Kiosk Mode - Passthrough
The XA Passthrough Authentication workflow configuration allows users to configure their environment for quick and direct access to an RDP terminal server session, a Citrix ICA session, a Citrix Storefront session, or a VMware Horizon View session.
The operation of this configuration can also be enhanced with the addition of the ExactAccess shell replacement option. When the shell replacement software is paired with domain policies to secure the Windows desktop, users are not able to interact with the local file system or Windows desktop for added security. This feature is automatically disabled for Administrative users to perform maintenance on the workstation.
The XA Passthrough Authentication configuration requires only the HealthCast Prox/Auth server to reduce server requirements; the full XA server software suite is supported, but not required.
Interactive Installation
Tip
ExactAccess client supports both 32-bit and 64-bit operating system. Choose the appropriate installation MSI for the operating system target:
for 32-bit clients: HealthCast ExactAccess Client.msi (not supported for Roaming Sessions installations)
for 64-bit clients: HealthCast ExactAccess Client x64.msi
Run the MSI
Adjust install directory if desired
Click Install
Confirm UAC if prompted
Client Configuration Tool will start when the install is complete
Select Change Mode button
Choose Kiosk Mode
Select Operation Tab
Choose Passthrough
Follow the instructions outlined below for the appropriate connection type
TIp
The instructions below indicate to log in as an administrator and run the Client Configuration Tool. During installation, this tool is started for you automatically and is running as an administrator. Those steps can be skipped during this process. Start with step 3 for the desired configuration.
After UI configuration is complete, select Finish and reboot the workstation when prompted.
Remote Desktop Protocol (RDP)
Info
Remote Desktop Protocol (RDP) 7 and 8 are supported.
Warning
If you are using RDP to connect to a Citrix Desktop, it is necessary to prevent RDP Locked Sessions on the Citrix Server. See Citrix KB Article CTX138189for information on how to configure this setting.
Log-in as a Local Administrator to the workstation you would like to make changes on. The Client Configuration Tool will only run under an account with Local Administrator privileges.
Navigate to the Windows® Start menu> All Programs > HealthCast > ExactAccess > Utilities > Configuration > Client Configuration.
Click the Operation tab to show the type of configuration
Select the "Passthrough authentication only" option.
Select the item "Microsoft RDC or Citrix ICA connection" and click the "Configure..." button.
From this menu option, select the Microsoft RDC button to configure and activate support for RDC connectivity.
Enter the information appropriate for your environment in the configuration settings page for RDC.
Command line deployment
Tip
ExactAccess client supports both 32-bit and 64-bit operating system. Choose the appropriate installation MSI for the operating system target:
for 32-bit clients: HealthCast ExactAccess Client.msi
for 64-bit clients: HealthCast ExactAccess Client x64.msi
msiexec /i "HealthCast ExactAccess Client.msi" XA_MODE=KM XA_PROX_AUTH=myProxAuthServer XAD_ENABLED=1 X_PLUGIN=RDC X_RDC_TS=myTSserver:port# X_KM_DOMAIN=HEALTHCAST X_PSE=0 X_PIN_LEN=5 X_RUN_CONFIG=0 /qn
Citrix ICA
Info
Citrix Receiver 4.3-4.7 are supported
Warning
The embedded ICA connection does not support connections to XenDesktop remote sessions. It will connect to published desktops made available through Citrix XenApp.
To connect to XenDesktop remote sessions, use the Citrix Storefront option.
Log-in as a Local Administrator to the workstation you would like to make changes on. The Client Configuration Tool will only run under an account with Local Administrator privileges.
Navigate to the Windows® Start menu> All Programs > HealthCast > ExactAccess > Utilities > Configuration > Client Configuration.
Click the Operation tab to show the type of configuration
Select the "Passthrough authentication only" option.
Select the item "Microsoft RDC or Citrix ICA connection" and click the "Configure..." button.
From this menu option, select the Citrix ICA button to configure and activate support for ICA connectivity.
Enter the information appropriate for your environment in the configuration settings page for ICA.
Tip
If you have change the XML broker port for your Citrix servers, on the Server Name field, enter the server name colon (:) port together. If you are using the default port for the XML broker, the port specification can be omitted.
example: server:port
Command line deployment
Tip
ExactAccess client supports both 32-bit and 64-bit operating system. Choose the appropriate installation MSI for the operating system target:
for 32-bit clients: HealthCast ExactAccess Client.msi
for 64-bit clients: HealthCast ExactAccess Client x64.msi
msiexec /i "HealthCast ExactAccess Client.msi" XA_MODE=KM XA_PROX_AUTH=myProxAuthServer XAD_ENABLED=1 X_PLUGIN=ICA X_CS1=myCitrixserver:8080 X_KM_DOMAIN=HEALTHCAST X_PSE=0 X_PIN_LEN=5 X_RUN_CONFIG=0 /qn
Citrix Storefront
Warning
HTTP Basic authentication must be enabled on the StoreFront servers
Info
Citrix Receiver client versions supported: 4.2 - 4.9
Log-in as a Local Administrator to the workstation you would like to make changes on. The Client Configuration Tool will only run under an account with Local Administrator privileges.
Navigate to the Windows® Start menu> All Programs > HealthCast > ExactAccess > Utilities > Configuration > Client Configuration.
Click the Operation tab to show the type of configuration
Select the "Passthrough authentication only" option.
Select the item "Citrix Storefront connection" and click the "Configure..." button.
Enter the information appropriate for your environment in the configuration settings page for StoreFront.
Published Name - This is the name of the resource to be launched. The same name that is displayed on the StoreFront web page.
Window Title - This is the text that appears in the title bar of the published resource. Typically the published name a space and a "-" is sufficient.
Storefront URL - This is the Receiver for Web Sites URL found in Citrix Studio > Citrix Storefront > Stores. The correct URL – when placed in a browser should resolve to the Citrix StoreFront login page.
Authentication Type – Determine what credentials to use when authenticating to StoreFront. Select XA User to use the XA Users credentials, select Windows User to use the Windows user credentials.
Application Type - If the published resource is a Shared desktop or VDI select the Shared desktop or VDI radio button if the published resource is an application i.e. Microsoft Notepad or Calculator, select the Published application radio button.If the Shared desktop or VDI radio button is selected the Set to Full Screen checkbox is enabled. If checked the Shared desktop or VDI will be displayed in full screen and the Citrix Tool bar is hidden limiting the user to the VDI or Shared Desktop.
Logging– If checked pubLauncherSF will log to %AppData%\HealthCast\logs\pubLauncherSF.log.
When enabled the application will log to the C:\Users\<username>\AppData\Roaming\HealthCast\logs\sfConnect.log file.
TraceLevel – Set Trace level 1 – 4 for logging. The higher the trace level the more detailed logging.
1 – minimal
2 – low
3 – medium
4 – verbose
VMware Horizon View
Info
VMware Horizon client versions supported: 4.0 - 4.6.1
Log-in as a Local Administrator to the workstation you would like to make changes on.
The Client Configuration Tool will only run under an account with Local Administrator privileges.
