Reference Guide Dell Wyse ThinOS Release 8.3.1 – INI Files

AddCertificate=filename

password={plain text password}

Password-enc={encrypted password}

AddCertificate — Specifies a certificate file residing in the subfolder cacerts under the wnos folder to load on platforms with nand flash, or on the memory. The length of the filename, including the trailing period and the file extension, is limited to 64 characters.

AddCertificate must be used when configuring the Citrix Secure Gateway PNAgent Interface (PNAgent/Lite servers) in the Network Setup dialog box.

Adding certificates are required if the user CSG environments use certificate agents that are not covered by the built-in certificates. The certificates are used to validate server identities by the thin client. Supported files include .crt file on ICA CSG; .cer and .pfx in 802.1x. Password and Password-Enc are specially used with PFX files.

[EGPGroup=group name]

[EnableLogOff={yes, no}]

[SecurityMode={ default, full, warning, low}]

CaradigmServer=vip list contains a list of VIP addresses with optional TCP port number of Caradigm servers. EGPGroup defines the user group name. If EnableLogOff=yes is specified, the user is logged off from the session before system signs off. Otherwise the session is disconnected. The logged off user has a timeout value which can be set using SessionConfig parameter SessionLogOffTimeout.

The default timeout value is 1, if no SessionLogOffTimeout is specified.

SecurityMode specifies the SSL certification validation policy.

If set to default, it applies the SecurityPolicy setting.

If set to full, the SSL connection needs to verify server certificate. If it is untrusted, drop the connection.

If set to warning, the SSL connection needs to verify server certificate.

If it is untrusted, it is up to you to continue or drop the connection.

If set to low, the server certificate is not checked. The value is persistent, the default value of the setting is default.

[Encrypt={yes, no}]

Specifies the SNMP community name. A string up to 31 characters are allowed. After the value is specified, it is saved in the non-volatile memory.

If encrypt=yes, an encrypted string is used as a community name.

The default value is set to no.

ConnectionBroker={ default, VMware, Microsoft, Quest, AWS}

[IgnoreProfile={yes, no,}]

[SecurityMode={Default,Low,Warning,Full}]

[EnableVWGateway]={yes, no}

[VWGateway]=url

[ConnectionType]={Default, All, RDP, PCoIP}

Default value is default. Specifies the type of VDI broker to use. Default is a 3rd party VDI broker.

AWS is Amazon Workspace broker. It is only available with PCoIP build.

IgnoreProfile — Default value is no.

Set IgnoreProfile=yes to disable parsing the global setting from the VDI broker. It is only valid in the case of ConnectionBroker=default.

The option ConnectionType specifies the display protocol that you want to use when launching a session in VMware broker. If this parameter is set, then the desktops that meet the specified protocol are listed after broker sign on.

filename — Removes the named file from the nand flash or from the memory.

all — Removes all certificates except built-in certificates included by default.

builtin — Removes all certificates including the public certificates included by default.

DesktopColorDepth={16, 32}

[RGB565={ no, yes}]

DesktopColorDepth — Sets the desktop color to 16 or 32 bits. If DesktopColorDepth=16, the default color is 15 bits.

RGB565 — Default is no. Applies only if the desktop color is using 16 bits.

Default is reboot.

When a DHCP lease expires, a message notifies the user as follows: DHCP Expired, you must reboot.

reboot — After 5 seconds, the system reboots.

shutdown — After 5 seconds, the system shuts down.

DHCPOptionsRemap={ no, yes}

[DisableOption12={ no, yes}]

[FileServer={128 to 254}]

[RootPath={128 to 254}]

[FtpUserName={128 to 254}]

[FtpPassWord={128 to 254}]

[RapportServer={128-254}]

[RapportPort={128-254}]

[WDMServer={128 to 254}]

[WDMPort={128 to 254}]

[PnliteServer={128 to 254}]

[DomainList={128 to 254}]

[VDIBroker-{248 to 254}]

[RapportSecurePort={128-254}]

[Discover={ yes, no}]

[WDMSecurePort={128 to 254}]

[WDMFQDN={128-254}]

[CCMGroupKey={128-254}]

[CCMServer={128-254}]

[CCMMQTTServer={128-254}]

Default is no.

DHCPOptionsRemap — Specifies whether or not the following options can be set.

The value for each option must be from 128 to 254. Values for the options must be different for each option. These options are used to configure DHCP server tags for thin client booting.

The option DisableOption12 sets if the option tag 12 in DHCP is accepted or not. As default, DHCP option 12 sets the hostname and domain name of the terminal. For example, the information of option 12 is terminal name.wyse.com, the terminal name will be set as terminalname and the domain name will be set as wyse.com.

If you set different value for DisableOption12 from the value in NVRAM, the system will automatically reboot to make the value valid. (CIR36891)

RapportSecurePort— Specifies the HTTPS port of WDM server. It is in 6.3 to support WDM4.7.

Discover—If Discover=yes, the device fetches Wyse DHCP options from DHCP server, otherwise, it prevents the device from fetching those information.  Default value is yes. If the device receives FileServer/WDMServer information through the DHCP server, then the associate User interface is protected.

