Administrator Guide
Table Of Contents
- Windows 10 Enterprise 2019 LTSC for Dell Wyse Thin Clients Administrator’s Guide
- Contents
- Introduction
- Getting started
- Accessible applications
- Browsing with Internet Explorer
- Using the Dell Thin Client Application
- Using VMware Horizon Client to connect to virtual desktop
- Citrix Workspace app
- Configuring remote desktop connection session services
- Using Ericom Connect and WebConnect client
- Using Ericom PowerTerm Terminal Emulation
- Windows Media Player
- Wyse Easy Setup
- Overlay Optimizer
- Cisco Jabber Softphone for VDI
- Administrative features
- Using Administrative tools
- Using TPM and BitLocker
- Configuring Bluetooth connections
- Configuring wireless local area network settings
- Using custom fields
- Configuring RAM disk size
- Enabling auto logon
- System shortcuts
- Viewing and configuring SCCM components
- Devices and printers
- Configuring multi-monitor display
- Managing audio and audio devices
- Additional language support
- Setting region
- Managing user accounts
- Using Windows Defender
- Windows Defender Advanced Threat Protection
- Threat Defense
- Endpoint Security Suite Enterprise
- C-A-D tool
- Wyse Device Agent
- Citrix HDX RealTime Media Engine
- Viewing and exporting operating system image manifest files
- Additional administrator utility and settings information
- Automatically launched utilities
- Utilities affected by log off, restart, and shut down
- Unified Write Filter
- Application Launch Manager
- xData Cleanup Manager
- Capturing logfiles
- Saving files and using local drives
- Mapping network drives
- Participating in domains
- Using the Net and Tracert utilities
- Managing Users and Groups with User Accounts
- Changing the computer name of a thin client
- Removing language and feature on demand packages
- Language codes
- Adding languages to LTSC 2019 (RS5)
- Windows 10 IoT enterprise language packages
- Imaging using Dell Application Control Center
- System administration
- Network architecture and server environment
- Installing firmware using USB Imaging Tool
- Frequently asked questions
- How to install Skype for Business
- How to set up a smart card reader
- How to use USB Redirection
- How to prepare a Windows 10 IoT Enterprise operating system image for capture
- Using Wyse Management Suite
- How to capture and push Windows 10 IoT Enterprise operating system image
- How to update Windows 10 IoT Enterprise 2016 LTSB to Windows 10 IoT Enterprise 2019 LTSC
- Troubleshooting
- Keyboard customization issues
- Resolving memory issues
- CADMAP tool interfering with published application shortcut keys
- WiFi settings configured from Wyse Management Suite are not persistent across multiple Wyse 5070 thin clients
- Wyse Management Suite registration information is not cleared after the Sysprep process
NOTE: Ensure that the Write Filter is disabled while managing the services.
Using TPM and BitLocker
Trusted Platform Module (TPM)—A TPM is a microchip that provides basic security-related functions, that primarily involve
encryption keys.
BitLocker Drive Encryption (BDE)—A BDE is a full disk encryption feature that protects data by providing encryption for
entire volumes. By default, it uses the AES encryption algorithm in Cipher Block Chaining (CBC) mode with a 128-bit key. This
algorithm is combined with the Elephant diffuser for extra disk encryption-specific security.
Windows 10 IoT Enterprise does not support sysprep on a BitLocker encrypted device. Due to this limitation, you cannot encrypt
the device, perform a sysprep, and pull the image. To overcome this issue, you must add or modify the TPM script. The
device must not be encrypted before sysprep (pull). The device encryption is handled by the post push script that uses the
TPM_enable.ps1 script that is at C:\Windows\setup\tools\. The post push script must be included before enabling the
UWF and after sysprep scripts. The PIN used to encrypt the client must be passed to the script as an argument.
You can initialize TPM and enable BitLocker using any of the following methods:
● Initialize TPM and enable BitLocker using the imaging script.
● Initialize TPM and enable BitLocker manually.
Initialize TPM and enable BitLocker using the imaging script
Prerequisites
Enable alphanumeric pin support for TPM and BitLocker using the following steps:
1. Log in to the administrator account.
2. Disable Unified Write Filter.
The thin client restarts.
3. Log in to the administrator account again.
4. Open gpedit.msc using the run command menu.
5. Go to Local Group Policy > Computer Configuration > Administrative Templates > Windows Components >
BitLocker Drive Encryption > Operating System Drives > Allow enhanced PINs.
The Allow enhanced PINs for startup window is displayed.
6. Select the Enabled option.
7. Click Apply and then click OK.
8. Open gpupdate /force using the run command.
9. Restart the thin client to apply the group policies.
Steps
1. Log in to the administrator account.
2. Disable Unified Write Filter.
The thin client restarts.
3. Log in to the administrator account again.
4. Uncomment the following lines and update the pin—minimum of six characters—for TPM encryption:
● If you are using Wyse Management Suite or USB Imaging tool—Go to C:
\Windows\Setup\CustomSysprep\Modules\Post_CustomSysprep.psm1 and uncomment the following lines:
○ #cd C:\Windows\setup\Tools\TPM\
○ #.\TPM_enable.ps1 -pin TC#1234
● If you are using System Center Configuration Manager—Go to C:
\Windows\Setup\ConfigMgrSysprep\Modules\Admin_ConfigMgrSysprep.psm1 and uncomment the
following lines:
○ #cd C:\Windows\setup\Tools\TPM\
○ #.\TPM_enable.ps1 -pin TC#1234
5. Change the password to an alphanumeric format.
18
Administrative features