Navigate to the Windows® Start menu> All Programs > HealthCast > ExactAccess > Utilities > Configuration > Client Configuration.
Click the Operation tab to show the type of configuration
Select the "Passthrough authentication only" option.
Select the item "VMware Horizon View connection" and click the "Configure..." button.
Enter the information appropriate for your environment in the configuration settings page for Horizon View.
Command line deployment
Tip
ExactAccess client supports both 32-bit and 64-bit operating system. Choose the appropriate installation MSI for the operating system target:
for 32-bit clients: HealthCast ExactAccess Client.msi
for 64-bit clients: HealthCast ExactAccess Client x64.msi
msiexec /i "HealthCast ExactAccess Client.msi" XA_MODE=KM XA_PROX_AUTH=myProxAuthServer XAD_ENABLED=1 X_PLUGIN=VIEW X_VW_DT=myDeskPool X_VW_URL=myViewURL X_KM_DOMAIN=HEALTHCAST X_PSE=0 X_PIN_LEN=5 X_RUN_CONFIG=0 /qn
Command Line Installation
See Configuring KM Passthrough Connectivity for details.
Configuring KM Passthrough Connectivity
Installation command line parameters for Kiosk Mode with passthrough configuration
From an administrative command prompt (or remote deployment package), execute the ExactAccess client install with the appropriate command line parameters. Below are the minimum values that need to be configured.
Set kiosk mode: XA_MODE=KM
Set the servers: XA_PROX_AUTH=<name of server>
Set to use no SSO: XAD_ENABLED=1
Select the appropriate plug-in connector
X_PLUGIN=RDC
Set the RDC server to connect to: X_RDC_TS=<Remote Desktop server name:[optional port number]>
example: X_RDC_TS=myRDServer:443
X_PLUGIN=ICA
Set the Citrix server to connect to: X_CS1=<server name:port>
example: X_CS1=myCTXServer:80
Tip
Additional X_CS2 and X_CS3 may be specified for additional fail over servers.
X_PLUGIN=VIEW
Set the Desktop Pool: X_VW_DT=<pool name>
Set the Server URL: X_VW_URL=<server URL>
X_PLUGIN=SF
set the resource name as published for Store Front : X_SF_RN=<resource name>
set the app title: X_SF_AT=<application title>
Set the Kiosk Domain to validate users against: X_KM_DOMAIN=<Default Domain>
Enable PIN Support: X_PSE=0 (by default, PIN support is DISABLED)
-1 = Pin support DISABLED (value as: X_PSE=4294967295)
0 = Always prompt for PIN on every login (may also prompt for password if it is expired)
Set PIN Minimum Length: X_PIN_LEN=<4, 5, or 6>
(optional) Enable ExactAccess Shell replacement: X_EASE=1
Warning
See the Shell replacement page for additional required setup on Windows 10 workstations.
(optional) Disable remote auth for domain joined workstations if desired: X_RARL=0
Disable running configuration tool after install/upgrade: X_RUN_CONFIG=0
Tip
If you are configuring your workstations against a full installation of ExactAccess server, the additional server values may be specified for complete operation:
Set the server for HCIDeploy: X_D_SRV=<name of server>
Set the server for audit: X_AUDIT_SRV=<name of server>
Configuring Connectivity Plug-ins with the Client Configuration Tool
Info
Remote Desktop Protocol (RDP) 7 and 8 are supported.
Warning
If you are using RDP to connect to a Citrix Desktop, it is necessary to prevent RDP Locked Sessions on the Citrix Server. See Citrix KB Article CTX138189for information on how to configure this setting.
Log-in as a Local Administrator to the workstation you would like to make changes on. The Client Configuration Tool will only run under an account with Local Administrator privileges.
Navigate to the Windows® Start menu> All Programs > HealthCast > ExactAccess > Utilities > Configuration > Client Configuration.
Click the Operation tab to show the type of configuration
Select the "Passthrough authentication only" option.
Select the item "Microsoft RDC or Citrix ICA connection" and click the "Configure..." button.
From this menu option, select the Microsoft RDC button to configure and activate support for RDC connectivity.
Enter the information appropriate for your environment in the configuration settings page for RDC.
Tip
ExactAccess client supports both 32-bit and 64-bit operating system. Choose the appropriate installation MSI for the operating system target:
for 32-bit clients: HealthCast ExactAccess Client.msi
for 64-bit clients: HealthCast ExactAccess Client x64.msi
msiexec /i "HealthCast ExactAccess Client.msi" XA_MODE=KM XA_PROX_AUTH=myProxAuthServer XAD_ENABLED=1 X_PLUGIN=RDC X_RDC_TS=myTSserver:port# X_KM_DOMAIN=HEALTHCAST X_PSE=0 X_PIN_LEN=5 X_RUN_CONFIG=0 /qn
Info
Citrix Receiver 4.3-4.7 are supported
Warning
The embedded ICA connection does not support connections to XenDesktop remote sessions. It will connect to published desktops made available through Citrix XenApp.
To connect to XenDesktop remote sessions, use the Citrix Storefront option.
Log-in as a Local Administrator to the workstation you would like to make changes on. The Client Configuration Tool will only run under an account with Local Administrator privileges.
Navigate to the Windows® Start menu> All Programs > HealthCast > ExactAccess > Utilities > Configuration > Client Configuration.
Click the Operation tab to show the type of configuration
Select the "Passthrough authentication only" option.
Select the item "Microsoft RDC or Citrix ICA connection" and click the "Configure..." button.
From this menu option, select the Citrix ICA button to configure and activate support for ICA connectivity.
Enter the information appropriate for your environment in the configuration settings page for ICA.
Tip
If you have change the XML broker port for your Citrix servers, on the Server Name field, enter the server name colon (:) port together. If you are using the default port for the XML broker, the port specification can be omitted.
example: server:port
Tip
ExactAccess client supports both 32-bit and 64-bit operating system. Choose the appropriate installation MSI for the operating system target:
for 32-bit clients: HealthCast ExactAccess Client.msi
for 64-bit clients: HealthCast ExactAccess Client x64.msi
msiexec /i "HealthCast ExactAccess Client.msi" XA_MODE=KM XA_PROX_AUTH=myProxAuthServer XAD_ENABLED=1 X_PLUGIN=ICA X_CS1=myCitrixserver:8080 X_KM_DOMAIN=HEALTHCAST X_PSE=0 X_PIN_LEN=5 X_RUN_CONFIG=0 /qn
Warning
HTTP Basic authentication must be enabled on the StoreFront servers
Info
Citrix Receiver client versions supported: 4.2 - 4.9
Log-in as a Local Administrator to the workstation you would like to make changes on. The Client Configuration Tool will only run under an account with Local Administrator privileges.
Navigate to the Windows® Start menu> All Programs > HealthCast > ExactAccess > Utilities > Configuration > Client Configuration.
Click the Operation tab to show the type of configuration
Select the "Passthrough authentication only" option.
Select the item "Citrix Storefront connection" and click the "Configure..." button.
Enter the information appropriate for your environment in the configuration settings page for StoreFront. Example:
Published Name - This is the name of the resource to be launched. The same name that is displayed on the StoreFront web page.
