HealthCast

Kiosk Mode - Passthrough

The XA Passthrough Authentication workflow configuration allows users to configure their environment for quick and direct access to an RDP terminal server session, a Citrix ICA session, a Citrix Storefront session, or a VMware Horizon View session.

The operation of this configuration can also be enhanced with the addition of the ExactAccess shell replacement option. When the shell replacement software is paired with domain policies to secure the Windows desktop, users are not able to interact with the local file system or Windows desktop for added security. This feature is automatically disabled for Administrative users to perform maintenance on the workstation.

The XA Passthrough Authentication configuration requires only the HealthCast Prox/Auth server to reduce server requirements; the full XA server software suite is supported, but not required.

Interactive Installation

Tip

ExactAccess client supports both 32-bit and 64-bit operating system. Choose the appropriate installation MSI for the operating system target:

for 32-bit clients: HealthCast ExactAccess Client.msi (not supported for Roaming Sessions installations)

for 64-bit clients: HealthCast ExactAccess Client x64.msi

Run the MSI

Adjust install directory if desired

Click Install

Confirm UAC if prompted

Client Configuration Tool will start when the install is complete

Select Change Mode button

Choose Kiosk Mode

4980824.png

Select Operation Tab

Choose Passthrough

7703635.png

Follow the instructions outlined below for the appropriate connection type

TIp

The instructions below indicate to log in as an administrator and run the Client Configuration Tool. During installation, this tool is started for you automatically and is running as an administrator. Those steps can be skipped during this process. Start with step 3 for the desired configuration.

After UI configuration is complete, select Finish and reboot the workstation when prompted.

4980825.png
Remote Desktop Protocol (RDP)

Info

Remote Desktop Protocol (RDP) 7 and 8 are supported.

Warning

If you are using RDP to connect to a Citrix Desktop, it is necessary to prevent RDP Locked Sessions on the Citrix Server. See Citrix KB Article CTX138189for information on how to configure this setting.

  1. Log-in as a Local Administrator to the workstation you would like to make changes on. The Client Configuration Tool will only run under an account with Local Administrator privileges.

  2. Navigate to the Windows® Start menu> All Programs > HealthCast > ExactAccess > Utilities > Configuration > Client Configuration.

  3. Click the Operation tab to show the type of configuration

  4. Select the "Passthrough authentication only" option.

  5. Select the item "Microsoft RDC or Citrix ICA connection" and click the "Configure..." button.

  6. From this menu option, select the Microsoft RDC button to configure and activate support for RDC connectivity.

  7. Enter the information appropriate for your environment in the configuration settings page for RDC.

Command line deployment

Tip

ExactAccess client supports both 32-bit and 64-bit operating system. Choose the appropriate installation MSI for the operating system target:

for 32-bit clients: HealthCast ExactAccess Client.msi

for 64-bit clients: HealthCast ExactAccess Client x64.msi

msiexec /i "HealthCast ExactAccess Client.msi" XA_MODE=KM XA_PROX_AUTH=myProxAuthServer XAD_ENABLED=1 X_PLUGIN=RDC X_RDC_TS=myTSserver:port# X_KM_DOMAIN=HEALTHCAST X_PSE=0 X_PIN_LEN=5 X_RUN_CONFIG=0 /qn
Citrix ICA

Info

Citrix Receiver 4.3-4.7 are supported

Warning

The embedded ICA connection does not support connections to XenDesktop remote sessions. It will connect to published desktops made available through Citrix XenApp.

To connect to XenDesktop remote sessions, use the Citrix Storefront option.

  1. Log-in as a Local Administrator to the workstation you would like to make changes on. The Client Configuration Tool will only run under an account with Local Administrator privileges.

  2. Navigate to the Windows® Start menu> All Programs > HealthCast > ExactAccess > Utilities > Configuration > Client Configuration.

  3. Click the Operation tab to show the type of configuration

  4. Select the "Passthrough authentication only" option.

  5. Select the item "Microsoft RDC or Citrix ICA connection" and click the "Configure..." button.

  6. From this menu option, select the Citrix ICA button to configure and activate support for ICA connectivity.

  7. Enter the information appropriate for your environment in the configuration settings page for ICA.

    Tip

    If you have change the XML broker port for your Citrix servers, on the Server Name field, enter the server name colon (:) port together. If you are using the default port for the XML broker, the port specification can be omitted.

    example: server:port

Command line deployment

Tip

ExactAccess client supports both 32-bit and 64-bit operating system. Choose the appropriate installation MSI for the operating system target:

for 32-bit clients: HealthCast ExactAccess Client.msi

for 64-bit clients: HealthCast ExactAccess Client x64.msi

msiexec /i "HealthCast ExactAccess Client.msi" XA_MODE=KM XA_PROX_AUTH=myProxAuthServer XAD_ENABLED=1 X_PLUGIN=ICA X_CS1=myCitrixserver:8080 X_KM_DOMAIN=HEALTHCAST X_PSE=0 X_PIN_LEN=5 X_RUN_CONFIG=0 /qn
Citrix Storefront

Warning

HTTP Basic authentication must be enabled on the StoreFront servers

Info

Citrix Receiver client versions supported: 4.2 - 4.9

  1. Log-in as a Local Administrator to the workstation you would like to make changes on. The Client Configuration Tool will only run under an account with Local Administrator privileges.

  2. Navigate to the Windows® Start menu> All Programs > HealthCast > ExactAccess > Utilities > Configuration > Client Configuration.

  3. Click the Operation tab to show the type of configuration

  4. Select the "Passthrough authentication only" option.

  5. Select the item "Citrix Storefront connection" and click the "Configure..." button.

  6. Enter the information appropriate for your environment in the configuration settings page for StoreFront.

Published Name - This is the name of the resource to be launched. The same name that is displayed on the StoreFront web page.

Window Title - This is the text that appears in the title bar of the published resource. Typically the published name a space and a "-" is sufficient.

Storefront URL - This is the Receiver for Web Sites URL found in Citrix Studio > Citrix Storefront > Stores. The correct URL – when placed in a browser should resolve to the Citrix StoreFront login page.

Authentication Type – Determine what credentials to use when authenticating to StoreFront. Select XA User to use the XA Users credentials, select Windows User to use the Windows user credentials.

Application Type - If the published resource is a Shared desktop or VDI select the Shared desktop or VDI radio button if the published resource is an application i.e. Microsoft Notepad or Calculator, select the Published application radio button.If the Shared desktop or VDI radio button is selected the Set to Full Screen checkbox is enabled. If checked the Shared desktop or VDI will be displayed in full screen and the Citrix Tool bar is hidden limiting the user to the VDI or Shared Desktop.

Logging– If checked pubLauncherSF will log to %AppData%\HealthCast\logs\pubLauncherSF.log.

When enabled the application will log to the C:\Users\<username>\AppData\Roaming\HealthCast\logs\sfConnect.log file.

TraceLevel – Set Trace level 1 – 4 for logging. The higher the trace level the more detailed logging.

1 – minimal

2 – low

3 – medium

4 – verbose

VMware Horizon View

Info

VMware Horizon client versions supported: 4.0 - 4.6.1

  1. Log-in as a Local Administrator to the workstation you would like to make changes on.

    The Client Configuration Tool will only run under an account with Local Administrator privileges.

