Kaspersky Thin Client
- Kaspersky Thin Client Help
- About Kaspersky Thin Client
- What's new
- Installing Kaspersky Thin Client
- Kaspersky Thin Client interface
- Kaspersky Thin Client licensing
- Data provision
- Turning Kaspersky Thin Client on and off
- Restarting Kaspersky Thin Client
- Configuring Kaspersky Thin Client
- Scenario: Quick Start for administrators
- Scenario: Migrating management of Kaspersky Thin Client to a new Kaspersky Security Center Server
- Scenario: Switching Kaspersky Thin Client to trusted mode
- Configuring general settings
- Configuring network settings
- Configuring settings for connecting Kaspersky Thin Client to Kaspersky Security Center
- Changing settings for connecting Kaspersky Thin Client to Kaspersky Security Center
- Managing Kaspersky Thin Client certificates
- Configuring RDP connection settings
- Configuring settings for connecting to Basis.WorkPlace remote desktops
- Managing power-saving mode
- Configuring monitors layout
- Managing access to Kaspersky Thin Client settings
- Configuring the date and time
- Resetting Kaspersky Thin Client settings
- Working with Kaspersky Thin Client
- Managing Kaspersky Thin Client using hotkeys
- Managing Kaspersky Thin Client through the Kaspersky Security Center Web Console
- About the Kaspersky Security Management Suite web plug-in
- Restricting access to functions of the Kaspersky Security Management Suite web plug-in
- Logging in and out of the Web Console
- Adding Kaspersky Thin Client to a group of managed devices
- Managing policies
- Configuring Kaspersky Thin Client settings through the Web Console
- Configuring general settings of Kaspersky Thin Client through the Web Console
- Configuring settings for connecting to a remote desktop via RDP through the Web Console
- Configuring settings for connecting to a remote desktop managed by Basis.WorkPlace through the Web Console
- Managing Kaspersky Thin Client power-saving mode through the Web Console
- Configuring the interface language and time zone of Kaspersky Thin Client through the Web Console
- Configuring synchronization between Kaspersky Thin Client and Kaspersky Security Center
- Configuring forwarding of Kaspersky Thin Client logs to a log server
- Confirming Kaspersky Thin Client user actions
- Managing Kaspersky Thin Client security certificates through the Web Console
- About the reserve certificate for connecting Kaspersky Thin Client to Kaspersky Security Center
- Creating a user certificate for connecting Kaspersky Thin Client to Kaspersky Security Center
- Uploading a reserve certificate and user certificate to the Web Console for connecting Kaspersky Thin Client to Kaspersky Security Center
- Adding new certificates in the Web Console
- Removing certificates from the Web Console
- Converting a certificate from PEM to DER format
- Monitoring Kaspersky Thin Client events through the Kaspersky Security Center Web Console
- Troubleshooting
- Contacting Technical Support
- Glossary
- Information about third-party code
- Trademark notices
Connecting to a remote desktop
Kaspersky Thin Client lets you choose to either directly connect to a remote desktop via RDP or connect to remote desktops managed by Basis.WorkPlace. Depending on the infrastructure in your enterprise, you can select one of the following options:
- Connecting to a remote desktop via RDP
The following specifics must be taken into consideration when connecting to a remote desktop via RDP:
- When connecting to a remote desktop running an Astra Linux operating system (CE or SE) using the xRDP protocol, an expired user password is accepted, but the connection fails. The same applies to using an incorrect user name. Also, there is no way to change the password given such a connection.
- You cannot connect to a remote desktop running a Microsoft Windows operating system with Network Layer Authentication (NLA) enabled if the password has expired. Also, you cannot change the password by yourself given such a connection.
To solve these issues, we recommend contacting your enterprise administrator.
To connect to a remote desktop via RDP:
- Turn on Kaspersky Thin Client.
- In the main window of Kaspersky Thin Client, click the RDP button.
- In the connection window that opens, specify the settings for connecting to the remote desktop:
- In the Server field, specify the IP address or name of the RDP server to which you want to connect.
If a Wallix Bastion privileged user access control system is deployed in your enterprise infrastructure, you can connect to remote desktops through this system by indicating its IP address or server name in the Server field.
Kaspersky Thin Client saves the address of the last RDP server with which a connection was successfully established, so you do not need to enter it again when reconnecting.