Window Title - This is the text that appears in the title bar of the published resource. Typically the published name a space and a "-" is sufficient.
Storefront URL - This is the Receiver for Web Sites URL found in Citrix Studio > Citrix Storefront > Stores. The correct URL – when placed in a browser should resolve to the Citrix StoreFront login page.
Authentication Type – Determine what credentials to use when authenticating to StoreFront. Select XA User to use the XA Users credentials, select Windows User to use the Windows user credentials.
Application Type - If the published resource is a Shared desktop or VDI select the Shared desktop or VDI radio button if the published resource is an application i.e. Microsoft Notepad or Calculator, select the Published application radio button.If the Shared desktop or VDI radio button is selected the Set to Full Screen checkbox is enabled. If checked the Shared desktop or VDI will be displayed in full screen and the Citrix Tool bar is hidden limiting the user to the VDI or Shared Desktop.
Logging– If checked pubLauncherSF will log to %AppData%\HealthCast\logs\pubLauncherSF.log.
When enabled the application will log to the C:\Users\<username>\AppData\Roaming\HealthCast\logs\sfConnect.log file.
TraceLevel – Set Trace level 1 – 4 for logging. The higher the trace level the more detailed logging.
1 – minimal
2 – low
3 – medium
4 – verbose
Info
VMware Horizon client versions supported: 4.0 - 4.6.1
Log-in as a Local Administrator to the workstation you would like to make changes on.
The Client Configuration Tool will only run under an account with Local Administrator privileges.
Navigate to the Windows® Start menu> All Programs > HealthCast > ExactAccess > Utilities > Configuration > Client Configuration.
Click the Operation tab to show the type of configuration
Select the "Passthrough authentication only" option.
Select the item "VMware Horizon View connection" and click the "Configure..." button.
Enter the information appropriate for your environment in the configuration settings page for Horizon View.
Tip
ExactAccess client supports both 32-bit and 64-bit operating system. Choose the appropriate installation MSI for the operating system target:
for 32-bit clients: HealthCast ExactAccess Client.msi
for 64-bit clients: HealthCast ExactAccess Client x64.msi
msiexec /i "HealthCast ExactAccess Client.msi" XA_MODE=KM XA_PROX_AUTH=myProxAuthServer XAD_ENABLED=1 X_PLUGIN=VIEW X_VW_DT=myDeskPool X_VW_URL=myViewURL X_KM_DOMAIN=HEALTHCAST X_PSE=0 X_PIN_LEN=5 X_RUN_CONFIG=0 /qn
Registry Settings
Parameter Name | Applicable Modes | Registry Keys Affected | Value | Setting Description |
---|---|---|---|---|
XA_SRV | ALL | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\Servers\INDY 0000: reg_sz | Valid Server NETBIOS or FQDN Name or IP address | Primary XA (SSO) server name |
XA_AUDIT_SRV | ALL | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\AuditServerClient\Connection\INDY 0000: reg_sz | Valid Server NETBIOS or FQDN Name or IP address | auditSERVER name |
XA_PRX_SRV | ALL | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ProxCardClient\Indy 0000: reg_sz | Valid Server NETBIOS or FQDN Name or IP address | Prox Card Server Name |
X_D_SRV | ALL | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\HCIDeployClient\Indy 0000: reg_sz | Valid Server NETBIOS or FQDN Name or IP address | HCIDeploy server name |
X_RA_SRV | KM | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\HCCitrixSessionDirectory\INDY 0000: reg_sz | Valid Server NETBIOS or FQDN Name or IP address | Remote Authentication Server name |
X_PREF_IPV4 | ALL | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ProxCardClient PreferIPv4: reg_dword HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess PreferIPv4: reg_dword HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\AuditServerClient PreferIPv4: reg_dword HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\HCCitrixSessionDirectory PreferIPv4: reg_dword HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\HCIDeployClient PreferIPv4: reg_dword | 1 | Indicates that any TCP/IP communication prefers to use IPv4 when IPv6 is installed and available This setting will be ignored if the *_SRV setting(s) listed above contain a direct IPv6 address. |
Parameter Name | Applicable Modes | Registry Keys Affected | Value | Setting Description |
---|---|---|---|---|
X_SP | ALL | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\Servers\INDY Port: reg_dword | 15001 | Communications port for XA (SSO) server |
ALL | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\Servers\INDY EnabledServerIDs: reg_sz | 0000 | Enabled Servers List. Comma delimited list of server identifiers 0000,0001,0002, etc. | |
XA_EC | ALL | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\SocketTransport\Indy Encryption: reg_sz | RIJNDAEL | Encryption Class: RIJNDAEL, RIJNDAEL128, RIJNDAEL256, BLOWFISH, BLOWFISH256, TWOFISH, SERPENT |
XA_CC | ALL | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\SocketTransport\Indy Compression: reg_sz | VCLZIP | Compression Class: NONE, VCLZIP |
Parameter Name | Applicable Modes | Registry Keys Affected | Value | Setting Description |
---|---|---|---|---|
XA_PRX_SRV_PRT | SUM,KM | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ProxCardClient\Indy Port: reg_dword | 30000 | Communications port for Proxcard Server |
ALL | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ProxCardClient\Indy EnabledServerIDs: reg_sz | 0000 | Enabled Servers List. Comma delimited list of server identifiers 0000,0001,0002, etc. | |
SUM,KM | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\SocketTransport\Indy Encryption: reg_sz | RIJNDAEL | Encryption Class: RIJNDAEL, RIJNDAEL128, RIJNDAEL256, BLOWFISH, BLOWFISH256, TWOFISH, SERPENT | |
SUM,KM | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\SocketTransport\Indy Compression: reg_sz | VCLZIP | Compression Class: NONE, VCLZIP | |
X_PROX_RT | SUM,KM | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ProxCardClient ReaderType: reg_sz | USB | ProxCard ReaderType USB - RFIdeas USB device support RFVC - RFIdeas Linux -> Citrix session support RFSerial - RFIdeas Reader Serial device support SCARD - OMNIKEY Reader support |
X_PSE | SUM,KM | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ProxCardClient\PIN PinPromptInMinutes: red_dword | 4294967295 | Specify enabling PIN Support. Users will be prompted to validate with pin: Set this to enabled (4294967295) or disabled (0) |
X_PIN_LEN | SUM,KM | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ProxCardClient\PIN MinPinLength: reg_dword | 4 | Specify the minimum PIN length a user must use when enrolling a PIN: 4, 5, or 6 |
X_ALLOW_PIN | SUM,KM | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ProxCardClient\PIN AllowPinEnrollment: reg_dword | 1 | Set this to enable (1) or disable (0) PIN Self enrollment. |
X_PSCL | SUM,KM | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ProxCardClient ParityStripCountLeading: reg_dword | 0 | Parity Strip Count Leading bits |
X_PSCT | SUM,KM | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ProxCardClient ParityStripCountTrailing: reg_dword | 0 | Parity Strip Count Trailing bits |
X_BBS | SUM,KM | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ProxCardClient BlankBadgeScan: reg_dword | 1 | Blank Badge Scanning allowed - if this setting is disabled, enrollment of unassigned cards is disabled. |
X_HPI | SUM,KM | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ProxCardClient HardwarePollInterval: reg_dword | 500 | Hardware polling interval in milliseconds |
