Reference Guide
Table Of Contents
You can log in to Dell Hybrid Client only if the authentication is successful. However, you can configure the user account
lockout for remote Broker agent or domain controller using the AD group policies.
● Security configurations—The following are the security options that can be configured using Wyse Management Suite:
○ Configure the BIOS password for Dell Hybrid Client.
○ Add or modify Group Token for the Device group.
○ Install a certificate on Dell Hybrid Client.
○ Configure USB lockdown settings to allow or block certain USB ports.
○ Configure the GRUB password for Dell Hybrid Client.
○ Enable or disable the VNC connection on Dell Hybrid Client.
○ Enable or disable the SSH connection on Dell Hybrid Client.
○ Set a password for Guest user on Dell Hybrid Client.
○ Enable or disable the installation of unsigned third-party applications.
User and credential management
● User accounts and default credentials
○ Guest—The Guest account is a low-privilege account that is available for users who do not have an AD account but
need access to Dell Hybrid Client. As an administrator, you can enable or disable the guest user account using Wyse
Management Suite. The Guest user is the default user without a password. As an administrator, you can configure the
password for the guest user account. If you have logged in as a guest user, local configurations are not preserved
across logins. For example, when a guest user configures a wallpaper setting locally, the setting is restored to the
default wallpaper when the user logs out and logs back in. However, when the same wallpaper is configured from Wyse
Management Suite (Device User Policies), the setting changes are applied to the subsequent guest user logins. You can
configure a password for the guest user from Wyse Management Suite.
○ SSH—The SSH user account is activated when the SSH add-on is deployed to Dell Hybrid Client from Wyse
Management Suite. The default username is sshuser. The password is configured using the Wyse Management Suite
console. As an IT administrator, you can grant elevated privileges to the SSH-enabled user from Wyse Management
Suite. However, use this option with caution as granting elevated privileges to an SSH-enabled user may lead to
inappropriate use of access on device.
○ Bremen—The Bremen account is activated only when dev mode is enabled on Dell Hybrid Client. As an administrator,
you can use the Bremen account to manage sudo or elevated privileges. In Dell Hybrid Client version 1.1, you must use
the Bremen password to access the Bremen account. In Dell Hybrid Client version 1.5, you can use the Grub password to
access the Bremen account.
○ GRUB—GRUB is the default boot loader for Dell Hybrid Client. Grub password is unique to each device. As an
administrator, you can set a password for the GRUB boot menu to restrict user access to the following operations:
■ Enabling dev mode to access the terminal.
■ User access to the GRUB boot menu.
● Security profiles—Security profiles can be set to High, Medium, or Low based on the type of third-party applications
that are being deployed—See Security profiles.
● BIOS admin credentials—Dell Technologies recommends that as a Wyse Management Suite administrator, you must
change the BIOS password from the Wyse Management Suite console—See, BIOS security.
● Broker, domain, and remote session credentials—Remote session broker agent, active domain, remote desktop, and
remote application credentials are configured by administrators of the respective remote resources. Remote resources
include cloud, or hosts and virtual machines that are organized in domains. There is no local default credential for remote
desktops or remote application users. User must use the credential that is configured on the remote site. Example—A
domain user with remote desktop access privilege must enter domain credentials to access remote resources.
● Managing credentials—Account credentials can be managed by deploying the configuration from Wyse Management Suite
to Dell Hybrid Client.
● Securing credentials—Dell Hybrid Client transmits and receives encrypted data from various servers including AD Server,
RDP Server, Cloud Server, and Wyse Management Suite server for information related to user authentication and user data.
The communication protocol is based on proven and safe encryption protocols. All credentials are stored in the device, or
transmitted between the client and the server using encrypted keys that are unique to each device.
● Password complexity—Password complexity for remote desktop, remote application, session broker agent, and session
gateway is managed by a remote system administrator. Example—Administrator can configure the settings using AD domain
policies and apply the settings to all domain users for remote desktop access. Some passwords for device management
require you to create a password according to the complexity and strength rules, including password length and password
strength. When a new password is set, Wyse Management Suite only accepts passwords that meet the new length and
complexity requirements. The tooltip on the settings UI displays the complexity and length requirement for each password.
If the password does not meet the specified requirement, the field is highlighted in red color to indicate that the entered
password is invalid.
Product and subsystem security
11