Home » HP Manuals » Desktops » HP t420 » Manual Viewer

HP t420 Administrator Guide 8 - Page 51

Active Directory integration, Login screen, Single sign-on, Desktop

Add to My Manuals
Save this manual to your list of manuals

Page 51 highlights

6 Active Directory integration By using Active Directory integration, you can force users to log in to the thin client using domain credentials. Optionally, those credentials can be encrypted and stored and then later supplied to remote connections as they start, which is a process known as single sign-on. NOTE: Enabling authentication requires no special domain permissions. There are two modes in which Active Directory integration can operate. By simply enabling authentication against the domain, domain credentials can be used for the following operations: ● Logging in to the thin client ● Starting a connection using Single Sign-On ● Switching to administrator mode using administrative credentials ● Unlocking a locked screen using the login credentials ● Overriding a locked screen using administrative credentials The thin client can also be formally joined to the domain. This adds the thin client to the domain's database and might enable dynamic DNS, where the thin client informs the DNS server of changes in its IP address or hostname association. Unlike domain authentication, a formal join requires credentials of a domain user authorized to add clients to the domain. Joining to the domain is optional. All domain functions except dynamic DNS are available without joining. Login screen When domain authentication is enabled, ThinPro displays a domain login screen upon startup. The login screen also includes options that might be necessary to configure before logging in. The background desktop layout, login dialog style, login dialog text, and which buttons are available can all be adjusted via registry settings and/or configuration file settings. For more information, see the HP ThinPro white paper Login Screen Customization (available in English only). If the system detects that the user tried to log in with expired credentials, they are prompted to update their credentials. Single sign-on After a domain user has logged in, the credentials that were used can also be presented at startup to any connection configured to use them. This allows a user to sign in to the thin client and start Citrix, VMware Horizon View, and RDP sessions without having to enter their credentials again, for as long as they are logged in to the thin client. Desktop Once the user has successfully logged in using domain credentials, an Active Directory icon is available on the taskbar. The user can select the icon to perform the following functions: Login screen 39