X_TOUT | SUM,KM | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ProxCardClient SupportTapoutUpdateTime: reg_dword | 1 | Rolling password save enabled |
X_PSWT | SUM,KM | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ProxCardClient ServiceStartupConnectionWaitTimeout: reg_dword | 30 | Service Startup Connection Wait Timeout in seconds |
X_VBC | SUM,KM | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ProxCardClient ValidBitCount: reg_sz | Valid Bit Count comma delimited list | |
X_PIBCM | SUM,KM | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ProxCardClient InvalidBitCountMessage: reg_sz | Message to display to user when their card has an invalid bit count | |
X_PIFM | SUM,KM | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ProxCardClient InvalidFacilityMessage: reg_sz | Message to display to user when their card has an invalid facility code | |
X_PIPM | SUM,KM | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ProxCardClient InvalidParityMessage: reg_sz | Message to display to user when their card has an invalid parity calculation | |
X_PIRM | SUM,KM | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ProxCardClient InvalidRangeMessage: reg_sz | Message to display to user when their card has an ID that is not in a valid range | |
X_PSEDM | KM | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ProxCardClient SelfEnrollmentDisabledMessage: reg_sz | Message to display to user when prox card self enrollment has been disabled | |
X_PSDM | SUM,KM | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ProxCardClient ServerDownMessage: reg_sz | Message to display to the user when the server cannot be contacted | |
X_PIN_AT | SUM,KM | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ProxCardClient PIN_Auth_Title: reg_sz | AUTHENTICATION | Title of message to prompt user for PIN Authentication |
X_PIN_ET | SUM,KM | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ProxCardClient PIN_Enroll_Title: reg_sz | ENROLLMENT | Title of message to prompt user for PIN Enrollment |
X_CPT | SUM,KM | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ProxCardClient PIN_Change_Message: reg_sz | Change my PIN | Message to prompt user for manually changing their PIN |
X_BMML | SUM,KM | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ProxCardClient BadgeMsg_ManualLogin: reg_sz | Enter username and password | Message to prompt user for manual login when prox reader is not attached |
X_BMUA | SUM,KM | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ProxCardClient BadgeMsg_UnAuthenticated: reg_sz | Enter your password | Message to prompt user their badge is not authenticated and a password is required |
X_BMUR | SUM,KM | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ProxCardClient BadgeMsg_Unregistered: reg_sz | Enter username and password to register badge. | Message to prompt the user for badge enrollment (the card is not registered) |
X_PX_RB | SUM,KM | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ProxCardClient CardRequiredForLogin: reg_dword | 0 | Require Proxcard for Login enabled(1) or disabled(0) |
HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ProxCardClient HWGConfig: reg_sz | The full path and filename to an HWG+ formatted configuration file that will be used to configure the proximity card reader device. WarningSetting this file path overrides all other prox card device configuration settings as specified in the registry, as well as those that are built into the product. This includes Parity Strip count, Reader Beep, MessageValidForMS, and potentially ValidBitCount settings. Use caution when using this method to configure devices, and ensure proper operation before distribution. | |||
X_PSWT | HKEY_LOCAL_MACHINE\Software\HealthCast\ProxCardClient ServcieStartupConnectionWaitTimeout: reg_dword | 30 | This setting indicates how long to wait during a startup phase to ignore server/network availability errors before reporting a problem to the HealthCast client. | |
HKEY_LOCAL_MACHINE\Software\HealthCast\ProxCardClient ReaderBeepEnabled: reg_dword | Indicates if using a RFIdeas reader model that includes an internal speaker, that tapping a badge the reader will beep indicating the badge was read. | |||
ALL | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ProxCardClient ConnectionTimeout: reg_dword | 1 | The time in seconds that the client will attempt to connect to the all of the configured servers before returning an error to the client for a connection failure. | |
SUM,KM | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ProxCardClient BeepSoundFile: reg_sz | <install folder path>\beep2.wav | The default WAV file that will play when a card is tapped, and the setting to play beep sound is enabled | |
X_BEEP | SUM,KM | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ProxCardClient BeepSoundPlayOnBadgeTap: reg_dword | 0 | Beep sound is enabled to play when set to 1, disabled when set to 0 |
Parameter Name | Applicable Modes | Registry Keys Affected | Value | Setting Description |
---|---|---|---|---|
ALL | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\AuditServerClient\Connection\INDY SocketPort: reg_dword | 25000 | Communications port for auditSERVER | |
ALL | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\AuditServerClient\Connection\INDY EnabledServerIDs: reg_sz | 0000 | Enabled Servers List. Comma delimited list of server identifiers 0000,0001,0002, etc. | |
ALL | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\AuditServerClient\Connection\INDY EncryptionClass: reg_sz | NONE | Encryption Class: RIJNDAEL, RIJNDAEL128, RIJNDAEL256, BLOWFISH, BLOWFISH256, TWOFISH, SERPENT | |
ALL | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\AuditServerClient\Connection\INDY CompressionClass: reg_sz | VCLZIP | Compression Class: NONE, VCLZIP |
Parameter Name | Applicable Modes | Registry Keys Affected | Value | Setting Description |
---|---|---|---|---|
X_RA_PORT | KM | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\AuditServerClient\Connection\INDY SocketPort: reg_dword | 20000 | Communications port for Remote Authentication |
KM | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\HCCitrixSessionDirectory\INDY EnabledServerIDs: reg_sz | Enabled Servers List. Comma delimited list of server identifiers 0000,0001,0002, etc. | ||
X_RAEC | KM | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\HCCitrixSessionDirectory Encryption: reg_sz | NONE | Encryption Class: (Only if communicating with a server Advanced Communications port: 20001) RIJNDAEL, RIJNDAEL128, RIJNDAEL256, BLOWFISH, BLOWFISH256, TWOFISH, SERPENT If communicating with the Compatibility communication port: 20000, this setting MUST match the configuration on the server: RIJNDAEL, BLOWFISH |
X_RACC | KM | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\HCCitrixSessionDirectory Compression: reg_sz | VCLZIP | Compression Class: NONE, VCLZIP If communicating with the Compatibility communication port: 20000, this setting MUST match the configuration on the server: NONE, VCLZIP |
X_RARL | KM | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\HCCitrixSessionDirectory RemoteLogon: reg_dword | 1 | Remote Authentication Enabled (1) or Disabled (0) |
X_RAID | KM | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\HCCitrixSessionDirectory ID: reg_sz | EA12G54 | Remote Authentication Shared Key for legacy communications If communicating with the Compatibility communication port: 20000, this setting MUST match the configuration on the server |
Parameter Name | Applicable Modes | Registry Keys Affected | Value | Setting Description |
---|---|---|---|---|
