Home » HP Manuals » Desktops » HP t420 » Manual Viewer

HP t420 Administrator Guide 5 - Page 170

security

Add to My Manuals
Save this manual to your list of manuals

Page 170 highlights

Registry key root/screensaver/lockScreenUser root/screensaver/logoPath root/screensaver/mode root/screensaver/off root/screensaver/origImageCopyPath root/screensaver/solidColor root/screensaver/standby root/screensaver/suspend root/screensaver/timeoutScreensaver root/screensaver/timeoutSleep root/screensaver/useSolidColor security Registry key root/security/SecurityFeaturs/ SpeculativeStoreBypassControl root/security/authenticationFailDelay root/security/domainEntryMode root/security/enableLockOverride root/security/enableSecretPeek root/security/encryption/identity/ encryptedSecretCipher 158 Appendix D Registry keys Description If set to 1 and you are not logged in as an administrator and the system is not in domain mode, a password is required to return to the desktop from the screen saver. Sets the path to a custom image to use for the screen saver. Sets the rendering mode for the screen saver image (such as Center, Tile, Expand, and Stretch). If set to Default, the image is displayed without any processing. If set to SlideShow, the screen saver will cycle through images in the directory specified by SlideShowPath. Sets the timeout delay in minutes before the monitor turns off. This is the path where the custom image is saved when mode is set to Default. If useSolidColor is on and enableCustomLogo is off, this solid color is used for the screen saver. Sets the timeout delay in minutes before the monitor goes into standby mode. Sets the timeout delay in minutes before the monitor goes into suspend mode. Sets the timeout delay in minutes before the screen saver starts. Sets the timeout delay in minutes before the thin client goes into the Sleep state. If set to 1 and enableCustomLogo is off, the value of the solidColor key is used by the screen saver. Description Controls whether mitigations for Speculative Store Bypass (CVE-2018-3639) are enabled. By default, these mitigations are not enabled. To enable them, set the key value to on. For any change to this key to take effect, reboot the computer. Sets the approximate time, in milliseconds, to delay after a failed login attempt. The actual time will vary plus or minus 25% of this value. For example, use a value of 3000 to obtain a delay of approximately 3 seconds. If set to 1, the domain is expected to be entered in a separate text field labeled Domain. if set to 0, the domain is expected to be entered as part of the User field. If set to 1, administrators can override the screen lock of a local desktop. If set to 1, password and PIN dialogs will have a button that, while selected, will show the entered password/PIN in clear text. Sets the algorithm for symmetric encryption of a secret. All algorithms use an appropriate amount of random salt, which is

