | Share WebAuthn authenticators with the remote VM. | Enabled |
Remote Desktop Security Settings
These settings control which RDP security mechanism to apply.
| Setting | Description | Default |
|---|---|---|
| Automatic logon |
Controls whether IAP Desktop attempts to log you on automatically by using saved credentials
or by offering to generate new Windows credentials.
Set this to Disabled for VMs that use the Always prompt for password upon connection group policy setting to prevent duplicate password prompts. |
Enabled |
| Network level authentication |
Controls whether to secure connection using network level authentication
(NLA).
Leave NLA enabled unless you're connecting to a VM that uses a custom credential service provider such as the Google Credential Provider for Windows. Disabling NLA automatically enables server authentication. |
Enabled |
| Restricted Admin mode |
Controls whether to use Restricted Admin mode,
which disables the transmission of reusable credentials to the VM.
To use Restricted Admin mode, you must ensure that the following prerequisites are met:
|
Disabled |
| Session type |
Controls the type of RDP session to use:
|
Normal user session |
SSH Connection
These settings control how IAP Desktop connects to your VM. The settings are analogous to the Remote Desktop Connection settings.
SSH Credentials
These settings control which user account you log on with, and which authentication method to use.
IAP Desktop supports the following SSH authentication methods:
publickeypasswordkeyboard-interactive
When you use publickey, IAP Desktop automatically publishes a public key to the VM, and uses the corresponding private key to authenticate.
Depending on the VM's configuration, IAP Desktop uses either OS Login
or metadata keys to publish the public key.
| Setting | Description | Default |
|---|---|---|
| Public key authentication |
Controls the authentication method to use:
|
Enabled |
| Username |
Linux/Unix username.
This setting is ignored when using OS Login because OS Login automatically determines your username. |
|
| Password | Linux/Unix password |