Home » HP Manuals » Desktops » HP t520 » Manual Viewer

HP t520 Administrator Guide 1 - Page 167

shutdown, sshd

Add to My Manuals
Save this manual to your list of manuals

Page 167 highlights

Registry key root/security/domainEntryMode root/security/enableLockOverride root/security/enableSecretPeek root/security/encryption/identity/ encryptedSecretCipher root/security/encryption/identity/ encryptedSecretTTL root/security/encryption/identity/ secretHashAlgorithm root/security/encryption/identity/ secretHashTTL root/security/mustLogin Description If set to 1, the domain is expected to be entered in a separate text field labeled Domain. if set to 0, the domain is expected to be entered as part of the User field. If set to 1, administrators can override the screen lock of a local desktop. If set to 1, password and PIN dialogs will have a button that, while selected, will show the entered password/PIN in clear text. Sets the algorithm for symmetric encryption of a secret. All algorithms use an appropriate amount of random salt, which is regenerated each time the secret is stored. The encryption key is different on each thin client, and encryption and decryption are available only to authorized programs. The supported cipher list includes most OpenSSL ciphers and ChaCha20-Poly1305. Sets the number of seconds since the last successful login that a stored encrypted secret will be considered valid. If set to a negative number, encrypted secrets will not time out. Sets the algorithm for creating a hash of a secret. Key Derivation Functions (KDFs) such as scrypt or argon2 are better than straightforward hashes because it is not quick to compute a rainbow dictionary using a KDF. All algorithms use an appropriate amount of random salt, which is regenerated each time the secret is hashed. The supported list includes scrypt, Argon2, SHA-256, and SHA-512 (though the latter two are not KDFs). Sets the number of seconds since the last successful login that a stored hashes of secrets will be considered valid. If set to a negative number, hashes of secrets will not time out. If set to 1, all users are forced to log in before accessing the desktop. shutdown Registry key root/shutdown/enableAutomaticShutdownTimeout root/shutdown/timeOfAutomaticShutdownTimeout Description If set to 1, a progress bar is shown in the shutdown/restart/logout confirmation dialog box. If the question is not answered in time, automatically shutdown/restart/logout. Sets the wait time for automatic shutdown timeout. sshd Registry key root/sshd/disableWeakCipher root/sshd/disableWeakHmac root/sshd/disableWeakKex Description If set to 1, disable the CBC mode cipher and other known weak ciphers, such as 3DES, arcfour, etc. If set to 1, disable 96 bit hmac and any sha1-based and md5- based hmac. If set to 1, disable key exchange algorithms that have DH with SHA1. shutdown 155

Section	Page
Getting started	13
Finding more information	13
Choosing an OS configuration	14
Choosing a remote management service	15
Starting the thin client for the first time	15
Switching between administrator mode and user mode	15
GUI overview	16
Desktop	16
Taskbar	17
Connection Manager (ThinPro only)	18
Connection configuration	19
Advanced connection settings	19
Kiosk mode	20
Connection types	21
Citrix	21
Citrix general settings	21
Options	21
Local Resources	22
Window	22
Firewall	23
Keyboard Shortcuts	23
Session	24
Citrix per-connection settings	24
Connection	24
Configuration	25
Advanced	26
RDP	26
RDP general settings	26
RDP per-connection settings	26
Network	26
Service	27
Window	28
Options	28
Local Resources	29
Experience	29
Diagnostics	30
Advanced	31
RemoteFX	31
RDP multi-monitor sessions	31
RDP multimedia redirection	31
RDP device redirection	32
RDP USB redirection	32
RDP mass storage redirection	32
RDP printer redirection	33
RDP audio redirection	33
RDP smart card redirection	34
VMware Horizon View	34
VMware Horizon View per-connection settings	34
Network	34
General	35
Security	35
RDP Options	36
RDP Experience	37
Advanced	38
VMware Horizon View multi-monitor sessions	38
VMware Horizon View keyboard shortcuts	38
VMware Horizon View multimedia redirection	38
VMware Horizon View device redirection	39
VMware Horizon View USB redirection	39
VMware Horizon View mass storage redirection	39
VMware Horizon View printer redirection	39
VMware Horizon View audio redirection	39
VMware Horizon View smart card redirection	40
VMware Horizon View webcam redirection	40
Changing the VMware Horizon View protocol	40
VMware Horizon View HTTPS and certificate management requirements	41
Web Browser	42
Web Browser general settings	42
Web Browser per-connection settings	42
Configuration	42
Advanced	42
Additional connection types (ThinPro only)	43
TeemTalk	43
Configuration	43
TeemTalk Session Wizard	43
Advanced	44
XDMCP	44
Configuration	45
Advanced	45
SSH	45
Configuration	45
Advanced	46
Telnet	46
Configuration	46
Advanced	46
Custom	46
Configuration	46
Advanced	47
HP True Graphics	48
Server-side requirements	48
Client-side requirements	48
Client-side configuration	48
Compression settings	48
Window settings	49
Monitor layout and hardware limitations	49
Enabling HP True Graphics for multiple monitors on the HP t420	49
Tips & best practices	50
Active Directory integration	51
Login screen	51
Single sign-on	51
Desktop	51
Screen lock	52
Administrator mode	52
Settings and the domain user	52
Control Panel	53
Peripherals	53
Client aggregation	54
Configuring client aggregation	55
Configuring the aggregation clients	55
Configuring the aggregation server	56
Display preferences	56
Configuring printers	56
Redirecting USB devices	57
Setup	57
Network settings	58
Wired network settings	58
Wireless network settings	59
DNS settings	61
IPSec rules	61
Configuring VPN settings	61
Configuring HP Velocity	62
Security settings	62
Local Accounts	62
Encryption	63
Options	63
Customization Center	63
Management	64
Component Manager	65
Removing components	65
Undoing a change	65
Applying the changes permanently	66
Active Directory configuration	66
Status tab	66
Options tab	66
HP ThinState	67
Managing an HP ThinPro image	67
Capturing an HP ThinPro image to an FTP server	67
Deploying an HP ThinPro image using FTP or HTTP	67
Capturing an HP ThinPro image to a USB flash drive	68
Deploying an HP ThinPro image with a USB flash drive	68
Managing a client profile	69
Saving a client profile to an FTP server	69
Restoring a client profile using FTP or HTTP	69
Saving a client profile to a USB flash drive	69
Restoring a client profile from a USB flash drive	70
VNC Shadowing	70
Advanced	71
Certificates	71
Certificate Manager	71
SCEP Manager	71
DHCP options	72
System information	73
HP Smart Client Services	74
Supported operating systems	74
Prerequisites for HP Smart Client Services	74
Obtaining HP Smart Client Services	74
Viewing the Automatic Update website	74
Creating an Automatic Update profile	75
MAC-address-specific profiles	75
Updating thin clients	76
Using the broadcast update method	76
Using the DHCP tag update method	76
Example of performing DHCP tagging	76
Using the DNS alias update method	76
Using the manual update method	77
Performing a manual update	77
Profile Editor	78
Opening Profile Editor	78
Loading a client profile	78
Client profile customization	78
Selecting the platform for a client profile	78
Configuring a default connection for a client profile	79
Modifying the registry settings of a client profile	79
Adding files to a client profile	79
Adding a configuration file to a client profile	79
Adding certificates to a client profile	80
Adding a symbolic link to a client profile	80
Saving the client profile	80
Serial or parallel printer configuration	81
Obtaining the printer settings	81
Setting up printer ports	81
Installing printers on the server	81
Troubleshooting	83
Troubleshooting network connectivity	83
Troubleshooting Citrix password expiration	83
Using system diagnostics to troubleshoot	83
Saving system diagnostic data	84
Uncompressing the system diagnostic files	84
Uncompressing the system diagnostic files on Windows-based systems	84
Uncompressing the system diagnostic files in Linux- or Unix-based systems	84
Viewing the system diagnostic files	84
Viewing files in the Commands folder	84
Viewing files in the /var/log folder	85
Viewing files in the /etc folder	85
USB updates	86
HP ThinUpdate	86
BIOS tools (desktop thin clients only)	87
BIOS settings tool	87
BIOS flashing tool	87
Resizing the flash drive partition	88
Registry keys	89
Audio	89
CertMgr	90
ComponentMgr	90
ConnectionManager	90
ConnectionType	91
custom	91
firefox	94
freerdp	98
ssh	107
teemtalk	111
telnet	114
view	117
xdmcp	125
xen	129
DHCP	140
Dashboard	140
Display	141
Domain	143
Network	144
Power	154
SCIM	155
ScepMgr	155
Search	156
Serial	157
SystemInfo	157
TaskMgr	158
USB	158
auto-update	159
background	160
config-wizard	161
desktop	162
entries	162
keyboard	163
logging	164
login	164
mouse	164
restore-points	165
screensaver	165
security	166
shutdown	167
sshd	167
time	168
touchscreen	169
translation	170
usb-update	170
users	170
vncserver	173

Match case Limit results 1 per page

Registry key

Description

root/security/domainEntryMode

If set to 1, the domain is expected to be entered in a separate text

ﬁeld

labeled

Domain

. if set to 0, the domain is expected to be

entered as part of the

User

ﬁeld.

root/security/enableLockOverride

If set to 1, administrators can override the screen lock of a local

desktop.

root/security/enableSecretPeek

If set to 1, password and PIN dialogs will have a button that, while

selected, will show the entered password/PIN in clear text.

root/security/encryption/identity/

encryptedSecretCipher

Sets the algorithm for symmetric encryption of a secret. All

algorithms use an appropriate amount of random salt, which is

regenerated each time the secret is stored. The encryption key is

diﬀerent

on each thin client, and encryption and decryption are

available only to authorized programs. The supported cipher list

includes most OpenSSL ciphers and ChaCha20–Poly1305.

root/security/encryption/identity/

encryptedSecretTTL

Sets the number of seconds since the last successful login that a

stored encrypted secret will be considered valid. If set to a

negative number, encrypted secrets will not time out.

root/security/encryption/identity/

secretHashAlgorithm

Sets the algorithm for creating a hash of a secret. Key Derivation

Functions (KDFs) such as scrypt or argon2 are better than

straightforward hashes because it is not quick to compute a

rainbow dictionary using a KDF. All algorithms use an appropriate

amount of random salt, which is regenerated each time the secret

is hashed. The supported list includes scrypt, Argon2, SHA-256,

and SHA-512 (though the latter two are not KDFs).

root/security/encryption/identity/

secretHashTTL

Sets the number of seconds since the last successful login that a

stored hashes of secrets will be considered valid. If set to a

negative number, hashes of secrets will not time out.

root/security/mustLogin

If set to 1, all users are forced to log in before accessing the

desktop.

shutdown

Registry key

Description

root/shutdown/enableAutomaticShutdownTimeout

If set to 1, a progress bar is shown in the shutdown/restart/logout

conﬁrmation

dialog box. If the question is not answered in time,

automatically shutdown/restart/logout.

root/shutdown/timeOfAutomaticShutdownTimeout

Sets the wait time for automatic shutdown timeout.

sshd

Registry key

Description

root/sshd/disableWeakCipher

If set to 1, disable the CBC mode cipher and other known weak

ciphers, such as 3DES, arcfour, etc.

root/sshd/disableWeakHmac

If set to 1, disable 96 bit hmac and any sha1–based and md5–

based hmac.

root/sshd/disableWeakKex

If set to 1, disable key exchange algorithms that have DH with

SHA1.

shutdown

155