Windows 10 IoT Enterprise for Dell Wyse Thin Clients Administrator’s Guide
Notes, cautions, and warnings NOTE: A NOTE indicates important information that helps you make better use of your product. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. © 2018- 2020 Dell Inc. or its subsidiaries. All rights reserved. Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries.
Contents 1 Introduction................................................................................................................................. 6 Technical support.................................................................................................................................................................. 6 About this guide...............................................................................................................................................................
Using TPM and BitLocker.................................................................................................................................................. 24 Initialize TPM and enable BitLocker using the imaging script .................................................................................24 Initialize TPM and enable BitLocker manually............................................................................................................ 25 Configuring Bluetooth connections.....
Using the Net and Tracert utilities.................................................................................................................................... 44 Managing Users and Groups with User Accounts.......................................................................................................... 44 Creating user accounts.................................................................................................................................................
1 Introduction Dell Wyse thin clients that run the Windows 10 IoT Enterprise operating system provide access to applications, files, and network resources. The applications and files are made available on machines hosting Citrix Receiver, Remote Desktop Connection, and VMware Horizon client session. Other locally installed software permits remote administration of the thin clients and provides local maintenance functions.
2 Getting started The Quick Start application launches when you boot into a thin client for the first time. This tool displays the software and hardware features of the thin client. It also provides information about the VDI applications, management software, and supported peripherals. You can also install the Wyse Easy Setup application using the Quick Start application. The Wyse Easy Setup application enables administrators to quickly and easily deploy configurations on thin clients.
Using your desktop The administrator set configurations are displayed when you log in to the thin client at the first instance. If you log in as an administrator, the Administrator Desktop is displayed. On the right of the taskbar, click the Notifications icon to open the Action Center window. For more information about the Action Center, see Using Action Center.
• Quick Action icons—Quick Action icons allow you to access All Settings and applications that you use often, such as Bluetooth to VPN. Select the Expand option to see the settings and applications such as location, the quiet hours, brightness, bluetooth, VPN, the battery saver, project, and connect.
3 Accessible applications When you log in to your thin client as an administrator or a user, the Windows desktop displays certain extended features in the Start menu.
For more information, see Administrative features. NOTE: The information shown in the dialog box varies for different thin client devices and software releases. When you log in as a user, only few tabs such as Client Information, QFE, Installed Products, WDM/WMS Packages, Copyrights/ Patents, and About and Support are displayed. Configuring Citrix Receiver session services Citrix Receiver is a server-based computing technology that separates the logic of an application from its user interface.
Configuring remote desktop connection session services Prerequisites Remote desktop connection is a network protocol that provides a graphical interface to connect another computer over a network connection. NOTE: If you use a Windows Server, or Citrix XenApp 5.0 with Windows Server, a Terminal Services Client Access License (TSCAL) server must also be accessible on the network. The server grants a temporary license, which expires after 120 days.
available on the network after you install the VMware Horizon 6. It provides virtualized or hosted desktops and applications through a single platform to end users. To connect to a virtual desktop, use the VMware Horizon Client window. About this task To open and use the VMware Horizon Client window: Steps 1. Log in as a user or an administrator. 2. Access the VMware Horizon Client window using one of the following options: • • From the Start Menu, click VMware > VMware Horizon Client.
The Ericom AccessPad login window is displayed. 3. In the Ericom AccessPad login window, enter your credentials, and click Login. The DELL – Ericom Application Zone window is displayed. NOTE: By default, the Ericom AccessPad login window is displayed. To set the UI to your preferred language, click the Globe icon in the lower-right corner of the window, and select your preferred language from the drop-down list. 4.
You can create a kiosk mode to lock down a Windows device to prevent users from accessing any features or functions on the device outside of the kiosk mode. You can also customize the kiosk interface to enable or disable user access to specific settings. For more information, see Wyse Easy Setup videos at www.youtube.com, and Wyse Easy Setup Administrator's Guide and Release notes at https://downloads.dell.com/wyse.