XA_N_BREQ | ALL | HKEY_LOCAL_MACHINE\SOFTWARE\Identity Automation\XANotification BindingRequest: reg_sz | tcp://127.0.0.1:6226 | The port specified 6226 can be adjusted if necessary. NoteThe Windows (or other) Firewall may also need to be adjusted to allow network communication on this port for proper communication on the local machine between the XA client and the Browser Plug-in. The port must match what is used in |
XA_N_BRESP | ALL | HKEY_LOCAL_MACHINE\SOFTWARE\Identity Automation\XANotification BindingResponse: reg_sz | tcp://localhost:6226 | The port specified 6226 can be adjusted if necessary. NoteThe Windows (or other) firewall may also need to be adjusted to allow network communication on this port for proper communication on the local machine between the XA client and the Browser Plug-in. The port must match what is used in |
XA_ALE | ALL | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess AutoLogoffEnabled: reg_dword | 1 | Enables (1) or Disables (0) idle session logoff. Logoff only occurs after the session has locked. |
X_KM_AL_TIME | ALL | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess LogoffTimeLimit: reg_dword | 600 | The number of seconds the session can be idle (locked) before the session will be logged off. |
X_KM_LTL | ALL | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess LockTimeLimit: reg_dword | 300 | The number of seconds a session can be idle before the session is automatically locked |
X_PRA | SUM,KM | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\PasswordReset URL: reg_sz | Password Reset URL to a web site than allows a user to reset their domain password (such as ADPWR) | |
X_ACT | SUM,KM | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\PasswordReset AutoCancelTime: reg_dword | 120 | The auto cancel time for inactivity of the password reset web display in seconds. |
ALL | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess ShowXAStatusMessages: reg_dword | 1 | When Enabled (1) Allows XAUCM to display the status message during startup, show desktop, and shutdown. These status messages will not be shown when Disabled (0) | |
ALL | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess SkipLoadingAppList: reg_dword | When Enabled (1) Indicates that XA should not load the application list during login to improve performance. When Disabled (0), XA will load the users application list from the server. TipThis setting is required to be Disabled (0) if the user will launch SnapApp enabled applications (either Windows or Web) on the system where the setting is set. Also, if the ExactAccess Desktop will be displaying applications on the workstation, this setting must be Disabled (0) so the users authorized applications will be loaded for presentation. Not all workstations require this setting to be disabled - for instance, in a Published Application scenario, this setting can be enabled on the RSM server if the user will launch WebSSO or Windows SnapAPP applications on their local workstation and use published connectors for applications on the RSM server. This setting can also be Enabled (1) when using the Kiosk Mode Passthrough configuration, as the desktop presentation will be handled by an RSM or VDI desktop (remote session), so the local workstation does not need to retrieve the application list. | ||
ALL | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess BeepBeforeLockEnabled: reg_dword | Enables (1) or Disables (0) a system beep during the about to lock countdown | ||
ALL | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess LockBeepIntervalInSeconds: reg_dword | This value is how many seconds occur between each beep during the countdown before lock. | ||
ALL | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess LockBeepStartTimeInSeconds: reg_dword | This value is how many seconds before lock does the beep notice start to occur. It also indicates when the visual status will indicate the system is about to lock. | ||
ALL | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess LockBeepIndex: reg_dword | 32 | May be one of the following values 0 - play sound associated with Default Beep sound in the Sound Scheme 16 - play sound associated with Critical Stop sound in the Sound Scheme 32 - play sound associated with Question sound in the Sound Scheme 48 - play sound associated with Exclamation sound in the Sound Scheme 64 - play sound associated with Asterisk sound in the Sound Scheme 4294967295 - use PC Speaker beep instead of scheme sound TipNote that the user may not have a .WAV file associated with the Sound Scheme values listed. Verify with the Sound Scheme that each of the items identified is associated with a .WAV file. These values can be found under: HKEY_CURRENT_USER \AppEvents \Schemes \Apps \<Type> \.Current -- (Default) Where <Type> is one of the following values: .Default, SystemHand, SystemQuestion, SystemExclamation, SystemAsterisk | |
X_LDM | ALL | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess KMLockDisplayMode: reg_dword | 5 | Change how the user name is displayed in the Active User List, Privacy Shield, and the XA Desktop 0 - Full Name* 1 - Last Name only 2 - First Name Only 3 - Directory Service Name ** 4 - Initials Only 5 - First Name, Last Initial 6 - First Initial, Last Name 7 - "In use" only ** 8 - No user name display ** 9 - Full First Name and Full Last Name *** 10 - Full First Name Only *** 11 - Full Last Name Only *** 12 - Full First Name, Last Initial *** 13 - Full first Name Initial, Full Last Name *** Warning* Full Name is the First + Last, or Display Name field, depending on how the server is configured. *** - Full First Name and Full Last Name are not parsed from username properties, but are passed directly from the server. Warning** In Passthrough configuration, only values 3,7,8 are valid. ** Optionally, in Kiosk Mode, The user name can be removed from the privacy shield with the PSLoginNameVisible setting (allowing the name to remain showing on the XA Desktop) |
ALL | HKLM\Software\HealthCast\ExactAccess\Override LogoffOnDesktopClose: reg_dword | Enables (1) or Disables (0) initiating logoff if the user closes the Application Desktop (not valid for Toolbar Desktop) | ||
ALL | HKLM\Software\HealthCast\ExactAccess\Override ShowDesktopOnLogoffCancel: reg_dword | Enables (1) or Disables (0) initiating re-launching the XA Application Desktop (not valid for Toolbar Desktop) if the user cancels logoff | ||
ALL | HKLM\Software\HealthCast\ExactAccess\Display DesktopStyle: reg_sz | hcgreen.vsf | The visual style file applied to change the look and feel of the XA Toolbar Desktop (not valid for Application Desktop). | |
XA_DSK_CLASS | ALL | HKLM\Software\HealthCast\ExactAccess\XAServerManager Desktop: reg_sz | AppDesktop.clsAppDesktop | AppDesktop.clsAppDesktop: also referred to as Application Desktop, launches an application window similar to a web page that lists the user's SSO enabled applications as well as "lock" and "logoff" buttons. NoDesk.clsNoDesk: also referred to a No Desktop, does not launch an XA Desktop when XA is started. xatbdesk.clsxatbdesk: also referred to as Toolbar Desktop allows for the XA Menu to appear as a popup/context menu from the XA Taskbar icon. Additionally, a secondary application can be launched that looks and acts like the standard Windows task/start bar in that it will display favorite applications and has a start button to display a popup menu of applications with a work space similar to Windows 10. HCCitrixDesk.clsDesktop is a specialized desktop presentation used when the same Citrix server publishes a full Windows desktop and the user should see an XA menu of SSO enabled applications. The same Citrix server may also be used to publish xa directly but have the nodesktop option so an xa desktop does not appear. RequiredWhen using the XATBDesk.clsXATBDesk class, it is necessary that the DESKTOP_SERVER.XML be registered with the XA server before it will function. See Registering application XML files in the ExactAccess Administrator. |
