Parameter
|
Description
|
AddCertificate=filename
password={plain text password}
Password-enc={encrypted
password}
|
AddCertificate — Specifies
a certificate file residing in the subfolder cacerts under the wnos
folder to load on platforms with nand flash, or on the memory. The
length of the filename, including the trailing period and the file
extension, is limited to 64 characters.
AddCertificate
must be used when configuring the Citrix Secure Gateway PNAgent Interface
(PNAgent/Lite servers) in the
Network Setup dialog box.
Adding certificates are required if the user CSG
environments use certificate agents that are not covered by the built-in
certificates. The certificates are used to validate server identities
by the thin client. Supported files include .crt file on ICA CSG;
.cer and .pfx in 802.1x. Password and Password-Enc are specially used
with PFX files.
|
CaradigmServer=vip list
[EGPGroup=group
name]
[EnableLogOff={yes,
no}]
[SecurityMode={
default, full, warning, low}]
|
CaradigmServer=vip list contains
a list of VIP addresses with optional TCP port number of Caradigm
servers. EGPGroup defines the user group name. If EnableLogOff=yes
is specified, the user is logged off from the session before system
signs off. Otherwise the session is disconnected. The logged off user
has a timeout value which can be set using SessionConfig parameter
SessionLogOffTimeout.
The default timeout value
is 1, if no SessionLogOffTimeout is specified.
SecurityMode
specifies the SSL certification validation policy.
If set to default, it applies the SecurityPolicy setting.
If set to full, the SSL connection needs to verify server
certificate. If it is untrusted, drop the connection.
If set to warning, the SSL connection needs to verify
server certificate.
If it is untrusted, it is
up to you to continue or drop the connection.
If
set to low, the server certificate is not checked. The value is persistent,
the default value of the setting is default.
|
Community=community
[Encrypt={yes,
no}]
|
Specifies the SNMP community name.
A string up to 31 characters are allowed. After the value is specified,
it is saved in the non-volatile memory.
If encrypt=yes,
an encrypted string is used as a community name.
The default value is set to no.
-
NOTE: Use our Windows Password_Gen
tool or built-in tool to generate the encrypted string.
|
ConnectionBroker={
default, VMware, Microsoft, Quest, AWS}
[IgnoreProfile={yes,
no,}]
[SecurityMode={Default,Low,Warning,Full}]
[EnableVWGateway]={yes, no}
[VWGateway]=url
[ConnectionType]={Default, All, RDP, PCoIP}
|
Default value is
default. Specifies the type of VDI broker to use. Default is a 3rd party
VDI broker.
AWS is Amazon Workspace broker. It
is only available with PCoIP build.
IgnoreProfile — Default value is
no.
Set IgnoreProfile=yes
to disable parsing the global setting from the VDI broker. It is only
valid in the case of ConnectionBroker=default.
SecurityMode — SecurityMode specifies the security mode for
the VMware broker and Amazon Workspace (AWS) broker. It is only valid
in case of ConnectionBroker=VMware or ConnectionBroker=AWS. The details
is as follows:
-
Set SecurityMode=Full to have the
Client verify the server's certificate in highest security mode; if
any relevant checks error, it will fail to connect to the server.
-
Set SecurityMode=Warning to have
the Client allow connection continuation in the following two specific
exceptions where full verification would fail:
- Certificate is self-signed.
-
Certificate has an invalid time.
-
Set SecurityMode=Low to indicate that
Client allows connection without any certificate verification.
-
Set SecurityMode=Default to indicate
that Client follows the SecurityPolicy setting to verify the certificate.
-
NOTE:
For
Dell vWorkspace broker, ConnectionBroker=Quest is recommended.
EnableVWGateway and VWGateway are used to set the
vWorkspace gateway.
For VMware broker, ConnectionBroker=VMware
is recommended. ConnectionBroker=VDM is still supported but deprecated.
The option ConnectionType specifies the
display protocol that you want to use when launching a session in
VMware broker. If this parameter is set, then the desktops that meet
the specified protocol are listed after broker sign on.
This setting is only valid in case of PCoIP feature is
supported.
- Set ConnectionType=Default, only the desktops with
the default protocol configured in broker server are listed (this
is the default value for this setting).
-
If you set ConnectionType=All, both
PCoIP and RDP desktops are listed.
-
If you set ConnectionType=RDP, only
RDP desktops are listed.
-
If you set ConnectionType=PCoIP, only
PCoIP desktops are listed.
|
DelCertificate={filename, all, builtin} |
filename — Removes the
named file from the nand flash or from the memory.
all — Removes all certificates except built-in certificates
included by default.
builtin — Removes all
certificates including the public certificates included by default.
|
DesktopColorDepth={16, 32}
[RGB565={
no, yes}]
|
DesktopColorDepth — Sets
the desktop color to 16 or 32 bits. If DesktopColorDepth=16, the default
color is 15 bits.
RGB565 — Default is
no. Applies only if the desktop color is using 16 bits.
|
DHCPExpire={
reboot, shutdown}
|
Default is
reboot.
When a DHCP lease expires, a message notifies the user
as follows:
DHCP Expired, you must reboot.
reboot — After 5 seconds, the system reboots.
shutdown — After 5 seconds, the system shuts down.
|
DHCPOptionsRemap={
no, yes}
[DisableOption12={
no, yes}]
[FileServer={128 to 254}]
[RootPath={128 to 254}]
[FtpUserName={128 to 254}]
[FtpPassWord={128
to 254}]
[RapportServer={128-254}]
[RapportPort={128-254}]
[WDMServer={128 to 254}]
[WDMPort={128 to 254}]
[PnliteServer={128
to 254}]
[DomainList={128 to 254}]
[VDIBroker-{248 to 254}]
[RapportSecurePort={128-254}]
[Discover={
yes, no}]
[WDMSecurePort={128
to 254}]
[WDMFQDN={128-254}]
[CCMGroupKey={128-254}]
[CCMServer={128-254}]
[CCMMQTTServer={128-254}]
|
Default is
no.