  2. Navigate to the Windows® Start menu> All Programs > HealthCast > ExactAccess > Utilities > Configuration > Client Configuration.

  3. Click the Operation tab to show the type of configuration

  4. Select the "Passthrough authentication only" option.

  5. Select the item "VMware Horizon View connection" and click the "Configure..." button.

  6. Enter the information appropriate for your environment in the configuration settings page for Horizon View.

Command line deployment

Tip

ExactAccess client supports both 32-bit and 64-bit operating system. Choose the appropriate installation MSI for the operating system target:

for 32-bit clients: HealthCast ExactAccess Client.msi

for 64-bit clients: HealthCast ExactAccess Client x64.msi

msiexec /i "HealthCast ExactAccess Client.msi" XA_MODE=KM XA_PROX_AUTH=myProxAuthServer XAD_ENABLED=1 X_PLUGIN=VIEW X_VW_DT=myDeskPool X_VW_URL=myViewURL X_KM_DOMAIN=HEALTHCAST X_PSE=0 X_PIN_LEN=5 X_RUN_CONFIG=0 /qn
Command Line Installation

See Configuring KM Passthrough Connectivity for details.

Configuring KM Passthrough Connectivity
Installation command line parameters for Kiosk Mode with passthrough configuration

From an administrative command prompt (or remote deployment package), execute the ExactAccess client install with the appropriate command line parameters. Below are the minimum values that need to be configured.

  • Set kiosk mode: XA_MODE=KM

  • Set the servers: XA_PROX_AUTH=<name of server>

  • Set to use no SSO: XAD_ENABLED=1

  • Select the appropriate plug-in connector

    • X_PLUGIN=RDC

      • Set the RDC server to connect to: X_RDC_TS=<Remote Desktop server name:[optional port number]>

        example: X_RDC_TS=myRDServer:443

    • X_PLUGIN=ICA

      • Set the Citrix server to connect to: X_CS1=<server name:port>

        example: X_CS1=myCTXServer:80

        Tip

        Additional X_CS2 and X_CS3 may be specified for additional fail over servers.

    • X_PLUGIN=VIEW

      • Set the Desktop Pool: X_VW_DT=<pool name>

      • Set the Server URL: X_VW_URL=<server URL>

    • X_PLUGIN=SF

      • set the resource name as published for Store Front : X_SF_RN=<resource name>

      • set the app title: X_SF_AT=<application title>

  • Set the Kiosk Domain to validate users against: X_KM_DOMAIN=<Default Domain>

  • Enable PIN Support: X_PSE=0 (by default, PIN support is DISABLED)

    • -1 = Pin support DISABLED (value as: X_PSE=4294967295)

    • 0 = Always prompt for PIN on every login (may also prompt for password if it is expired)

    • Set PIN Minimum Length: X_PIN_LEN=<4, 5, or 6>

  • (optional) Enable ExactAccess Shell replacement: X_EASE=1

    Warning

    See the Shell replacement page for additional required setup on Windows 10 workstations.

  • (optional) Disable remote auth for domain joined workstations if desired: X_RARL=0

  • Disable running configuration tool after install/upgrade: X_RUN_CONFIG=0

Tip

If you are configuring your workstations against a full installation of ExactAccess server, the additional server values may be specified for complete operation:

Set the server for HCIDeploy: X_D_SRV=<name of server>

Set the server for audit: X_AUDIT_SRV=<name of server>

Configuring Connectivity Plug-ins with the Client Configuration Tool
Remote Desktop Protocol (RDP)

Info

Remote Desktop Protocol (RDP) 7 and 8 are supported.

Warning

If you are using RDP to connect to a Citrix Desktop, it is necessary to prevent RDP Locked Sessions on the Citrix Server. See Citrix KB Article CTX138189for information on how to configure this setting.

  1. Log-in as a Local Administrator to the workstation you would like to make changes on. The Client Configuration Tool will only run under an account with Local Administrator privileges.

  2. Navigate to the Windows® Start menu> All Programs > HealthCast > ExactAccess > Utilities > Configuration > Client Configuration.

  3. Click the Operation tab to show the type of configuration

  4. Select the "Passthrough authentication only" option.

  5. Select the item "Microsoft RDC or Citrix ICA connection" and click the "Configure..." button.

  6. From this menu option, select the Microsoft RDC button to configure and activate support for RDC connectivity.

  7. Enter the information appropriate for your environment in the configuration settings page for RDC.

Command line deployment

Tip

ExactAccess client supports both 32-bit and 64-bit operating system. Choose the appropriate installation MSI for the operating system target:

for 32-bit clients: HealthCast ExactAccess Client.msi

for 64-bit clients: HealthCast ExactAccess Client x64.msi

msiexec /i "HealthCast ExactAccess Client.msi" XA_MODE=KM XA_PROX_AUTH=myProxAuthServer XAD_ENABLED=1 X_PLUGIN=RDC X_RDC_TS=myTSserver:port# X_KM_DOMAIN=HEALTHCAST X_PSE=0 X_PIN_LEN=5 X_RUN_CONFIG=0 /qn
Citrix ICA

Info

Citrix Receiver 4.3-4.7 are supported

Warning

The embedded ICA connection does not support connections to XenDesktop remote sessions. It will connect to published desktops made available through Citrix XenApp.

To connect to XenDesktop remote sessions, use the Citrix Storefront option.

  1. Log-in as a Local Administrator to the workstation you would like to make changes on. The Client Configuration Tool will only run under an account with Local Administrator privileges.

  2. Navigate to the Windows® Start menu> All Programs > HealthCast > ExactAccess > Utilities > Configuration > Client Configuration.

  3. Click the Operation tab to show the type of configuration

  4. Select the "Passthrough authentication only" option.

  5. Select the item "Microsoft RDC or Citrix ICA connection" and click the "Configure..." button.

  6. From this menu option, select the Citrix ICA button to configure and activate support for ICA connectivity.

  7. Enter the information appropriate for your environment in the configuration settings page for ICA.

    Tip

    If you have change the XML broker port for your Citrix servers, on the Server Name field, enter the server name colon (:) port together. If you are using the default port for the XML broker, the port specification can be omitted.

    example: server:port

Command line deployment

Tip

ExactAccess client supports both 32-bit and 64-bit operating system. Choose the appropriate installation MSI for the operating system target:

for 32-bit clients: HealthCast ExactAccess Client.msi

for 64-bit clients: HealthCast ExactAccess Client x64.msi

msiexec /i "HealthCast ExactAccess Client.msi" XA_MODE=KM XA_PROX_AUTH=myProxAuthServer XAD_ENABLED=1 X_PLUGIN=ICA X_CS1=myCitrixserver:8080 X_KM_DOMAIN=HEALTHCAST X_PSE=0 X_PIN_LEN=5 X_RUN_CONFIG=0 /qn
Citrix Storefront

Warning

HTTP Basic authentication must be enabled on the StoreFront servers

Info

Citrix Receiver client versions supported: 4.2 - 4.9

  1. Log-in as a Local Administrator to the workstation you would like to make changes on. The Client Configuration Tool will only run under an account with Local Administrator privileges.