2. Go to Start > Dell > DellSecureClient. The User Account Control window is displayed. 3. Enter the administrator password, and click Yes. Configuring Dell Secure Client You can configure the Dell Secure Client by using any of the following methods: • • Wyse Management Suite Local administrator user interface—Dell Secure Client GUI Configuring policy using the Dell Secure Client user interface You can import or export a configuration from the Dell Secure Client user interface.
Policy Type File/Folder Apps NT Account file C:\Temp\Sample2.txt C:\Windows Admin1 \System32\notep ad.exe folder C:\Program Files \Windows Defender C:\Windows System \System32\mspai nt.exe registry HKLM\SOFTWARE \WOW6432Node\3DMAX C:\Program User Files (x86)\AutoCAD \audtocadx86.ex e registry HKLM\SOFTWARE \WOW6432Node\3DMAX C:\Program Admin1 Files (x86)\AutoCAD \audtocadx86.ex e registry HKLM\SOFTWARE \WOW6432Node\Dell \CommandUpdate C:\Program System Files\Dell \Command Monitor\dataeng \
[ { "itemKey": "policyType", "itemValue": "file", "itemValueExtra": null, "valueType": "STRING" }, { "itemKey": "location", "itemValue": " C:\\Program Files\\AutoCAD ", "itemValueExtra": null, "valueType": "STRING" }, { "itemKey": "application", "itemValue": " C:\\Program Files\\AutoCAD\\audtocadx64.
} "allowUnregistration": true, "businessRuleInfo": null, "currentBiosAdminPassword": null, "mqttUrl": "tcp://10.150.38.10:1883", "wmsUrl": "https://brl-hackthon-win12R2:443/ccm-web", "heartbeatIntervalInMins": 0, "checkInIntervalInHours": 0, "groupToken": null, "personalDeviceSettings": null, "wmsVersion": "4.3.0", "maxCheckinIntervalInHours": 0 Self-extracting file The self-extracting .exe output file consists of the policy configuration file in .json format. The self-extracting .
Command line Description Policy Type—Determines the type of policy. The value can be a file or registry only. This parameter is optional. For example, the command dscmgr /addpolicy C:\Users \Administrator\Test.txt Administrator C:\Windows\System32\notepad.exe 0900-1100 enables an administrator to modify C:\Users\Administrator \Test.txt during 9 AM to 11 AM using notepad. NOTE: To use this command, the write filter must be disabled.
Command line Description File Path—Enter the file path where the policies must be imported. File extension should be .json or .csv. NOTE: To use this command, the write filter must be disabled. dscmgr /exportinstallablepackage Use this command to export the policies to the Dell Secure Client as a self-extractable executable file. The file can be used to deploy the same policies on multiple devices. Folder Path—Enter the file path where the policies must be exported. DefaultDSCPolicy.
Error code Description localEnterAppPath Enter the application path. localEditSuccess Edit is successful. localFinishAddEditMsg Complete the add or edit message. localExceptionInConfigMsg Invalid exception value in the policy of the configuration file. localWriteFilterEnabledWarning To modify the Dell Secure Client state and policies, you must disable the write filter. localInvalidData Invalid data at index is entered. localAbortEditMsg Aborting edit.
4 Administrative features Admin is a default user profile created for the user who is a member of the administrator group. To log in as an administrator, see Automatic and manual login. When you log in to your thin client device as an administrator, you can access certain notable extended features in the Control Panel. To access the Control Panel, on the taskbar, click Start Menu > Control Panel.
In the Component Services console, click the Event Viewer icon from the Console Root tree. The summary of all the logs of the events that have occurred on your computer is displayed. For more information, see Event Viewerat https://support.microsoft.com. Managing services To view and manage the services installed on the thin client device, use the Services window. To open the Services window, go to Start > Control Panel > Administrative Tool Services. Steps 1.
7. Click Apply and then click OK. 8. Open gpupdate /force using the run command. 9. Restart the thin client to apply the group policies. Steps 1. Log in to the administrator account. 2. Disable Unified Write Filter. The thin client restarts. 3. Log in to the administrator account again. 4. Uncomment the following lines and update the pin—minimum of six characters—for TPM encryption: • • If you are using Wyse Management Suite or USB Imaging tool—Go to C:\Windows\Setup\CustomSysprep\Modules \Post_CustomSysp
8. Go to Local Group Policy > Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives > Require additional authentication. 9. In the Require additional authentication at startup window select the Enabled option. The Allow BitLocker without a compatible TPM check box is selected by default. 10. Clear the Allow BitLocker without a compatible TPM check box. 11. Click Apply and then click OK. 12.