DHCPOptionsRemap — Specifies whether or not the
following options can be set.
The value for each
option must be from 128 to 254. Values for the options must be different
for each option. These options are used to configure DHCP server tags
for thin client booting.
The option DisableOption12
sets if the option tag 12 in DHCP is accepted or not. As default,
DHCP option 12 sets the hostname and domain name of the terminal.
For example, the information of option 12 is terminal name.wyse.com,
the terminal name will be set as terminalname and the domain name
will be set as wyse.com.
If you set different value
for DisableOption12 from the value in NVRAM, the system will automatically
reboot to make the value valid. (CIR36891)
RapportSecurePort— Specifies the HTTPS port of WDM server. It is in 6.3 to support
WDM4.7.
Discover—If Discover=yes, the device
fetches Wyse DHCP options from DHCP server, otherwise, it prevents
the device from fetching those information. Default value is yes.
If the device receives FileServer/WDMServer information through the
DHCP server, then the associate User interface is protected.
WDMSecurePort—Specifies
the HTTPS port of WDM server.
WDMFQDN — Specifies
the Fully Qualified Domain Name (FQDN) of the WDM server.
-
NOTE: The
CCMGroupKey, CCMServer and CCMMQTTServer options are specified to
remap the tags for CCM configuration.
|
DHCPUserClassID=class_id
[ParseVendorInfo={no,
yes}]
|
DHCPUserClassID — Specifies
the UserClassID used for DHCP.
ParseVendorInfo — Default is
yes. Yes/no option to specify whether or not
ThinOS will interpret DHCP option 43.
This is
a vendor-specific information. If ParseVendorInfo is set to no and
the DHCPVendorID is also used with this parameter, you must set ParseVendorInfo=yes
and then reboot the thin client twice. Maximum of 26 characters are
allowed in a string.
|
DHCPVendorID=vendor
[ParseVendorInfo={no,
yes}]
|
DHCPVendorID — Specifies
the VendorID used for DHCP.
ParseVendorInfo — Default is
yes. Yes/no option to specify whether or not
ThinOS will interpret DHCP option 43.
This is a
vendor-specific information. If ParseVendorInfo is set to no and the
DHCPVendorID is also used with this parameter, you must set ParseVendorInfo=yes
and then reboot the thin client twice.
Maximum
of 26 characters are allowed in a string.
|
DisableDomain={
no, yes}
|
Default is
no.
Yes/no option to disable the drop-down domain list in
the PNAgent/PNLite Sign-on dialog box.
|
DNSIPVersion={ipv4, ipv6}
[DNSServer=server_list]
[DNSDomain=dns_domain_url]
|
Specifies the DNS server and domain.
Default IP version is ipv4.
The DNSServer is an
IP list separated by
; or
,. The maximum size of this
list is 16. For example: 10.200.5.53;192.168.100.1;192.168.200.8
-
IMPORTANT: There is no space after the
;.
|
DNSTTL={0-3600} |
Specifies the Time to Live (TTL)
of DNS name caching; the default is from DNS server settings.
|
DomainList=List of NT domain names |
A list of domain names that will
appear in the thin client Sign-on dialog box as options to help users
in selecting the domain to sign-on to PNAgent/PNLite servers. Once
specified, it is saved in non-volatile memory.
|
Dualhead={
no, yes}
[ManualOverride={
no, yes}]
[Mainscreen={1,
2}]
[Orientation={
hort, vert}]
[Align={Top|Left, Center, Bottom|Right}]
[Taskbar={
wholescreen, mainscreen}]
[MonitorAutoDetect={yes,no}]
[Swap={
no, yes}]
|
Default is
no.
Dualhead — Yes/no option to support a dual-monitor
display. Default no sets monitors to mirror mode; yes sets monitors
to span mode.
ManualOverride — Default is
no. Yes/no option to allow the local client to override display
dualhead settings received from central configuration.
If reset to factory defaults, it will once again take
server settings for dualhead. This is helpful for scenarios where
you have a mixture of dual head and single head deployments.
For example:
Dualhead=yes
ManualOverride=yes Mainscreen=1 \ Orientation=hort
Taskbar=mainscreen
Mainscreen — Sets which screen is used as the main
screen. When using a DVI to DVI and VGA cable, the DVI connected monitor
will be the default mainscreen=1.
Orientation — Default is
hort. Sets which style is used for display.
Hort means horizontal and vert means vertical.
Align — Sets how screens are aligned: Top means screens are top
aligned in
hort orientation. Left means screens are left aligned
in
vert orientation.
Center means screens
are center aligned. Bottom means screens are bottom aligned in
hort orientation. Right means screen are right aligned in
vert orientation.
Taskbar — Default
is
wholescreen. Sets which style is used for the taskbar: wholescreen
places the taskbar at the bottom of the entire screen; mainscreen
places it at the bottom of the main screen. This is only when SysMode=Classic
and has no effect on VDI mode.
MonitorAutoDetect — Determines whether or not the system will detect how many monitors
are connected. If only one monitor is connected, Span mode will be
transferred to Mirror mode.
Swap — Default
is
no. Yes/no option to use with older ThinOS 7.x builds to
swap dual monitors when Mainscreen=2 is set. Swap=yes puts monitor
2 on the left or top of monitor 1 according to the orientation.
For example, if you want a standard dual screen layout
you would use:
DualHead=Yes \
Mainscreen=1 \
Orientation=Hort \
Taskbar=Mainscreen \
Align=Center
Screen=1 Resolution=DDC Refresh=60 Rotate=None
Screen=2 Resolution=DDC Refresh=60 Rotate=None
|
EnableRAVE={
yes, no}
|
Default is
yes.
Yes/no option to enable the client to use Citrix Multimedia
Acceleration (RAVE) to play supported media files residing on an ICA
server. This is a global parameter for all ICA connections. EnableRAVE=yes
is default.
-
NOTE:
If
EnableRAVE=no or this parameter is not present, the TCX Multimedia
will be used for all media files. If EnableRAVE=yes, RAVE will be
used only for media files it supports.