  2. Navigate to the Windows® Start menu> All Programs > HealthCast > ExactAccess > Utilities > Configuration > Client Configuration.

  3. Click the Operation tab to show the type of configuration

  4. Select the "Passthrough authentication only" option.

  5. Select the item "Citrix Storefront connection" and click the "Configure..." button.

  6. Enter the information appropriate for your environment in the configuration settings page for StoreFront. Example:

Published Name - This is the name of the resource to be launched. The same name that is displayed on the StoreFront web page.

Window Title - This is the text that appears in the title bar of the published resource. Typically the published name a space and a "-" is sufficient.

Storefront URL - This is the Receiver for Web Sites URL found in Citrix Studio > Citrix Storefront > Stores. The correct URL – when placed in a browser should resolve to the Citrix StoreFront login page.

Authentication Type – Determine what credentials to use when authenticating to StoreFront. Select XA User to use the XA Users credentials, select Windows User to use the Windows user credentials.

Application Type - If the published resource is a Shared desktop or VDI select the Shared desktop or VDI radio button if the published resource is an application i.e. Microsoft Notepad or Calculator, select the Published application radio button.If the Shared desktop or VDI radio button is selected the Set to Full Screen checkbox is enabled. If checked the Shared desktop or VDI will be displayed in full screen and the Citrix Tool bar is hidden limiting the user to the VDI or Shared Desktop.

Logging– If checked pubLauncherSF will log to %AppData%\HealthCast\logs\pubLauncherSF.log.

When enabled the application will log to the C:\Users\<username>\AppData\Roaming\HealthCast\logs\sfConnect.log file.

TraceLevel – Set Trace level 1 – 4 for logging. The higher the trace level the more detailed logging.

1 – minimal

2 – low

3 – medium

4 – verbose

VMware Horizon View

Info

VMware Horizon client versions supported: 4.0 - 4.6.1

  1. Log-in as a Local Administrator to the workstation you would like to make changes on.

    The Client Configuration Tool will only run under an account with Local Administrator privileges.

  2. Navigate to the Windows® Start menu> All Programs > HealthCast > ExactAccess > Utilities > Configuration > Client Configuration.

  3. Click the Operation tab to show the type of configuration

  4. Select the "Passthrough authentication only" option.

  5. Select the item "VMware Horizon View connection" and click the "Configure..." button.

  6. Enter the information appropriate for your environment in the configuration settings page for Horizon View.

Command line deployment

Tip

ExactAccess client supports both 32-bit and 64-bit operating system. Choose the appropriate installation MSI for the operating system target:

for 32-bit clients: HealthCast ExactAccess Client.msi

for 64-bit clients: HealthCast ExactAccess Client x64.msi

msiexec /i "HealthCast ExactAccess Client.msi" XA_MODE=KM XA_PROX_AUTH=myProxAuthServer XAD_ENABLED=1 X_PLUGIN=VIEW X_VW_DT=myDeskPool X_VW_URL=myViewURL X_KM_DOMAIN=HEALTHCAST X_PSE=0 X_PIN_LEN=5 X_RUN_CONFIG=0 /qn
Registry Settings
Sever Connection Properties

Parameter Name

Applicable

Modes

Registry Keys Affected

Value

Setting Description

XA_SRV

ALL

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\Servers\INDY

0000: reg_sz

Valid Server NETBIOS or FQDN Name or IP address

Primary XA (SSO) server name

XA_AUDIT_SRV

ALL

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\AuditServerClient\Connection\INDY

0000: reg_sz

Valid Server NETBIOS or FQDN Name or IP address

auditSERVER name

XA_PRX_SRV

ALL

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ProxCardClient\Indy

0000: reg_sz

Valid Server NETBIOS or FQDN Name or IP address

Prox Card Server Name

X_D_SRV

ALL

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\HCIDeployClient\Indy

0000: reg_sz

Valid Server NETBIOS or FQDN Name or IP address

HCIDeploy server name

X_RA_SRV

KM

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\HCCitrixSessionDirectory\INDY

0000: reg_sz

Valid Server NETBIOS or FQDN Name or IP address

Remote Authentication Server name

X_PREF_IPV4

ALL

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ProxCardClient

PreferIPv4: reg_dword

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess

PreferIPv4: reg_dword

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\AuditServerClient

PreferIPv4: reg_dword

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\HCCitrixSessionDirectory

PreferIPv4: reg_dword

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\HCIDeployClient

PreferIPv4: reg_dword

1

Indicates that any TCP/IP communication prefers to use IPv4 when IPv6 is installed and available

This setting will be ignored if the *_SRV setting(s) listed above contain a direct IPv6 address.

SSO Client Settings

Parameter Name

Applicable

Modes

Registry Keys Affected

Value

Setting Description

X_SP

ALL

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\Servers\INDY

Port: reg_dword

15001

Communications port for XA (SSO) server

ALL

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\Servers\INDY

EnabledServerIDs: reg_sz

0000

Enabled Servers List. Comma delimited list of server identifiers 0000,0001,0002, etc.

XA_EC

ALL

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\SocketTransport\Indy

Encryption: reg_sz

RIJNDAEL

Encryption Class:

RIJNDAEL, RIJNDAEL128, RIJNDAEL256, BLOWFISH, BLOWFISH256, TWOFISH, SERPENT

XA_CC

ALL

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\SocketTransport\Indy

Compression: reg_sz

VCLZIP

Compression Class:

NONE, VCLZIP

Proxcard Client Settings

Parameter Name

Applicable

Modes

Registry Keys Affected

Value

Setting Description

XA_PRX_SRV_PRT

SUM,KM

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ProxCardClient\Indy

Port: reg_dword

30000

Communications port for Proxcard Server

ALL

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ProxCardClient\Indy

EnabledServerIDs: reg_sz

0000

Enabled Servers List. Comma delimited list of server identifiers 0000,0001,0002, etc.

SUM,KM

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\SocketTransport\Indy

Encryption: reg_sz

RIJNDAEL

Encryption Class:

RIJNDAEL, RIJNDAEL128, RIJNDAEL256, BLOWFISH, BLOWFISH256, TWOFISH, SERPENT

SUM,KM

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\SocketTransport\Indy

Compression: reg_sz

VCLZIP

Compression Class:

NONE, VCLZIP

X_PROX_RT

SUM,KM

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ProxCardClient

ReaderType: reg_sz

USB

ProxCard ReaderType

USB - RFIdeas USB device support

RFVC - RFIdeas Linux -> Citrix session support

RFSerial - RFIdeas Reader Serial device support

SCARD - OMNIKEY Reader support

X_PSE

SUM,KM

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ProxCardClient\PIN

PinPromptInMinutes: red_dword

4294967295

Specify enabling PIN Support. Users will be prompted to validate with pin:

Set this to enabled (4294967295) or disabled (0)

X_PIN_LEN

SUM,KM

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ProxCardClient\PIN

MinPinLength: reg_dword

4

Specify the minimum PIN length a user must use when enrolling a PIN:

4, 5, or 6

X_ALLOW_PIN

SUM,KM

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ProxCardClient\PIN

AllowPinEnrollment: reg_dword

1

Set this to enable (1) or disable (0) PIN Self enrollment.

