Getting to know your ThinKiosk Profile

Getting to know your ThinKiosk Profile.

Written by Giuseppe

Last published at: April 5th, 2020

You have successfully installed your new ThinScale Management Console as seen from this article,

and you are now wondering how to create configuration-specific to your ThinKiosk client within the Profile Editor.

This article will explain the most important section with examples, step by steps actions and pictures to better guide you into it.

Let's begin.

The first thing you will see is an empty Profile with just a few pre-checked options.

In the next section, you will find "Most-Used" options, analysed in the same order as the Profile Editor shows.

Use ThinKiosk Display Resolution Settings

  •     this option will allow a user to change their screen resolution, dpi scaling (Windows 10 only)  and orientation if needed.

Show the ThinKiosk  kioskbar

  • this option will show a windows style taskbar within the ThinKiosk session, helping users to switch between application, sessions and more.

Custom Wallpaper

  • this option will allow administrators to brand the ThinKiosk desktop with their own images. The image specified in the path below has to be physically present on the end client. 

Don't hide ThinKiosk when a VDI resource is active

  • this option will not hide the ThinKiosk UI when a VDI si launched preventing a black screen to be displayed when a session is closed.

VDI Connectors.

  • ThinKiosk supports natively 4 types of broker connectors: Citrix Storefront/NetScaler, RDP/ WVD, and VMWare. To add one of them simply click Add Connector and use the Broker URL.

Examples Connectors:

  • Storefront -  http://YourStore/Citrix/StoreName
  • NetScaler - https://NETSCALERADDRESS/StoreName
  • RDS  - https://RDSBroker/RDWeb/Feed/webfeed.aspx
  • VMWare  - https://VMWAREBROKER/broker/xml
  • WVD - only requires the Connector name

Disable the Citrix Desktop Viewer

  • this option will disable the Citrix Viewer

Use Citrix Desktop Viewer

  • this option will enable the Citrix Viewer

Enable auto launch by resource name :

  • this option will auto-launch a specific VDI after authentication 

End of Session options

  • this option will perform power actions when a session has been disconnected or closed. Administrators can control the behaviour of the user by selecting one of the following 

Local Applications

  • this option will allow end-user to launch applications like VPNs, Microsoft Office etc, assuming they are locally installed on their machine, from the ThinKiosk desktop.
  • the only thing you need is to use the application executable location (Command Line)
    • i.e C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe 
  • you can also auto-launch it when the TK UI is launched.  

Secure Browser

  • this option will allow end-users to use a restricted browser engine, being Internet Explorer or Chrome, from the ThinKiosk browser tab.
  • Add as many links as you wish, choosing a name, a browser engine or a scroll bar and you are done.
  • you can also blacklist/whitelist web sites. To know more about it please have a look at this article

Enable browser standards mode

  • there could be web sites not rendering the way you want. Use this option to set up the standards you wish to have the ThinKiosk displaying your page.

Block file download

  • Even though the ThinKiosk session is already really secure where nothing can go in or out, adding another layer of security is never a bad idea. In fact, in the case where a given web site can download the file locally, you can also restrict download by using this option. 

 Magic Filter 

  • the Magic Filter will allow the end-user to send key sequences like Ctrl-Alt-Del or Windows+L to the VDI session and not the ThinKiosk session. 

Idle Time out

  • Administrators don't like when a computer is left unattended for longe, that's' why by using this option you can ensure that a ThinKiosk session with a VDI running is not left more than it has to.

Additional Registry Values

  • controlling registry keys on a home user machine is challenging, especially without the home user consent. By using this option you can set registry keys only to the ThinKiosk user or any other users logged in to the machine, enhancing control and leveraging your corporate configurations. 

Windows Security Centre Detection

  • controlling the state of a remote machine is tricky without a dedicated support person. Multiply this by 1000s daily user and you see the problem here straight away. What if I tell you that you can tell the user by self-fixing the machine before launching the ThinkIosk application? Sounds great right? By enabling the following options and giving a user a dedicated/ personalized message, users can self fix potential issues on their home machine, requiring fewer people dedicated to them and ensuring business continuity.

Windows Patch Management 

  •  the same thing can be said with Windows Updates. Organization want to make sure that a home pc is fully patched or at least have patches required for the organization. By using this section, you will be able to install and download all the windows patches or specify the "must-have" patches required to meet organizational requirements. Like the Security Centre if a patch is missing you can display a message and redirect end-user on how and where to fix it.

Windows Firewall Control

  • this option lets you create firewall rules specific to a port, port range, IP or program files, the same way Windows does. Like the Windows Patch, if firewall rules are off or missing you can display a message and redirect end-user on how and where to fix it. 

Active Wi-Fi detection

  • this option will scan the home user pc for active wifi adapters and allow or disallow access to the ThinKiosk session.

Virtual Machine detection

  • this option will scan the home user pc and will check if the ThinKiosk is installed within a Virtual Machine or if a HyperV partition is running on the user pc.

Block USB mass storage device

  • this option will stop any mass storage device plugged into the user pc 

Application and Service Execution Prevention

  • these options are really powerful and can impact windows OS normal operation if not used right. Please refer to this article for more information. 

Once all your options are set, don't forget to "Save" the profile and use the Refresh Profile command to deploy these settings to your end clients.