EnableRAVE=yes
is ignored unless a valid TCX Multimedia license is used.
|
FileServer=List of {IP address,
DNS name}
[Username=username]
[Password=password]
[SecurityMode={Low, Warning,
Full,
default}]
|
FileServer — Specifies the
FTP or Web (http://) server IP address or DNS name that is entered
into thin client local setup (non-volatile memory); the thin client
immediately uses this server to access files.
Username — Specifies the username of the file server.
Password — Specifies the password of the file
server.
The optional
keyword Username and Password specify the username/password of the
file server. When the client fetches the WNOS.INI file from a HTTPS
server, ThinOS supports different security modes. The default follows
SecurityPolicy and may be one of the three modes. The option SecurityMode
specifies these security modes.
SecurityMode — Specifies the security level for the file server during client
verification of the server certificate. This option is only valid
when connecting to an https file server.
When
configuring the https file server, the Username and Password options
of the FileServer parameter can be omitted. Use the following guidelines:
- Set SecurityMode=Full to have the client verify the
server certificate in highest security mode; if any error occurs during
verification, the client will not connect to the server and a pop-up
message is displayed.
-
Set SecurityMode=Warning to have the
client provide a warning when the client cannot verify the server
certificate, but still allow the user to select to continue client
connection to the server.
-
Set SecurityMode=Low to indicate that
the client allows connection without any certificate verification.
-
Set SecurityMode=Default to indicate
that the client follows SecurityPolicy settings to check certificate.
-
Default value of the setting is Default.
If the settings are factory default or if you are upgrading to ThinOS
8.3 for the first time, the value is temporarily set to None. After
loading any INI, it goes to default.
-
If the security mode value in WNOS.INI
is not the same as the one saved in Client NVRAM, client shows a reboot
dialog box.
-
NOTE: Security process includes:
- Verification that certificate has a valid date
-
Verification that Issuer is valid
and correct
-
Certificate verification passes
-
CN and SAN on the certificate matches
the DNS naming
For Example: FileServer=https://10.151.122.66:444
SecurityMode=warning
|
FormURL=URL to a file |
Specifies the URL to the name of
a bitmap file (.ico, .bmp, .jpg, or .gif), to be displayed in the
sign-on window, residing under the thin client home directory. The
length of the path, including the home directory and the file, is
limited to 128 characters. If auto dial-up is enabled, this statement
is invalid.
|
INACTIVE=minutes
[NoSessionTimer=minutes]
|
Default is 0. There is no Idle timeout. The range
is 0 minutes to 480 minutes.If the value given is bigger than 480,
480 is set instead. If the value given is smaller than 0, 0 is set
instead.
When the system idle is time out in the configured
minutes, the system will automatically sign off, reboot or shutdown
which are based on the setting of AutoSignoff.
The
parameter NoSessionTimer has the same range as INACTIVE and it is
valid only if INACTIVE value is not 0. If there is a session use the
value of Inactive, otherwise use the value of NoSessionTimer, if NoSessionTimer
is configured.
If AutoSignoff=yes Shutdown=yes
is configured, then this statement can work before signon.
If AutoSignoff=yes Reboot=yes is configured, this statement
can work before signon.
|
LongApplicationName={
no, yes}
|
Default is
no.
Yes/no option to display all 38 characters in a desktop
icon name. If LongApplicationName=no, then icons will display up to
19 characters; any over 19 characters and the last three characters
will be “
…”.
|
MaxVNCD={0, 1}
[VNCD_8bits={yes,no}]
[VNCD_Zlib={yes, no}]
|
Default is
0.
Option to enable VNC shadowing. Default value is 0 means
VNC shadowing is disabled. Set to 1 to enable shadowing.
See also VNCPrompt in
Table
7: Connection Settings: wnos.ini files, {username} INI, and $MAC INI
Files
to enable a VNC shadowing prompt to a user.
See also VncPassword in
Table 4: Connection
Settings: wnos.ini files
only to specify a string of up to
8 characters as the password used for shadowing.
VNCD_8bits — Default is
yes. Yes/no option to force
the VNC server to send out images with 8-bits-per-pixel; if set to
no, the VNC server will send out images with the current system color
depth.
VNCD_Zlib — Default is
no.
Yes/no option to allow the VNC server to send data with Zlib compression.
|
MMRConfig={VIDEO}
[flashingHW={0,
1}]
|
This parameter specifies whether to show the “HW”
label at the top left corner of video or not when HDX is hardware
decoded. The default value is 0. Set flashingHW to 0, if you want
to hide HW. Set flashingHW to 1, if you want to show HW.
|
Multifarm={no, yes} |
Default is
no.
Yes/no option to support Citrix multifarm functionality
for the wnos.ini files. If Multifarm=yes, PNAgent/PNLite users are
able to authenticate to more than one Citrix farm.
|
MultiLogon={no, yes}
[SequentialDomain={yes,
no}]
|
Default is
no.
Yes/no option to support multiple log ons. If MultiLogon=yes,
the PNAgent/PNLite sign-on authenticating window can input a different
username, password, and domain while signing on to different PNAgent/PNLite
servers.
For backward compatibility, the following
format is supported:
MultiLogon=yes
PNAgentServer=10.1.1.30;10.2.2.60
The
SelectServerList statement is also supported:
MultiLogon=yes
SelectServerList=pna \
description=store
host=http://proper-storefront-url.ctx.com
description="Floor
3" host=10.1.1.30 \
description=""Floor 1" host=10.2.2.60
\
description="All Users" host=10.3.3.90
If SequentialDomain=yes is specified, the domain configured in DomainList
statement is selected in order.
For example, set
the following ini:
DomainList="xen;wyse" multilogon=yes
sequentialdomain=yes pnagentserver=10.151.134.23; https://csg-cn.wyse.com.