Section	Page
Getting started	13
Finding more information	13
Choosing an OS configuration	14
Choosing a remote management service	15
Starting the thin client for the first time	15
Switching between administrator mode and user mode	15
ThinPro PC Converter	16
Deployment tool	16
Compatibility check and installation	16
Licensing	17
License types	17
System tray icon	17
Notifications	18
System information	18
Desktop background watermark	18
System update tools	18
Royalty-bearing software	18
Connections	18
GUI overview	19
Desktop	19
Taskbar	20
Connection configuration	21
Desktop connection management	21
Connection Manager (ThinPro only)	22
Advanced connection settings	22
Kiosk mode	23
Connection types	25
Citrix	25
Citrix Connection Manager	25
Connection	25
Configuration	26
General Settings	27
Options	27
Local Resources	28
Window	29
Self-Service	29
Firewall	29
Keyboard Shortcuts	30
Session	30
Advanced	31
RDP	31
RDP per-connection settings	31
Network	31
Service	32
Window	32
Options	33
Local Resources	34
Experience	34
Diagnostics	35
Advanced	36
RemoteFX	36
RDP multi-monitor sessions	36
RDP multimedia redirection	36
RDP device redirection	37
RDP USB redirection	37
RDP mass storage redirection	37
RDP printer redirection	38
RDP audio redirection	38
RDP smart card redirection	39
VMware Horizon View	39
VMware Horizon View per-connection settings	39
Network	39
General	39
Security	40
RDP Options	41
RDP Experience	42
Advanced	43
VMware Horizon View multi-monitor sessions	43
VMware Horizon View keyboard shortcuts	43
VMware Horizon View device redirection	44
VMware Horizon View USB redirection	44
VMware Horizon View audio redirection	44
VMware Horizon View smart card redirection	44
VMware Horizon View webcam redirection	45
VMware Horizon View COM port redirection	45
Changing the VMware Horizon View protocol	45
VMware Horizon View HTTPS and certificate management requirements	45
Web Browser	47
Web Browser per-connection settings	47
Configuration	47
Preferences	47
Advanced	47
Additional connection types (ThinPro only)	47
XDMCP	47
Configuration	47
Advanced	48
Secure Shell	48
Configuration	48
Advanced	49
Telnet	49
Configuration	49
Advanced	49
Custom	49
Configuration	49
Advanced	49
HP True Graphics	50
Server-side requirements	50
Client-side requirements	50
Client-side configuration	50
Compression settings	50
Window settings	51
Monitor layout and hardware limitations	51
Enabling HP True Graphics for multiple monitors on the HP t420	51
Tips & best practices	52
Active Directory integration	53
Login screen	53
Single sign-on	53
Desktop	53
Screen lock	54
Administrator mode	54
Settings and the domain user	54
Start menu	55
Connection management	55
Switch to Administrator/Switch to User	55
System Information	55
Control Panel	55
Tools	55
Power	56
Search	56
Control Panel	57
System	57
Network settings	57
Wired network settings	58
Wireless network settings	58
DNS settings	60
IPSec rules	61
Configuring VPN settings	61
DHCP options	61
Component Manager	62
Removing components	62
Undoing a change	62
Applying the changes permanently	63
Security	63
Security settings	63
Local Accounts	63
Encryption	64
Options	64
Certificates	65
Certificate Manager	65
SCEP Manager	65
Manageability	65
Active Directory configuration	66
Status tab	66
Options tab	67
HP ThinState	67
Managing an HP ThinPro image	67
Capturing an HP ThinPro image to an FTP server	67
Deploying an HP ThinPro image using FTP or HTTP	68
Capturing an HP ThinPro image to a USB flash drive	68
Deploying an HP ThinPro image with a USB flash drive	68
Managing a client profile	69
Saving a client profile to an FTP server	69
Restoring a client profile using FTP or HTTP	69
Saving a client profile to a USB flash drive	69
Restoring a client profile from a USB flash drive	70
VNC Shadowing	70
Input Devices	71
Hardware	72
Display management	72
Redirecting USB devices	72
Configuring printers	72
Appearance	73
Customization Center	73
System Information	75
HP Smart Client Services	76
Supported operating systems	76
Prerequisites for HP Smart Client Services	76
Obtaining HP Smart Client Services	76
Viewing the Automatic Update website	77
Creating an Automatic Update profile	77
MAC-address-specific profiles	77
Updating thin clients	78
Using the broadcast update method	78
Using the DHCP tag update method	78
Example of performing DHCP tagging	78
Using the DNS alias update method	79
Using the manual update method	79
Performing a manual update	79
Profile Editor	80
Opening Profile Editor	80
Loading a client profile	80
Client profile customization	80
Selecting the platform for a client profile	80
Configuring a default connection for a client profile	81
Modifying the registry settings of a client profile	81
Adding files to a client profile	81
Adding a configuration file to a client profile	81
Adding certificates to a client profile	82
Adding a symbolic link to a client profile	82
Saving the client profile	82
Serial or parallel printer configuration	83
Obtaining the printer settings	83
Setting up printer ports	83
Installing printers on the server	83
Troubleshooting	85
Troubleshooting network connectivity	85
Troubleshooting Citrix password expiration	85
Using system diagnostics to troubleshoot	85
Saving system diagnostic data	86
Uncompressing the system diagnostic files	86
Uncompressing the system diagnostic files on Windows-based systems	86
Uncompressing the system diagnostic files in Linux- or Unix-based systems	86
Viewing the system diagnostic files	86
Viewing files in the Commands folder	86
Viewing files in the /var/log folder	87
Viewing files in the /etc folder	87
USB updates	88
HP ThinUpdate	88
BIOS tools (desktop thin clients only)	89
BIOS settings tool	89
BIOS flashing tool	89
Resizing the flash drive partition	90
Registry keys	91
Audio	91
CertMgr	92
ComponentMgr	92
ConnectionManager	92
ConnectionType	93
custom	93
firefox	96
freerdp	100
ssh	109
telnet	114
view	118
xdmcp	126
xen	130
DHCP	143
Dashboard	143
Imprivata	144
InputMethod	144
Network	144
Power	154
ScepMgr	156
Search	157
Serial	157
SystemInfo	157
TaskMgr	158
USB	158
auto-update	159
background	161
boot	162
config-wizard	162
desktop	162
domain	164
entries	165
firewall	165
hwh264	165
keyboard	166
license	167
logging	167
login	167
mouse	168
restore-points	168
screensaver	169
security	170
shutdown	171
sshd	171
time	172
touchscreen	173
translation	173
usb-update	174
users	174
vncserver	177
zero-login	179

