HP ThinPro 6.2 - Administrator Guide

ManualsBrandsHP ManualsDesktopsHP t520 Flexible Thin Client

161

162

163

164

165

166

167

168

169

170

Registry key Description

root/security/domainEntryMode

If set to 1, the domain is expected to be entered in a separate text

eld labeled Domain. if set to 0, the domain is expected to be

entered as part of the User eld.

root/security/enableLockOverride

If set to 1, administrators can override the screen lock of a local

desktop.

root/security/enableSecretPeek

If set to 1, password and PIN dialogs will have a button that, while

selected, will show the entered password/PIN in clear text.

root/security/encryption/identity/

encryptedSecretCipher

Sets the algorithm for symmetric encryption of a secret. All

algorithms use an appropriate amount of random salt, which is

regenerated each time the secret is stored. The encryption key is

dierent on each thin client, and encryption and decryption are

available only to authorized programs. The supported cipher list

includes most OpenSSL ciphers and ChaCha20–Poly1305.

root/security/encryption/identity/

encryptedSecretTTL

Sets the number of seconds since the last successful login that a

stored encrypted secret will be considered valid. If set to a

negative number, encrypted secrets will not time out.

root/security/encryption/identity/

secretHashAlgorithm

Sets the algorithm for creating a hash of a secret. Key Derivation

Functions (KDFs) such as scrypt or argon2 are better than

straightforward hashes because it is not quick to compute a

rainbow dictionary using a KDF. All algorithms use an appropriate

amount of random salt, which is regenerated each time the secret

is hashed. The supported list includes scrypt, Argon2, SHA-256,

and SHA-512 (though the latter two are not KDFs).

root/security/encryption/identity/

secretHashTTL

Sets the number of seconds since the last successful login that a

stored hashes of secrets will be considered valid. If set to a

negative number, hashes of secrets will not time out.

root/security/mustLogin

If set to 1, all users are forced to log in before accessing the

desktop.

shutdown

Registry key Description

root/shutdown/enableAutomaticShutdownTimeout

If set to 1, a progress bar is shown in the shutdown/restart/logout

conrmation dialog box. If the question is not answered in time,

automatically shutdown/restart/logout.

root/shutdown/timeOfAutomaticShutdownTimeout

Sets the wait time for automatic shutdown timeout.

sshd

Registry key

Description

root/sshd/disableWeakCipher

If set to 1, disable the CBC mode cipher and other known weak

ciphers, such as 3DES, arcfour, etc.

root/sshd/disableWeakHmac

If set to 1, disable 96 bit hmac and any sha1–based and md5–

based hmac.

root/sshd/disableWeakKex

If set to 1, disable key exchange algorithms that have DH with

SHA1.

shutdown 155