When you logon to the first server 10.151.134.23,
the domain xen is selected. Then logon to the second server https://csg-cn.wyse.com
and the domain wyse is selected.
|
NoticeFile=filename
[Resizable={
no, yes}]
[Timeout={
0, 10 to 600}]
[Title="notice_title"]
[ButtonCaption="button_caption"]
|
NoticeFile — Specifies
a legal notification file residing in the home directory folder. The
file is displayed in a dialog box and the user is prompted to accept
it before the sign-on process continues.
Resizable — Default is
no. Yes/no option to resize the dialog box to
fit the text size.
Timeout — Default is
0. After the notice is accepted, if Timeout is specified in
seconds, and if no mouse or keyboard is used, then the dialog box
will display again after the seconds set. 0 means no timeout.
Title and ButtonCaption — Specifies the notification
window title and button that can be customized. For example,
NoticeFile=filename Title=Problem ButtonCaption=Ok
|
OneSignServer=onesign_server
[DisableBeep={yes,no}]
[KioskMode=yes,no}]
[TapToLock={0,1,2}]
[EnableWindowAuthentication={yes,no}]
[AutoAccess={VMW,XD,XA,LOCAL}]
[NetBIOSDomainName={yes,no}]
[SuspendAction={0,
1}]
[DisableHotKey={yes,no}]
Loglevel=0/1/2/3
[DisablePromptToEnroll={
yes,no}]
[SecurityMode={default, full, warning, low}]
|
A list of host names or IP addresses with optional
TCP port number or URLs of Imprivata OneSign servers. It should use
https protocol. If OneSignServer="" is defined, then only imprivata
virtual channel can work.If DisableBeep is set to yes, then Rfideas
reader can be set to mute when a card is tapped. Default is no.
If KisokMode is set to yes, then different OneSign user
can unlock the client desktop. Default is no. Optional keyword TaptoLock
is only active when KioskMode=yes.
- If TapToLock=0, then tap a card to lock terminal
is disabled.
-
If TapToLock=1(Tap to lock), then
use the proximity card to lock the terminal.
-
If TapToLock=2(Tap over), then lock
the terminal and log in as a different user. Default is 2.
If EnableWindowAuthentication is set to yes and
OneSign signon fails, then continue to sign-on with windows credential
to pre-define broker. Default is yes.
If AutoAccess
is defined, then auto launch the corresponding type of broker. Otherwise,
get the broker type from the Imprivata Server setting of computer
and user policy. If none of them is defined, then launch the first
available broker server from the Imprivata server.
If AutoAccess=LOCAL is set, then launch the broker from the ThinClient
setting; the broker getting from the Imprivata Server is ignored.
-
NOTE: AutoAccess can be set in [username].ini and wnos.ini. The wnos.ini
has priority over [username].ini.
If NetBIOSDomainName
is set to yes, then Imprivata domain list will show NetBIOS domain
name and card user will authenticate to the broker server using NetBIOS
domain name. Default is no.
If SuspendAction is
set to 0, then lock the terminal when you tap the card or press the
hotkey. If set to 1, then signoff the terminal. If ‘no’ is defined,
then lock the terminal in KioskMode and sign-off the terminal in none
KioskMode.
If DisableHotKey is set to yes, then
no action when you press the hotkey defined in Imprivata Server. Only
WebAPI 4 and later versions support the hotkey function.
Loglevel—While configuring the Imprivata server, user
can view the OneSign logs on ThinOS by enabling the Agent Logging
feature. An ini configuration is needed correspondingly. Default value
is 0. If set to 0, logs are not displayed.
If DisablePromptToEnroll
is set to yes, then ThinOS does not prompt you to enroll their security
answers after OneSign sign-on. Default value is yes.
SecurityMode specifies the SSL certification validation policy. If
set to default, it applies SecurityPolicy setting. If set to full,
the SSL connection needs to verify server certificate. If it is untrusted,
drop the connection. If set to warning, the SSL connection needs to
verify server certificate. If it is untrusted, it is up to you to
continue or drop the connection. If set to low, the server certificate
is not checked. The value is persistent, and the default value of
the setting is default.
|
PasswordServer=password_server
[AccountSelfService={yes, no}]
[connect={ica,
rdp}]
[encryption={Basic, 40, 56, 128,
Login-128, None}]
|
Specify an ica/rdp server that
can be used to log on to modify password when you sign-on with password
timeout.
The PasswordServer statement can specify
the connection parameters as described in the Connect statement. If
no parameter is specified, it connects with ICA protocol.
AccountSelfService — Yes/no option to define the password
server as an Account Self Service server.
If AccountSelfService=yes
follows PasswordServer, click the icon on the signon window to do
account self-service.
If Connect parameters do
not follow AccountSelfService=yes, this password server will be the
account self-service server of Citrix and clicking the icon will use
Citrix protocol to unlock or change password for an account.
If Connect parameters follow AccountSelfService=yes,
clicking the icon launches a session to change password for an account.
|
PCoIP_Logging={yes, no}
[Broker_Logging_Level={0,1,2,3,4}]
[Session_Logging_Level={0,1,2,3,4}]
|
The option PCoIP_Logging can enable
and disable the PCoIP client logs output in Trouble Shooting. If you
set the value to yes, then it is same as selecting the Trouble Shooting
Capture Export PCoIP Log radio button to persistent and no to none.
The option Broker_Logging_level and Session_Logging_Level
accord to PCoIP broker log level and PCoIP session log level. The
default value is 0 which means critical log, 1 means log severity
error, 2 means log severity info, 3 means log severity debug, and
4 means log severity unrestrained.
|
PlatformConfig=all
[EncryptFS=yes]
|
Encrypts local flash, specifically
cached INI files and credentials that are stored, if using signon=yes.
|
PlatformConfig=”C/V/S/R/T Class”
[Firmware={Firmware filename}]
[BIOS={BIOS filename}]
[ECFirmware={EC filename}]
|
If a specific platform is specified
by the PlatformConfig parameter, then ThinOS will attempt to load
the Firmware and BIOS whose filenames are specified by the Firmware
and BIOS parameters.
If the written Firmware and
BIOS are valid on file server, they will be loaded by default; if
the written Firmware and BIOS are invalid on file server, ThinOS will
load the platform default Firmware and BIOS instead.