Match case Limit results 1 per page

Registry key

Description

root/screensaver/lockScreenUser

If set to 1 and you are not logged in as an administrator and the

system is not in domain mode, a password is required to return to

the desktop from the screen saver.

root/screensaver/logoPath

Sets the path to a custom image to use for the screen saver.

root/screensaver/mode

Sets the rendering mode for the screen saver image (such as

Center

Tile

Expand

, and

Stretch

). If set to

Default

, the

image is displayed without any processing. If set to

SlideShow

the screen saver will cycle through images in the directory

speciﬁed

SlideShowPath

root/screensaver/off

Sets the timeout delay in minutes before the monitor turns

oﬀ.

root/screensaver/origImageCopyPath

This is the path where the custom image is saved when

mode

set to

Default

root/screensaver/solidColor

useSolidColor

is on and

enableCustomLogo

oﬀ,

this

solid color is used for the screen saver.

root/screensaver/standby

Sets the timeout delay in minutes before the monitor goes into

standby mode.

root/screensaver/suspend

Sets the timeout delay in minutes before the monitor goes into

suspend mode.

root/screensaver/timeoutScreensaver

Sets the timeout delay in minutes before the screen saver starts.

root/screensaver/timeoutSleep

Sets the timeout delay in minutes before the thin client goes into

the Sleep state.

root/screensaver/useSolidColor

If set to 1 and

enableCustomLogo

oﬀ,

the value of the

solidColor

key is used by the screen saver.

security

Registry key

Description

root/security/SecurityFeaturs/

SpeculativeStoreBypassControl

Controls whether mitigations for Speculative Store Bypass

(CVE-2018-3639) are enabled. By default, these mitigations are

not enabled. To enable them, set the key value to on.

For any change to this key to take

eﬀect,

reboot the computer.

root/security/authenticationFailDelay

Sets the approximate time, in milliseconds, to delay after a failed

value. For example, use a value of 3000 to obtain a delay of

approximately 3 seconds.

root/security/domainEntryMode

If set to 1, the domain is expected to be entered in a separate text

ﬁeld

labeled

Domain

. if set to 0, the domain is expected to be

entered as part of the

User

ﬁeld.

root/security/enableLockOverride

If set to 1, administrators can override the screen lock of a local

desktop.

root/security/enableSecretPeek

If set to 1, password and PIN dialogs will have a button that, while

selected, will show the entered password/PIN in clear text.

root/security/encryption/identity/

encryptedSecretCipher

Sets the algorithm for symmetric encryption of a secret. All

algorithms use an appropriate amount of random salt, which is

158

Appendix D

Registry keys