Dell Hybrid Client version 2403 Administrator's Guide

Configure the security profile settings

Dell Hybrid Client enables you to set Security Profiles to provide an enhanced device security for deploying unsigned third-party applications.

1. Log in to Wyse Management Suite.
2. Go to the Groups & Configs page, and select your preferred device group.
   NOTE:The security profile option is applicable only for Device Policy Groups.
3. Click Edit Policies > Dell Hybrid Client 2.x.
   The Configuration Control | Dell Hybrid Client 2.x page is displayed.
4. Click the Advanced tab.
5. Expand Privacy & Security and click Security Profile.
6. From the Security Profile drop-down list, select one of the following options:
   • High—This profile enables you to install Dell-signed, custom-signed, and unsigned Debian files with metadata. Based on the metadata, the firejail is applied.
     NOTE:The firewall and Kernel hardening features are enabled.
   • Medium—This profile enables you to install the following types of third-party application packages or files:
     • Dell-signed Debian files
     • Custom-signed Debian files
       NOTE:Before you install a custom-signed Debian package, you must upload the corresponding certificate by using Wyse Management Suite.
     • Unsigned Debian files with or without metadata
     NOTE:The firewall and Kernel hardening features are disabled. If metadata is available, the default firejail profile is enabled. If metadata is not available, and if the desktop file of the application is available in /usr/share/application location, the default firejail profile is enabled. If metadata is not available, and if the desktop file of the application is not available in /usr/share/application location, the default firejail profile is disabled. For more information about how to configure the application metadata for the firejail profile, see Configuring metadata for firejail profiles.
   • Low—This profile helps install all types of file extensions, such as, TAR, Debian, Bundle, Python script, Shell script, Javascript, Image file extensions, and VLC extensions.
     NOTE:The firewall and Kernel hardening features are disabled. Both default and custom firejail profiles are disabled.
   • Openbox—This profile enables you to install all types of file extensions, such as Debian, Bundle, Python script, Shell script, Javascript, Image file extensions, and VLC extensions without any security restrictions. Enabling this profile permits the full use of the Linux operating system on the device that is registered to Wyse Management Suite.

     All the default applications including Nautilus are available in this mode along with the snapd service, audio selection dialogue, and the logged in user list. Developer tools for browsers and a profile manager for the Firefox browser are enabled.

     Dell Hybrid Client components such as Dell File explorer and Device Settings are also available for the logged-in users.

     NOTE:The firewall and Kernel hardening features are disabled. Both default and custom firejail profiles are disabled.
     NOTE:Once the open box mode is selected, you cannot enable High, Medium, or Low modes again.

   For more information about security profiles, see the Dell Hybrid Client 2.x Security Configuration Guide at Support | Dell.

   NOTE:In all the security profiles, both Dell-signed and custom-signed, with a signature that is verified in medium and high profiles, debian and bundle applications are allowed for installation.
7. If you select the Security Profile as Medium, browse and select the application certificate.
8. If you select the Security Profile as High, do the following:
   1. Browse and select the application certificate.
   2. Specify a port number or a range of port numbers in a Comma-Separated Value (CSV) format.
9. Click Save & Publish.