Getting to know your Secure Remote Worker Profile

Getting to know your Secure Remote Worker Profile. #SRW-KB7

Written by Giuseppe

Last published at: June 30th, 2023

You have successfully installed your new ThinScale Management Console as seen from this article,

and you are now wondering how to create configuration-specific to your Secure Remote Worker within the Profile Editor.

This article will explain the most important section with examples, step by steps actions and pictures to better guide you into it.

Let's begin.

The first thing you will see is an empty Profile with just a few pre-checked options.

In the next section, you will find "Most-Used" options, analysed in the same order as the Profile Editor shows.

Use SRW Display Resolution Settings

  •     this option will allow a user to change their screen resolution, dpi scaling (Windows 10 only)  and orientation if needed.

Show the Secure Remote Worker kioskbar

  • this option will show a windows style taskbar within the Secure Remote Worker session, helping users to switch between application, sessions and more.

Custom Wallpaper

  • this option will allow administrators to brand the Secure Remote Worker desktop with their own images. The image specified in the path below has to be physically present on the end client. 

Don't hide SRW when a VDI resource is active

  • this option will not hide Secure Remote Worker UI when a VDI si launched preventing a black screen to be displayed when a session is closed.

VDI Connectors.

  • Secure Remote Worker supports natively 4 types of broker connectors: Citrix Storefront/NetScaler, RDP/ WVD, and VMWare. To add one of them simply click Add Connector and use the Broker URL.

Examples Connectors:

  • Storefront -  http://YourStore/Citrix/StoreName
  • NetScaler - https://NETSCALERADDRESS/StoreName
  • RDS  - https://RDSBroker/RDWeb/Feed/webfeed.aspx
  • VMWare  - https://VMWAREBROKER/broker/xml
  • WVD - only requires the Connector name

Disable the Citrix Desktop Viewer

  • this option will disable the Citrix Viewer

Use Citrix Desktop Viewer

  • this option will enable the Citrix Viewer

Enable auto launch by resource name :

  • this option will auto-launch a specific VDI after authentication 

End of Session options

  • this option will perform power actions when a session has been disconnected or closed. Administrators can control the behaviour of the user by selecting one of the following 

Local Applications

  • this option will allow end-user to launch applications like VPNs, Microsoft Office etc, assuming they are locally installed on their machine, from the Secure Remote Worker desktop.
  • the only thing you need is to use the application executable location (Command Line)
    • i.e C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe 
  • you can also auto-launch it when the SRW UI is launched.  

Secure Browser

  •  this option will allow end-users to use a restricted browser engine, being Internet Explorer or Chrome, from the Secure Remote Worker browser tab.
  • Add as many links as you wish, choosing a name, a browser engine or a scroll bar and you are done.
  • you can also blacklist/whitelist web sites. To know more about it please have a look at this article

Enable browser standards mode

  • there could be web sites not rendering the way you want. Use this option to set up the standards you wish to have the Secure Browser displaying your page.

Block file download

  • Even though Secure Remote Worker session is already really secure where nothing can go in or out, adding another layer of security is never a bad idea. In fact, in the case where a given web site can download the file locally, you can also restrict download by using this option. 

 Magic Filter 

  • the Magic Filter will allow the end-user to send key sequences like Ctrl-Alt-Del or Windows+L to the VDI session and not the Secure Remote Worker session.

Idle Time out

  • Administrators don't like when a computer is left unattended for longe, that's' why by using this option you can ensure that a Secure Remote Worker session with a VDI running is not left more than it has to.

Additional Registry Values

  • controlling registry keys on a home user machine is challenging, especially without the home user consent. By using this option you can set registry keys only to the Secure Remote Worker user and only when in the Secure Remote Worker session, enhancing control and leveraging your corporate configurations. 

Windows Security Centre Detection

  • controlling the state of a remote machine is tricky without a dedicated support person. Multiply this by 1000s daily user and you see the problem here straight away. What if I tell you that you can tell the user by self-fixing the machine before launching the SRW application? Sounds great right? By enabling the following options and giving a user a dedicated/ personalized message, users can self fix potential issues on their home machine, requiring fewer people dedicated to them and ensuring business continuity.

Windows Patch Management 

  •  the same thing can be said with Windows Updates. Organization want to make sure that a home pc is fully patched or at least have patches required for the organization. By using this section, you will be able to install and download all the windows patches or specify the "must-have" patches required to meet organizational requirements. Like the Security Centre if a patch is missing you can display a message and redirect end-user on how and where to fix it.

Windows Firewall Control

  • this option lets you create firewall rules specific to a port, port range, IP or program files, the same way Windows does. Like the Windows Patch, if firewall rules are off or missing you can display a message and redirect end-user on how and where to fix it. 

Active Wi-Fi detection

  • this option will scan the home user pc for active wifi adapters and allow or disallow access to the Secure Remote Worker session.

Virtual Machine detection

  • this option will scan the home user pc and will check if the Secure Remote Worker is installed within a Virtual Machine or if a HyperV partition is running on the user pc.

Block USB mass storage device

  • this option will stop any mass storage device plugged into the user pc 

Write Filter

  • By using this option you will ensure that every time a Secure Remote Worker session is logged out all file saved, downloaded or potential stolen are deleted.

Application and Service Execution Prevention

  • these options are really powerful and can impact windows OS normal operation if not used right. Please refer to this article for more information. 

Once all your options are set, don't forget to "Save" the profile and use the Refresh Profile command to deploy these settings to your end clients.