Home » HP Manuals » Desktops » HP t530 » Manual Viewer

HP t530 Administrator Guide 5 - Page 171

shutdown, sshd, automatically shutdown/restart/logout.

Add to My Manuals
Save this manual to your list of manuals

Page 171 highlights

Registry key root/security/encryption/identity/ encryptedSecretTTL root/security/encryption/identity/ encryptedSecretTTLnonSSO root/security/encryption/identity/ secretHashAlgorithm root/security/encryption/identity/ secretHashTTL root/security/mustLogin Description regenerated each time the secret is stored. The encryption key is different on each thin client, and encryption and decryption are available only to authorized programs. The supported cipher list includes most OpenSSL ciphers and ChaCha20-Poly1305. Sets the number of seconds since the last successful login that a stored encrypted secret will be considered valid. If set to a negative number, encrypted secrets will not time out. Specifies the number of seconds that a stored, non-SSO encrypted secret is considered valid. If set to a nonpositive number, encrypted secrets do not time out. Sets the algorithm for creating a hash of a secret. Key Derivation Functions (KDFs) such as scrypt or argon2 are better than straightforward hashes because it is not quick to compute a rainbow dictionary using a KDF. All algorithms use an appropriate amount of random salt, which is regenerated each time the secret is hashed. The supported list includes scrypt, Argon2, SHA-256, and SHA-512 (though the latter two are not KDFs). Sets the number of seconds since the last successful login that a stored hashes of secrets will be considered valid. If set to a negative number, hashes of secrets will not time out. If set to 1, all users are forced to log in before accessing the desktop. shutdown Registry key root/shutdown/enableAutomaticShutdownTimeout root/shutdown/timeOfAutomaticShutdownTimeout Description If set to 1, a progress bar is shown in the shutdown/restart/logout confirmation dialog box. If the question is not answered in time, automatically shutdown/restart/logout. Sets the wait time for automatic shutdown timeout. sshd Registry key root/sshd/disableWeakCipher root/sshd/disableWeakHmac root/sshd/disableWeakKex root/sshd/enabled root/sshd/userAccess Description If set to 1, disable the CBC mode cipher and other known weak ciphers, such as 3DES, arcfour, etc. If set to 1, disable 96 bit hmac and any sha1-based and md5- based hmac. If set to 1, disable key exchange algorithms that have DH with SHA1. If set to 1, the SSH daemon is enabled and the thin client can be accessed via SSH. If set to 1, end users can connect to the thin client via SSH. shutdown 159