X_PSCL

SUM,KM

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ProxCardClient

ParityStripCountLeading: reg_dword

0

Parity Strip Count Leading bits

X_PSCT

SUM,KM

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ProxCardClient

ParityStripCountTrailing: reg_dword

0

Parity Strip Count Trailing bits

X_BBS

SUM,KM

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ProxCardClient

BlankBadgeScan: reg_dword

1

Blank Badge Scanning allowed - if this setting is disabled, enrollment of unassigned cards is disabled.

X_HPI

SUM,KM

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ProxCardClient

HardwarePollInterval: reg_dword

500

Hardware polling interval in milliseconds

X_TOUT

SUM,KM

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ProxCardClient

SupportTapoutUpdateTime: reg_dword

1

Rolling password save enabled

X_PSWT

SUM,KM

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ProxCardClient

ServiceStartupConnectionWaitTimeout: reg_dword

30

Service Startup Connection Wait Timeout in seconds

X_VBC

SUM,KM

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ProxCardClient

ValidBitCount: reg_sz

Valid Bit Count comma delimited list

X_PIBCM

SUM,KM

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ProxCardClient

InvalidBitCountMessage: reg_sz

Message to display to user when their card has an invalid bit count

X_PIFM

SUM,KM

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ProxCardClient

InvalidFacilityMessage: reg_sz

Message to display to user when their card has an invalid facility code

X_PIPM

SUM,KM

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ProxCardClient

InvalidParityMessage: reg_sz

Message to display to user when their card has an invalid parity calculation

X_PIRM

SUM,KM

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ProxCardClient

InvalidRangeMessage: reg_sz

Message to display to user when their card has an ID that is not in a valid range

X_PSEDM

KM

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ProxCardClient

SelfEnrollmentDisabledMessage: reg_sz

Message to display to user when prox card self enrollment has been disabled

X_PSDM

SUM,KM

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ProxCardClient

ServerDownMessage: reg_sz

Message to display to the user when the server cannot be contacted

X_PIN_AT

SUM,KM

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ProxCardClient

PIN_Auth_Title: reg_sz

AUTHENTICATION

Title of message to prompt user for PIN Authentication

X_PIN_ET

SUM,KM

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ProxCardClient

PIN_Enroll_Title: reg_sz

ENROLLMENT

Title of message to prompt user for PIN Enrollment

X_CPT

SUM,KM

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ProxCardClient

PIN_Change_Message: reg_sz

Change my PIN

Message to prompt user for manually changing their PIN

X_BMML

SUM,KM

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ProxCardClient

BadgeMsg_ManualLogin: reg_sz

Enter username and password

Message to prompt user for manual login when prox reader is not attached

X_BMUA

SUM,KM

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ProxCardClient

BadgeMsg_UnAuthenticated: reg_sz

Enter your password

Message to prompt user their badge is not authenticated and a password is required

X_BMUR

SUM,KM

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ProxCardClient

BadgeMsg_Unregistered: reg_sz

Enter username and password to register badge.

Message to prompt the user for badge enrollment (the card is not registered)

X_PX_RB

SUM,KM

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ProxCardClient

CardRequiredForLogin: reg_dword

0

Require Proxcard for Login enabled(1) or disabled(0)

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ProxCardClient

HWGConfig: reg_sz

The full path and filename to an HWG+ formatted configuration file that will be used to configure the proximity card reader device.

Warning

Setting this file path overrides all other prox card device configuration settings as specified in the registry, as well as those that are built into the product. This includes Parity Strip count, Reader Beep, MessageValidForMS, and potentially ValidBitCount settings. Use caution when using this method to configure devices, and ensure proper operation before distribution.

X_PSWT

HKEY_LOCAL_MACHINE\Software\HealthCast\ProxCardClient

ServcieStartupConnectionWaitTimeout: reg_dword

30

This setting indicates how long to wait during a startup phase to ignore server/network availability errors before reporting a problem to the HealthCast client.

HKEY_LOCAL_MACHINE\Software\HealthCast\ProxCardClient

ReaderBeepEnabled: reg_dword

Indicates if using a RFIdeas reader model that includes an internal speaker, that tapping a badge the reader will beep indicating the badge was read.

ALL

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ProxCardClient

ConnectionTimeout: reg_dword

1

The time in seconds that the client will attempt to connect to the all of the configured servers before returning an error to the client for a connection failure.

SUM,KM

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ProxCardClient

BeepSoundFile: reg_sz

<install folder path>\beep2.wav

The default WAV file that will play when a card is tapped, and the setting to play beep sound is enabled

X_BEEP

SUM,KM

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ProxCardClient

BeepSoundPlayOnBadgeTap: reg_dword

0

Beep sound is enabled to play when set to 1, disabled when set to 0

Audit Client Settings

Parameter Name

Applicable

Modes

Registry Keys Affected

Value

Setting Description

ALL

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\AuditServerClient\Connection\INDY

SocketPort: reg_dword

25000

Communications port for auditSERVER

ALL

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\AuditServerClient\Connection\INDY

EnabledServerIDs: reg_sz

0000

Enabled Servers List. Comma delimited list of server identifiers 0000,0001,0002, etc.

ALL

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\AuditServerClient\Connection\INDY

EncryptionClass: reg_sz

NONE

Encryption Class:

RIJNDAEL, RIJNDAEL128, RIJNDAEL256, BLOWFISH, BLOWFISH256, TWOFISH, SERPENT

ALL

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\AuditServerClient\Connection\INDY

CompressionClass: reg_sz

VCLZIP

Compression Class:

NONE, VCLZIP

Remote Authentication Settings

Parameter Name

Applicable

Modes

Registry Keys Affected

Value

Setting Description

X_RA_PORT

KM

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\AuditServerClient\Connection\INDY

SocketPort: reg_dword

20000

Communications port for Remote Authentication

KM

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\HCCitrixSessionDirectory\INDY

EnabledServerIDs: reg_sz

Enabled Servers List. Comma delimited list of server identifiers 0000,0001,0002, etc.

X_RAEC

KM

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\HCCitrixSessionDirectory

Encryption: reg_sz

NONE

Encryption Class: (Only if communicating with a server Advanced Communications port: 20001)

RIJNDAEL, RIJNDAEL128, RIJNDAEL256, BLOWFISH, BLOWFISH256, TWOFISH, SERPENT

If communicating with the Compatibility communication port: 20000, this setting MUST match the configuration on the server:

RIJNDAEL, BLOWFISH

X_RACC

KM

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\HCCitrixSessionDirectory

Compression: reg_sz

VCLZIP

Compression Class:

NONE, VCLZIP

If communicating with the Compatibility communication port: 20000, this setting MUST match the configuration on the server:

NONE, VCLZIP

X_RARL

KM

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\HCCitrixSessionDirectory

RemoteLogon: reg_dword

1

Remote Authentication Enabled (1) or Disabled (0)

X_RAID

KM

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\HCCitrixSessionDirectory

ID: reg_sz

EA12G54

Remote Authentication Shared Key for legacy communications

If communicating with the Compatibility communication port: 20000, this setting MUST match the configuration on the server

Miscellaneous Settings

Parameter Name

Applicable

Modes

Registry Keys Affected

Value

Setting Description

XA_N_BREQ

ALL

HKEY_LOCAL_MACHINE\SOFTWARE\Identity Automation\XANotification

BindingRequest: reg_sz

tcp://127.0.0.1:6226

The port specified 6226 can be adjusted if necessary.

