- Notes, cautions, and warnings
- What's new in ThinOS 2402
- Introduction
- Upgrading the ThinOS firmware
- Before you upgrade
- Register ThinOS devices to Wyse Management Suite
- Enable Live Update
- Download the ThinOS firmware, BIOS, and application packages
- Upgrade ThinOS 9.x to later versions using Wyse Management Suite
- Upgrade ThinOS 9.x to later versions using Admin Policy Tool
- Convert Ubuntu with DCA to ThinOS
- Add ThinOS application packages to the repository
- Convert Windows 10 IoT to ThinOS 2306
- Convert ThinLinux to ThinOS 2306
- Enhancements to the Application Package Updates category
- Upload and push ThinOS 9.x application packages using Groups and Configs on Wyse Management Suite
- Upload and install ThinOS 9.x application packages using Admin Policy Tool
- Firmware installation using ThinOS ISO image
- Firmware installation using Dell Wyse USB Imaging Tool
- Upgrade BIOS
- Edit BIOS settings
- Delete ThinOS application packages
- Downgrading the ThinOS firmware
- Getting started with ThinOS
- End User License Agreement
- Configure ThinOS using First Boot Wizard
- Configure account privileges for ThinOS
- Enable PCoIP Activation License
- Connect to a remote server
- Connecting a display
- Connecting a printer
- Configure WMS settings on the client GUI
- Desktop overview
- Modern interactive desktop features
- Classic desktop features
- Configuring thin client settings and connection broker settings
- Configure ThinOS using Admin Policy Tool
- Locking the thin client
- Shut down and restart
- Scheduled Shutdown
- Scheduled Reboot
- Enable or disable shutdown
- Battery information
- Login dialog box features
- View the system information
- Sleep mode
- Import certificates to ThinOS from Admin Policy Tool or Wyse Management Suite
- ThinOS system variables
- Manual override
- Configuring the global connection settings
- Configuring connectivity
- Configuring connection brokers
- Configuring Citrix
- Android smartphone USB redirection through Citrix Configuration Editor
- Configure the Citrix broker setup
- Citrix ADC
- Citrix two-factor authentication
- Configure Citrix ADC using LDAP and RSA
- Configuring Citrix ADC using DUO
- Configure Citrix ADC using CensorNet MFA authentication
- Citrix ADC Native OTP
- Citrix Federated Authentication Service SAML with Microsoft Azure Active Directory
- Configure Citrix NetScaler using Okta
- Log in to Citrix ADC using MFA with SAML, OKTA as IDP, and Citrix FAS for SSO to VDA
- Log in to Citrix ADC using PingID Multi Factor Authentication
- FIDO2 authentication when connecting to on-premises stores
- Citrix Cloud services
- Automatically configure using DNS for email discovery
- Citrix HDX Adaptive transport (EDT)
- HDX Adaptive Display V2
- Browser content redirection
- HTML5 Video Redirection
- Windows Media Redirection
- QUMU Video Optimization Pack for Citrix
- Citrix Self-Service Password Reset
- Citrix SuperCodec
- Anonymous logon
- Enable UDP audio in a Citrix session
- Keyboard layout synchronization in VDA
- Cursor pattern in ICA session
- Citrix multiple virtual channels
- Configure the Citrix session properties
- Using multiple displays in a Citrix session
- USB Printer Redirection
- USB device redirection using Citrix Desktop Viewer
- Configure the Citrix UPD printer
- Configure the device-specific printer driver
- Invert cursor color
- Echo cancellation for Microsoft Teams
- Multiwindow chat and meetings for Microsoft Teams
- UDP audio through Citrix Gateway
- Multiple audio redirection
- Smart card reader plug and play
- HDX RealTime Webcam Video Compression for 32-bit apps
- HDX RealTime Webcam Video Compression for 64-bit apps
- Export Citrix Workspace App logs
- Configure multifarm
- Configure multilogon
- Virtual Display Layout
- Extended keyboard layouts
- 32-bit cursor
- Configuring VMware
- Configure the VMware broker connection
- VMware Real Time Audio-Video
- High Efficiency Video Coding
- Switch between codecs in Blast sessions
- Enable Scanner Redirection
- Enable Serial Port Redirection
- Enable Session Collaboration
- Enable Battery State Redirection
- Relative mouse
- Configure Workspace ONE Mode
- Unified Access Gateway
- Configure Unified Access Gateway on ThinOS
- Configure Microsoft Azure Multifactor authentication with VMware Unified Access Gateway
- Device Certificate authentication with Unified Access Gateway and Passthrough
- X.509 Certificate Authentication
- RADIUS Authentication
- RSA SecurID Authentication
- SAML Authentication
- Configure the VMware integrated printing settings
- USB Redirection in a VDI session
- Enable Multimedia Redirection in Blast session
- Smartphone sync
- VMware Horizon Kiosk Mode