For example: If you re-name the Wyse 3010 thin client with ThinOS
(T10) firmware file from DOVE_boot to DOVE_boot_8.0_037., then you
must use platformconfig-="T Class", then add Firmware=DOVE_boot_8.0_037.
ThinOS will look on the file server
for this exact firmware name. If that defined firmware name is not
found, then ThinOS will fall back to the default logic and look for
the DOVE_boot firmware.
ECFirmware is only used
for Wyse 3010 thin client with ThinOS (T10)/X10J/X10CJ to update EC
firmware, it is not supported on other platforms.
C: C10LE V: VL10
S: S10 R: R10L
Wyse 3010 thin client with ThinOS (T10)
If the
ECFirmware file name is not specified, device will look for EC with
default name: T10: T10_EC.bin
|
Proxy={yes,
no}
AppList={ccm;fr}
[Type={Global, http,
https, socks5}]
[Server=_host_port_]
[User=_user_name]
[Password=_password_]
[Encrypt={yes, no}]
|
Specifies the proxy settings which
are saved in non-volatile memory. If Proxy=no, all proxy settings
are cleared and all the followed options are ignored.
If Proxy=yes, the option AppList must be followed. It specifies which
applications are applied to connect via proxy. Both CCM and FR are
supported. The application name is separated with semicolon.
The following options are used to configure one or several
proxy server setting. The option Type specifies the proxy protocol
including http, https and socks5. The option Server specifies the
url of the proxy server. The option User and Password specify the
credentials of this proxy server. The option Encrypt specifies if
the password is encrypted or not.
The option User
and Password can support system variables. Because CCM runs before
sign on, it is not appropriate to use $UN and $PW.
If Type=Global, the proxy settings are saved into http proxy setting,
and the https and socks5 proxy settings use the same setting as http
proxy. And the followed proxy settings will be ignored.
For example,
Proxy=yes AppList=fr
\
Type=http Server=server1:1234 user=$UN password=$PW
(OR)
Proxy=yes AppList=ccm \
Type=http Server=server1:1234 user=abc password=xyz
\ Type=socks5 Server=server2:4321 user=abc password=1234
(OR)
Proxy=yes AppList=ccm;fr \
Type=Global Server=server_global user=user_global
password=password_global_encrypted Encrypt=yes
|
RapportDisable={yes, no}
[DHCPinform={yes,
no}]
[DNSLookup={yes, no}]
[QuickMode={yes, no}]
[Discover={
yes, no}]
[SecurityMode={
default, full, warning, low}]
|
Set to yes to disable the Rapport agent.
If RapportDisable=no, the Rapport agent is enabled and
you can discover the WDM server by the following ways:
- The DHCP option tag values received from standard
or WDM proxy DHCP service for vendor class RTIAgent
-
DNS service location record "_wdmserver._tcp"
-
DNS host name lookup "wdmserver"
If RapportDisable=no, set DHCPinform=yes
to perform the WDM server discovery as mentioned in number 1; set
DNSLookup=yes to perform the WDM server discovery as mentiomned in
number 2 and 3.
If QuickMode=yes is specified, rapport
agent will not block any other process during ThinOS boot up, and
boot time of ThinOS will speed up.
-
NOTE: If file server is changed
by WDM server, device will reboot automatically to make sure all settings
from WDM server take effect. Default is
yes.
Discover— If Discover=yes is specified, rapport
discovers the WDM server information from DHCP option tag, DNS service
location record and DNS host name. If the WDM server is discovered,
the WDM server User Interface (UI) is protected on the device. The
default value is yes.
SecurityMode specifies
the SSL certification validation policy. If set to default, SecurityPolicy
setting is applied.
If set to full, the SSL connection
needs to verify server certificate. If it is untrusted, drop the connection.
If set to warning, the SSL connection needs to verify
server certificate. If it is untrusted, it is up to you to continue
or drop the connection.
If set to low, the server
certificate is not checked. The value is persistent, and the default
value of the setting is default.
If the settings
are factory default or if you are upgrading to ThinOS 8.3 for the
first time, the value is temporarily set to low. After loading any
INI, it goes to Default value.
|
RapportServer=server_list
[Retry=]
|
|
Reboot | shutdown={no,
yes} Time=hh:mm
[-hh:mm]
[Wday={Sunday,
Monday, Tuesday, Wednesday, Thursday, Friday, Saturday}]
[Idle=minutes]
|
Reboot — Yes/no option to
enable automatic daily reboot of all ThinOS devices.
Time — Specifies the time to reboot and must be in a 24-hour
format. For example: Reboot=Yes Time=17:30 will reboot all ThinOS
devices at 5:30 P.M. daily.
If you set time as
hh:mm-hh:mm, a random time during the configured time period is selected.
Wday— The option Wday specifies the week day
of scheduled reboot.
Idle— The option Idle
specifies the idle minutes. After the scheduled reboot time is reached,
the unit reboots, if there is no session or the terminal is idle for
specified idle minutes. If the session is still active, the reboot
is delayed till the idle time is reached or log off the sessions.
For example,
If you set Reboot=yes
time=20:30, the unit reboots on local time 20:30. If you set Reboot=yes
time=20:30-4:30, the unit reboots on random time through 20:30 to
4:30.
If you set Reboot=yes time=23:00 Wday=Friday,Monday,
the unit reboots on local time 23:00 of Friday and Monday.
If you set Reboot=yes time=1:00 Idle=10, the unit reboots
on 1:00, if there are no sessions. If there is any active session,
the reboot happens only if the unit is idle for 10 minutes or the
system logs out from the session.
Since 8.3_012
or later, scheduling a shutdown at a given time is supported. The
options are same as schedule a reboot as above.
For example, Set Shutdown=yes time=20:30, the unit shuts down at
local time 20:30.
|
RegisterWINS=yes |
Forces the thin client to register itself with
a Microsoft WINS server.
|
SelectServerList={PNA, VDI}
[Default=default_desc]
list of
servers {Server1; Server2; ...ServerN}
|
Allows users to select one PNA
or VDI server during logon. For server use the format:
description = <server’s description> host = <server’s
url> [ <options>]
-
NOTE: There must be “description”
and “host” key words on each server.
