Configuring Remote Desktop Features in Horizon 7 Modified for Horizon 7 7.3.2 VMware Horizon 7 7.
Configuring Remote Desktop Features in Horizon 7 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have comments about this documentation, submit your feedback to docfeedback@vmware.com VMware, Inc. 3401 Hillview Ave. Palo Alto, CA 94304 www.vmware.com Copyright © 2017 VMware, Inc. All rights reserved. Copyright and trademark information. VMware, Inc.
Contents 1 Configuring Remote Desktop Features in Horizon 7 5 2 Configuring Remote Desktop Features 6 Configuring Unity Touch 7 Configuring Flash URL Redirection for Multicast or Unicast Streaming Configuring Flash Redirection 14 Configuring HTML5 Multimedia Redirection Configuring Real-Time Audio-Video Configuring Scanner Redirection 20 23 39 Configuring Serial Port Redirection 44 Managing Access to Windows Media Multimedia Redirection (MMR) Managing Access to Client Drive Redirection Configure S
Configuring Remote Desktop Features in Horizon 7 Using Active Directory Group Policies 116 Using Horizon 7 Group Policy Administrative Template Files Horizon 7 ADMX Template Files 117 118 Add the ADMX Template Files to Active Directory 119 VMware View Agent Configuration ADMX Template Settings 120 VMware Virtualization Pack for Skype for Business Policy Settings PCoIP Policy Settings VMware Blast Policy Settings 148 Using Remote Desktop Services Group Policies Filtering Printers for Virtual Pri
Configuring Remote Desktop Features in Horizon 7 1 Configuring Remote Desktop Features in Horizon 7 describes how to configure remote desktop features that are installed with Horizon Agent on virtual machine desktops or on an RDS host. You can also configure policies to control the behavior of desktop and application pools, machines, and users. Intended Audience This information is intended for anyone who wants to configure remote desktop features or policies on virtual machine desktops or RDS hosts.
Configuring Remote Desktop Features 2 Certain remote desktop features that are installed with Horizon Agent can be updated in Feature Pack Update releases as well as in core Horizon 7 releases. You can configure these features to enhance the remote desktop experience for your end users.
Configuring Remote Desktop Features in Horizon 7 Configuring Unity Touch With Unity Touch, tablet and smart phone users can easily browse, search, and open Windows applications and files, choose favorite applications and files, and switch between running applications, all without using the Start menu or Taskbar. You can configure a default list of favorite applications that appear in the Unity Touch sidebar.
Configuring Remote Desktop Features in Horizon 7 The default list of favorite applications list remains in effect when an end user first connects to a desktop that is enabled with Unity Touch. However, if the user configures his or her own favorite application list, the default list is ignored. The user's favorite application list stays in the user's roaming profile and is available when the user connects to different machines in a floating or dedicated pool.
Configuring Remote Desktop Features in Horizon 7 Procedure n (Optional) Create a default list of favorite applications by adding a value to the Windows registry. a Open regedit and navigate to the HKLM\Software\VMware, Inc.\VMware Unity registry setting. On a 64-bit virtual machine, navigate to the HKLM\Software\Wow6432Node\VMware, Inc.\VMware Unity directory. b Create a string value called FavAppList. c Specify the default favorite applications.
Configuring Remote Desktop Features in Horizon 7 n (Optional) Create a default list of favorite applications by running the Horizon Agent installer on a command line directly on a virtual machine. Use the following format. VMware-viewagent-x86_x64-y.y.y-xxxxxx.exe /s /v"/qn UNITY_DEFAULT_APPS=""the list of default favorite apps that should be set in the registry""" Note The preceding command combines installing Horizon Agent with specifying the default list of favorite applications.
Configuring Remote Desktop Features in Horizon 7 2 Verify that the Flash URL Redirection Feature Is Installed Before you use this feature, verify that the Flash URL Redirection feature is installed and running on your virtual desktops. 3 Set Up the Web Pages That Provide Multicast or Unicast Streams To allow Flash URL redirection to take place, you must embed a JavaScript command in the MIME HTML (MHTML) Web pages that provide links to the multicast or unicast streams.
Configuring Remote Desktop Features in Horizon 7 n Horizon Client 2.2 for Windows or a later release The following Horizon Client releases support multicast only (they do not support unicast): Horizon Client computer or client access device n Horizon Client 2.0 or 2.1 for Linux n Horizon Client 5.4 for Windows n Flash URL Redirection is supported on all operating systems that run Horizon Client for Linux on x86 Thin client devices. This feature is not supported on ARM processors.
Configuring Remote Desktop Features in Horizon 7 Set Up the Web Pages That Provide Multicast or Unicast Streams To allow Flash URL redirection to take place, you must embed a JavaScript command in the MIME HTML (MHTML) Web pages that provide links to the multicast or unicast streams. Users display these Web pages in the browsers on their remote desktops to access the video streams.
Configuring Remote Desktop Features in Horizon 7 Procedure u Install Adobe Flash Player on your client devices. Operating System Action Windows Install Adobe Flash Player 10.1 or later for Internet Explorer. Linux a Install the libexpat.so.0 file, or verify that this file is already installed. Ensure that the file is installed in the /usr/lib or /usr/local/lib directory. b Install the libflashplayer.so file, or verify that this file is already installed.
Configuring Remote Desktop Features in Horizon 7 Table 2‑1. Comparison of the Flash Redirection Feature and Flash URL Redirection Item of Differentiation Flash Redirection Flash URL Redirection Horizon Client types that support this feature Windows client only Windows client and Linux client Display protocol PCoIP and VMware Blast.
Configuring Remote Desktop Features in Horizon 7 Horizon Client computer or client access device Display protocols for the remote session n The appropriate group policy settings must be configured. See Install and Configure Flash Redirection. n Flash Redirection is supported on Windows 7, Windows 8, Windows 8.1, and Windows 10 virtual desktops. n Internet Explorer 9, 10, or 11 must be installed with the corresponding Flash ActiveX plug-in.
Configuring Remote Desktop Features in Horizon 7 n Compile a list of the websites that can (a white list) or cannot (a black list) redirect Flash content. n Verify that Flash ActiveX is installed and works properly. To verify the installation, run Internet Explorer and go to https://helpx.adobe.com/flash-player.html. Procedure 1 On the client system, install the ActiveX version of Flash Player (rather than the NPAPI version), if necessary.
Configuring Remote Desktop Features in Horizon 7 c To add the list of host URLs that use or do not use Flash Redirection, open the Hosts Url list to enable FlashMMR setting and select Enabled. d Click Show and enter the complete URLs that you compiled for the white list or black list in the Value Name column. Include the http:// or https:// prefix in the URL. You can use regular expressions. For example, you can specify https://*.google.com and http://www.cnn.com/*.
Configuring Remote Desktop Features in Horizon 7 Procedure 1 Use Horizon Client to access the remote desktop. 2 Open the Windows Registry Editor (regedit.exe) on the remote desktop, navigate to the HKLM\Software\VMware, Inc.\VMware FlashMMR folder, and set FlashRedirection to 1. Note This setting enables the Flash Redirection feature. If this setting is disabled (set to 0) in HKLM\Software\Policies\VMware, Inc.\VMware FlashMMR, Flash Redirection is disabled domain-wide and requires a domain administrat
Configuring Remote Desktop Features in Horizon 7 Configuring HTML5 Multimedia Redirection With HTML5 Multimedia Redirection, if an end user uses the Chrome browser, HTML5 multimedia content is sent to the client system, which reduces the load on the ESXi host. The client system plays the multimedia content and the user has a better audio and video experience.
Configuring Remote Desktop Features in Horizon 7 Install and Configure HTML5 Multimedia Redirection Redirecting HTML5 multimedia content from a remote desktop to the local client system requires installing the HTML5 Multimedia Redirection feature and Chrome browser on the remote desktop, enabling the HTML5 Multimedia Redirection feature, and specifying which websites use this feature.
Configuring Remote Desktop Features in Horizon 7 What to do next Force install the VMware Horizon HTML5 Redirection Extension in the Chrome browser on the remote desktop. See Force Install the VMware Horizon HTML5 Redirection Extension. Force Install the VMware Horizon HTML5 Redirection Extension To use the HTML5 Multimedia Redirection feature, you must force install the VMware Horizon HTML5 Redirection extension on the remote desktop.
Configuring Remote Desktop Features in Horizon 7 5 Click Show and type ljmaegmnepbgjekghdfkgegbckolmcok;https://clients2.google.com/service/update2/crx in the Value column. 6 Click OK to save the extension ID/update URL and then click OK to save the policy setting. 7 Verify that the HTML5 Multimedia Redirection extension is installed on the remote desktop. a Connect to the remote desktop and start Chrome. b Type chrome://extensions in the Chrome address bar.
Configuring Remote Desktop Features in Horizon 7 If users have multiple webcams and audio input devices built in or connected to their client computers, you can configure preferred webcams and audio input devices that will be redirected to their desktops. See Selecting Preferred Webcams and Microphones. Note You can select a preferred audio device, but no other audio configuration options are available.
Configuring Remote Desktop Features in Horizon 7 Display protocols n For information about supported client operating systems, see the Horizon Client installation and setup document for the appropriate system or device. n The webcam and audio device drivers must be installed, and the webcam and audio device must be operable, on the client computer. n To support Real-Time Audio-Video, you do not need to install the device drivers on the remote desktop operating system where the agent is installed.
Configuring Remote Desktop Features in Horizon 7 Selecting Preferred Webcams and Microphones If a client computer has more than one webcam and microphone, you can configure a preferred webcam and default microphone that Real-Time Audio-Video will redirect to the desktop. These devices can be built in or connected to the local client computer. On a Windows client computer that has Horizon Client for Windows 4.
Configuring Remote Desktop Features in Horizon 7 Procedure 1 Open the Settings dialog box and select Real-Time Audio-Video in the left pane. You can open the Settings dialog box by clicking the Settings (gear) icon in the upper right corner of the desktop and application screen, or by right-clicking a desktop or application icon and selecting Settings. 2 Select the preferred webcam from the Preferred webcam drop-down menu and the preferred microphone from the Preferred microphone drop-down menu.
Configuring Remote Desktop Features in Horizon 7 The next time that you connect to a remote desktop and start a call, the desktop uses the default microphone that you selected on the client system. Configuring Real-Time Audio-Video on a Mac Client You can configure Real-Time Audio-Video settings at the command line by using the Mac defaults system. With the defaults system, you can read, write, and delete Mac user defaults by using Terminal (/Applications/Utilities/Terminal.app).
Configuring Remote Desktop Features in Horizon 7 Configure a Preferred Webcam or Microphone on a Mac Client System With the Real-Time Audio-Video feature, if you have multiple webcams or microphones on the client system, only one webcam and one microphone can be used on the remote desktop. You specify which webcam and microphone are preferred at the command line by using the Mac defaults system.
Configuring Remote Desktop Features in Horizon 7 2 Find log entries for the webcam or microphone in the Real-Time Audio-Video log file. a In a text editor, open the Real-Time Audio-Video log file. The Real-Time Audio-Video log file is named ~/Library/Logs/VMware/vmware-RTAV-pid.log, where pid is the process ID of the current session. b Search the Real-Time Audio-Video log file for entries that identify the attached webcams or microphones.
Configuring Remote Desktop Features in Horizon 7 4 In Terminal (/Applications/Utilities/Terminal.app), use the defaults write command to set the preferred webcam or microphone. Option Action Set the preferred webcam Type defaults write com.vmware.rtav srcWCamId "webcam-userid", where webcam-userid is the user ID of the preferred webcam, which you obtained from the Real-Time Audio-Video log file. For example: defaults write com.vmware.
Configuring Remote Desktop Features in Horizon 7 Procedure 1 In the Ubuntu graphical user interface, select System > Preferences > Sound. You can alternatively click the Sound icon on the right side of the toolbar at the top of the screen. 2 Click the Input tab in the Sound Preferences dialog box. 3 Select the preferred device and click Close.
Configuring Remote Desktop Features in Horizon 7 Procedure 1 Launch the client, and start a webcam or microphone application to trigger an enumeration of camera devices or audio devices to the client log. a Attach the webcam or audio device you want to use. b Use the command vmware-view to start Horizon Client. c Start a call and then stop the call. This process creates a log file. VMware, Inc.
Configuring Remote Desktop Features in Horizon 7 2 Find log entries for the webcam or microphone. a Open the debug log file with a text editor. The log file with real-time audio-video log messages is located at /tmp/vmware/vmware-RTAV-.log. The client log is located at /tmp/vmware/vmware-view-.log. b Search the log file to find the log file entries that reference the attached webcams and microphones.
Configuring Remote Desktop Features in Horizon 7 Warnings are shown if any of the source audio levels for the selected device do not meet the PulseAudio criteria if the source is not set to 100% (0dB), or if the selected source device is muted, as follows: vthread-18| I120: RTAV: static pa_source_info*, int, void*) vthread-18| I120: RTAV: static pa_source_info*, int, void*) - 3 void AudioCaptureLin::PulseAudioSourceInfoCB(pa_context*, const Note, selected device channel volume: 0: 67% void AudioCaptureLi
Configuring Remote Desktop Features in Horizon 7 For information about configuring settings on client systems, see the VMware knowledge base article, Setting Frame Rates and Resolution for Real-Time Audio-Video on Horizon View Clients, at http://kb.vmware.com/kb/2053644. Add the RTAV ADMX Template in Active Directory and Configure the Settings You can add the policy settings in the RTAV ADMX file (vdm_agent_rtav.
Configuring Remote Desktop Features in Horizon 7 What to do next Configure the group policy settings. Real-Time Audio-Video Group Policy Settings The Real-Time Audio-Video (RTAV) group policy settings control the virtual webcam's maximum frame rate and maximum image resolution. An additional setting lets you disable or enable the RTAV feature. These policy settings affect remote desktops, not the client systems where the physical devices are connected.
Configuring Remote Desktop Features in Horizon 7 Group Policy Setting Description Resolution Max image width in pixels Determines the maximum width, in pixels, of image frames that are captured by the webcam. By setting a low maximum image width, you can lower the resolution of captured frames, which can improve the imaging experience in low-bandwidth network environments. When this setting is not configured or disabled, a maximum image width is not set.
Configuring Remote Desktop Features in Horizon 7 Table 2‑3. Sample Bandwidth Results for Sending Real-Time Audio-Video Data from Horizon Client to Horizon Agent Image Resolution (Width x Height) Bandwidth Used (Kbps) 160 x 120 225 320 x 240 320 640 x 480 600 Configuring Scanner Redirection By using scanner redirection, Horizon 7 users can scan information in their remote desktops and applications with scanning and imaging devices that are connected locally to their client computers.
Configuring Remote Desktop Features in Horizon 7 n 32-bit or 64-bit Windows 8.x n 32-bit or 64-bit Windows 10 n Windows Server 2008 R2 configured as a desktop or RDS host n Windows Server 2012 R2 configured as a desktop or RDS host Important The Desktop Experience feature must be installed on Windows Server guest operating systems, whether they are configured as desktops or as RDS hosts.
Configuring Remote Desktop Features in Horizon 7 n When you click the scanner icon, the Scanner Redirection for VMware Horizon menu is displayed. No scanners appear in the menu list if incompatible scanners are connected to the client computer. n By default, scanning devices are autoselected. TWAIN and WIA scanners are selected separately. You can have one TWAIN scanner and one WIA scanner selected at the same time.
Configuring Remote Desktop Features in Horizon 7 These policy settings affect your remote desktops and applications, not the client systems where the physical scanners are connected. To configure these settings on your desktops and applications, add the Scanner Redirection Group Policy Administrative Template (ADMX) file in Active Directory. Add the Scanner Redirection ADMX Templates in Active Directory You can add the policy settings in the scanner redirection ADMX template file (vdm_agent_scanner.
Configuring Remote Desktop Features in Horizon 7 Most settings are also added to the User Configuration folder, located in User Configuration > Policies > Administrative Templates > VMware View Agent Configuration > Scanner Redirection folder. What to do next Configure the group policy settings.
Configuring Remote Desktop Features in Horizon 7 Group Policy Setting Computer User Description Hide Webcam X X Prevents webcams from appearing in the scanner selection menu in the VMware Horizon Scanner Redirection Preferences dialog box. By default, webcams can be redirected to desktops and applications. Users can select webcams and use them as virtual scanners to capture images.
Configuring Remote Desktop Features in Horizon 7 After you install Horizon Agent and set up the serial port redirection feature, the feature can work on your remote desktops without further configuration. For example, COM1 on the local client system is redirected as COM1 on the remote desktop, and COM2 is redirected as COM2, unless a COM port already exists on the remote desktop. If so, the COM port is mapped to avoid conflicts.
Configuring Remote Desktop Features in Horizon 7 This feature is not currently supported for Windows Server RDS hosts. Serial port device drivers do not have to be installed on the desktop operating system where the agent is installed. Horizon Client computer or client access device Display protocols n Serial port redirection is supported on Windows 7, Windows 8.x client systems, and Windows 10.
Configuring Remote Desktop Features in Horizon 7 When the COM port is connected, you can open the port in a 3rd-party application, which can exchange data with the COM port device that is connected to the client machine. While a port is open in an application, you cannot disconnect the port in the Serial COM Redirection for VMware Horizon menu. Before you can disconnect the COM port, you must close the port in the application or close the application.
Configuring Remote Desktop Features in Horizon 7 n If your users are knowledge workers who use a variety of 3rd-party applications and might also use their COM ports locally on their client machines, make sure that users can connect and disconnect from the redirected COM ports. You might set the PortSettings policy setting if the default port mappings are incorrect. You might or might not set the Autoconnect item, depending on your users' requirements. Do not enable the Lock Configuration policy setting.
Configuring Remote Desktop Features in Horizon 7 Procedure 1 Download the Horizon 7 GPO Bundle .zip file from the VMware download site at https://my.vmware.com/web/vmware/downloads. Under Desktop & End-User Computing, select the VMware Horizon 7 download, which includes the GPO Bundle. The file is named VMware-Horizon-Extras-Bundle-x.x.x-yyyyyyy.zip, where x.x.x is the version and yyyyyyy is the build number. All ADMX files that provide group policy settings for Horizon 7 are available in this file.
Configuring Remote Desktop Features in Horizon 7 Group Policy Setting Computer User Description PortSettings1 X X The port settings determine the mapping between the COM port on the client system and the redirected COM port on the remote desktop and determines other settings that affect the redirected COM port. You configure each redirected COM port individually.
Configuring Remote Desktop Features in Horizon 7 Group Policy Setting Computer User Description When the port settings policy setting is disabled or not configured, the redirected COM port uses the settings that users configure on the remote desktop. The Serial COM Redirection for VMware Horizon menu options are active and available to users. These settings are in the VMware View Agent Configuration > Serial COM > PortSettings folder in the Group Policy Management Editor.
Configuring Remote Desktop Features in Horizon 7 Configure USB to Serial Adapters You can configure USB to Serial adapters that use a Prolific chipset to be redirected to remote desktops by the serial port redirection feature. To ensure that data is transmitted properly on Prolific chipset adapters, you can enable a serial port redirection group policy setting in Active Directory or on an individual desktop virtual machine.
Configuring Remote Desktop Features in Horizon 7 Managing Access to Windows Media Multimedia Redirection (MMR) Horizon 7 provides the Windows Media MMR feature for VDI desktops that run on single-user machines and for RDS desktops. MMR delivers the multimedia stream directly to client computers. With MMR, the multimedia stream is processed, that is, decoded, on the client system. The client system plays the media content, thereby offloading the demand on the ESXi host.
Configuring Remote Desktop Features in Horizon 7 n Windows Server 2016 is a Tech Preview feature. Windows Media Player is supported. The default player TV & Movies is not supported. n 64-bit or 32-bit Windows 7 SP1 Enterprise or Ultimate (single-user machine). Windows 7 Professional is not supported. n 64-bit or 32-bit Windows 8/8.
Configuring Remote Desktop Features in Horizon 7 Determine Whether to Use Windows Media MMR Based on Network Latency By default, Windows Media MMR adapts to network conditions on single-user desktops that run on Windows 8 or later and RDS desktops that run on Windows Server 2012 or 2012 R2 or later. If the network latency between Horizon Client and the remote desktop is 29 milliseconds or lower, the video is redirected with Windows Media MMR.
Configuring Remote Desktop Features in Horizon 7 Managing Access to Client Drive Redirection When you deploy Horizon Client and Horizon Agent with client drive redirection, folders and files are sent across the network with encryption. Client drive redirection connections between clients and the View Secure Gateway and connections from the View Secure Gateway to desktop machines are secure. If VMware Blast is enabled, files and folders are transferred across a virtual channel with encryption.
Configuring Remote Desktop Features in Horizon 7 Procedure 1 On your Active Directory server, open the Group Policy Management Editor and navigate to Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection. 2 Open the Do not allow drive redirection group policy setting, select Enabled, and click OK.
Configuring Remote Desktop Features in Horizon 7 If you set name to *all, all client drives are shared with the remote desktop. The *all setting is supported only on Windows client systems. HKLM\Software\VMware, Inc.\VMware TSDR\default shares\1st\name=*all To prevent the client from sharing additional folders (that is, folders that are not specified with the default shares key), create a string value named ForcedByAdmin and set its value to true. HKLM\Software\VMware, Inc.\VMware TSDR\ForcedByAdmin=true
Configuring Remote Desktop Features in Horizon 7 Configure Skype for Business You can make optimized audio and video calls with Skype for Business inside a virtual desktop without negatively affecting the virtual infrastructure and overloading the network. All media processing takes place on the client machine instead of in the virtual desktop during Skype audio and video call.
Configuring Remote Desktop Features in Horizon 7 n Music on hold n Custom ringtones n Voicemail integration n USB phones n Published applications support n Forward Error Correction (FEC) with audio and video n Multiparty audio or video conferencing n Meet Now conferencing n Whiteboarding and screensharing System Requirements This feature supports these configurations. Table 2‑4.
Configuring Remote Desktop Features in Horizon 7 Table 2‑4. Skype for Business System Requirements (Continued) System Requirements Client machine operating systems n Windows 7 SP1 n Windows 8.1 n Windows 10 n WES7 n Windows 10 IoT n Ubuntu 14.04 32-bit n Ubuntu 14.04 64-bit n Ubuntu 16.04 64-bit n RHEL 6.9 32-bit n RHEL 6.9 64-bit n RHEL 7.3 64-bit n CentOS 6.x 32-bit n CentOS 6.
Configuring Remote Desktop Features in Horizon 7 n The Lync 2013 client UI is not supported when connecting Skype 2015 client to a Lync 2013 server. An administrator can configure Skype client UI on the server: https://social.technet.microsoft.com/wiki/contents/articles/30282.switch-between-skype-for-businessand-lync-client-ui.aspx n In the video preview window, if you want to preview a different camera than the one listed, select the device, then close the dialog, then re-open it to preview it.
Configuring Remote Desktop Features in Horizon 7 The default log level is 7, where the log level size and crash dumps are small. You can increase the log level to 8 for maximum logs and full crash dumps. All settings are DWORD: n Client: HKEY_CURRENT_USER/SOFTWARE/VMware, Inc./VMWMediaProvider/DebugLogging/LoggingPriority = 8 n Agent: HKEY_CURRENT_USER/SOFTWARE/VMware, Inc./VMWMediaProviderProxy/DebugLogging/LoggingPriority = 8 n Agent: HKEY_CURRENT_USER/SOFTWARE/VMware, Inc.
Configuring URL Content Redirection 3 With the URL Content Redirection feature, you can configure specific URLs to open on the client machine or in a remote desktop or application. You can redirect URLs that users type in the Internet Explorer address bar or in an application.
