- This topic has 4 replies, 2 voices, and was last updated 3 years, 4 months ago by
.
-
Posts
-
Hello. New to WTOS, but have been tasked with shoring up some of this in its current 8.x incarnation from the last person who was doing this and left for another dept. We are simply using Windows Server 2019 & 2016 session hosts, with rdping to the broker/ hosts from 3040’s, and using IIS server to dish out the requisite .ini / files.
On logon or logout (using smartcard) – seems like although we’ve managed to hide some options from users, and they logon fine – they can still get at the admin bar even though I’m pretty sure it is disabled. Some of the features are greyed out though.
Similarly, despite setting SCRemovalBehavior = 1, smartcard removal doesn’t visibly do anything like lock the screen or log out a user. (You can see the 3040 recognizing removal & reinsertion of smartcards in the on screen System Information Event log if we watch it, however).
I apologize in advance if I missed some simple wnos.ini setting. Thanks for your help!
Some of our wnos.ini –
*************************************************************
;* *
;* This wnos.ini file was generated with the *
;* Configuration Generator 8.4.01 *
;* Copyright by Thomas Moellerbernd *
;* *
;* https://technicalhelp.de *
;* *
;*************************************************************;*************************************************************
;* General 1 *
;*************************************************************autoload=2 LoadPkg=0
;*************************************************************
;* General 2 *
;*************************************************************Fastdisconnect=yes AltKey=yes
FastDisconnectKey=F12
Locale=English
PlatformConfig=all EOLWarning=no;*************************************************************
;* General 3 *
;*************************************************************Autopower=yes
SysMode=VDI EnableLogonMainMenu=yes DisableAddConnection=yes;*************************************************************
;* WDA *
;*************************************************************WDAService=no
;*************************************************************
;* Privilege *
;*************************************************************Privilege=Low HidePP=yes HideConnectionManager=No ShowDisplaySettings=No EnableNetworkTest=No CoreDump=Disabled DisableTerminalName=Yes DisableSerial=Yes DisableChangeDateTime=Yes
Adminmode=noShowAdmin=no
; Uncomment to enable admin on all terminals after reboot (probably don’t do this, assign via MAC)
; Adminmode=yes
; Privilege=High;*************************************************************
;* Peripherals *
;*************************************************************Device=audio EnableSpeaker=no
;*************************************************************
;* Redirection *
;*************************************************************MMRConfig=video flashingHW=yes
;*************************************************************
;* Time *
;*************************************************************Timeserver= <i>our timeserver</i>
Timeformat=”24-hour format”
Dateformat=yyyy/mm/dd;*************************************************************
;* Network *
;*************************************************************Device=Ethernet Speed=”Auto”
WDMService=No Quickmode=no Discover=no
BootpDisable=yes
IPProto=ICMP
WakeOnLan=yes
ConnectionBroker=Microsoft
Host=our fully qualified host name
VDISmartcardLogin=yes
SignOn=Yes EnableOK=Yes DisableGuest=yes LockTerminal=no RequireSmartcard=yes
SCRemovalBehavior=1
SignonStatusColor=”240 55 189″
AddCertificate= our cert server
AddCertificate= cert server cert
CCMEnable=No IgnoreMQTT=yes
DomainList=”our domain”
MaxVNCD=1 VNCD_8bits=yes VNCD_Zlib=yes
VncPassword=”tempvncpw”
VncPrompt=No Accept=3;*************************************************************
;* Services *
;*************************************************************Service=SNMPD disable=yes
Service=ThinPrint disable=yes
Service=WDM disable=yes;*************************************************************
;* General Session *
;*************************************************************SessionConfig=ALL UnmapSerials=no Smartcards=yes MapDisks=yes DisableSound=No Fullscreen=yes
SessionConfig=ICA HDXFlashUseFlashRemoting=always HDXFlashEnableServerSideContentFetching=enabled;*************************************************************
;* RDP *
;*************************************************************SessionConfig=RDP EnableGFX=yes EnableVOR=no EnableRdpH264=yes USBRedirection=RDP
1. ShowAdmin=no has to be in the same line as AdminMode.
So, in your case “Adminmode=no ShowAdmin=no”
2. Verify that “SCRemovalBehavior=1” is also in the same line as “SignOn=yes”CG
thanks for the help! So, confirmed
Adminmode=no ShowAdmin=no
While admin options from Admin mode (where the dock is shown on the left side of the screen, along with sysinfo and shutdown) are prevented this way, the user is still able to select ‘admin mode’ at the login prompt. Is there a way to prevent that from happening? I saw that I can do so by using a username & pw for ‘admin mode’ but we don’t want that stored in the .ini file.
Regarding smartcard removal, I’ve got it now so that removing the smartcard instantly locks the 3040 and disconnects the user from the session host, but it does not force a logoff. Seems like no matter what I set Autosignoff to (if that’s the correct parameter), it will not logoff the user on smartcard removal.
VDISmartcardLogin=yes
SignOn=Yes EnableOK=Yes DisableGuest=yes LockTerminal=no RequireSmartcard=yes SCRemovalBehavior=logoff Autosignoff=2Thanks again!
- You must be logged in to reply to this topic.