For PNA server options, use the options of the PnliteServer parameter
in
Table 7 Connection Settings: wnos.ini files, {username} INI, and
$MAC INI Files.
PNA example:
SelectServerList=PNA; Default=test3; description = test1; host = 192.168.0.10; autoconnectlist =*; reconnectfrombutton=0;
description = test2; host = HostName2.wyse.com; TimeOut=200; descriprion = test3 host =
https://server3.wyse.com
For a VDI server: If you want to use a VDI broker,
specify ConnectionBroker in wnos.ini. Otherwise the VDI broker’s type
is default.
VDI example:
ConnectionBroker=VDM
SelectServerList=VDI; Default=test5
description = test4; host = 192.168.0.11; description = test5; host = host2.wyse.com
The Default option following "SelectServerList={PNA,
VDI}" can specify the default server. The value is one of server description
defined after that. After one selects another server and sign off,
this default server is selected. If default option is not specified,
the last selected server is selected in the next sign on.
|
Service={snmpd, thinprint, vncd,
wdm,
vda <port number>} disable={
no,
yes}
|
Service — Specifies the
services you can enable or disable; there are different syntaxes for
the different services.
disable —
Default
is no.
Yes/no option to disable the services. Disable must follow
the Service parameter.
|
Service=snmpd disable={
no, yes}
[community=<snmp_community> [encrypt={yes,
no}]]
[communityReadOnly=<snmp_community_read_only>
[encrypt={yes,
no}]]
[servers=server_list]
|
Default is
no.
Service=snmpd disable — Yes/no option to disable
the snmpd service.
community — The option
community is same as the statement Community. encrypt option is same
as that in the statement community.
communityReadOnly— This option is to set community only has snmp get and get_next
privileges.
The following encrypt option is only
for indicating, if value of communityReadOnly is encrypted.
Servers option, if set, limits the valid snmp management
site to the IP addresses in the server_list parameter, which contains
1 to 4 IPv4 IP addresses currently. If not, all the set IP addresses
seen as valid.
|
Service=thinprint disable={
no, yes}
[port=<port number>]
[PkSize={0-64000}]
|
Default is
no.
Service=thinprint disable — Yes/no option to disable
the thinprint service.
port — Same as the
statement ThinPrintEnable={no, yes} port=portnumber.
PkSize — Specifies the default packet size that will be sent
to the server when negotiating with the thinprint server. The value
0 will rely on the server default setting, 64000 in ThinPrint 7.6
and 32000 in previous ThinPrint versions.
ThinOS
only allocates a buffer of 64K, so if the default packet size of the
server is above 64000, this setting must be set or printing will fail.
|
Service=vncd disable={
no, yes}
|
Default is
no.
Yes/no option to disable the vncd service, same as MaxVncd={0,
1}.
|
Service=wdm disable={
no, yes}
|
Default is
no.
Yes/no option to disable the WDM service, same as RapportDisable={no,
yes}.
|
Service=<port number> disable={no, yes} |
Default is
no.
Yes/no option to disable the service with this port number.
The 80 port is an exception because the WDM is always started before
loading the global profile (wnos.ini file).
|
SecurityPolicy={full,
warning, low}
[SecuredNetworkProtocol={yes,
no}]
[TLSMinVersion]={1,2,3}]
[TLSMaxVesion={1,2,3}]
[DNSFileServerDiscover={yes, no}]
|
Specifies the global security mode
for SSL connection. If application SecurityMode is default, application
applies the setting.
If set to full, the SSL connection
needs to verify server certificate. If it is untrusted, connection
is dropped.If set to warning, the SSL connection needs to verify server
certificate. If it is untrusted, it is up to you to continue or drop
the connection. If set to low, the server certificate is not checked.
The value is persistent, and the default value is
warning. For those SSL connections with their own security policy,
this does not impact.
For example,
File server, VMware View and AWS broker follows the global
SecurityPolicy. Citrix broker, RDS broker and SECUREMATRIX are forced
to high security mode.
If the optional SecuredNetworkProtocol=yes
is set, the unsecure protocols including ftp, http and tftp are disabled.
The value is persistent, and the default value is no.
Option TLSMinVersion and TLSMaxVersion allows you to configure the
SSL connection. ThinOS supports SSLs from TLSMinVersion onwards. TLSMaxversion
is the latest version of SSL supported by ThinOS.
If no value is set then TLSMinVersion then the default value is set
to TLS1.0 and TLSMaxVersion to TLS1.2. The value 1, 2, 3 corresponds
to TLS1.0, TLS1.1, TLS1.2 respectively.
In classic
mode, a DNS name wyseftpfbc4tc is resolved to discover the file server,
if the global INI file in remote file server and local cache cannot
be loaded. If the optional DNSFileServerDiscover=no is set, the function
is disabled. The value is persistent, and the default value is yes.
|
SignOn={
yes,no, NTLM}
[MaxConnect=max]
[ConnectionManager={maximize,
minimize, hide}]
[EnableOK={
no, yes}]
[DisableGuest={
no, yes}]
[DisablePassword={
no, yes}]
[LastUserName={
no, yes}]
[RequireSmartCard={
no, yes}]
[SCRemovalBehavior= {-1,
0, 1}]
[SaveLastDomainUser={yes, no, user, domain}]
[DefaultINI=filename]
[IconGroupStyle={default, folder}]
[IconGroupLayout={
Vertical, Horizontal}]
[PasswordVariables={yes,
no}
[LockTerminal={
yes, no}]
[ExpireTime={0, 1 - 480}]
[UnlockRefresh={
yes, no}]
[SCShowCNName={
yes,no}]
[SCSecurePINEntry={
no, yes}]
[AutoConnectTimeout={10–300}]
[DisableEditDomain={yes,
no}]
[AdGroupPrefix=adgrpnameprefix]
|
SignOn — Default is
yes. Yes/no/NTLM option to enable the sign-on process. If set to NTLM,
a user can be authenticated with an NTLM protocol.