Configuring wireless local area network settings To configure the wireless local area network settings, use Setup a new connection or network window, if wireless support is allowed on the thin client device. About this task To configure the wireless local area network settings, see Setting up a wireless network at https://support.microsoft.com. Using custom fields To enter configuration strings for use by the Wyse Device Manager (WDM) and Wyse Management Suite (WMS), use the Custom Fields dialog box.
4. In the RAM disk size field, type or select the RAM disk size you want to configure, and then click Apply. If you change the size of the RAM disk, you are prompted to restart the system for the changes to take effect. NOTE: To permanently save the information, disable the Unified Write Filter (UWF). For more information, see Before Configuring your thin clients. Enabling auto logon Automatic logon to a user desktop is enabled by default on the thin client device.
4. Click any of the shortcuts to access the respective folders/files/applications. Viewing and configuring SCCM components To view and configure the SCCM components that are installed on your thin client device, use the Configuration Manager Properties dialog box. About this task To open the Configuration Manager Properties dialog box: Steps 1. Log in as an administrator. 2. Go to Start > Control Panel > Configuration Manager. The Configuration Manager Properties dialog box is displayed.
Steps 1. Click the Devices and Printers icon in Control Panel. The Devices and Printers window is displayed. 2. To open and use the Add a Printer wizard, click Add a Printer. The Add a Printer wizard session starts. A Dell Open Print Driver is installed on the thin client along with other built-in print drivers. To print full text and graphics to a local printer, install the driver provided by the manufacturer according to the instructions.
Using sound dialog box To manage your audio devices, use the Sound dialog box. About this task To open the Sound dialog box: Steps 1. Go to Start > Control Panel > Sound. The Sound dialog box is displayed. 2. Use the following tabs, and configure the sound related settings: • • • • Playback—Select a playback device and modify the settings. Recording—Select a recording device and modify the settings. Sounds—Select an existing or modified sound theme for events in Windows or programs.
For more information on using the User Accounts window, see Managing Users and Groups with User Accounts. Using Windows Defender To scan your computer and protect against spyware and malware, use the Windows Defender dialog box. About this task To open the Windows Defender window, do the following: Steps 1. Log in as an administrator. 2. Go to Start > Control Panel > Windows Defender. The Windows Defender window is displayed. In the Home tab, select a scan option, and click Scan Now.
• • • Citrix—Ctrl+F1 RDP—Ctrl+Alt+End VMware—Ctrl+Alt+Insert NOTE: The C-A-D tool does not work for Citrix Virtual Apps and Desktops (formerly Citrix XenDesktop) in a Citrix session, but works only for the Citrix Virtual Apps. The C-A-D tool is enabled by default.. Wyse Device Agent Wyse Device Agent (WDA) is a unified agent for all thin client management solutions. Installing WDA on a thin client makes it manageable by Dell Wyse Device Manager (WDM), and Dell Wyse Management Suite (WMS).
2. Go to Start > Control Panel > Dell Wyse Software Manifest Utilty. 3. Click Export Support Data. The data is exported to the default path C:/Users/Public/Public Documents/Wyse. NOTE: You can also export the data to a custom folder by selecting Custom Path and browsing to the required folder. 4. Click Support Directory. The DellTCASupportInfo folder is displayed. The support directory contains the applications, drivers, and QFE of current manifest information of the thin client.
5 Additional administrator utility and settings information This section provides additional information about utilities and settings available for administrators.
• • Power Management—A Monitor Saver turns off the video signal to the monitor, allowing the monitor to enter a power-saving mode after a designated idle time. To access the power settings, go to Start > Control Panel > Power Options. Wake-on-LAN—This feature discovers all thin clients connected to your LAN, and enables you to wake them by clicking a button. For example, to perform image updates and remote administration functions on devices that have been shut down or are on standby.