- Configuring other brokers
- Special Peripheral Support
- Bloomberg keyboard support
- Confirm the USB interface redirection
- Find the Vendor ID or Product ID of the connected device in ThinOS
- Disable the USB device local driver during USB device redirection
- Confirm the USB interface redirection from Device Manager in ThinOS
- Confirm the USB interface redirection from Audio Manager in ThinOS
- Confirm the USB interface redirection from ThinOS Event Log
- Set playback or recording devices as default
- Nuance PowerMic II-NS
- Olympus RecMic DR-2200
- Philips SpeechMike III
- Wacom One
- Topaz Signature Tablet
- Wacom Signature Tablet
- Wacom Intuos Pro M tablet
- Configure Wacom Intuos S pen for USB redirection
- Configuring Azure Virtual Desktop
- Configuring Microsoft Remote Desktop Services
- Enable Terminal Services Gateway
- Configure the Remote Desktop Services collection
- Add a Remote Desktop Protocol connection
- Log in to RDP session using Remote Desktop Gateway
- Log in to RDP session using Remote Desktop Gateway from Wyse Management Suite or Admin Policy Tool
- Change the display mode for RDP connection using shortcut keys
- Configuring the Amazon WorkSpaces broker connection with PCoIP
- Configure the Teradici Cloud Access broker connection
- Enable ThinOS to check the server certificate common name
- Allow Legacy Renegotiation
- Select Group
- VDI Configuration Editor
- Configure the VDI settings
- Authenticate the domain controller (NTLM) with None Broker agent
- Configuring Citrix
- Unified Communications optimization with ThinOS
- Citrix HDX RealTime Optimization Pack for Skype for Business
- VMware Horizon Virtualization Pack for Skype for Business
- Cisco Jabber Softphone for VDI
- Cisco Webex Teams for VDI
- Cisco Webex Meetings for VDI
- Zoom Meetings for VDI
- Microsoft Teams Optimization from Citrix Workspace app
- Microsoft Teams Optimization from VMware Horizon
- RingCentral
- Avaya agent
- Configuring third-party authentication settings
- Configure the Imprivata OneSign server
- VDI selection on ThinOS
- Configure the VDI settings on OneSign server
- Configure objects on Imprivata Server
- Use smart card as proximity card
- Enroll a proximity card with Imprivata OneSign
- Imprivata Bio-metric Single Sign-On
- PCoIP session from ThinOS ProveID Web
- Grace period to skip second authentication factor
- Imprivata OneSign ProveID Embedded
- Configure Imprivata fingerprint reader for Citrix ICA and PCoIP sessions
- Configure Imprivata fingerprint reader for Blast sessions
- Identity Automation
- Configure the Identity Automation
- Install the Identity Automation QwickAccess app package on ThinOS
- Identity Automation support matrix
- Enroll a proximity card with Identity Automation on ThinOS
- Use a proximity card for sign-on with Identity Automation on ThinOS
- Use a proximity card to secure the remote session with Identity Automation on ThinOS
- Use a proximity card to tap-over another user session with Identity Automation on ThinOS
- PIN Reset
- Self-Service Password Reset (SSPR)
- Identity Automation feature matrix
- Configure monitoring and management software
- Configuring the thin client local settings
- Configuring the system preferences
- Configure the display settings
- Configuring the peripherals settings
- Configure the keyboard settings
- Configure the mouse settings
- Configure the touchpad settings
- Configure the audio settings
- Configure the serial settings
- Configure the camera device
- Configure the Bluetooth settings
- Calibration
- Secure Digital cards
- Storage formats
- Configure the Jabra Xpress headset settings
- Configure the EPOS headset settings
- Configure the HID Fingerprint reader settings
- Configuring the printer settings
- Reset to factory defaults
- Resetting to factory defaults using G-Key reset
- Recovery mode using R-Key
- Using the system tools
- Using Wyse Management Suite
- Troubleshooting your thin client
- Log Structure
- Capture an HTTP log using ThinOS
- System crashes, freezes or restarts abruptly
- Broker agent login failure
- Citrix desktop and application crashes abruptly
- Unified Communications software call failure
- Request a log file using Wyse Management Suite
- View audit logs using Wyse Management Suite
- System log and trace information
- Frequently Asked Questions
- ThinOS-related questions
- What should I do if the package installation fails?
- Is Wyse Management Suite the only way to manage ThinOS 9.x?
- How to verify third-party binary versions on your ThinOS client?
- Is USB Imaging Tool method a possible option for upgrading to ThinOS 9.x?
- Can ThinOS 9 be installed on Wyse ThinOS 8.6 devices with and without PCoIP?
- Does ThinOS support zero desktop?
- Does ThinOS 9.x support ThinOS configurations using INI files?
- iPhone cannot be redirected to the Citrix Desktop session
- Android smartphone is not displayed in the session when redirected or mapped
- Does Citrix Workspace app replace Citrix Receiver on ThinOS?
- What is Workspace mode on ThinOS?
- Can I enable Flash content to be rendered using a local Flash Player on ThinOS?
- How do I verify if HDX Enlightened Data Transport Protocol is active?
- How do I check if HTML5 Video Redirection is working?
- How do I check if QUMU Multimedia URL Redirection is working?
- How do I check if Windows Media Redirection is working?
- How to check if Multimedia Redirection is working?
- Is persistent logging supported in ThinOS 9.x?
- Is tls.txt file included in network traces on ThinOS 9.x?
- Will ThinOS device reboot automatically when the system crashes?
- Wyse Management Suite-related questions
- ThinOS-related questions
Dell ThinOS 2402 Administrator’s Guide
TLS Control
TLS 1.2 is the only option available from ThinOS 2303. TLS 1.0 and 1.1 have been removed from the TLS protocol list in Admin Policy Tool > Privacy & Security > Security Policy. If you set TLS 1.0 or 1.1 from Wyse Management Suite, ThinOS 2303 or later versions do not apply.
To improve the security of ThinOS devices, from 2311, ThinOS uses OpenSSL version 3.0, and the default TLS security level is 1. If your environment requires a legacy OpenSSL version (like SHA1 certification), change the TLS security level to 0 in Wyse Management Suite policy by going to Privacy & Security > Security Policy. Legacy OpenSSL versions are not supported on future ThinOS versions. If a Legacy OpenSSL version is required, update your environment.
To improve the security of ThinOS devices, a few outdated and less-secure ciphers are removed. Some outdated and less-secure TLS ciphers are going to be removed in the next release. Some TLS ciphers are also going to be disabled by default in the next release.
| Ciphers | Security Status |
|---|---|
| ECDHE-RSA-AES128-GCM-SHA256 | Secure |
| ECDHE-RSA-AES256-GCM-SHA384 | Secure |
| ECDHE-RSA-AES128-SHA256 | Disabled by default in the next release |
| ECDHE-RSA-AES256-SHA384 | Disabled by default in the next release |
| ECDHE-RSA-AES128-SHA | Removed in next release |
| ECDHE-RSA-AES256-SHA | Removed in next release |
| DHE-RSA-AES128-GCM-SHA256 | Removed in next release |
| DHE-RSA-AES256-GCM-SHA384 | Removed in next release |
| DHE-RSA-AES128-SHA256 | Removed in next release |
| DHE-RSA-AES256-SHA256 | Removed in next release |
| DHE-RSA-AES128-SHA | Removed in next release |
| DHE-RSA-AES256-SHA | Removed in next release |
| AES128-SHA256 | Removed in ThinOS 2303 |
| AES256-SHA256 | Removed in ThinOS 2303 |
| AES128-SHA | Removed in ThinOS 2303 |
| AES256-SHA | Removed in ThinOS 2303 |
| PSK-AES128-CBC-SHA256 | Removed in next release |
| PSK-AES256-CBC-SHA384 | Removed in next release |
| RSA-PSK-AES128-GCM-SHA256 | Removed in next release |
| RSA-PSK-AES256-GCM-SHA384 | Removed in next release |
| RSA-PSK-AES128-CBC-SHA | Removed in next release |
| RSA-PSK-AES256-CBC-SHA | Removed in next release |
| RSA-PSK-AES128-CBC-SHA256 | Removed in next release |
| RSA-PSK-AES256-CBC-SHA384 | Removed in next release |
| ECDHE-ECDSA-CHACHA20-POLY1305 | Removed in next release |
| ECDHE-RSA-CHACHA20-POLY1305 | Removed in next release |
| DHE-RSA-CHACHA20-POLY1305 | Removed in next release |
| RSA-PSK-CHACHA20-POLY1305 | Removed in next release |
| DHE-PSK-CHACHA20-POLY1305 | Removed in next release |
| ECDHE-PSK-CHACHA20-POLY1305 | Removed in next release |
| PSK-CHACHA20-POLY1305 | Removed in next release |
| SRP-RSA-AES-256-CBC-SHA | Removed in next release |
| SRP-AES-256-CBC-SHA | Removed in next release |
| SRP-RSA-AES-128-CBC-SHA | Removed in next release |
| SRP-AES-128-CBC-SHA | Removed in next release |
| TLS_AES_128_GCM_SHA256 | Secure |
| TLS_AES_256_GCM_SHA384 | Secure |
| TLS_CHACB42:D66HA20_POLY1305_SHA256 | Secure |
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\