Section	Page
Getting started	13
Finding more information	13
Choosing an OS configuration	14
Choosing a remote management service	15
Starting the thin client for the first time	15
Switching between administrator mode and user mode	15
GUI overview	16
Desktop	16
Taskbar	17
Connection configuration	18
Desktop connection management	18
Connection Manager (ThinPro only)	19
Advanced connection settings	19
Kiosk mode	20
Connection types	22
Citrix	22
Citrix Connection Manager	22
Connection	22
Configuration	23
General Settings	24
Options	24
Local Resources	25
Window	25
Firewall	26
Keyboard Shortcuts	26
Session	27
Advanced	27
RDP	27
RDP per-connection settings	27
Network	27
Service	28
Window	29
Options	29
Local Resources	30
Experience	31
Diagnostics	31
Advanced	32
RemoteFX	32
RDP multi-monitor sessions	32
RDP multimedia redirection	33
RDP device redirection	33
RDP USB redirection	33
RDP mass storage redirection	33
RDP printer redirection	34
RDP audio redirection	34
RDP smart card redirection	35
VMware Horizon View	35
VMware Horizon View per-connection settings	35
Network	35
General	36
Security	37
RDP Options	37
RDP Experience	38
Advanced	39
VMware Horizon View multi-monitor sessions	39
VMware Horizon View keyboard shortcuts	39
VMware Horizon View device redirection	40
VMware Horizon View USB redirection	40
VMware Horizon View audio redirection	40
VMware Horizon View smart card redirection	40
VMware Horizon View webcam redirection	41
Changing the VMware Horizon View protocol	41
VMware Horizon View HTTPS and certificate management requirements	41
Web Browser	42
Web Browser per-connection settings	42
Configuration	43
Preferences	43
Advanced	43
Additional connection types (ThinPro only)	43
TeemTalk	43
Configuration	43
TeemTalk Session Wizard	44
Advanced	45
XDMCP	45
Configuration	45
Advanced	45
Secure Shell	45
Configuration	46
Advanced	46
Telnet	46
Configuration	46
Advanced	47
Custom	47
Configuration	47
Advanced	47
HP True Graphics	48
Server-side requirements	48
Client-side requirements	48
Client-side configuration	48
Compression settings	48
Window settings	49
Monitor layout and hardware limitations	49
Enabling HP True Graphics for multiple monitors on the HP t420	49
Tips & best practices	50
Active Directory integration	51
Login screen	51
Single sign-on	51
Desktop	51
Screen lock	52
Administrator mode	52
Settings and the domain user	52
Start menu	53
Connection management	53
Switch to Administrator/Switch to User	53
System Information	53
Control Panel	53
Tools	53
Power	54
Search	54
Control Panel	55
System	55
Network settings	55
Wired network settings	56
Wireless network settings	56
DNS settings	58
IPSec rules	59
Configuring VPN settings	59
Configuring HP Velocity	59
DHCP options	60
Component Manager	60
Removing components	60
Undoing a change	61
Applying the changes permanently	61
Security	61
Security settings	61
Local Accounts	62
Encryption	62
Options	62
Certificates	63
Certificate Manager	63
SCEP Manager	63
Manageability	64
Active Directory configuration	64
Status tab	64
Options tab	65
HP ThinState	65
Managing an HP ThinPro image	65
Capturing an HP ThinPro image to an FTP server	65
Deploying an HP ThinPro image using FTP or HTTP	66
Capturing an HP ThinPro image to a USB flash drive	66
Deploying an HP ThinPro image with a USB flash drive	67
Managing a client profile	67
Saving a client profile to an FTP server	67
Restoring a client profile using FTP or HTTP	67
Saving a client profile to a USB flash drive	68
Restoring a client profile from a USB flash drive	68
VNC Shadowing	68
Input Devices	69
Hardware	69
Display preferences	70
Redirecting USB devices	70
Configuring printers	71
Appearance	71
Customization Center	72
System Information	73
HP Smart Client Services	74
Supported operating systems	74
Prerequisites for HP Smart Client Services	74
Obtaining HP Smart Client Services	74
Viewing the Automatic Update website	75
Creating an Automatic Update profile	75
MAC-address-specific profiles	75
Updating thin clients	76
Using the broadcast update method	76
Using the DHCP tag update method	76
Example of performing DHCP tagging	76
Using the DNS alias update method	77
Using the manual update method	77
Performing a manual update	77
Profile Editor	78
Opening Profile Editor	78
Loading a client profile	78
Client profile customization	78
Selecting the platform for a client profile	78
Configuring a default connection for a client profile	79
Modifying the registry settings of a client profile	79
Adding files to a client profile	79
Adding a configuration file to a client profile	79
Adding certificates to a client profile	80
Adding a symbolic link to a client profile	80
Saving the client profile	80
Serial or parallel printer configuration	81
Obtaining the printer settings	81
Setting up printer ports	81
Installing printers on the server	81
Troubleshooting	83
Troubleshooting network connectivity	83
Troubleshooting Citrix password expiration	83
Using system diagnostics to troubleshoot	83
Saving system diagnostic data	84
Uncompressing the system diagnostic files	84
Uncompressing the system diagnostic files on Windows-based systems	84
Uncompressing the system diagnostic files in Linux- or Unix-based systems	84
Viewing the system diagnostic files	84
Viewing files in the Commands folder	84
Viewing files in the /var/log folder	85
Viewing files in the /etc folder	85
USB updates	86
HP ThinUpdate	86
BIOS tools (desktop thin clients only)	87
BIOS settings tool	87
BIOS flashing tool	87
Resizing the flash drive partition	88
Registry keys	89
Audio	89
CertMgr	90
ComponentMgr	90
ConnectionManager	90
ConnectionType	91
custom	91
firefox	94
freerdp	98
ssh	108
teemtalk	112
telnet	115
view	119
xdmcp	127
xen	131
DHCP	143
Dashboard	143
Display	144
Imprivata	146
Network	146
Power	156
SCIM	158
ScepMgr	158
Search	159
Serial	159
SystemInfo	160
TaskMgr	160
USB	160
auto-update	161
background	163
config-wizard	164
desktop	165
domain	166
entries	167
firewall	167
hwh264	168
keyboard	168
logging	169
login	169
mouse	170
restore-points	170
screensaver	170
security	172
shutdown	173
sshd	173
time	173
touchscreen	175
translation	175
usb-update	176
users	176
vncserver	179
zero-login	181

Match case Limit results 1 per page

Active Directory integration

By using Active Directory integration, you can force users to log in to the thin client using domain credentials.

Optionally, those credentials can be encrypted and stored and then later supplied to remote connections as

they start, which is a process known as single sign-on.

NOTE:

Enabling authentication requires no special domain permissions.

There are two modes in which Active Directory integration can operate. By simply enabling authentication

against the domain, domain credentials can be used for the following operations:

●

Logging in to the thin client

●

Starting a connection using Single Sign-On

●

Switching to administrator mode using administrative credentials

●

Unlocking a locked screen using the login credentials

●

Overriding a locked screen using administrative credentials

The thin client can also be formally joined to the domain. This adds the thin client to the domain’s database

and might enable dynamic DNS, where the thin client informs the DNS server of changes in its IP address or

hostname association. Unlike domain authentication, a formal join requires credentials of a domain user

authorized to add clients to the domain. Joining to the domain is optional. All domain functions except

dynamic DNS are available without joining.

When domain authentication is enabled, ThinPro displays a domain login screen upon startup. The login

screen also includes options that might be necessary to

conﬁgure

before logging in.

The background desktop layout, login dialog style, login dialog text, and which buttons are available can all be

adjusted via registry settings and/or

conﬁguration

ﬁle

settings. For more information, see the HP ThinPro

white paper

(available in English only).

If the system detects that the user tried to log in with expired credentials, they are prompted to update their

credentials.

Single sign-on

After a domain user has logged in, the credentials that were used can also be presented at startup to any

connection

conﬁgured

to use them. This allows a user to sign in to the thin client and start Citrix, VMware

Horizon View, and RDP sessions without having to enter their credentials again, for as long as they are logged

in to the thin client.

Desktop

Once the user has successfully logged in using domain credentials, an Active Directory icon is available on the

taskbar. The user can select the icon to perform the following functions: