.svg){kind=logo}
MSI Properties and Registry Settings
- 27 Jun 2023
- 4 Minutes to read
- Contributors
- DarkLight
- PDF
MSI Properties and Registry Settings
- Updated on 27 Jun 2023
- 4 Minutes to read
- Contributors
- DarkLight
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
The MSI properties described in this article are for both Citrix® and Local Environments and can be modified to meet the organization's needs.
Citrix® Server
| Parameter Name | Registry Name | Registry Keys Affected | Value | Setting Description |
|---|---|---|---|---|
| TFA_ACTIVECONNECTOR | ActiveConnector | HKEY_LOCAL_MACHINE\SOFTWARE\ HealthCast\ExactAccess\ TFA Settings\ | HCIE81Connect.cls81E2014 | Set this based on the version of Epic Hyperspace to interact with: Epic 2012 set to "HCIE79Connect.cls79E2012", Epic 2014 set to "HCIE81Connect.cls81E2014", and Epic 2015 set to "HCIE82Connect.cls82E2014". |
| TFA_AIE (Not used for 2018 and up) Note: This setting is only needed when installing on the Citrix server. | N/A | N/A | 0 | Set to 1 to install HealthCast "AppInit" DLL (hcinject.dll). This setting is needed to support Warp Drive configurations and Hyperspace login without configuring the Primary Authentication Device. Important: This can only be set using the MSI property at install. Setting this property to a value of 1 will add the following registry settings to windows to configure “hcinject.dll” as an “AppInit” DLL that will start “hciepicsessionmgr.exe” (Epic Session Manager) when Hyperspace is started. 64 Bit Windows: [HKEY_LOCAL_MACHINE\SOFTWARE\ Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="hcinject.dll" "LoadAppInit_DLLs"= dword:00000001 32 Bit Windows: [HKEY_LOCAL_MACHINE\SOFTWARE\ Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="hcinject.dll" "LoadAppInit_DLLs"= dword:00000001 |
| TFA_EDMANAGERENABLED (Not used for 2018 and up) | EDManagerEnabled | HKEY_LOCAL_MACHINE\SOFTWARE\ HealthCast\ExactAccess\TFA Settings | False | If the system has been configured to login without configuring a Hyperspace LWS record, the Epic Session Manager will delay waiting to determine if the Epic Authentication Plug-in will be loaded or not. To disable the wait, set this property to "True". |
| TFA_USEREMOTE | UseRemote | SOFTWARE\HealthCast\hciepicsessionmgr | False | Set to “True” to configure TFA to get the current user context from the endpoint even if XA is installed locally. |
| TFA_HYPERSPACE_SECURE | SecureActive | HKEY_LOCAL_MACHINE\Software\ HeatlhCast\ExactAccess\TFA Settings | False | Indicates the behavior of Hyperspace when a tap-out occurs -- if SecureActive is False (default) - Hyperspace will Log Off. If SecureActive is set to True - then Hyperspace will instead be secured for the current user on Tap Out. |
Citrix Server - Logoff Cleanup
| Parameter Name | Registry Name | Registry Keys Affected | Value | Setting Description |
|---|---|---|---|---|
| TFA_LOGOFFCLEANUP | CallLogoffCleanupOnEpicLogoff | HKEY_LOCAL_MACHINE\SOFTWARE\ HealthCast\ExactAccess\TFA Settings | False | Set to “True” to configure the plugin to call Logoff Cleanup in the published Hyperspace session on the Citrix server when Hyperspace is logged out. This setting is only set on the Citrix Sever. |
| TFA_LOGOFFCLEANUP_SEC | CallLogoffCleanupOnEpicSecure | HKEY_LOCAL_MACHINE\SOFTWARE\ HealthCast\ExactAccess\TFA Settings | False | Set to “True” to configure the plugin to call Logoff Cleanup when Hyperspace is secured. This setting is only set on the Citrix Sever. |
| TFA_LOGOFFCLEANUP_ONLOCK | EnableCleanupOnLock | HKEY_LOCAL_MACHINE\SOFTWARE\ HealthCast\ExactAccess\TFA Settings | False | Set to “True” to configure the plugin to call Logoff Cleanup when “DisableOnBeforeLock" set to "True". This setting is only set on the Citrix Sever. |
| TFA_VERTICAL_OFFSET_FOR_LOGIN_SCREEN | TFA_VERTICAL_OFFSET_FOR_LOGIN_SCREEN | HKEY_LOCAL_MACHINE\SOFTWARE\ HealthCast\ExactAccess\TFA Settings | 160 | This setting defines how far down the Hyperspace window the authentication window should be placed. |
Endpoint - Hyperspace Launching
| Parameter Name | Registry Name | Registry Keys Affected | Value | Setting Description |
|---|---|---|---|---|
| TFA_LAUNCHTYPE | LaunchType | HKEY_LOCAL_MACHINE\SOFTWARE\ HealthCast\ExactAccess\TFA Settings | 0 | Set to "1" to launch locally installed Hyperspace. Set to "2" to launch Hyperspace via Epic Warp Drive. Set to "3" to launch Hyperspace published using pubLauncher.exe. Set to “4” to launch Hyperspace published using pubLauncherSF.exe. |
| TFA_LOGOFF_XA_ON_EPIC_SECURE_LOGOUT | LogoffXAOnEpicSecureLogout | HKEY_LOCAL_MACHINE\SOFTWARE\ HealthCast\ExactAccess\TFA Settings | False | Set to "True" to have ExactAccess client logoff when a user logs off the Hyperspace application and lock the ExactAccess client when a user secures the Hyperspace application. |
| TFA_DISABLE_ONBEFORELOCK | DisableOnBeforeLock | HKEY_LOCAL_MACHINE\SOFTWARE\ HealthCast\ExactAccess\TFA Settings | False | Set to "True" if you do NOT wish to notify the Epic Session Manager when the ExactAccess client is locked. Use this setting to prevent Secure or Logout of Hyperspace when locking the ExactAccess client. |
| TFA_ENABLE_ONBEFORELOCKTIMEOUT | EnableOnBeforeLockTimeout | HKEY_LOCAL_MACHINE\SOFTWARE\ HealthCast\ExactAccess\TFA Settings | False | This is used to trigger an event that indicates that OnBeforeLock event was triggered because of user inactivity. If this is the case, then the normal lock behavior is not followed, Hyperspace will not be secured or logged off, no action will be taken, and Hyperspace will remain in its current state. |
| TFA_ENABLE_ONBEFOREQUITUSER | EnableOnBeforeQuitUser | HKEY_LOCAL_MACHINE\SOFTWARE\ HealthCast\ExactAccess\TFA Settings | True | This setting is enabled by default. This triggers an event to logoff of Hyperspace when a user interactively logs off XA. In standard mode this is triggered in a tap-over scenario, but also shuts down Hyperspace since it doesn’t allow more than one instance from the same workstation name. In Kiosk mode non-locking configurations this setting needs to be set to False. |
Endpoint - Community Connect
| Parameter Name | Registry Name | Registry Keys Affected | Value | Setting Description |
|---|---|---|---|---|
| TFA_EPICUSERCIID | EpicUserCIID | HKEY_LOCAL_MACHINE\SOFTWARE\ HealthCast\hciepicsessionmgr | Not Set | This setting is used in configurations where a different username and password are needed then the domain user account used to login to XA. The setting need is an XA control ID configured for the additional credential. The control ID needed is retrieved when creating an application in the XA administrator. |
| TFA_EPICUSERCIID_CAPTION | EpicUserCIIDCaption | HKEY_LOCAL_MACHINE\SOFTWARE\ HealthCast\hciepicsessionmgr | Not Set | This setting is used in configurations where the Epic login requires a username and password other than the user account used to login to XA. Use this setting to change the caption displayed when prompting user for the username and password needed. |
| TFA_EPICUSERCIID_PROMPT | EpicUserCIIDPrompt | HKEY_LOCAL_MACHINE\SOFTWARE\ HealthCast\hciepicsessionmgr | Not Set | This setting is used in configurations where a different username and password are needed when the domain user account is used to login to ExactAccess. Use this setting to change the prompt displayed when prompting the user for the username and password needed. |
Endpoint - Secondary Authentication
| Parameter Name | Registry Name | Registry Keys Affected | Value | Setting Description |
|---|---|---|---|---|
| TFA_UITIMEOUTSECONDS | UITimeoutSeconds | HKEY_LOCAL_MACHINE\SOFTWARE\ HealthCast\ExactAccess\TFA Settings | 30 | This setting is the number of seconds the re-authentication prompt waits for a user to tap a badge. This setting doesn’t have an impact when the login device is prompting for login only when being called for verification or cosign verification. This setting is configured on the device where Hyperspace is installed. |
Was this article helpful?