Using Unified Write Filter About this task To configure thin client devices using UWF, do the following: Steps 1. Log in as an administrator. If automatic login to a user desktop is enabled, log off from the user desktop and log in as an administrator. 2. To disable the Unified Write Filter, double-click the Dell Wyse WF Disable icon on the desktop. This icon disables the filter and reboots the system. 3. Configure the thin client device as per your requirements. 4.
Command-line options Description uwfmgr file add-exclusion C: This command-line adds the specified file to the file exclusion list of the volume protected by Unified Write Filter. Unified Write Filter starts excluding the file from filtering after the next system restart. For example, to add a registry directory HKLM\SYSTEM\WPA, the command is UWFmgr.exe registry add-exclusion HKLM \SYSTEM\WPA.
• • Warning #1 (%)—Shows the UWF cache percentage value at which a Low Memory warning message is displayed to the user for the current session. • Warning #2 (%)—Shows the UWF cache percentage value at which a Critical Memory warning message is displayed to the user. UWF Cache settings • • Amount of RAM to be used for UWF Cache—Shows the amount of RAM that is to be used as the Unified Write Filter cache for the next session in MB. This value should be in the range of 256 MB to 2048 MB.
Table 7. Parameters to configure nodes Parameter Values Name: [Application name] Path: [Application path] Arguments:< specify the configuration information when the application is launched> [Argument] Event: USER_LOGOFF SVC_STARTUP ON_SHUTDOWN USER_LOGIN Examples to configure nodes using xDCM Table 8.
Table 9. Options to configure nodes Option Description Add Option to add a folder cleanup node. Remove Option to delete a folder cleanup node. Table 10.
NOTE: By default, no logs are created for an application. Configuration of DebugLog XML file You can use the Debug Configuration Editor (DCE) console application to configure the debug configuration XML file. This tool can be used to commit, exclude, or modify the debug configuration file. To commit, exclude, or modify the debug configuration file, enter the following commands on the Debug Configuration Editor: • • • To commit the file and obtain the logfiles—DebugConfigEditor.
• Delete/edit connections Mapping network drives About this task Administrators can map network drives. To map the network drive and retain the mappings after the thin client device is restarted, see Map a network drive at https://support.microsoft.com. Participating in domains You can participate in domains by joining the thin client device to a domain or by using roaming profiles. About this task To join a domain, see Steps 1. Log in as an administrator. 2. Go to Start > Control Panel > System.
a) b) c) d) Disable the Unified Write Filter. Join the domain. Restart the thin client. Enable the Unified Write Filter. NOTE: If you use the Write Filter Enable icon to enable the Write Filter, the thin client restarts automatically. Next steps Using Roaming Profiles You can participate in domains by writing roaming profiles to the C drive. The profiles must be limited in size, and it is not retained when the thin client device is restarted.
Editing user accounts Prerequisites Open the User Accounts window as described in Managing User Accounts. About this task To edit the default settings of a standard user or administrator account: Steps 1. On the User Accounts window, click Manage another account. The Manage Accounts window is displayed. 2. To change as required, select User. The Change an Account window is displayed. Now make the desired changes using the links provided.
5. In the Computer Name window, type the name for the thin client device in the Computer name field, and click OK. 6. In the Confirmation dialog box, click OK to restart for applying the changes. 7. Click Close, and then click Restart Now to apply the changes.
6 System administration To maintain your thin client device environment, you can perform local and remote system administration tasks. The tasks include: • • • • • Accessing thin client BIOS settings Unified Extensible Firmware Interface (UEFI) and secure boot Using Wyse Management Suite Ports and slots Using Tight VNC (Sever and Viewer) to shadow a thin client Accessing thin client BIOS settings About this task To access the thin client BIOS settings, do the following: Steps 1.