- In the User name field, enter the local or domain user name. If you indicate a domain user name, you are not required to indicate the name of the domain. However, you can do so in
Domain\User nameformat.Kaspersky Thin Client saves the user name that last successfully connected to the RDP server, so you do not need to enter it again when reconnecting.
- In the Password field, enter the user password.
The user password is cleared each time you exit the remote desktop connection window.
- In the Server field, specify the IP address or name of the RDP server to which you want to connect.
- Click the Connect button.
If you are connecting to a remote desktop via RDP for the first time and Kaspersky Thin Client is not included in an administration group, check the settings of the added certificate in the opened Adding certificate window and click the Add certificate button.
If Kaspersky Thin Client was previously added to an administration group that is managed through the Kaspersky Security Center Web Console and the Kaspersky Security Center administrator added an RDP server authentication certificate for this administration group, the connection is established automatically.
The certificate for authenticating the RDP server will be added to the system certificate store of Kaspersky Thin Client and will be used for subsequent connections.
After a few seconds, the monitor will show the remote desktop of the computer that you are connected to via RDP.
You can also configure RDP connection settings by clicking Settings.
- Connecting to a remote desktop managed by Basis.WorkPlace
When working with Kaspersky Thin Client via Basis.WorkPlace, the following limitations apply:
- Users cannot be authorized with smart cards in the Basis.WorkPlace connection manager.
- Users cannot initiate a password change in Kaspersky Thin Client.
- Simultaneous connection to multiple remote desktops managed by Basis.WorkPlace is not supported.
The Basis.WorkPlace administrator can restrict access to desktops managed by Basis.WorkPlace. For example, the administrator can lock your user account or block access to remote desktops managed by Basis.WorkPlace that were previously available to your user account. If you encounter any problems connecting to a remote desktop, we recommend contacting your Basis.WorkPlace administrator.
To connect to a remote desktop managed by Basis.WorkPlace:
- Turn on Kaspersky Thin Client.
- In the main window of Kaspersky Thin Client, click the Basis.WorkPlace button.
- In the connection window that opens, specify the Basis.WorkPlace connection settings:
- In the Server field, specify the IP address or name of the Basis.WorkPlace connection manager server.
Kaspersky Thin Client saves the address of the Basis.WorkPlace connection manager with which a connection was successfully established, so you do not need to enter it again when reconnecting.
- In the Domain field, enter the domain name.
- In the User name field, enter the user name.
Kaspersky Thin Client saves the user name that last successfully connected to Basis.WorkPlace, so you do not need to enter it again when reconnecting.
- In the Password field, enter the user password.
The password is cleared each time you exit the window for connecting to desktops managed by Basis.WorkPlace.
If the number of allowed incorrect password entry attempts is exceeded, the user account will be blocked. The corresponding message will be displayed in the remote desktop connection window. The number of allowed password entry attempts is defined by the active security policy set by the Basis.WorkPlace administrator.
- In the Server field, specify the IP address or name of the Basis.WorkPlace connection manager server.
- Click the Connect button.
If you are connecting to a remote desktop managed by Basis.WorkPlace for the first time and Kaspersky Thin Client is not included in an
administration group, check the settings of the added certificate in the opened Adding certificate window and click the Add certificate button.
A set of devices combined according to the performed functions. Devices are grouped for easy management as a whole. A group may include other groups. Group policies can be created for each thin client added to a group.
If Kaspersky Thin Client was previously added to an administration group that is managed through the Kaspersky Security Center Web Console and the Kaspersky Security Center administrator added a certificate for authenticating the Basis.WorkPlace connection broker for this administration group, the connection to a remote desktop managed by Basis.WorkPlace is established automatically.
The certificate for authenticating the Basis.WorkPlace connection broker will be added to the system certificate store of Kaspersky Thin Client and will be used for subsequent connections.
A window for selecting a remote desktop opens showing all desktops that are available for connection.
- If you need to refresh the list of desktops, click the Reload button.
- Click the button with the name of the desktop to which you want to connect.
After a few seconds, the monitor will show the remote desktop to which you are connected.
In the window for connecting to desktops managed by Basis.WorkPlace, you can also configure the connection settings by clicking Settings.
When connecting to a remote desktop, Kaspersky Thin Client uses TLS encryption to protect the connection session and protect data from interception or falsification.