Note

The Windows (or other) Firewall may also need to be adjusted to allow network communication on this port for proper communication on the local machine between the XA client and the Browser Plug-in. The port must match what is used in XA_N_BRESP.

XA_N_BRESP

ALL

HKEY_LOCAL_MACHINE\SOFTWARE\Identity Automation\XANotification

BindingResponse: reg_sz

tcp://localhost:6226

The port specified 6226 can be adjusted if necessary.

Note

The Windows (or other) firewall may also need to be adjusted to allow network communication on this port for proper communication on the local machine between the XA client and the Browser Plug-in. The port must match what is used in XA_N_BREQ.

XA_ALE

ALL

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess

AutoLogoffEnabled: reg_dword

1

Enables (1) or Disables (0) idle session logoff. Logoff only occurs after the session has locked.

X_KM_AL_TIME

ALL

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess

LogoffTimeLimit: reg_dword

600

The number of seconds the session can be idle (locked) before the session will be logged off.

X_KM_LTL

ALL

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess

LockTimeLimit: reg_dword

300

The number of seconds a session can be idle before the session is automatically locked

X_PRA

SUM,KM

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\PasswordReset

URL: reg_sz

Password Reset URL to a web site than allows a user to reset their domain password (such as ADPWR)

X_ACT

SUM,KM

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\PasswordReset

AutoCancelTime: reg_dword

120

The auto cancel time for inactivity of the password reset web display in seconds.

ALL

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess

ShowXAStatusMessages: reg_dword

1

When Enabled (1) Allows XAUCM to display the status message during startup, show desktop, and shutdown. These status messages will not be shown when Disabled (0)

ALL

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess

SkipLoadingAppList: reg_dword

When Enabled (1) Indicates that XA should not load the application list during login to improve performance. When Disabled (0), XA will load the users application list from the server.

Tip

This setting is required to be Disabled (0) if the user will launch SnapApp enabled applications (either Windows or Web) on the system where the setting is set.

Also, if the ExactAccess Desktop will be displaying applications on the workstation, this setting must be Disabled (0) so the users authorized applications will be loaded for presentation.

Not all workstations require this setting to be disabled - for instance, in a Published Application scenario, this setting can be enabled on the RSM server if the user will launch WebSSO or Windows SnapAPP applications on their local workstation and use published connectors for applications on the RSM server.

This setting can also be Enabled (1) when using the Kiosk Mode Passthrough configuration, as the desktop presentation will be handled by an RSM or VDI desktop (remote session), so the local workstation does not need to retrieve the application list.

ALL

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess

BeepBeforeLockEnabled: reg_dword

Enables (1) or Disables (0) a system beep during the about to lock countdown

ALL

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess

LockBeepIntervalInSeconds: reg_dword

This value is how many seconds occur between each beep during the countdown before lock.

ALL

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess

LockBeepStartTimeInSeconds: reg_dword

This value is how many seconds before lock does the beep notice start to occur. It also indicates when the visual status will indicate the system is about to lock.

ALL

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess

LockBeepIndex: reg_dword

32

May be one of the following values

0 - play sound associated with Default Beep sound in the Sound Scheme 16 - play sound associated with Critical Stop sound in the Sound Scheme

32 - play sound associated with Question sound in the Sound Scheme

48 - play sound associated with Exclamation sound in the Sound Scheme

64 - play sound associated with Asterisk sound in the Sound Scheme

4294967295 - use PC Speaker beep instead of scheme sound

Tip

Note that the user may not have a .WAV file associated with the Sound Scheme values listed. Verify with the Sound Scheme that each of the items identified is associated with a .WAV file.

These values can be found under:

HKEY_CURRENT_USER \AppEvents \Schemes \Apps \<Type> \.Current -- (Default)

Where <Type> is one of the following values:

.Default, SystemHand, SystemQuestion, SystemExclamation, SystemAsterisk

X_LDM

ALL

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess

KMLockDisplayMode: reg_dword

5

Change how the user name is displayed in the Active User List, Privacy Shield, and the XA Desktop

0 - Full Name*

1 - Last Name only

2 - First Name Only

3 - Directory Service Name **

4 - Initials Only

5 - First Name, Last Initial

6 - First Initial, Last Name

7 - "In use" only **

8 - No user name display **

9 - Full First Name and Full Last Name ***

10 - Full First Name Only ***

11 - Full Last Name Only ***

12 - Full First Name, Last Initial ***

13 - Full first Name Initial, Full Last Name ***

Warning

* Full Name is the First + Last, or Display Name field, depending on how the server is configured.

*** - Full First Name and Full Last Name are not parsed from username properties, but are passed directly from the server.

Warning

** In Passthrough configuration, only values 3,7,8 are valid.

** Optionally, in Kiosk Mode, The user name can be removed from the privacy shield with the PSLoginNameVisible setting (allowing the name to remain showing on the XA Desktop)

ALL

HKLM\Software\HealthCast\ExactAccess\Override

LogoffOnDesktopClose: reg_dword

Enables (1) or Disables (0) initiating logoff if the user closes the Application Desktop (not valid for Toolbar Desktop)

ALL

HKLM\Software\HealthCast\ExactAccess\Override

ShowDesktopOnLogoffCancel: reg_dword

Enables (1) or Disables (0) initiating re-launching the XA Application Desktop (not valid for Toolbar Desktop) if the user cancels logoff

ALL

HKLM\Software\HealthCast\ExactAccess\Display

DesktopStyle: reg_sz

hcgreen.vsf

The visual style file applied to change the look and feel of the XA Toolbar Desktop (not valid for Application Desktop).

XA_DSK_CLASS

ALL

HKLM\Software\HealthCast\ExactAccess\XAServerManager

Desktop: reg_sz

AppDesktop.clsAppDesktop

AppDesktop.clsAppDesktop: also referred to as Application Desktop, launches an application window similar to a web page that lists the user's SSO enabled applications as well as "lock" and "logoff" buttons.

NoDesk.clsNoDesk: also referred to a No Desktop, does not launch an XA Desktop when XA is started.

xatbdesk.clsxatbdesk: also referred to as Toolbar Desktop allows for the XA Menu to appear as a popup/context menu from the XA Taskbar icon. Additionally, a secondary application can be launched that looks and acts like the standard Windows task/start bar in that it will display favorite applications and has a start button to display a popup menu of applications with a work space similar to Windows 10.

HCCitrixDesk.clsDesktop is a specialized desktop presentation used when the same Citrix server publishes a full Windows desktop and the user should see an XA menu of SSO enabled applications. The same Citrix server may also be used to publish xa directly but have the nodesktop option so an xa desktop does not appear.

Required

When using the XATBDesk.clsXATBDesk class, it is necessary that the DESKTOP_SERVER.XML be registered with the XA server before it will function.