The user must be a domain user and the same sign-on user credentials
must be available in the ftp://~/wnos/ini/ directory.
MaxConnect — Default is
216. Maximum number of connections
allowed to be specified in the wnos.ini file and {username}.ini file
added together. The range allowed for MaxConnect is 100 to 1000. The
default maximum is 216 entries.
ConnectionManager — Default is
minimize. State of the Connect Manager during
sign-on.
EnableOK — Default is
no. Yes/no option to show the OK and Cancel the command buttons in
the Sign-on dialog box.
DisableGuest — Default
is
no. Yes/no option to disable the guest sign-on.
DisablePassword — Default is
no. Yes/no
option to disable the password text box and password check box in
the Sign-on dialog box.
LastUserName — Default
is
no. Yes/no option to display the last sign-on username after
the user logs off.
RequireSmartCard — Default
is
no. Yes/no option to force logon with smartcard.
SCRemovalBehavior — Default is
0. Specifies
what happens after a smart card is removed.
-1 — If smartcard is removed then client has no action. Whether
the session can be used or not totally depend on the server policVNCD
0 — System logs off.
1 — System locks and can be unlocked only when the same certificate
is used with the smart card.
SaveLastDomainUser — Yes/no option to save the username and domain into NVRAM once
signon is successful. On next reboot, the username and domain saved
in the NVRAM will be displayed in signon server as the default username
and domain if no DefaultUser is set in the wnos.ini file.
The size of username/domain is limited to 32 characters,
and if larger than 32, it will first be truncated and then saved into
NVRAM.
DefaultINI — The optional DefaultINI
configures a file name which is in the default folder of the username
ini files. If the {username}.ini is not found, this file will be loaded
as default.
IconGroupStyle — The optional
IconGroupStyle configures the icon group style on the desktop. PNAgent
published applications can be configured with the client folder in
the PNA server.
If set IconGroupStyle=folder,
the PNAgent published applications which are specified to display
on the desktop will display with the folder.
After
clicking the folder icon, the subfolder or applications in this folder
will display on the desktop. In this case, there is an Up to 1 Level
icon on top. Clicking the icon will display the up one level folder
contents.
IconGroupLayout — Default is
vertical. Configures the direction of the icongroup on the desktop.
PasswordVariables — Default is
no.
Yes/no option to support variable mapping ($TN, $UN etc) for a password.
LockTerminal — Default is
yes. Yes/no
option to lock the terminal. If set LockTerminal=no, the function
of locking terminal is disabled. It disables the Lock Terminal from
a Right Click on the desktop or from clicking the
. It also disables lock terminal even if set ScreenSaver=minutes;
LockTerminal=yes.
ExpireTime — Specifies
the signon expiration time. The range is 0 to 480 minutes. The default
is
0 which means no expiration.
If the
value is larger than 480, then 480 is set instead. If the value is
smaller than 0, then 0 is set instead.
After system
signon or starting a connection, the expiration time starts counting.
Once the expiration time is reached, starting a connection by clicking
the icon, menu or connection manager, will bring up a pop up message
box to enter the password. Only if the password is same as the original
signon password, the session starts.
If the terminal
is locked and unlocked with the password, the signon expiration time
starts counting again.
UnlockRefresh — Default
is
yes. Yes/no option to specifies the refresh action after
unlocking the system in classic mode.
Yes — While
unlocking, the system will refresh the PNA list to verify the password.
No — Disables refresh.
SCShowCNName — Default is
yes. Yes/no option to force the use of the CN
name of the certificate as the user name when using smartcard signon.
The default uses the UPN name as the user name.
SCSecurePINEntry — Default is
no. Yes/no option to
enable Secure PIN entry function for pkcs15 smart card with Cherry
keyboard.
AutoConnectTimeout— Default is
30 seconds.
This option sets the timeout for auto connect
published application. The range is 10 seconds to 300 seconds.
DisableEditDomain— The optional keyword DisableEditDomain,
is set to yes to stop typing in the domain box manually. Typing the
character @ or \ as in the format domain\user and user@domain in the
username box are not allowed.
AdGroupPreFix— The option AdGroupPreFix is only valid, when you configure SignOn=NTLM.
If the option is configured, then the thin client verifies the names
of all AD groups to which a sign-on user belongs, to get the first
group name so that its prefix matches adgrpnameprefix, and load adgroup/"the_whole_ad_group_name".ini,
if the configuration file exists, before loading the user specific
INI.
For example, if the sign on user is user_111 in a domain,
and the user_111 belongs to group domain user and group tc_grp1_ad,
the option is configured as AdGroupPrefix=tc_grp1. If the configuration
file adgroup/tc_grp1_ad.ini is available, it will be loaded.
|
Speedbrowser={
on, off}
|
Default is
on.
On/off option to enable the ICA Speedscreen Browser Acceleration
Function.
|
SwitchApplication |
-
IMPORTANT: DISCONTINUED.
DO NOT USE.
|
SysMode={classic, vdi}
[toolbardisable={
no, yes}]
[toolbardisablemouse={
no, yes}]
[toolbarclick={
no, yes}]
[toolbardelay={0-4}]
[toolbar_no_conmgr={
no, yes}]
[toolbar_no_minimizeall={
no, yes}]
[toolbardisablehotkey={
no, yes}]
[ToolbarEnableOneSession={
no, yes}]
[ToolbarAutoQuit={
yes, no}]
[ToolbarStay={1~20}]
[EnableLogonMainMenu={
no, yes}}
|
SysMode — Specifies the Zero
interface optimized for VDI or the Classic interface. This value will
be remembered across reboots until changed. If not defined and an
INI is present, Classic mode is the default. If no INI is present,
VDI mode is the default.
Classic mode has full
taskbar, desktop and connection manager and is recommended for a terminal
server environment and for backward compatibility with WTOS 6.x.
VDI mode (Zero interface) has a new launchpad-style
interface optimized for full-screen sessions that is Desktops. Everything
you need is accessed through an always available overlay interface.
