ThinScale Management Console Admin Guide - Devices Policies

This article will describe the devices policies of the Management Console.

Written by Diego

Last published at: November 7th, 2024

 

 

DEVICE POLICIES

 

Device Policies encompass the comprehensive configuration settings required for our latest v8 ThinScale Desktop Agent (TDA). You can define configurations such as Modes, Device Login Preferences, Branding, and additional settings within these device policies.
 



OPERATING MODE
 


With the new TDA, it becomes feasible to seamlessly switch between SRW and TK modes without reinstalling the client. You can effortlessly modify the mode and then restart the client.

 

 

DEVICE LOGIN OPTIONS

 

 

Note: Device Login Preferences are relevant only when operating in TK Mode.

 

 

 

Use local Managed Account
The device will auto-login using a local account, ‘TDA,’ created by TDA. This user is a low-privileged user account.


Use Custom Account
The device will auto-login using the credentials supplied in the Username / Password and Domain fields. If the device is domain-joined, this can be an alternate local or domain account.


Don't Auto Login
Disables any configured auto-login settings.


Do Nothing
TDA will not apply or remove any auto-login configuration. If the device already has auto-login configuration applied or this configuration is delivered by other means, it will remain in place.


Ignore Shift Override
Prevents the left shift key from overriding the auto-login configuration.


Set Local Managed Account Display Name to an authenticated user
If enabled, the display name while login to the machine will be set using the username typed in the Authentication Provider screen.

 

 

GENERAL


 


 

Cache Configuration
If enabled, profiles assigned to the Device folder will be saved and encrypted locally. 

Please note there are two locations:

ProgramData\TDA\DeviceData\devicedata.cache
HKEY_LOCAL_MACHINE\SOFTWARE\ThinScale\TDA\DeviceGroupConfiguration


Local Managed Account Per Profile
If enabled, TDA will create a separate Windows User Profile per profile assigned to the device folder.


Local Managed Account Per Authentication User
If enabled, TDA will create a separate Windows User Profile for every logged-in user using the Authentication Provider.


Disable Folder Integrity Check
If enabled, the TDA will not check for the integrity of its Core Modules folders. 
 

It's not recommended to be disabled, mainly if you use SRW Mode.

 



Hide Splash Screen
If enabled, the TDA will hide the loading of its initial UI screen unless a user input is required.

 

 

BRANDING AND SHORTCUT


With the introduction of v8, TDA enables you to effortlessly configure custom splash screen images and personalized desktop icons directly through the Management Console. Upload your desired image within the device policy, use a .ico file for the desktop shortcut, and your customization is complete.

 



 

STARTUP SCRIPT

 


 

Enable Startup Script
Enables the supplied .VBS, .BAT or .PS1 startup script. The script is configured as a local group policy start-up script and will apply during the Windows boot process.


Startup Script Timeout
Determines how long the scripts will run before stopping their execution.

 

 

DEVICE SETTINGS
 

Inside the device settings tab, you can configure all the options for Device Logs. This includes the ability to choose the events of most tremendous significance.
 
 

 

 


TROUBLESHOOTING


Troubleshooting mode is another powerful new feature that allows for collecting vast amounts of information for a predefined amount of time. When an issue occurs, this mode will provide significant insight into events to help identify the root cause faster.

 

 


To enable it, we would go the same way as performing other available device actions: Right-click on a device -→ "Troubleshooting Mode", and select one of the options presented with 10, 30, or 60 minutes timeframe.

 

 

 

 

AGENT LOGGING SETTINGS

 



Enable Agent Logging
If left unchecked, the agent will collect all log levels (Info to Critical). If checked, the log level needs to be selected as required.



ADMIN ACTIONS

 



Only allow device action when in secure session
If enabled, Restart and Profile Refresh actions will only be performed when the TDA session is active.


Perform device actions silently
If enabled, Restart and Profile Refresh will be performed silently without user consent.


Perform device actions if no user response is received
If enabled, Restart and Profile Refresh will be performed only when the user fails to accept or deny the request.


 

ADMINISTRATION

 

 

Here is where you can set the unlock password for the TDA client. Additionally, you can deactivate the unlock key hotkey (Ctrl-Alt-U) to require an unlock through the Management Console exclusively.

 

 

AUTHENTICATION

 

 

Here is where you have the option to control the behavior of the Authentication Provider screen. 

You can also set the option to rename the device connected to the server with the username typed in the Auth Provider screen.