See Registering application XML files in the ExactAccess Administrator.

All

HKLM\Software\HealthCast\ExactAccess\XAServerManager

ClientDSProgID

Note

This setting must be manually updated after an installation on RSM to use the virtual channel class to retrieve the current XA user from the end point device. Using the Client Configuration tool may reset this value when saving settings.

Warning

This setting may not be set during the install or with a transform.

Class that determines where the user identification is retrieved from.

NTClientDSUser.clsNTClientDSUser (SUM,RSM,VDI)

hciVCCred.clshciVCCred (RSM ONLY)

NTKMDSUser.clsNTKMDSUser (KIOSK ONLY)

X_ALA_CHK

ALL

HKLM\Software\HealthCast\ExactAccess\AutoLaunch

CheckAccess: reg_dword

0

This setting determines whether an access check should be performed before the application is auto-launched. If the value is set to zero (0), the application will be launched and is not required to be registered in XA. The user logging in does not have to be granted access to launch the application. If the value is set to one (1), the application must be registered in XA and the user must belong to a role that has been granted access to the application.

X_ALA_PATH

ALL

HKLM\Software\HealthCast\ExactAccess\AutoLaunch

Launch: reg_sz

Kiosk Mode Only Miscellaneous Settings

Parameter Name

Applicable

Modes

Registry Keys Affected

Value

Setting Description

XA_KM_DOMAIN

KM

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess

LastDomainPrompt: reg_sz

The Default Domain a user will authenticate with when they provide a user name for authentication to Kiosk Mode.

This will also select the configured domain by default when the domain drop down is configured for visibility or the domainlist registry keys have been configured.

X_KM_DOMVIS

KM

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess

isDomainDropdownVisible: reg_dword

0

Enable (1) or Disable (0) the domain drop down display on the Kiosk Mode password authentication dialog. If this setting is disabled, in place of the drop down, the LastDomainPrompt name will be shown to the user. If multiple domains are configured in the setting below, the domain drop down will become visible even when this setting is disabled

KM

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\domainlist

0001: reg_sz

0002: reg_sz

etc.

A numbered list of custom domains that users can authenticate with when using the Kiosk Mode password authentication. If these keys are configured, it will override the X_KM_DOMVIS setting and force the drop down to be visible so that users may select the correct domain to authenticate against.

X_KM_DRVMAP

KM

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess

isXADriveMappingEnabled: reg_dword

0

Enables (1) or Disables (0) kiosk mode drive mapping lookup and processing.

X_KM_PRTMAP

KM

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess

isXAPrinterMappingEnabled: reg_dword

0

Enables (1) or Disables (0) kiosk mode printer mapping when using RUN AS connectors that require the default generic printers to be mapped into the users Windows profile for RUN AS to function and allow printing.

X_LUPE

KM

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess

LastUserPromptEnabled: reg_sz

0

Enables (1) or Disables (0) displaying the last user name on the password authentication dialog in kiosk mode when a user locks or logs off. This is similar to the Windows policy for standard mode to show previous users login names so a returning user does not need to provide it.

X_KM_SL

KM

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess

KMSupportsLock: reg_dword

1

Enables (1) or Disables (0) Kiosk Mode Locking operations. If lock is disabled, idle sessions will always be logged off.

X_PLOLE

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess

PerformLogoffOnLockEnabled: reg_dword

0

Enable (1) or Disable (0) kiosk mode to log off the current users session when the session is locked.

KM

HKLM\Software\HealthCast\ExactAccess

AutoSecureOnWindowsUnlock: reg_dword

0

Indicates weather to support securing the XA desktop in Locking Kiosk Mode (on Windows Unlock) if the Windows workstation is locked before timeout for sessoin lock is triggered. E.g. if Windows is unlocked and the lock timeout of XA is expired, the system will automatically switch to the privacy shield desktop. (This configuration needs to be disabled if using Secure Patient Desktop in conjunction with XA)

Warning

It is recommended that the Workstation Lock feature be disabled on workstations installed with Kiosk Mode so that the Windows-L key can be intercepted to cause a Kiosk Mode Lock instead. If this system policy has been configured, or Secure Patient Desktop is installed, this setting should remain Disabled (0)

KM

HKLM\Software\HealthCast\ExactAccess\Override

DisplayFont: reg_sz

Tahoma

Changes the font used to display the text on the HealthCast screen saver.

KM

HKLM\Software\HealthCast\ExactAccess\Override

ScreenSaverBackgroundColor: reg_dword

0

Changes the color of the background for the HealthCast screen saver.

Color is specified in the following format: NBGR (none,blue,green,red values from left to right 00, BB, GG, RR)

KM

HKLM\Software\HealthCast\ExactAccess\Override

ScreenSaverFontColor: reg_sdword

16777215 (FFFFFF) - white

Changes the color of the text for the HealthCast screen saver.

Color is specified in the following format: NBGR (none,blue,green,red values from left to right 00, BB, GG, RR)

KM

HKLM\Software\HealthCast\ExactAccess\Override

PrivacyShieldBackgroundColor: reg_dword

Changes the color of the text for the KM Privacy Shield.

Color is specified in the following format: NBGR (none,blue,green,red values from left to right 00, BB, GG, RR)

X_DSSE

KM

HKLM\Software\HealthCast\ExactAccess\Display

DisplayOnScreenSaverEnabled: reg_dword

0

Enables (1) or Disables (0) showing the informational bitmap on the screen saver.

X_SX

KM

HKLM\Software\HealthCast\ExactAccess\Display

StartX: reg_dword

0

The X (horizontal) coordinate in pixels of where to start displaying the informational bitmap

X_SY

KM

HKLM\Software\HealthCast\ExactAccess\Display

StartY: reg_dword

0

The Y (vertical) coordinate in pixels of where to start displaying the informational bitmap

X_NSX

KM

HKLM\Software\HealthCast\ExactAccess\Display

NetStartX: reg_dword

65

The X (horizontal) coordinate in pixels of where to start displaying the network connectivity application.

X_NSY

KM

HKLM\Software\HealthCast\ExactAccess\Display

NetStartY: reg_dword

961

The Y (vertical) coordinate in pixels of where to start displaying the network connectivity application.

X_SII

KM

HKLM\Software\HealthCast\ExactAccess\Display

SysInfoImage: reg_sz

The background image to load which contains desired information. May be generated by Microsoft (SysInternals) BGInfo.

Must contain the full path to the BMP image to display

X_UT

KM

HKLM\Software\HealthCast\ExactAccess\Display

UseTransparency: reg_sz

0

Indicates that the image should be drawn transparent so that the configured background color of the privacy shield or screen saver is used instead of the background of the informational image configured.

KM

HKLM\Software\HealthCast\ExactAccess\Display

BioLoginFormStyle: reg_sz

carbon.vsf

The visual style file applied to change the look and feel of the biometric login dialog.

KM

HKLM\Software\HealthCast\ExactAccess\Display

ChangePINFontColor: reg_dword

16777215 (FFFFFF) - white

Changes the color of the text for the "change pin" prompt.

