Dell Hybrid Client enables you to set
Security Profiles to provide an enhanced device security for deploying unsigned third-party applications.
Steps
Log in to Wyse Management Suite.
Go to the
Groups & Configs page, and select your preferred device group.
NOTE:The security profile option is applicable only for Device Policy Groups.
Click
Edit Policies > Dell Hybrid Client 2.x.
The
Configuration Control | Dell Hybrid Client 2.x page is displayed.
Click the
Advanced tab.
Expand
Privacy & Security and click
Security Profile.
From the
Security Profile drop-down list, select one of the following options:
High—This profile enables you to install Dell-signed, custom-signed, and unsigned Debian files with metadata. Based on the metadata, the firejail is applied.
NOTE:The firewall and Kernel hardening features are enabled.
Medium—This profile enables you to install the following types of third-party application packages or files:
Dell-signed Debian files
Custom-signed Debian files
NOTE:Before you install a custom-signed Debian package, you must upload the corresponding certificate by using Wyse Management Suite.
Unsigned Debian files with or without metadata
NOTE:The firewall and Kernel hardening features are disabled. If metadata is available, the default firejail profile is enabled. If metadata is not available, and if the desktop file of the application is available in
/usr/share/application location, the default firejail profile is enabled. If metadata is not available, and if the desktop file of the application is not available in
/usr/share/application location, the default firejail profile is disabled. For more information about how to configure the application metadata for the firejail profile, see
Configuring metadata for firejail profiles.
Low—This profile helps install all types of file extensions, such as, TAR, Debian, Bundle, Python script, Shell script, Javascript, Image file extensions, and VLC extensions.
NOTE:The firewall and Kernel hardening features are disabled. Both default and custom firejail profiles are disabled.
Openbox—This profile enables you to install all types of file extensions, such as Debian, Bundle, Python script, Shell script, Javascript, Image file extensions, and VLC extensions without any security restrictions. Enabling this profile permits the full use of the Linux operating system on the device that is registered to Wyse Management Suite.
All the default applications including Nautilus are available in this mode along with the snapd service, audio selection dialogue, and the logged in user list. Developer tools for browsers and a profile manager for the Firefox browser are enabled.
Dell Hybrid Client components such as Dell File explorer and Device Settings are also available for the logged-in users.
NOTE:The firewall and Kernel hardening features are disabled. Both default and custom firejail profiles are disabled.
NOTE:Once the open box mode is selected, you cannot enable
High,
Medium, or
Low modes again.
For more information about security profiles, see the
Dell Hybrid Client 2.x Security Configuration Guide at
Support | Dell.
NOTE:In all the security profiles, both Dell-signed and custom-signed, with a signature that is verified in medium and high profiles, debian and bundle applications are allowed for installation.
If you select the
Security Profile as
Medium, browse and select the application certificate.
If you select the
Security Profile as
High, do the following:
Browse and select the application certificate.
Specify a port number or a range of port numbers in a Comma-Separated Value (CSV) format.
Click
Save & Publish.
Data is not available for the Topic
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\