Thin clients Guidelines to boot the thin client 2. 3. 4. 5. 6. Set the Secure Boot to Disabled. Set the Boot Mode to Legacy. Set the Boot from USB to Enabled. Save the changes and exit. From the pop-up menu, select your USB key, and boot as Normal. Creating bootable UEFI USB key About this task To create a bootable UEFI USB key, do the following: Steps 1. Obtain an executable UEFI shell. 2. Save the file as bootx64.efi on your client. 3. Format the USB key with FAT32. 4. In the USB key, create the \efi\b
TightVNC Server starts automatically as a service upon thin client device restart. The initialization of TightVNC Server can also be controlled by using the Services window by this procedure. To open TightVNC Server window: 1. Log in as an Administrator. 2. Click Start Menu > TightVNC > TightVNC Server. NOTE: • TightVNC Viewer is available from TightVNC website. • TightVNC is included in WDM software as a component. • TightVNC Viewer must be installed on a shadowing or remote machine before use.
Configuring TightVNC server properties on the thin client Steps 1. To open the TightVNC Server Configuration (offline) dialog box, go to Start > TightVNC > TightVNC Server — Offline Configuration. The TightVNC Server Configuration (offline) dialog box is displayed. 2. In the Server tab, set the Primary password. Use this password while shadowing the thin client. Default primary password is Wyse. 3.
7 Network architecture and server environment This section contains information about the network architecture and enterprise server environment needed to provide network and session services for your thin client.
Option Description Notes 51 Lease Time Required 52 Option Overload Optional 53 DHCP Message Type Required 54 DHCP Server IP Address Recommended 55 Parameter Request List Sent by thin client 57 Maximum DHCP Message Size Optional (always sent by thin client) 58 T1 (renew) Time Required 59 T2 (rebind) Time Required 61 Client identifier Always sent 155 Remote Server IP Address or name Optional 156 Logon User Name used for a connection Optional 157 Domain name used for a conn
Citrix Studio consists of various wizards that allows you to perform the following tasks: • • • • • • • Publish virtual applications Create groups of server or desktop operating systems Assign applications and desktops to users Grant user access to resources Assign and transfer permissions Obtain and track Citrix licenses Configure StoreFront All available Virtual Desktop Applications (VDA) are listed in the Studio. From the VDA list, select the application you would like to publish.
8 Installing firmware using USB Imaging Tool Firmware installation is the process of installing the Windows 10 IoT Enterprise firmware on your thin client. Use the Dell Wyse USB Imaging Tool version 3.2.0 to install the Windows 10 IoT Enterprise image on your thin client. For information about installation instructions, see the Dell Wyse USB Imaging Tool version 3.2.0 User's Guide at https://downloads.dell.com/wyse/.
9 Frequently asked questions How to install Skype for Business To install Skype for business on your thin clients, do the following: 1. 2. 3. 4. 5. 6. 7. 8. Log in as an administrator. Disable Unified Write Filter. Download the Skype for Business stand-alone (64-bit) from https://support.microsoft.com. Double-click the .exe file, and click Run. After the installation is complete, click Close. Launch Skype for business. On the license agreement screen, click Accept. Enable Unified Write Filter.
10 Troubleshooting Keyboard customization issues To customize the keyboard language that is not supported by default, do the following: 1. 2. 3. 4. Go to C:\Windows\system32\oobe. Delete the oobe.xml file and the related subdirectories. Customize the sysprep.xml file manually and set the keyboard, locales, and so on, to the respective language. Deploy the .xml file manually, or by using SCCM or Custom Sysprep. All preferences for keyboard, locale, time zone, countries, and so on, are applied.
NOTE: This issue is resolved in Windows 10 IoT Enterprise image builds later than version 10.03.06.10.18.00, and hence you are not required to apply the registry entry manually. To disable the link power management mode using a registry file, do the following: 1. Log in as an administrator. 2. Disable Unified Write Filter. The system restarts. 3. Log in as an administrator again. 4. Open Notepad and type the following syntax: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
6. Clear the Password field, and enter the password again. 7. Click Change Password. NOTE: Do not click the Export WiFi Profiles button again. 8. Close the Wireless Profile Password Editor window. 9. Log in to Wyse Management Suite. 10. Go to Apps & Data > File Repository > Inventory. 11. Click Add File. 12. Browse to the xml file. 13. From the Type drop-down list, select Windows Wireless Profile. 14. Enter the description. 15.