Color is specified in the following format: NBGR (none,blue,green,red values from left to right 00, BB, GG, RR)

KM

HKLM\Software\HealthCast\ExactAccess\Display

ChangePINFontFace: reg_sz

Calibri

Specifies the font face name of the "change pin" prompt

KM

HKLM\Software\HealthCast\ExactAccess\Display

ChangePINFontSize: reg_dword

10

The size of the displayed font in font points.

X_EFC

KM

HKLM\Software\HealthCast\ExactAccess\Display

ErrorFontColor: reg_dword

0

Changes the color of the text for the "error condition" prompt when a user enters an invalid PIN.

Color is specified in the following format: NBGR (none,blue,green,red values from left to right 00, BB, GG, RR)

X_EFF

KM

HKLM\Software\HealthCast\ExactAccess\Display

ErrorFontFace: reg_sz

Calibri

Specifies the font face name of the "error condition" prompt

X_EFS

KM

HKLM\Software\HealthCast\ExactAccess\Display

ErrorFontSize: reg_dword

8

The size of the displayed font in font points.

X_LDFC

KM

HKLM\Software\HealthCast\ExactAccess\Display

LoginDirectionsFontColor: reg_dword

16777215 (FFFFFF) - white

Changes the color of the text for the current "Login Directions". This text may prompt the user to tap a badge, enter their password, enter their user name, or enroll a card.

Color is specified in the following format: NBGR (none,blue,green,red values from left to right 00, BB, GG, RR)

X_LDFF

KM

HKLM\Software\HealthCast\ExactAccess\Display

LoginDirectionsFontFace: reg_sz

Calibri

Specifies the font face name of the "Login Directions" prompt

X_LDFS

KM

HKLM\Software\HealthCast\ExactAccess\Display

LoginDirectionsFontSize: reg_dword

12

The size of the displayed font in font points.

X_LFPFC

KM

HKLM\Software\HealthCast\ExactAccess\Display

LoginFieldPromptFontColor: reg_dword

16777215 (FFFFFF) - white

Changes the color of the text for the login field prompts such as "username", "password" and "domain".

Color is specified in the following format: NBGR (none,blue,green,red values from left to right 00, BB, GG, RR)

X_LFPFF

KM

HKLM\Software\HealthCast\ExactAccess\Display

LoginFieldPromptFontFace: reg_sz

Calibri

Specifies the font face name of the "login fields" prompt

X_LFPFS

KM

HKLM\Software\HealthCast\ExactAccess\Display

LoginFieldPromptFontSize: reg_sz

10

The size of the displayed font in font points.

X_LFS

KM

HKLM\Software\HealthCast\ExactAccess\Display

LoginFormStyle: reg_sz

light.vsf

Login Form Style file path - determines colors, fonts, and borders of input boxes and buttons on the login prompt

X_LOTIV

KM

HKLM\Software\HealthCast\ExactAccess\Display

LogoffDisplayTimeImagesVisible: reg_dword

1

Enable (1) or Disable (0) the Logoff Display Time Images - determines if the images are displayed for auto-logoff

X_LOTV

KM

HKLM\Software\HealthCast\ExactAccess\Display

LogoffDisplayTimeVisible: reg_dword

1

Enable (1) or Disable (0) displaying the current time remaining for the locked user session before it is automatically logged off.

X_LOPOST

KM

HKLM\Software\HealthCast\ExactAccess\Display

PSAutoLogoffPostfix: reg_sz

Logoff Time Postfix text

X_ALOPX

KM

HKLM\Software\HealthCast\ExactAccess\Display

PSAutoLogoffPosX: reg_dword

701

Auto Logoff dsiplay Position Absolute X (horzontal) position

X_ALOPY

KM

HKLM\Software\HealthCast\ExactAccess\Display

PSAutoLogoffPosY: reg_dword

768

Auto Logoff dsiplay Position Absolute Y (vertical) position

X_LOPRE

KM

HKLM\Software\HealthCast\ExactAccess\Display

PSAutoLogoffPrefix: reg_sz

Logoff Time Prefix text

X_ALV

KM

HKLM\Software\HealthCast\ExactAccess\Display

PSAutoLogoffVisible: reg_dword

Enable (1) or Disable (0) displaying the user session information on the privacy shield.

X_LIFC

KM

HKLM\Software\HealthCast\ExactAccess\Display

PSLoginNameFontColor: reg_dword

16777215 (FFFFFF) - white

Changes the color of the text for the Login name displayed on the privacy shield.

Color is specified in the following format: NBGR (none,blue,green,red values from left to right 00, BB, GG, RR)

X_LIFF

KM

HKLM\Software\HealthCast\ExactAccess\Display

PSLoginNameFontFace: reg_sz

Calibri

Specifies the font face name of the "Login name" display.

X_LIFS

KM

HKLM\Software\HealthCast\ExactAccess\Display

PSLoginNameFontSize: reg_dword

24

The size of the displayed font in font points.

X_ALV

KM

HKLM\Software\HealthCast\ExactAccess\Display

PSLoginNameVisible: reg_dword

1

Enable (1) or Disable (0) displaying the current users name on the privacy shield when the system is locked.

X_LOTFC

KM

HKLM\Software\HealthCast\ExactAccess\Display

PSLogoffTimeFontColor: reg_dword

16777215 (FFFFFF) - white

Changes the color of the text for the count down timer (for autologoff) on the privacy shield.

Color is specified in the following format: NBGR (none,blue,green,red values from left to right 00, BB, GG, RR)

X_LOTFF

KM

HKLM\Software\HealthCast\ExactAccess\Display

PSLogoffTimeFontFace: reg_sz

Calibri

Specifies the font face name of the "autologoff time" display

X_LOTFS

KM

HKLM\Software\HealthCast\ExactAccess\Display

PSLogoffTimeFontSize: reg_dword

28

The size of the displayed font in font points.

KM

HKLM\SOFTWARE\HealthCast\eXpressAccess

AutoStartScreenSaverOnTapOut: reg_dword

0

Enables (1) or Disables (0) automatically starting the configured WIndows screen saver when a user taps out of ExactAccess

X_ALTLE

KM

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\Override

AlternateLoginEnabled: reg_dword

0

Elables (1) or Disables (0) Alternate Login Button - when using both biometric and standard username and password, allow a user to switch between the primary and secondary.

X_EASE

KM

0

Kiosk Mode Shell replacement allows for hiding the Windows desktop. 0 = Windows Desktop is enabled, 1 = Windows Desktop is hidden. Windows desktop is always enabled for administrative accounts.

Warning

See additional requirements for configuring this setting on Windows 10 systems in shell replacement.

XAD_ENABLED

KM

0

Kiosk Mode Operations Mode. 0=Full SSO operation, 1 = passthrough only operation. Setting this value to 1 on the command line adjusts several properties to enable passthrough operation.