The following options allow you to configure if and when the Zero
toolbar will display under VDI mode:
Toolbardisable — Default is
no. Yes/no option to disable the Zero toolbar
from displaying; if set to yes, this option overrules other toolbar
display options.
Toolbardisablemouse — Default
is
no. Yes/no option to disable the Zero toolbar from automatically
displaying once you pause the mouse pointer on the left side of the
screen for a specified amount of time.
toolbarclick — Default is
no. Yes/no option to pop up the toolbar only
if clicking on the left-most side of the screen.
toolbardelay — Specifies the seconds to delay before displaying
the toolbar after pausing the mouse pointer on the left-most side
of the screen. The value 0 will have no delay. The other values 1,
2, 3,4 will delay 0.5, 1, 1.5 and 2 seconds respectively.
toolbar_no_conmgr — Default is
no. Yes/no
option to hide the Home button.
toolbar_no_minimizeall — Default is
no. Yes/no option to hide the Home button thus
affecting the ability to minimize displayed list of connections.
toolbardisablehotkey — Default is
no. Yes/no option to disable the CTR+ALT+UP ARROW keyboard shortcut
that allows the toolbar to instantly display without a timer.
ToolbarEnableOneSession — Default is
no. Yes/no option to enable the toolbar when only one session is available.
ToolbarAutoQuit — Default is
yes. ToolbarAutoQuit=no
prevents the sub-window from being closed. The toolbar will auto-hide
after a certain amount of time after user pause the mouse pointer
away from the toolbar.
ToolbarStay — ToolbarStay={1~20}
controls the auto-hide duration, 0.5s per value. Thus if ToolbarStay=1,
the Toolbar will auto-hide after 0.5 second; If ToolbarStay=10, the
Toolbar will auto-hide after 5 seconds.
EnableLogonMainMenu — Default is
no. Yes/no option to enable the main menu if
you click the mouse button on the desktop prior to logon in Zero mode.
|
SysName |
-
IMPORTANT: DISCONTINUED. DO NOT USE.
|
TcpTimeOut={
1 , 2}
|
Default is
1.
Specifies the timeout value of a TCP connection. The number
of 30 seconds for the timeout value of a TCP connection. The value
must be
1 or
2 which means the connection timeout value
is from 1x30= 30 seconds to 2x30= 60 seconds.
Values
of 3-255 are recognized only for backwards compatibility that is >2
= 60 seconds, however, these values should not be used and the value
should be set to 2.
|
TCXLicense |
-
IMPORTANT: DISCONTINUED. DO NOT USE.
|
VncPassword=<password>
[encrypt={
no, yes}]
|
VncPassword — Specifies
a string of up to 8 characters as the password used for shadowing.
encrypt — Default is
no. Yes/no option
to set according to whether or not the vncpassword you are using is
encrypted.
|
WarnUnlinkDisabled={yes, no} |
Default is
no.
Yes/no option to disable the pop-up warning message when
a network has no link for an ICA/RDP session.
|
WDAService=yes
[Priority ={WDM,
CCM, “WDM;CCM”, “CCM;WDM”}]
|
WDA Service always runs in the
background.If priority is available, WDA discovers the protocol according
to it.
There are only two protocols available
now - WDM, and CCM. For example, if priority=WDM; CCM, WDA tries to
discover WDM server and tries to check-in, and if it fails to check-in
to WDM server, it tries to check-in the device to CCM server.
|
WDMFlash=flash_size |
The specified value will be saved
into NVRAM, and then reports to the WDM server. This statement ensures
that all the units would function with DDC regardless of flash size.
This statement is valid for all platforms and replaces
the previous S10 WDM Flash statement.
|
WDMService={
yes, no}
[DHCPinform={
no, yes}]
[DNSLookup={
no, yes}]
[QuickMode={yes, no}]
[Discover={
yes, no}]
[SecurityMode={
default, full, warning, low}]
|
Default is
yes.
WDMService — Yes/no option to disable the WDM
agent.
Discovering the WDM server is supported
by the following:
- DNS host name lookup
wdmserver
-
DNS service location record
_wdmserver._tcp
-
DHCP option tag values received from
standard or WDM proxy DHCP service for vendor class
RTIAgent
DHCPinform — Default is
no.
Yes/no option to use DHCP information.
DNSLookup — Default is
no. Yes/no option to use DNSLookup.
For Example: If WDMService=yes, setting DHCPinform=yes
will do number 3, setting DNSLookup=yes will do numbers 1 and 2.
If QuickMode=yes is specified, rapport agent will
not block any other process during ThinOS boot up, and boot time of
ThinOS will speed up.
-
NOTE: If file server is changed
by WDM server, device will reboot automatically to make sure all settings
from WDM server take effect. Default is
yes
Discover— If Discover=yes is specified, rapport
discovers the WDM server information from the DHCP option tag, DNS
service location record and DNS host name. If the WDM server is discovered,
the WDM server User Interface (UI) is protected on device. The default
value is yes.
SecurityMode specifies the
SSL certification validation policy.
If set to
default, it will apply SecurityPolicy setting.
If set to full, the SSL connection needs to verify server certificate.
If it is untrusted, then drop the connection.
If
set to warning, the SSL connection needs to verify server certificate.
If it is untrusted, it's up to you to continue or drop the connection.
If set to low, the server certificate is not checked.
The value is persistent, and the default value of the setting is default.
If the settings are factory default, or if you are upgrading to ThinOS
8.3 for the first time, the value is temporarily set to low. After
loading any INI, it goes to default value.
|
WDMServer=<server_list>
[Retry=<retry number value>]
|
WDMServer — Specifies a list
of IP addresses or DNS names separated by using a comma for the WDM
servers. Once specified, it is saved in non-volatile memory.
Retry — Determines the number of attempts to retry
a contact to WDM servers.
|
WINSServer=server_list |
Specifies the WINS server address.
The WINSserver is an IP list separated by "
;" or "
,",
with a maximum list size of 2.
|