WDMSecurePort—Specifies the HTTPS port of WDM server.

WDMFQDN — Specifies the Fully Qualified Domain Name (FQDN) of the WDM server.

DHCPUserClassID=class_id

[ParseVendorInfo={no, yes}]

DHCPUserClassID — Specifies the UserClassID used for DHCP.

ParseVendorInfo — Default is yes. Yes/no option to specify whether or not ThinOS will interpret DHCP option 43.

This is a vendor-specific information. If ParseVendorInfo is set to no and the DHCPVendorID is also used with this parameter, you must set ParseVendorInfo=yes and then reboot the thin client twice. Maximum of 26 characters are allowed in a string.

DHCPVendorID=vendor

[ParseVendorInfo={no, yes}]

DHCPVendorID — Specifies the VendorID used for DHCP.

ParseVendorInfo — Default is yes. Yes/no option to specify whether or not ThinOS will interpret DHCP option 43.

This is a vendor-specific information. If ParseVendorInfo is set to no and the DHCPVendorID is also used with this parameter, you must set ParseVendorInfo=yes and then reboot the thin client twice.

Maximum of 26 characters are allowed in a string.

Default is no.

Yes/no option to disable the drop-down domain list in the PNAgent/PNLite Sign-on dialog box.

DNSIPVersion={ipv4, ipv6}

[DNSServer=server_list]

[DNSDomain=dns_domain_url]

Specifies the DNS server and domain. Default IP version is ipv4.

The DNSServer is an IP list separated by ; or ,. The maximum size of this list is 16. For example: 10.200.5.53;192.168.100.1;192.168.200.8

Specifies the Time to Live (TTL) of DNS name caching; the default is from DNS server settings.

A list of domain names that will appear in the thin client Sign-on dialog box as options to help users in selecting the domain to sign-on to PNAgent/PNLite servers. Once specified, it is saved in non-volatile memory.

Dualhead={ no, yes}

[ManualOverride={ no, yes}]

[Mainscreen={1, 2}]

[Orientation={ hort, vert}]

[Align={Top|Left, Center, Bottom|Right}]

[Taskbar={ wholescreen, mainscreen}]

[MonitorAutoDetect={yes,no}]

[Swap={ no, yes}]

Default is no.

Dualhead — Yes/no option to support a dual-monitor display. Default no sets monitors to mirror mode; yes sets monitors to span mode.

ManualOverride — Default is no. Yes/no option to allow the local client to override display dualhead settings received from central configuration.

If reset to factory defaults, it will once again take server settings for dualhead. This is helpful for scenarios where you have a mixture of dual head and single head deployments.

Dualhead=yes 
                                                ManualOverride=yes Mainscreen=1 \ Orientation=hort
                                                Taskbar=mainscreen
                                             

Mainscreen — Sets which screen is used as the main screen. When using a DVI to DVI and VGA cable, the DVI connected monitor will be the default mainscreen=1.

Orientation — Default is hort. Sets which style is used for display. Hort means horizontal and vert means vertical.

Align — Sets how screens are aligned: Top means screens are top aligned in hort orientation. Left means screens are left aligned in vert orientation.

Center means screens are center aligned. Bottom means screens are bottom aligned in hort orientation. Right means screen are right aligned in vert orientation.

Taskbar — Default is wholescreen. Sets which style is used for the taskbar: wholescreen places the taskbar at the bottom of the entire screen; mainscreen places it at the bottom of the main screen. This is only when SysMode=Classic and has no effect on VDI mode.

MonitorAutoDetect — Determines whether or not the system will detect how many monitors are connected. If only one monitor is connected, Span mode will be transferred to Mirror mode.

Swap — Default is no. Yes/no option to use with older ThinOS 7.x builds to swap dual monitors when Mainscreen=2 is set. Swap=yes puts monitor 2 on the left or top of monitor 1 according to the orientation.

DualHead=Yes \
                                                Mainscreen=1 \
                                                Orientation=Hort \
                                                Taskbar=Mainscreen \
                                                Align=Center
                                             

Screen=1 Resolution=DDC Refresh=60 Rotate=None
                                                Screen=2 Resolution=DDC Refresh=60 Rotate=None
                                             

Default is yes.

Yes/no option to enable the client to use Citrix Multimedia Acceleration (RAVE) to play supported media files residing on an ICA server. This is a global parameter for all ICA connections. EnableRAVE=yes is default.

FileServer=List of {IP address, DNS name}

[Username=username]

[Password=password]

[SecurityMode={Low, Warning, Full, default}]

FileServer — Specifies the FTP or Web (http://) server IP address or DNS name that is entered into thin client local setup (non-volatile memory); the thin client immediately uses this server to access files.

Username — Specifies the username of the file server.

Password — Specifies the password of the file server.

The optional keyword Username and Password specify the username/password of the file server. When the client fetches the WNOS.INI file from a HTTPS server, ThinOS supports different security modes. The default follows SecurityPolicy and may be one of the three modes. The option SecurityMode specifies these security modes.

SecurityMode — Specifies the security level for the file server during client verification of the server certificate. This option is only valid when connecting to an https file server.

When configuring the https file server, the Username and Password options of the FileServer parameter can be omitted. Use the following guidelines:

• Set SecurityMode=Full to have the client verify the server certificate in highest security mode; if any error occurs during verification, the client will not connect to the server and a pop-up message is displayed.

• Set SecurityMode=Warning to have the client provide a warning when the client cannot verify the server certificate, but still allow the user to select to continue client connection to the server.

• Set SecurityMode=Low to indicate that the client allows connection without any certificate verification.

• Set SecurityMode=Default to indicate that the client follows SecurityPolicy settings to check certificate.

• Default value of the setting is Default. If the settings are factory default or if you are upgrading to ThinOS 8.3 for the first time, the value is temporarily set to None. After loading any INI, it goes to default.

• If the security mode value in WNOS.INI is not the same as the one saved in Client NVRAM, client shows a reboot dialog box.

For Example: FileServer=https://10.151.122.66:444 SecurityMode=warning

Specifies the URL to the name of a bitmap file (.ico, .bmp, .jpg, or .gif), to be displayed in the sign-on window, residing under the thin client home directory. The length of the path, including the home directory and the file, is limited to 128 characters. If auto dial-up is enabled, this statement is invalid.

[NoSessionTimer=minutes]

When the system idle is time out in the configured minutes, the system will automatically sign off, reboot or shutdown which are based on the setting of AutoSignoff.

The parameter NoSessionTimer has the same range as INACTIVE and it is valid only if INACTIVE value is not 0. If there is a session use the value of Inactive, otherwise use the value of NoSessionTimer, if NoSessionTimer is configured.

If AutoSignoff=yes Shutdown=yes is configured, then this statement can work before signon.

If AutoSignoff=yes Reboot=yes is configured, this statement can work before signon.

Default is no.

Yes/no option to display all 38 characters in a desktop icon name. If LongApplicationName=no, then icons will display up to 19 characters; any over 19 characters and the last three characters will be “ …”.

MaxVNCD={0, 1}

[VNCD_8bits={yes,no}]

[VNCD_Zlib={yes, no}]

Default is 0.

Option to enable VNC shadowing. Default value is 0 means VNC shadowing is disabled. Set to 1 to enable shadowing.

See also VNCPrompt in Table 7: Connection Settings: wnos.ini files, {username} INI, and $MAC INI Files to enable a VNC shadowing prompt to a user.

See also VncPassword in Table 4: Connection Settings: wnos.ini files only to specify a string of up to 8 characters as the password used for shadowing.

VNCD_8bits — Default is yes. Yes/no option to force the VNC server to send out images with 8-bits-per-pixel; if set to no, the VNC server will send out images with the current system color depth.

VNCD_Zlib — Default is no. Yes/no option to allow the VNC server to send data with Zlib compression.

[flashingHW={0, 1}]

Default is no.

Yes/no option to support Citrix multifarm functionality for the wnos.ini files. If Multifarm=yes, PNAgent/PNLite users are able to authenticate to more than one Citrix farm.

[SequentialDomain={yes, no}]

Default is no.

Yes/no option to support multiple log ons. If MultiLogon=yes, the PNAgent/PNLite sign-on authenticating window can input a different username, password, and domain while signing on to different PNAgent/PNLite servers.

For backward compatibility, the following format is supported:

MultiLogon=yes

PNAgentServer=10.1.1.30;10.2.2.60

The SelectServerList statement is also supported:

MultiLogon=yes

SelectServerList=pna \

description=store host=http://proper-storefront-url.ctx.com

description="Floor 3" host=10.1.1.30 \

description=""Floor 1" host=10.2.2.60 \

description="All Users" host=10.3.3.90

If SequentialDomain=yes is specified, the domain configured in DomainList statement is selected in order.

For example, set the following ini:

DomainList="xen;wyse" multilogon=yes sequentialdomain=yes pnagentserver=10.151.134.23; https://csg-cn.wyse.com.

When you logon to the first server 10.151.134.23, the domain xen is selected. Then logon to the second server https://csg-cn.wyse.com and the domain wyse is selected.

NoticeFile=filename

[Resizable={ no, yes}]

[Timeout={ 0, 10 to 600}]

[Title="notice_title"]

[ButtonCaption="button_caption"]

NoticeFile — Specifies a legal notification file residing in the home directory folder. The file is displayed in a dialog box and the user is prompted to accept it before the sign-on process continues.

Resizable — Default is no. Yes/no option to resize the dialog box to fit the text size.

Timeout — Default is 0. After the notice is accepted, if Timeout is specified in seconds, and if no mouse or keyboard is used, then the dialog box will display again after the seconds set. 0 means no timeout.

NoticeFile=filename Title=Problem ButtonCaption=Ok

OneSignServer=onesign_server

[DisableBeep={yes,no}]

[KioskMode=yes,no}]

[TapToLock={0,1,2}]

[EnableWindowAuthentication={yes,no}]

[AutoAccess={VMW,XD,XA,LOCAL}]

[NetBIOSDomainName={yes,no}]

[SuspendAction={0, 1}]

[DisableHotKey={yes,no}]

Loglevel=0/1/2/3

[DisablePromptToEnroll={ yes,no}]

[SecurityMode={default, full, warning, low}]

If KisokMode is set to yes, then different OneSign user can unlock the client desktop. Default is no. Optional keyword TaptoLock is only active when KioskMode=yes. 

• If TapToLock=0, then tap a card to lock terminal is disabled.

• If TapToLock=1(Tap to lock), then use the proximity card to lock the terminal.

• If TapToLock=2(Tap over), then lock the terminal and log in as a different user. Default is 2. 

If EnableWindowAuthentication is set to yes and OneSign signon fails, then continue to sign-on with windows credential to pre-define broker. Default is yes.

If AutoAccess is defined, then auto launch the corresponding type of broker. Otherwise, get the broker type from the Imprivata Server setting of computer and user policy. If none of them is defined, then launch the first available broker server from the Imprivata server.

If AutoAccess=LOCAL is set, then launch the broker from the ThinClient setting; the broker getting from the Imprivata Server is ignored.

If NetBIOSDomainName is set to yes, then Imprivata domain list will show NetBIOS domain name and card user will authenticate to the broker server using NetBIOS domain name. Default is no.

If SuspendAction is set to 0, then lock the terminal when you tap the card or press the hotkey. If set to 1, then signoff the terminal. If ‘no’ is defined, then lock the terminal in KioskMode and sign-off the terminal in none KioskMode.

If DisableHotKey is set to yes, then no action when you press the hotkey defined in Imprivata Server. Only WebAPI 4 and later versions support the hotkey function.

Loglevel—While configuring the Imprivata server, user can view the OneSign logs on ThinOS by enabling the Agent Logging feature. An ini configuration is needed correspondingly. Default value is 0. If set to 0, logs are not displayed.

If DisablePromptToEnroll is set to yes, then ThinOS does not prompt you to enroll their security answers after OneSign sign-on. Default value is yes.

SecurityMode specifies the SSL certification validation policy. If set to default, it applies SecurityPolicy setting. If set to full, the SSL connection needs to verify server certificate. If it is untrusted, drop the connection. If set to warning, the SSL connection needs to verify server certificate. If it is untrusted, it is up to you to continue or drop the connection. If set to low, the server certificate is not checked. The value is persistent, and the default value of the setting is default.

PasswordServer=password_server

[AccountSelfService={yes, no}]

[connect={ica, rdp}]

[encryption={Basic, 40, 56, 128,

Login-128, None}]

Specify an ica/rdp server that can be used to log on to modify password when you sign-on with password timeout.

The PasswordServer statement can specify the connection parameters as described in the Connect statement. If no parameter is specified, it connects with ICA protocol.

AccountSelfService — Yes/no option to define the password server as an Account Self Service server.

If AccountSelfService=yes follows PasswordServer, click the icon on the signon window to do account self-service.

If Connect parameters do not follow AccountSelfService=yes, this password server will be the account self-service server of Citrix and clicking the icon will use Citrix protocol to unlock or change password for an account.

If Connect parameters follow AccountSelfService=yes, clicking the icon launches a session to change password for an account.

PCoIP_Logging={yes, no}

[Broker_Logging_Level={0,1,2,3,4}]

[Session_Logging_Level={0,1,2,3,4}]

The option PCoIP_Logging can enable and disable the PCoIP client logs output in Trouble Shooting. If you set the value to yes, then it is same as selecting the Trouble Shooting Capture Export PCoIP Log radio button to persistent and no to none.

The option Broker_Logging_level and Session_Logging_Level accord to PCoIP broker log level and PCoIP session log level. The default value is 0 which means critical log, 1 means log severity error, 2 means log severity info, 3 means log severity debug, and 4 means log severity unrestrained.

PlatformConfig=all

[EncryptFS=yes]

Encrypts local flash, specifically cached INI files and credentials that are stored, if using signon=yes.

PlatformConfig=”C/V/S/R/T Class”

[Firmware={Firmware filename}]

[BIOS={BIOS filename}]

[ECFirmware={EC filename}]

If a specific platform is specified by the PlatformConfig parameter, then ThinOS will attempt to load the Firmware and BIOS whose filenames are specified by the Firmware and BIOS parameters.

If the written Firmware and BIOS are valid on file server, they will be loaded by default; if the written Firmware and BIOS are invalid on file server, ThinOS will load the platform default Firmware and BIOS instead.

For example: If you re-name the Wyse 3010 thin client with ThinOS (T10) firmware file from DOVE_boot to DOVE_boot_8.0_037., then you must use platformconfig-="T Class", then add Firmware=DOVE_boot_8.0_037.

ThinOS will look on the file server for this exact firmware name. If that defined firmware name is not found, then ThinOS will fall back to the default logic and look for the DOVE_boot firmware.

ECFirmware is only used for Wyse 3010 thin client with ThinOS (T10)/X10J/X10CJ to update EC firmware, it is not supported on other platforms.

C: C10LE V: VL10

S: S10 R: R10L

Wyse 3010 thin client with ThinOS (T10)

If the ECFirmware file name is not specified, device will look for EC with default name: T10: T10_EC.bin

Proxy={yes, no}

AppList={ccm;fr}

[Type={Global, http, https, socks5}]

[Server=_host_port_]

[User=_user_name]

[Password=_password_]

[Encrypt={yes, no}]

Specifies the proxy settings which are saved in non-volatile memory. If Proxy=no, all proxy settings are cleared and all the followed options are ignored.

If Proxy=yes, the option AppList must be followed. It specifies which applications are applied to connect via proxy. Both CCM and FR are supported. The application name is separated with semicolon.

The following options are used to configure one or several proxy server setting. The option Type specifies the proxy protocol including http, https and socks5. The option Server specifies the url of the proxy server. The option User and Password specify the credentials of this proxy server. The option Encrypt specifies if the password is encrypted or not.

The option User and Password can support system variables. Because CCM runs before sign on, it is not appropriate to use $UN and $PW. 

If Type=Global, the proxy settings are saved into http proxy setting, and the https and socks5 proxy settings use the same setting as http proxy. And the followed proxy settings will be ignored.

For example,

Proxy=yes AppList=fr \

Type=http Server=server1:1234 user=$UN password=$PW

(OR)

Proxy=yes AppList=ccm \

Type=http Server=server1:1234 user=abc password=xyz \ Type=socks5 Server=server2:4321 user=abc password=1234

(OR)

Proxy=yes AppList=ccm;fr \

Type=Global Server=server_global user=user_global password=password_global_encrypted Encrypt=yes

[DHCPinform={yes, no}]

[DNSLookup={yes, no}]

[QuickMode={yes, no}]

[Discover={ yes, no}]

[SecurityMode={ default, full, warning, low}]

If RapportDisable=no, set DHCPinform=yes to perform the WDM server discovery as mentioned in number 1; set DNSLookup=yes to perform the WDM server discovery as mentiomned in number 2 and 3.

If QuickMode=yes is specified, rapport agent will not block any other process during ThinOS boot up, and boot time of ThinOS will speed up.

Discover— If Discover=yes is specified, rapport discovers the WDM server information from DHCP option tag, DNS service location record and DNS host name. If the WDM server is discovered, the WDM server User Interface (UI) is protected on the device. The default value is yes.

SecurityMode specifies the SSL certification validation policy. If set to default, SecurityPolicy setting is applied.

If set to full, the SSL connection needs to verify server certificate. If it is untrusted, drop the connection.

If set to warning, the SSL connection needs to verify server certificate. If it is untrusted, it is up to you to continue or drop the connection.

If set to low, the server certificate is not checked. The value is persistent, and the default value of the setting is default.

If the settings are factory default or if you are upgrading to ThinOS 8.3 for the first time, the value is temporarily set to low. After loading any INI, it goes to Default value.

RapportServer=server_list

[Retry=]

Reboot | shutdown={no, yes} Time=hh:mm

[-hh:mm]

[Wday={Sunday, Monday, Tuesday, Wednesday, Thursday, Friday, Saturday}]

[Idle=minutes]

Reboot — Yes/no option to enable automatic daily reboot of all ThinOS devices.

Time — Specifies the time to reboot and must be in a 24-hour format. For example: Reboot=Yes Time=17:30 will reboot all ThinOS devices at 5:30 P.M. daily.

If you set time as hh:mm-hh:mm, a random time during the configured time period is selected.

Wday— The option Wday specifies the week day of scheduled reboot.

Idle— The option Idle specifies the idle minutes. After the scheduled reboot time is reached, the unit reboots, if there is no session or the terminal is idle for specified idle minutes. If the session is still active, the reboot is delayed till the idle time is reached or log off the sessions.

For example,

If you set Reboot=yes time=20:30, the unit reboots on local time 20:30. If you set Reboot=yes time=20:30-4:30, the unit reboots on random time through 20:30 to 4:30.

If you set Reboot=yes time=23:00 Wday=Friday,Monday, the unit reboots on local time 23:00 of Friday and Monday.

If you set Reboot=yes time=1:00 Idle=10, the unit reboots on 1:00, if there are no sessions. If there is any active session, the reboot happens only if the unit is idle for 10 minutes or the system logs out from the session.

Since 8.3_012 or later, scheduling a shutdown at a given time is supported. The options are same as schedule a reboot as above.

For example, Set Shutdown=yes time=20:30, the unit shuts down at local time 20:30.

SelectServerList={PNA, VDI}

[Default=default_desc]

list of servers {Server1; Server2; ...ServerN}

Allows users to select one PNA or VDI server during logon. For server use the format:

description = <server’s description> host = <server’s url> [ <options>]

For PNA server options, use the options of the PnliteServer parameter in Table 7 Connection Settings: wnos.ini files, {username} INI, and $MAC INI Files.

PNA example:

SelectServerList=PNA; Default=test3; description = test1; host = 192.168.0.10; autoconnectlist =*; reconnectfrombutton=0;
                                             description = test2; host = HostName2.wyse.com; TimeOut=200; descriprion = test3 host = 
                                             https://server3.wyse.com
                                          

For a VDI server: If you want to use a VDI broker, specify ConnectionBroker in wnos.ini. Otherwise the VDI broker’s type is default.

VDI example:

ConnectionBroker=VDM
                                             SelectServerList=VDI; Default=test5
                                             description = test4; host = 192.168.0.11; description = test5; host = host2.wyse.com
                                          

The Default option following "SelectServerList={PNA, VDI}" can specify the default server. The value is one of server description defined after that. After one selects another server and sign off, this default server is selected. If default option is not specified, the last selected server is selected in the next sign on.

Service={snmpd, thinprint, vncd, wdm,

vda <port number>} disable={ no, yes}

Service — Specifies the services you can enable or disable; there are different syntaxes for the different services.

disable — Default is no. Yes/no option to disable the services. Disable must follow the Service parameter.

Service=snmpd disable={ no, yes}

[community=<snmp_community> [encrypt={yes, no}]]

[communityReadOnly=<snmp_community_read_only> [encrypt={yes, no}]]

[servers=server_list]

Default is no.

Service=snmpd disable — Yes/no option to disable the snmpd service.

community — The option community is same as the statement Community. encrypt option is same as that in the statement community.

communityReadOnly— This option is to set community only has snmp get and get_next privileges.

The following encrypt option is only for indicating, if value of communityReadOnly is encrypted.

Servers option, if set, limits the valid snmp management site to the IP addresses in the server_list parameter, which contains 1 to 4 IPv4 IP addresses currently. If not, all the set IP addresses seen as valid.

Service=thinprint disable={ no, yes}

[port=<port number>]

[PkSize={0-64000}]

Default is no.

Service=thinprint disable — Yes/no option to disable the thinprint service.

port — Same as the statement ThinPrintEnable={no, yes} port=portnumber.

PkSize — Specifies the default packet size that will be sent to the server when negotiating with the thinprint server. The value 0 will rely on the server default setting, 64000 in ThinPrint 7.6 and 32000 in previous ThinPrint versions.

ThinOS only allocates a buffer of 64K, so if the default packet size of the server is above 64000, this setting must be set or printing will fail.

Default is no.

Yes/no option to disable the vncd service, same as MaxVncd={0, 1}.

Default is no.

Yes/no option to disable the WDM service, same as RapportDisable={no, yes}.

Default is no.

Yes/no option to disable the service with this port number. The 80 port is an exception because the WDM is always started before loading the global profile (wnos.ini file).

SecurityPolicy={full, warning, low}

[SecuredNetworkProtocol={yes, no}]

[TLSMinVersion]={1,2,3}]

[TLSMaxVesion={1,2,3}]

[DNSFileServerDiscover={yes, no}]

Specifies the global security mode for SSL connection. If application SecurityMode is default, application applies the setting.

If set to full, the SSL connection needs to verify server certificate. If it is untrusted, connection is dropped.If set to warning, the SSL connection needs to verify server certificate. If it is untrusted, it is up to you to continue or drop the connection. If set to low, the server certificate is not checked.

The value is persistent, and the default value is warning. For those SSL connections with their own security policy, this does not impact.

For example,

File server, VMware View and AWS broker follows the global SecurityPolicy. Citrix broker, RDS broker and SECUREMATRIX are forced to high security mode.

If the optional SecuredNetworkProtocol=yes is set, the unsecure protocols including ftp, http and tftp are disabled. The value is persistent, and the default value is no.

Option TLSMinVersion and TLSMaxVersion allows you to configure the SSL connection. ThinOS supports SSLs from TLSMinVersion onwards. TLSMaxversion is the latest version of SSL supported by ThinOS.

If no value is set then TLSMinVersion then the default value is set to TLS1.0 and TLSMaxVersion to TLS1.2. The value 1, 2, 3 corresponds to TLS1.0, TLS1.1, TLS1.2 respectively.

In classic mode, a DNS name wyseftpfbc4tc is resolved to discover the file server, if the global INI file in remote file server and local cache cannot be loaded. If the optional DNSFileServerDiscover=no is set, the function is disabled. The value is persistent, and the default value is yes.

SignOn={ yes,no, NTLM}

[MaxConnect=max]

[ConnectionManager={maximize, minimize, hide}]

[EnableOK={ no, yes}]

[DisableGuest={ no, yes}]

[DisablePassword={ no, yes}]

[LastUserName={ no, yes}]

[RequireSmartCard={ no, yes}]

[SCRemovalBehavior= {-1, 0, 1}]

[SaveLastDomainUser={yes, no, user, domain}]

[DefaultINI=filename]

[IconGroupStyle={default, folder}]

[IconGroupLayout={ Vertical, Horizontal}]

[PasswordVariables={yes, no}

[LockTerminal={ yes, no}]

[ExpireTime={0, 1 - 480}]

[UnlockRefresh={ yes, no}]

[SCShowCNName={ yes,no}]

[SCSecurePINEntry={ no, yes}]

[AutoConnectTimeout={10–300}]

[DisableEditDomain={yes, no}]

[AdGroupPrefix=adgrpnameprefix]

SignOn — Default is yes. Yes/no/NTLM option to enable the sign-on process. If set to NTLM, a user can be authenticated with an NTLM protocol.

The user must be a domain user and the same sign-on user credentials must be available in the ftp://~/wnos/ini/ directory.

MaxConnect — Default is 216. Maximum number of connections allowed to be specified in the wnos.ini file and {username}.ini file added together. The range allowed for MaxConnect is 100 to 1000. The default maximum is 216 entries.

ConnectionManager — Default is minimize. State of the Connect Manager during sign-on.

EnableOK — Default is no. Yes/no option to show the OK and Cancel the command buttons in the Sign-on dialog box.

DisableGuest — Default is no. Yes/no option to disable the guest sign-on.

DisablePassword — Default is no. Yes/no option to disable the password text box and password check box in the Sign-on dialog box.

LastUserName — Default is no. Yes/no option to display the last sign-on username after the user logs off.

RequireSmartCard — Default is no. Yes/no option to force logon with smartcard.

SCRemovalBehavior — Default is 0. Specifies what happens after a smart card is removed.

-1 — If smartcard is removed then client has no action. Whether the session can be used or not totally depend on the server policVNCD

0 — System logs off.

1 — System locks and can be unlocked only when the same certificate is used with the smart card.

SaveLastDomainUser — Yes/no option to save the username and domain into NVRAM once signon is successful. On next reboot, the username and domain saved in the NVRAM will be displayed in signon server as the default username and domain if no DefaultUser is set in the wnos.ini file.

The size of username/domain is limited to 32 characters, and if larger than 32, it will first be truncated and then saved into NVRAM.

DefaultINI — The optional DefaultINI configures a file name which is in the default folder of the username ini files. If the {username}.ini is not found, this file will be loaded as default.

IconGroupStyle — The optional IconGroupStyle configures the icon group style on the desktop. PNAgent published applications can be configured with the client folder in the PNA server.

If set IconGroupStyle=folder, the PNAgent published applications which are specified to display on the desktop will display with the folder.

After clicking the folder icon, the subfolder or applications in this folder will display on the desktop. In this case, there is an Up to 1 Level icon on top. Clicking the icon will display the up one level folder contents.

IconGroupLayout — Default is vertical. Configures the direction of the icongroup on the desktop.

PasswordVariables — Default is no. Yes/no option to support variable mapping ($TN, $UN etc) for a password.

LockTerminal — Default is yes. Yes/no option to lock the terminal. If set LockTerminal=no, the function of locking terminal is disabled. It disables the Lock Terminal from a Right Click on the desktop or from clicking the Shutdown option > Lock Terminal . It also disables lock terminal even if set ScreenSaver=minutes; LockTerminal=yes.

ExpireTime — Specifies the signon expiration time. The range is 0 to 480 minutes. The default is 0 which means no expiration.

If the value is larger than 480, then 480 is set instead. If the value is smaller than 0, then 0 is set instead.

After system signon or starting a connection, the expiration time starts counting. Once the expiration time is reached, starting a connection by clicking the icon, menu or connection manager, will bring up a pop up message box to enter the password. Only if the password is same as the original signon password, the session starts.

If the terminal is locked and unlocked with the password, the signon expiration time starts counting again.

UnlockRefresh — Default is yes. Yes/no option to specifies the refresh action after unlocking the system in classic mode.

Yes — While unlocking, the system will refresh the PNA list to verify the password.

No — Disables refresh.

SCShowCNName — Default is yes. Yes/no option to force the use of the CN name of the certificate as the user name when using smartcard signon. The default uses the UPN name as the user name.

SCSecurePINEntry — Default is no. Yes/no option to enable Secure PIN entry function for pkcs15 smart card with Cherry keyboard.

AutoConnectTimeout— Default is 30 seconds.

DisableEditDomain— The optional keyword DisableEditDomain, is set to yes to stop typing in the domain box manually. Typing the character @ or \ as in the format domain\user and user@domain in the username box are not allowed.

AdGroupPreFix— The option AdGroupPreFix is only valid, when you configure SignOn=NTLM. If the option is configured, then the thin client verifies the names of all AD groups to which a sign-on user belongs, to get the first group name so that its prefix matches adgrpnameprefix, and load adgroup/"the_whole_ad_group_name".ini, if the configuration file exists, before loading the user specific INI.

Default is on.

On/off option to enable the ICA Speedscreen Browser Acceleration Function.

SysMode={classic, vdi}

[toolbardisable={ no, yes}]

[toolbardisablemouse={ no, yes}]

[toolbarclick={ no, yes}]

[toolbardelay={0-4}]

[toolbar_no_conmgr={ no, yes}]

[toolbar_no_minimizeall={ no, yes}]

[toolbardisablehotkey={ no, yes}]

[ToolbarEnableOneSession={ no, yes}]

[ToolbarAutoQuit={ yes, no}]

[ToolbarStay={1~20}]

[EnableLogonMainMenu={ no, yes}}

SysMode — Specifies the Zero interface optimized for VDI or the Classic interface. This value will be remembered across reboots until changed. If not defined and an INI is present, Classic mode is the default. If no INI is present, VDI mode is the default.

Classic mode has full taskbar, desktop and connection manager and is recommended for a terminal server environment and for backward compatibility with WTOS 6.x.

VDI mode (Zero interface) has a new launchpad-style interface optimized for full-screen sessions that is Desktops. Everything you need is accessed through an always available overlay interface. The following options allow you to configure if and when the Zero toolbar will display under VDI mode:

Toolbardisable — Default is no. Yes/no option to disable the Zero toolbar from displaying; if set to yes, this option overrules other toolbar display options.

Toolbardisablemouse — Default is no. Yes/no option to disable the Zero toolbar from automatically displaying once you pause the mouse pointer on the left side of the screen for a specified amount of time.

toolbarclick — Default is no. Yes/no option to pop up the toolbar only if clicking on the left-most side of the screen.

toolbardelay — Specifies the seconds to delay before displaying the toolbar after pausing the mouse pointer on the left-most side of the screen. The value 0 will have no delay. The other values 1, 2, 3,4 will delay 0.5, 1, 1.5 and 2 seconds respectively.

toolbar_no_conmgr — Default is no. Yes/no option to hide the Home button.

toolbar_no_minimizeall — Default is no. Yes/no option to hide the Home button thus affecting the ability to minimize displayed list of connections.

toolbardisablehotkey — Default is no. Yes/no option to disable the CTR+ALT+UP ARROW keyboard shortcut that allows the toolbar to instantly display without a timer.

ToolbarEnableOneSession — Default is no. Yes/no option to enable the toolbar when only one session is available.

ToolbarAutoQuit — Default is yes. ToolbarAutoQuit=no prevents the sub-window from being closed. The toolbar will auto-hide after a certain amount of time after user pause the mouse pointer away from the toolbar.

ToolbarStay — ToolbarStay={1~20} controls the auto-hide duration, 0.5s per value. Thus if ToolbarStay=1, the Toolbar will auto-hide after 0.5 second; If ToolbarStay=10, the Toolbar will auto-hide after 5 seconds.

EnableLogonMainMenu — Default is no. Yes/no option to enable the main menu if you click the mouse button on the desktop prior to logon in Zero mode.

Default is 1.

Specifies the timeout value of a TCP connection. The number of 30 seconds for the timeout value of a TCP connection. The value must be 1 or 2 which means the connection timeout value is from 1x30= 30 seconds to 2x30= 60 seconds.

Values of 3-255 are recognized only for backwards compatibility that is >2 = 60 seconds, however, these values should not be used and the value should be set to 2.

VncPassword=<password>

[encrypt={ no, yes}]

VncPassword — Specifies a string of up to 8 characters as the password used for shadowing.

encrypt — Default is no. Yes/no option to set according to whether or not the vncpassword you are using is encrypted.

Default is no.

Yes/no option to disable the pop-up warning message when a network has no link for an ICA/RDP session.

[Priority ={WDM, CCM, “WDM;CCM”, “CCM;WDM”}]

WDA Service always runs in the background.If priority is available, WDA discovers the protocol according to it.

There are only two protocols available now - WDM, and CCM. For example, if priority=WDM; CCM, WDA tries to discover WDM server and tries to check-in, and if it fails to check-in to WDM server, it tries to check-in the device to CCM server.

The specified value will be saved into NVRAM, and then reports to the WDM server. This statement ensures that all the units would function with DDC regardless of flash size.

This statement is valid for all platforms and replaces the previous S10 WDM Flash statement.

WDMService={ yes, no}

[DHCPinform={ no, yes}]

[DNSLookup={ no, yes}]

[QuickMode={yes, no}]

[Discover={ yes, no}]

[SecurityMode={ default, full, warning, low}]

Default is yes.

WDMService — Yes/no option to disable the WDM agent.

DHCPinform — Default is no. Yes/no option to use DHCP information.

DNSLookup — Default is no. Yes/no option to use DNSLookup.

For Example: If WDMService=yes, setting DHCPinform=yes will do number 3, setting DNSLookup=yes will do numbers 1 and 2.

If QuickMode=yes is specified, rapport agent will not block any other process during ThinOS boot up, and boot time of ThinOS will speed up.

Discover— If Discover=yes is specified, rapport discovers the WDM server information from the DHCP option tag, DNS service location record and DNS host name. If the WDM server is discovered, the WDM server User Interface (UI) is protected on device. The default value is yes.

SecurityMode specifies the SSL certification validation policy.

If set to default, it will apply SecurityPolicy setting.

If set to full, the SSL connection needs to verify server certificate. If it is untrusted, then drop the connection.

If set to warning, the SSL connection needs to verify server certificate. If it is untrusted, it's up to you to continue or drop the connection.

If set to low, the server certificate is not checked. The value is persistent, and the default value of the setting is default. If the settings are factory default, or if you are upgrading to ThinOS 8.3 for the first time, the value is temporarily set to low. After loading any INI, it goes to default value.

WDMServer=<server_list>

[Retry=<retry number value>]

WDMServer — Specifies a list of IP addresses or DNS names separated by using a comma for the WDM servers. Once specified, it is saved in non-volatile memory.

Retry — Determines the number of attempts to retry a contact to WDM servers.

Specifies the WINS server address. The WINSserver is an IP list separated by " ;" or " ,", with a maximum list size of 2.