X_PRMPT_ENC

KM

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess

PromptEncryptionClass: reg_sz

BLOWFISH

Encryption Class to use for in-memory Password storage

can be:

BLOWFISH

RIJNDAEL

RDP Connection Settings

Parameter Name

Applicable

Modes

Registry Keys Affected

Value

Setting Description

X_RDC_TS

KM

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\RDP Settings

TerminalServer: reg_sz

<Terminal Server Name>:<connection broker port>

X_RDC_MPORTS

KM

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\RDP Settings

MapPorts: reg_sz

false

Map COM Ports

X_RDC_MPOS

KM

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\RDP Settings

MapPOSDevices: reg_sz

false

Map POS Devices

X_RDC_PRINT

KM

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\RDP Settings

MapPrinter: reg_sz

true

Map Printers

X_RDC_MSC

KM

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\RDP Settings

MapSmartCards: reg_sz

false

Map Smart Card Devices

X_RDC_PDW

KM

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\RDP Settings

PortraitDisplayWindowed: reg_sz

true

Portrait Display Windowed

X_RDC_SFS

KM

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\RDP Settings

StartFullScreen: reg_sz

true

Start Full Screen

X_RDC_MCB

KM

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\RDP Settings

MapClipboard: reg_sz

false

Map Clipboard

X_RDC_MD

KM

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\RDP Settings

MapDrives: reg_sz

false

Map Drives

KM

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\RDP Settings

ConnectionBarShowMinimizeButton: reg_sz

true

Show the minimize button on the terminal connection bar

KM

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\RDP Settings

DisplayConnectionBar: reg_sz

false

Show the terminal connection bar

KM

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\RDP Settings

LogoffXAOnShutdown: reg_sz

false

KM

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\RDP Settings

ConnectionBarShowRestoreButton: reg_sz

true

Show the restore button on the terminal connection bar

KM

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\RDP Settings

MaxScreenHeight: reg_sz

2048

Maximum display Height of the connection window

KM

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\RDP Settings

MaxScreenWidth: reg_sz

4096

Maximum display Width of the connection window

KM

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\RDP Settings

PinConnectionBar: reg_sz

false

Pin the connection bar so that it is always displayed on screen (does not self hide)

KM

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\RDP Settings

DisableFullscreen: reg_sz

false

KM

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\RDP Settings

ProgramPathFileName: reg_sz

The application executable name to start on the terminal server when the session is connected

KM

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\RDP Settings

UseMultiMonitors: reg_sz

true

Allows the RDP connection to span multiple monitors if there are more than one connected to the end point.

KM

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\RDP Settings

ProgramWorkDir: reg_sz

Path to an application (to start) folder on the terminal server when the session is connected

VMware Horizon View Connection Settings

Parameter Name

Applicable

Modes

Registry Keys Affected

Value

Setting Description

X_VW_DT

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\View Settings

DesktopPool: reg_sz

VMware Horizon View plug-in Desktop Pool

X_VW_URL

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\View Settings

ServerURL: reg_sz

VMware Horizon View plug-in connection URL

Citrix ICA Connection Settings

Parameter Name

Applicable

Modes

Registry Keys Affected

Value

Setting Description

XA_CS1, XA_CS2, XA_CS3

KM

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\ICA Settings

CitrixServer: reg_sz

CitrixBackupServer: reg_sz

CitrixSecondarybackup: reg_sz

Citrix servers used for passthrough connection to citrix published desktop operations

X_ICA_DC_LOCK

KM

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\ICA Settings

DisconnectOnLock: reg_sz

true

Citrix Plug-In Disconnect On Lock

X_ICA_DC_LOGOFF

KM

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\ICA Settings

DisconnectOnLogoff: reg_sz

true

Citrix Plug-In Disconnect On Logoff

X_ICA_CON_TYPE

KM

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\ICA Settings

BrowserProtocol: reg_sz

HTTPonTCP

Citrix Plug-In Connection Type

X_ICA_TD

KM

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\ICA Settings

TransportDriver: reg_sz

TCI/IP

Citrix Plug-In Transport Driver

X_ICA_ENC_LVL

KM

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\ICA Settings

EncryptionLevel: reg_sz

EncRC5-128

Citrix Plug-In Encryption Level

X_ICA_SESS_REL

KM

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\ICA Settings

SessionReliability: reg_sz

true

Citrix Plug-In Session Reliability

X_ICA_AUD_LVL

KM

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\ICA Settings

ClientAudio: reg_sz

true

Citrix Plug-In send audio to client

X_ICA_AUD_BAND

KM

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\ICA Settings

ClientAudioBandwidth: reg_sz

0

Citrix Plug-In Audio Bandwidth

KM

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\ICA Settings

HelpDeskMessage: reg_sz

If an error occurs, this message will be displayed to the end user to call their support desk contact

KM

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\ICA Settings

LogoffOnLock: reg_sz

true

Logoff the Citrix client session when the end point xa client locks

KM

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\ICA Settings

LogoffXAOnShutdown

true

Logoff the Citrix client session when the end point XA client is shut down (typically only in non-locking kiosk mode)

X_CTX_DESK_NAME

KM

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\ICA Settings

PublishedDesktopName

The name of the desktop to connect to in <Farm Name>:<Published Desktop Name format>

Citrix StoreFront Connection Settings

Parameter Name

Applicable Modes

Registry Keys Affected

Value

Setting Description

X_SF_RN

ALL

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\Storefront Settings\Notify

ResourceName: reg_sz

Published Name textbox on the sfConnect Configuration tool.

The published resource name on Citrix StoreFront site.

X_SF_AT

ALL

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\Storefront Settings\Notify

AppTitle: reg_sz

Window Title textbox on the sfConnect Configuration tool.

Window Title of the published resource.Set with the Window Title the sfConnect Configuration tool

X_SF_URL

ALL

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\Storefront Settings\Notify

URL: reg_sz

Storfront URL textbox on the sfConnect Configuration tool.

This is the Receiver for Web Sites URL

X_SF_AUTH

ALL

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\Storefront Settings\Notify

AuthenticationType: reg_sz

0

Authentication Type radio buttons on the sfConnect Configuration tool.

Can be one of the following values

(0) XA User

(1) Windows User

X_SF_FD

ALL

ALL HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\Storefront Settings\Notify

IsDesktop: reg_sz

true

Application Type radio buttons on the sfConnect Configuration tool.

True indicates the published resource is a VDI or shared desktop

Note

This should be set to true when configured in kiosk mode passthrough

X_SF_FS

ALL

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\Storefront Settings\Notify

SetFullScreen: reg_sz

true

Set to full screen check box on the sfConnect Configuration tool.

Set the VDI or shared desktop to maximized so it takes the full screen

Note

This should be set to true when configured in kiosk mode passthrough

X_SF_Log

ALL

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\Storefront Settings\Notify

EnableLogging: reg_sz

Enable Debug Logging check box on the sfConnect Configuration tool.

True = logging enabled

False = logging disabled

X_SF_TL

ALL

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\Storefront Settings\Notify

TraceLevel: reg_sz

Trace Level drop down list on the sfConnect Configuration tool.

Set Trace level 1 – 4 for logging. The higher the trace level the more detailed logging.

X_SF_Hide

ALL

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\Storefront Settings\Notify

HideOnQuit: reg_sz

true

Hide Application On Quit: Registry only setting to hide a running application when transitioning a Tap over\Tap out.

ALL

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\Storefront Settings\Notify

useTls12: reg_sz

true

Allow use of TLS 1.2 to connect to Store Front HTTPS site