All | HKLM\Software\HealthCast\ExactAccess\XAServerManager ClientDSProgID | NoteThis setting must be manually updated after an installation on RSM to use the virtual channel class to retrieve the current XA user from the end point device. Using the Client Configuration tool may reset this value when saving settings. WarningThis setting may not be set during the install or with a transform. | Class that determines where the user identification is retrieved from. NTClientDSUser.clsNTClientDSUser (SUM,RSM,VDI) hciVCCred.clshciVCCred (RSM ONLY) NTKMDSUser.clsNTKMDSUser (KIOSK ONLY) | |
X_ALA_CHK | ALL | HKLM\Software\HealthCast\ExactAccess\AutoLaunch CheckAccess: reg_dword | 0 | This setting determines whether an access check should be performed before the application is auto-launched. If the value is set to zero (0), the application will be launched and is not required to be registered in XA. The user logging in does not have to be granted access to launch the application. If the value is set to one (1), the application must be registered in XA and the user must belong to a role that has been granted access to the application. |
X_ALA_PATH | ALL | HKLM\Software\HealthCast\ExactAccess\AutoLaunch Launch: reg_sz |
Parameter Name | Applicable Modes | Registry Keys Affected | Value | Setting Description |
---|---|---|---|---|
XA_KM_DOMAIN | KM | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess LastDomainPrompt: reg_sz | The Default Domain a user will authenticate with when they provide a user name for authentication to Kiosk Mode. This will also select the configured domain by default when the domain drop down is configured for visibility or the domainlist registry keys have been configured. | |
X_KM_DOMVIS | KM | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess isDomainDropdownVisible: reg_dword | 0 | Enable (1) or Disable (0) the domain drop down display on the Kiosk Mode password authentication dialog. If this setting is disabled, in place of the drop down, the LastDomainPrompt name will be shown to the user. If multiple domains are configured in the setting below, the domain drop down will become visible even when this setting is disabled |
KM | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\domainlist 0001: reg_sz 0002: reg_sz etc. | A numbered list of custom domains that users can authenticate with when using the Kiosk Mode password authentication. If these keys are configured, it will override the X_KM_DOMVIS setting and force the drop down to be visible so that users may select the correct domain to authenticate against. | ||
X_KM_DRVMAP | KM | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess isXADriveMappingEnabled: reg_dword | 0 | Enables (1) or Disables (0) kiosk mode drive mapping lookup and processing. |
X_KM_PRTMAP | KM | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess isXAPrinterMappingEnabled: reg_dword | 0 | Enables (1) or Disables (0) kiosk mode printer mapping when using RUN AS connectors that require the default generic printers to be mapped into the users Windows profile for RUN AS to function and allow printing. |
X_LUPE | KM | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess LastUserPromptEnabled: reg_sz | 0 | Enables (1) or Disables (0) displaying the last user name on the password authentication dialog in kiosk mode when a user locks or logs off. This is similar to the Windows policy for standard mode to show previous users login names so a returning user does not need to provide it. |
X_KM_SL | KM | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess KMSupportsLock: reg_dword | 1 | Enables (1) or Disables (0) Kiosk Mode Locking operations. If lock is disabled, idle sessions will always be logged off. |
X_PLOLE | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess PerformLogoffOnLockEnabled: reg_dword | 0 | Enable (1) or Disable (0) kiosk mode to log off the current users session when the session is locked. | |
KM | HKLM\Software\HealthCast\ExactAccess AutoSecureOnWindowsUnlock: reg_dword | 0 | Indicates weather to support securing the XA desktop in Locking Kiosk Mode (on Windows Unlock) if the Windows workstation is locked before timeout for sessoin lock is triggered. E.g. if Windows is unlocked and the lock timeout of XA is expired, the system will automatically switch to the privacy shield desktop. (This configuration needs to be disabled if using Secure Patient Desktop in conjunction with XA) WarningIt is recommended that the Workstation Lock feature be disabled on workstations installed with Kiosk Mode so that the Windows-L key can be intercepted to cause a Kiosk Mode Lock instead. If this system policy has been configured, or Secure Patient Desktop is installed, this setting should remain Disabled (0) | |
KM | HKLM\Software\HealthCast\ExactAccess\Override DisplayFont: reg_sz | Tahoma | Changes the font used to display the text on the HealthCast screen saver. | |
KM | HKLM\Software\HealthCast\ExactAccess\Override ScreenSaverBackgroundColor: reg_dword | 0 | Changes the color of the background for the HealthCast screen saver. Color is specified in the following format: NBGR (none,blue,green,red values from left to right 00, BB, GG, RR) | |
KM | HKLM\Software\HealthCast\ExactAccess\Override ScreenSaverFontColor: reg_sdword | 16777215 (FFFFFF) - white | Changes the color of the text for the HealthCast screen saver. Color is specified in the following format: NBGR (none,blue,green,red values from left to right 00, BB, GG, RR) | |
KM | HKLM\Software\HealthCast\ExactAccess\Override PrivacyShieldBackgroundColor: reg_dword | Changes the color of the text for the KM Privacy Shield. Color is specified in the following format: NBGR (none,blue,green,red values from left to right 00, BB, GG, RR) | ||
X_DSSE | KM | HKLM\Software\HealthCast\ExactAccess\Display DisplayOnScreenSaverEnabled: reg_dword | 0 | Enables (1) or Disables (0) showing the informational bitmap on the screen saver. |
X_SX | KM | HKLM\Software\HealthCast\ExactAccess\Display StartX: reg_dword | 0 | The X (horizontal) coordinate in pixels of where to start displaying the informational bitmap |
X_SY | KM | HKLM\Software\HealthCast\ExactAccess\Display StartY: reg_dword | 0 | The Y (vertical) coordinate in pixels of where to start displaying the informational bitmap |
X_NSX | KM | HKLM\Software\HealthCast\ExactAccess\Display NetStartX: reg_dword | 65 | The X (horizontal) coordinate in pixels of where to start displaying the network connectivity application. |
X_NSY | KM | HKLM\Software\HealthCast\ExactAccess\Display NetStartY: reg_dword | 961 | The Y (vertical) coordinate in pixels of where to start displaying the network connectivity application. |
X_SII | KM | HKLM\Software\HealthCast\ExactAccess\Display SysInfoImage: reg_sz | The background image to load which contains desired information. May be generated by Microsoft (SysInternals) BGInfo. Must contain the full path to the BMP image to display | |
X_UT | KM | HKLM\Software\HealthCast\ExactAccess\Display UseTransparency: reg_sz | 0 | Indicates that the image should be drawn transparent so that the configured background color of the privacy shield or screen saver is used instead of the background of the informational image configured. |
KM | HKLM\Software\HealthCast\ExactAccess\Display BioLoginFormStyle: reg_sz | carbon.vsf | The visual style file applied to change the look and feel of the biometric login dialog. | |