Configuring Remote Desktop Features in Horizon 7 You can redirect some URLs from a remote desktop or application to a client, and redirect other URLs from a client to a remote desktop or application. You can redirect any number of protocols, including HTTP, HTTPS, mailto, and callto. Requirements for URL Content Redirection To use the URL Content Redirection feature, your client machines, remote desktop machines, and RDS hosts must meet certain requirements. Windows clients Horizon Client 4.
Configuring Remote Desktop Features in Horizon 7 When a user uses Horizon Client to log in to a Connection Server instance in the pod federation, the Connection Server instance looks for all of the local and global URL content redirection settings assigned to the user. The local and global settings are merged and used whenever the user clicks a URL on the client machine.
Configuring Remote Desktop Features in Horizon 7 Add the URL Content Redirection ADMX Template to a GPO The URL Content Redirection ADMX template file, called urlRedirection.admx, contains settings that enable you to control whether a URL link is opened on the client (agent-to-client redirection) or in a remote desktop or application (client-to-agent redirection).
Configuring Remote Desktop Features in Horizon 7 3 On your Active Directory server, open the Group Policy Management Editor. The URL Content Redirection group policy settings are installed in Computer Configuration > Policies > Administrative Templates > VMware Horizon URL Redirection. What to do next Configure the group policy settings.
Configuring Remote Desktop Features in Horizon 7 Table 3‑1. URL Content Redirection Group Policy Settings (Continued) Setting Properties Url Redirection Protocol 'http' For all URLs that use the HTTP protocol, specifies the URLs that should be redirected. This setting has the following options: n brokerHostname - IP address or fully qualified name of the Connection Server host to use when redirecting URLs to a remote desktop or application.
Configuring Remote Desktop Features in Horizon 7 Entry Description .* Specifies that all URLs are redirected. If you use this setting for agent rules (agentRules option), all URLs are opened in the specified remote desktop or application. If you use this setting for client rules (clientRules option), all URLs are redirected to the client. .*.acme.com;.*.example.com Specifies that all URLs that include the text .acme.com or example.com are redirected.
Configuring Remote Desktop Features in Horizon 7 Configuring Client-to-Agent Redirection With client-to-agent redirection, Horizon Client opens a remote desktop or application to handle a URL link that a user clicks on the client. If a remote desktop is opened, the default application for the protocol in the URL processes the URL. If a remote application is opened, the application processes the URL. To use client-to-agent redirection, perform the following configuration tasks.
Configuring Remote Desktop Features in Horizon 7 Using the vdmutil Command-Line Utility You can use the vdmutil command-line interface to create, assign, and manage URL content redirection settings for client-to-agent redirection. Note You must use the vdmutil command to configure client-to-agent redirection for Mac clients. Because GPOs are not supported by macOS, you cannot use GPOs to configure client-to-agent configuration if you have Mac clients.
Configuring Remote Desktop Features in Horizon 7 Command Output The vdmutil command returns 0 when an operation succeeds and a failure-specific non-zero code when an operation fails. The vdmutil command writes error messages to standard error. When an operation produces output, or when verbose logging is enabled by using the --verbose option, the vdmutil command writes output to standard output in US English.
Configuring Remote Desktop Features in Horizon 7 To create a global URL content redirection setting, which is visible across the pod federation, see Create a Global URL Content Redirection Setting. Prerequisites Become familiar with vdmutil command-line interface options and requirements and verify that you have sufficient privileges to run the the vdmutil command. See Using the vdmutil Command-Line Utility. Procedure 1 Log in to the Connection Server instance.
Configuring Remote Desktop Features in Horizon 7 Example: Creating a Local URL Content Redirection Setting The following example creates a local URL content redirection setting called url-filtering that redirects all client URLs that include the text http://google.* to the application pool called iexplore2012. VdmUtil --createURLSetting --urlSettingName url-filtering --urlScheme http --entitledApplication iexplore2012 --agentURLPattern "http://google.
Configuring Remote Desktop Features in Horizon 7 To create a local URL content redirection setting, see Create a Local URL Content Redirection Setting. Prerequisites Become familiar with vdmutil command-line interface options and requirements and verify that you have sufficient privileges to run the the vdmutil command. See Using the vdmutil Command-Line Utility. Procedure 1 Log in to any Connection Server instance in the pod federation.