Section	Page
Getting started	13
Finding more information	13
Choosing an OS configuration	14
Choosing a remote management service	15
Starting the thin client for the first time	15
Switching between administrator mode and user mode	15
ThinPro PC Converter	16
Deployment tool	16
Compatibility check and installation	16
Licensing	17
License types	17
System tray icon	17
Notifications	18
System information	18
Desktop background watermark	18
System update tools	18
Royalty-bearing software	18
Connections	18
GUI overview	19
Desktop	19
Taskbar	20
Connection configuration	21
Desktop connection management	21
Connection Manager (ThinPro only)	22
Advanced connection settings	22
Kiosk mode	23
Connection types	25
Citrix	25
Citrix Connection Manager	25
Connection	25
Configuration	26
General Settings	27
Options	27
Local Resources	28
Window	29
Self-Service	29
Firewall	29
Keyboard Shortcuts	30
Session	30
Advanced	31
RDP	31
RDP per-connection settings	31
Network	31
Service	32
Window	32
Options	33
Local Resources	34
Experience	34
Diagnostics	35
Advanced	36
RemoteFX	36
RDP multi-monitor sessions	36
RDP multimedia redirection	36
RDP device redirection	37
RDP USB redirection	37
RDP mass storage redirection	37
RDP printer redirection	38
RDP audio redirection	38
RDP smart card redirection	39
VMware Horizon View	39
VMware Horizon View per-connection settings	39
Network	39
General	39
Security	40
RDP Options	41
RDP Experience	42
Advanced	43
VMware Horizon View multi-monitor sessions	43
VMware Horizon View keyboard shortcuts	43
VMware Horizon View device redirection	44
VMware Horizon View USB redirection	44
VMware Horizon View audio redirection	44
VMware Horizon View smart card redirection	44
VMware Horizon View webcam redirection	45
VMware Horizon View COM port redirection	45
Changing the VMware Horizon View protocol	45
VMware Horizon View HTTPS and certificate management requirements	45
Web Browser	47
Web Browser per-connection settings	47
Configuration	47
Preferences	47
Advanced	47
Additional connection types (ThinPro only)	47
XDMCP	47
Configuration	47
Advanced	48
Secure Shell	48
Configuration	48
Advanced	49
Telnet	49
Configuration	49
Advanced	49
Custom	49
Configuration	49
Advanced	49
HP True Graphics	50
Server-side requirements	50
Client-side requirements	50
Client-side configuration	50
Compression settings	50
Window settings	51
Monitor layout and hardware limitations	51
Enabling HP True Graphics for multiple monitors on the HP t420	51
Tips & best practices	52
Active Directory integration	53
Login screen	53
Single sign-on	53
Desktop	53
Screen lock	54
Administrator mode	54
Settings and the domain user	54
Start menu	55
Connection management	55
Switch to Administrator/Switch to User	55
System Information	55
Control Panel	55
Tools	55
Power	56
Search	56
Control Panel	57
System	57
Network settings	57
Wired network settings	58
Wireless network settings	58
DNS settings	60
IPSec rules	61
Configuring VPN settings	61
DHCP options	61
Component Manager	62
Removing components	62
Undoing a change	62
Applying the changes permanently	63
Security	63
Security settings	63
Local Accounts	63
Encryption	64
Options	64
Certificates	65
Certificate Manager	65
SCEP Manager	65
Manageability	65
Active Directory configuration	66
Status tab	66
Options tab	67
HP ThinState	67
Managing an HP ThinPro image	67
Capturing an HP ThinPro image to an FTP server	67
Deploying an HP ThinPro image using FTP or HTTP	68
Capturing an HP ThinPro image to a USB flash drive	68
Deploying an HP ThinPro image with a USB flash drive	68
Managing a client profile	69
Saving a client profile to an FTP server	69
Restoring a client profile using FTP or HTTP	69
Saving a client profile to a USB flash drive	69
Restoring a client profile from a USB flash drive	70
VNC Shadowing	70
Input Devices	71
Hardware	72
Display management	72
Redirecting USB devices	72
Configuring printers	72
Appearance	73
Customization Center	73
System Information	75
HP Smart Client Services	76
Supported operating systems	76
Prerequisites for HP Smart Client Services	76
Obtaining HP Smart Client Services	76
Viewing the Automatic Update website	77
Creating an Automatic Update profile	77
MAC-address-specific profiles	77
Updating thin clients	78
Using the broadcast update method	78
Using the DHCP tag update method	78
Example of performing DHCP tagging	78
Using the DNS alias update method	79
Using the manual update method	79
Performing a manual update	79
Profile Editor	80
Opening Profile Editor	80
Loading a client profile	80
Client profile customization	80
Selecting the platform for a client profile	80
Configuring a default connection for a client profile	81
Modifying the registry settings of a client profile	81
Adding files to a client profile	81
Adding a configuration file to a client profile	81
Adding certificates to a client profile	82
Adding a symbolic link to a client profile	82
Saving the client profile	82
Serial or parallel printer configuration	83
Obtaining the printer settings	83
Setting up printer ports	83
Installing printers on the server	83
Troubleshooting	85
Troubleshooting network connectivity	85
Troubleshooting Citrix password expiration	85
Using system diagnostics to troubleshoot	85
Saving system diagnostic data	86
Uncompressing the system diagnostic files	86
Uncompressing the system diagnostic files on Windows-based systems	86
Uncompressing the system diagnostic files in Linux- or Unix-based systems	86
Viewing the system diagnostic files	86
Viewing files in the Commands folder	86
Viewing files in the /var/log folder	87
Viewing files in the /etc folder	87
USB updates	88
HP ThinUpdate	88
BIOS tools (desktop thin clients only)	89
BIOS settings tool	89
BIOS flashing tool	89
Resizing the flash drive partition	90
Registry keys	91
Audio	91
CertMgr	92
ComponentMgr	92
ConnectionManager	92
ConnectionType	93
custom	93
firefox	96
freerdp	100
ssh	109
telnet	114
view	118
xdmcp	126
xen	130
DHCP	143
Dashboard	143
Imprivata	144
InputMethod	144
Network	144
Power	154
ScepMgr	156
Search	157
Serial	157
SystemInfo	157
TaskMgr	158
USB	158
auto-update	159
background	161
boot	162
config-wizard	162
desktop	162
domain	164
entries	165
firewall	165
hwh264	165
keyboard	166
license	167
logging	167
login	167
mouse	168
restore-points	168
screensaver	169
security	170
shutdown	171
sshd	171
time	172
touchscreen	173
translation	173
usb-update	174
users	174
vncserver	177
zero-login	179

Match case Limit results 1 per page

Registry key

Description

regenerated each time the secret is stored. The encryption key is

diﬀerent

on each thin client, and encryption and decryption are

available only to authorized programs. The supported cipher list

includes most OpenSSL ciphers and ChaCha20–Poly1305.

root/security/encryption/identity/

encryptedSecretTTL

Sets the number of seconds since the last successful login that a

stored encrypted secret will be considered valid. If set to a

negative number, encrypted secrets will not time out.

root/security/encryption/identity/

encryptedSecretTTLnonSSO

Speciﬁes

the number of seconds that a stored, non-SSO encrypted

secret is considered valid. If set to a nonpositive number,

encrypted secrets do not time out.

root/security/encryption/identity/

secretHashAlgorithm

Sets the algorithm for creating a hash of a secret. Key Derivation

Functions (KDFs) such as scrypt or argon2 are better than

straightforward hashes because it is not quick to compute a

rainbow dictionary using a KDF. All algorithms use an appropriate

amount of random salt, which is regenerated each time the secret

is hashed. The supported list includes scrypt, Argon2, SHA-256,

and SHA-512 (though the latter two are not KDFs).

root/security/encryption/identity/

secretHashTTL

Sets the number of seconds since the last successful login that a

stored hashes of secrets will be considered valid. If set to a

negative number, hashes of secrets will not time out.

root/security/mustLogin

If set to 1, all users are forced to log in before accessing the

desktop.

shutdown

Registry key

Description

root/shutdown/enableAutomaticShutdownTimeout

If set to 1, a progress bar is shown in the shutdown/restart/logout

conﬁrmation

dialog box. If the question is not answered in time,

automatically shutdown/restart/logout.

root/shutdown/timeOfAutomaticShutdownTimeout

Sets the wait time for automatic shutdown timeout.

sshd

Registry key

Description

root/sshd/disableWeakCipher

If set to 1, disable the CBC mode cipher and other known weak

ciphers, such as 3DES, arcfour, etc.

root/sshd/disableWeakHmac

If set to 1, disable 96 bit hmac and any sha1–based and md5–

based hmac.

root/sshd/disableWeakKex

If set to 1, disable key exchange algorithms that have DH with

SHA1.

root/sshd/enabled

If set to 1, the SSH daemon is enabled and the thin client can be

accessed via SSH.

root/sshd/userAccess

If set to 1, end users can connect to the thin client via SSH.

shutdown

159