KM | HKLM\Software\HealthCast\ExactAccess\Display ChangePINFontColor: reg_dword | 16777215 (FFFFFF) - white | Changes the color of the text for the "change pin" prompt. Color is specified in the following format: NBGR (none,blue,green,red values from left to right 00, BB, GG, RR) | |
KM | HKLM\Software\HealthCast\ExactAccess\Display ChangePINFontFace: reg_sz | Calibri | Specifies the font face name of the "change pin" prompt | |
KM | HKLM\Software\HealthCast\ExactAccess\Display ChangePINFontSize: reg_dword | 10 | The size of the displayed font in font points. | |
X_EFC | KM | HKLM\Software\HealthCast\ExactAccess\Display ErrorFontColor: reg_dword | 0 | Changes the color of the text for the "error condition" prompt when a user enters an invalid PIN. Color is specified in the following format: NBGR (none,blue,green,red values from left to right 00, BB, GG, RR) |
X_EFF | KM | HKLM\Software\HealthCast\ExactAccess\Display ErrorFontFace: reg_sz | Calibri | Specifies the font face name of the "error condition" prompt |
X_EFS | KM | HKLM\Software\HealthCast\ExactAccess\Display ErrorFontSize: reg_dword | 8 | The size of the displayed font in font points. |
X_LDFC | KM | HKLM\Software\HealthCast\ExactAccess\Display LoginDirectionsFontColor: reg_dword | 16777215 (FFFFFF) - white | Changes the color of the text for the current "Login Directions". This text may prompt the user to tap a badge, enter their password, enter their user name, or enroll a card. Color is specified in the following format: NBGR (none,blue,green,red values from left to right 00, BB, GG, RR) |
X_LDFF | KM | HKLM\Software\HealthCast\ExactAccess\Display LoginDirectionsFontFace: reg_sz | Calibri | Specifies the font face name of the "Login Directions" prompt |
X_LDFS | KM | HKLM\Software\HealthCast\ExactAccess\Display LoginDirectionsFontSize: reg_dword | 12 | The size of the displayed font in font points. |
X_LFPFC | KM | HKLM\Software\HealthCast\ExactAccess\Display LoginFieldPromptFontColor: reg_dword | 16777215 (FFFFFF) - white | Changes the color of the text for the login field prompts such as "username", "password" and "domain". Color is specified in the following format: NBGR (none,blue,green,red values from left to right 00, BB, GG, RR) |
X_LFPFF | KM | HKLM\Software\HealthCast\ExactAccess\Display LoginFieldPromptFontFace: reg_sz | Calibri | Specifies the font face name of the "login fields" prompt |
X_LFPFS | KM | HKLM\Software\HealthCast\ExactAccess\Display LoginFieldPromptFontSize: reg_sz | 10 | The size of the displayed font in font points. |
X_LFS | KM | HKLM\Software\HealthCast\ExactAccess\Display LoginFormStyle: reg_sz | light.vsf | Login Form Style file path - determines colors, fonts, and borders of input boxes and buttons on the login prompt |
X_LOTIV | KM | HKLM\Software\HealthCast\ExactAccess\Display LogoffDisplayTimeImagesVisible: reg_dword | 1 | Enable (1) or Disable (0) the Logoff Display Time Images - determines if the images are displayed for auto-logoff |
X_LOTV | KM | HKLM\Software\HealthCast\ExactAccess\Display LogoffDisplayTimeVisible: reg_dword | 1 | Enable (1) or Disable (0) displaying the current time remaining for the locked user session before it is automatically logged off. |
X_LOPOST | KM | HKLM\Software\HealthCast\ExactAccess\Display PSAutoLogoffPostfix: reg_sz | Logoff Time Postfix text | |
X_ALOPX | KM | HKLM\Software\HealthCast\ExactAccess\Display PSAutoLogoffPosX: reg_dword | 701 | Auto Logoff dsiplay Position Absolute X (horzontal) position |
X_ALOPY | KM | HKLM\Software\HealthCast\ExactAccess\Display PSAutoLogoffPosY: reg_dword | 768 | Auto Logoff dsiplay Position Absolute Y (vertical) position |
X_LOPRE | KM | HKLM\Software\HealthCast\ExactAccess\Display PSAutoLogoffPrefix: reg_sz | Logoff Time Prefix text | |
X_ALV | KM | HKLM\Software\HealthCast\ExactAccess\Display PSAutoLogoffVisible: reg_dword | Enable (1) or Disable (0) displaying the user session information on the privacy shield. | |
X_LIFC | KM | HKLM\Software\HealthCast\ExactAccess\Display PSLoginNameFontColor: reg_dword | 16777215 (FFFFFF) - white | Changes the color of the text for the Login name displayed on the privacy shield. Color is specified in the following format: NBGR (none,blue,green,red values from left to right 00, BB, GG, RR) |
X_LIFF | KM | HKLM\Software\HealthCast\ExactAccess\Display PSLoginNameFontFace: reg_sz | Calibri | Specifies the font face name of the "Login name" display. |
X_LIFS | KM | HKLM\Software\HealthCast\ExactAccess\Display PSLoginNameFontSize: reg_dword | 24 | The size of the displayed font in font points. |
X_ALV | KM | HKLM\Software\HealthCast\ExactAccess\Display PSLoginNameVisible: reg_dword | 1 | Enable (1) or Disable (0) displaying the current users name on the privacy shield when the system is locked. |
X_LOTFC | KM | HKLM\Software\HealthCast\ExactAccess\Display PSLogoffTimeFontColor: reg_dword | 16777215 (FFFFFF) - white | Changes the color of the text for the count down timer (for autologoff) on the privacy shield. Color is specified in the following format: NBGR (none,blue,green,red values from left to right 00, BB, GG, RR) |
X_LOTFF | KM | HKLM\Software\HealthCast\ExactAccess\Display PSLogoffTimeFontFace: reg_sz | Calibri | Specifies the font face name of the "autologoff time" display |
X_LOTFS | KM | HKLM\Software\HealthCast\ExactAccess\Display PSLogoffTimeFontSize: reg_dword | 28 | The size of the displayed font in font points. |
KM | HKLM\SOFTWARE\HealthCast\eXpressAccess AutoStartScreenSaverOnTapOut: reg_dword | 0 | Enables (1) or Disables (0) automatically starting the configured WIndows screen saver when a user taps out of ExactAccess | |
X_ALTLE | KM | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\Override AlternateLoginEnabled: reg_dword | 0 | Elables (1) or Disables (0) Alternate Login Button - when using both biometric and standard username and password, allow a user to switch between the primary and secondary. |
X_EASE | KM | 0 | Kiosk Mode Shell replacement allows for hiding the Windows desktop. 0 = Windows Desktop is enabled, 1 = Windows Desktop is hidden. Windows desktop is always enabled for administrative accounts. WarningSee additional requirements for configuring this setting on Windows 10 systems in shell replacement. | |
XAD_ENABLED | KM | 0 | Kiosk Mode Operations Mode. 0=Full SSO operation, 1 = passthrough only operation. Setting this value to 1 on the command line adjusts several properties to enable passthrough operation. | |
X_PRMPT_ENC | KM | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess PromptEncryptionClass: reg_sz | BLOWFISH | Encryption Class to use for in-memory Password storage can be: BLOWFISH RIJNDAEL |
Parameter Name | Applicable Modes | Registry Keys Affected | Value | Setting Description |
---|---|---|---|---|
X_RDC_TS | KM | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\RDP Settings TerminalServer: reg_sz | <Terminal Server Name>:<connection broker port> | |
X_RDC_MPORTS | KM | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\RDP Settings MapPorts: reg_sz | false | Map COM Ports |
X_RDC_MPOS | KM | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\RDP Settings MapPOSDevices: reg_sz | false | Map POS Devices |
X_RDC_PRINT | KM | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\RDP Settings MapPrinter: reg_sz | true | Map Printers |
X_RDC_MSC | KM | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\RDP Settings MapSmartCards: reg_sz | false | Map Smart Card Devices |
X_RDC_PDW | KM | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\RDP Settings PortraitDisplayWindowed: reg_sz | true | Portrait Display Windowed |
X_RDC_SFS | KM | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\RDP Settings StartFullScreen: reg_sz | true | Start Full Screen |
X_RDC_MCB | KM | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\RDP Settings MapClipboard: reg_sz | false | Map Clipboard |
X_RDC_MD | KM | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\RDP Settings MapDrives: reg_sz | false | Map Drives |
KM | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\RDP Settings ConnectionBarShowMinimizeButton: reg_sz | true | Show the minimize button on the terminal connection bar | |
KM | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\RDP Settings DisplayConnectionBar: reg_sz | false | Show the terminal connection bar | |
KM | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\RDP Settings LogoffXAOnShutdown: reg_sz | false | ||
KM | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\RDP Settings ConnectionBarShowRestoreButton: reg_sz | true | Show the restore button on the terminal connection bar | |
KM | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\RDP Settings MaxScreenHeight: reg_sz | 2048 | Maximum display Height of the connection window | |
KM | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\RDP Settings MaxScreenWidth: reg_sz | 4096 | Maximum display Width of the connection window | |
KM | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\RDP Settings PinConnectionBar: reg_sz | false | Pin the connection bar so that it is always displayed on screen (does not self hide) | |
KM | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\RDP Settings DisableFullscreen: reg_sz | false | ||
KM | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\RDP Settings ProgramPathFileName: reg_sz | The application executable name to start on the terminal server when the session is connected | ||
KM | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\RDP Settings UseMultiMonitors: reg_sz | true | Allows the RDP connection to span multiple monitors if there are more than one connected to the end point. | |
KM | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\RDP Settings ProgramWorkDir: reg_sz | Path to an application (to start) folder on the terminal server when the session is connected |
Parameter Name | Applicable Modes | Registry Keys Affected | Value | Setting Description |
---|---|---|---|---|
X_VW_DT | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\View Settings DesktopPool: reg_sz | VMware Horizon View plug-in Desktop Pool | ||
X_VW_URL | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\View Settings ServerURL: reg_sz | VMware Horizon View plug-in connection URL |
Parameter Name | Applicable Modes | Registry Keys Affected | Value | Setting Description |
---|---|---|---|---|
XA_CS1, XA_CS2, XA_CS3 | KM | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\ICA Settings CitrixServer: reg_sz CitrixBackupServer: reg_sz CitrixSecondarybackup: reg_sz | Citrix servers used for passthrough connection to citrix published desktop operations | |
X_ICA_DC_LOCK | KM | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\ICA Settings DisconnectOnLock: reg_sz | true | Citrix Plug-In Disconnect On Lock |
X_ICA_DC_LOGOFF | KM | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\ICA Settings DisconnectOnLogoff: reg_sz | true | Citrix Plug-In Disconnect On Logoff |
X_ICA_CON_TYPE | KM | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\ICA Settings BrowserProtocol: reg_sz | HTTPonTCP | Citrix Plug-In Connection Type |
X_ICA_TD | KM | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\ICA Settings TransportDriver: reg_sz | TCI/IP | Citrix Plug-In Transport Driver |
X_ICA_ENC_LVL | KM | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\ICA Settings EncryptionLevel: reg_sz | EncRC5-128 | Citrix Plug-In Encryption Level |
X_ICA_SESS_REL | KM | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\ICA Settings SessionReliability: reg_sz | true | Citrix Plug-In Session Reliability |
X_ICA_AUD_LVL | KM | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\ICA Settings ClientAudio: reg_sz | true | Citrix Plug-In send audio to client |
X_ICA_AUD_BAND | KM | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\ICA Settings ClientAudioBandwidth: reg_sz | 0 | Citrix Plug-In Audio Bandwidth |
KM | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\ICA Settings HelpDeskMessage: reg_sz | If an error occurs, this message will be displayed to the end user to call their support desk contact | ||
KM | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\ICA Settings LogoffOnLock: reg_sz | true | Logoff the Citrix client session when the end point xa client locks | |
KM | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\ICA Settings LogoffXAOnShutdown | true | Logoff the Citrix client session when the end point XA client is shut down (typically only in non-locking kiosk mode) | |
X_CTX_DESK_NAME | KM | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\ICA Settings PublishedDesktopName | The name of the desktop to connect to in <Farm Name>:<Published Desktop Name format> |
Parameter Name | Applicable Modes | Registry Keys Affected | Value | Setting Description |
---|---|---|---|---|
X_SF_RN | ALL | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\Storefront Settings\Notify ResourceName: reg_sz | Published Name textbox on the sfConnect Configuration tool. The published resource name on Citrix StoreFront site. | |
X_SF_AT | ALL | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\Storefront Settings\Notify AppTitle: reg_sz | Window Title textbox on the sfConnect Configuration tool. Window Title of the published resource.Set with the Window Title the sfConnect Configuration tool | |
X_SF_URL | ALL | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\Storefront Settings\Notify URL: reg_sz | Storfront URL textbox on the sfConnect Configuration tool. This is the Receiver for Web Sites URL | |
X_SF_AUTH | ALL | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\Storefront Settings\Notify AuthenticationType: reg_sz | 0 | Authentication Type radio buttons on the sfConnect Configuration tool. Can be one of the following values (0) XA User (1) Windows User |
X_SF_FD | ALL | ALL HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\Storefront Settings\Notify IsDesktop: reg_sz | true | Application Type radio buttons on the sfConnect Configuration tool. True indicates the published resource is a VDI or shared desktop NoteThis should be set to true when configured in kiosk mode passthrough |
X_SF_FS | ALL | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\Storefront Settings\Notify SetFullScreen: reg_sz | true | Set to full screen check box on the sfConnect Configuration tool. Set the VDI or shared desktop to maximized so it takes the full screen NoteThis should be set to true when configured in kiosk mode passthrough |
X_SF_Log | ALL | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\Storefront Settings\Notify EnableLogging: reg_sz | Enable Debug Logging check box on the sfConnect Configuration tool. True = logging enabled False = logging disabled | |
X_SF_TL | ALL | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\Storefront Settings\Notify TraceLevel: reg_sz | Trace Level drop down list on the sfConnect Configuration tool. Set Trace level 1 – 4 for logging. The higher the trace level the more detailed logging. | |
X_SF_Hide | ALL | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\Storefront Settings\Notify HideOnQuit: reg_sz | true | Hide Application On Quit: Registry only setting to hide a running application when transitioning a Tap over\Tap out. |
ALL | HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\Storefront Settings\Notify useTls12: reg_sz | true | Allow use of TLS 1.2 to connect to Store Front HTTPS site |