Configuring Remote Desktop Features in Horizon 7 Example: Configuring a Global URL Content Redirection Setting The following example creates a global URL content redirection setting called Operations-Setting that redirects all client URLs that include the text http://google.* to the global application entitlement called GAE1. vdmutil --createURLSetting --urlSettingName Operations-Setting --urlRedirectionScope GLOBAL --urlScheme http --entitledApplication GAE1 --agentURLPattern "http://google.
Configuring Remote Desktop Features in Horizon 7 n To assign a URL content redirection setting to a group, run the vdmutil command with the --addGroupURLSetting option. vdmutil --addGroupURLSetting --urlSettingName value --groupName value Option Description --urlSettingName Name of the URL content redirection setting to assign. --groupName Name of the Active Directory group in domain\group format.
Configuring Remote Desktop Features in Horizon 7 The command displays detailed information about the URL content redirection setting. For example, the following command output for the url-filtering setting shows that HTTP and HTTPS URLs that contain the text google.* are redirected from the client to the local application pool named iexplore2012.
Configuring Remote Desktop Features in Horizon 7 Run the vdmutil command with the --readURLSetting to view detailed information about a particular URL content redirection setting. vdmutil --readURLSetting --urlSettingName value Deleting a Setting Run the vdmutil command with the --deleteURLSetting option to delete a URL content redirection setting.
Configuring Remote Desktop Features in Horizon 7 Using Group Policy Settings to Configure Client-to-Agent Redirection The URL Content Redirection ADMX template file (urlRedirection.admx) contains group policy settings that you can use to create rules that redirect URLs from the client to a remote desktop or application (client-to-agent redirection). Note The preferred method for configuring client-to-agent redirection is to use the vdmutil commandline interface.
Configuring Remote Desktop Features in Horizon 7 Unsupported URL Content Redirection Features The URL Content Redirection feature does not work in certain circumstances. Shortened URLs Shortened URLs, such as https://goo.gl/abc, can be redirected based on filtering rules, but the filtering mechanism does not examine the original unshortened URL. For example, if you have a rule that redirects URLs that contain acme.com, an original URL, such as http://www.acme.
Configuring Remote Desktop Features in Horizon 7 Windows 10 Universal App Is the Default Handler for a Protocol URL redirection does not work if a Windows 10 Universal app is the default handler for a protocol specified in a link. Universal applications are built on the Universal Windows Platform so that they can be downloaded to PCs, tablets, and phones, include the Microsoft Edge browser, Mail, Maps, Photos, Grove Music and others.
Using USB Devices with Remote Desktops and Applications 4 Administrators can configure the ability to use USB devices, such as thumb flash drives, cameras, VoIP (voice-over-IP) devices, and printers, from a remote desktop. This feature is called USB redirection, and it supports using the Blast Extreme, PCoIP, or Microsoft RDP display protocol. A remote desktop can accommodate up to 128 USB devices.
Configuring Remote Desktop Features in Horizon 7 This section includes the following topics: n Limitations Regarding USB Device Types n Overview of Setting Up USB Redirection n Network Traffic and USB Redirection n Automatic Connections to USB Devices n Deploying USB Devices in a Secure Horizon 7 Environment n Using Log Files for Troubleshooting and to Determine USB Device IDs n Using Policies to Control USB Redirection n Troubleshooting USB Redirection Problems Limitations Regarding USB De
Configuring Remote Desktop Features in Horizon 7 The file structure can be very large, depending on the format. Large USB disk drives can take several minutes to appear in the desktop. Formatting a USB device as NTFS rather than FAT helps to decrease the initial connection time. An unreliable network link causes retries, and performance is further reduced. Similarly, USB CD/DVD readers, as well as scanners and touch devices such as signature tablets, do not work well over a latent network such as a WAN.
Configuring Remote Desktop Features in Horizon 7 2 When you run the VMware Horizon Client installation wizard on the client system, be sure to include the USB Redirection component. This component is included by default. 3 Verify that access to USB devices from a remote desktop or application is enabled in View Administrator. In View Administrator, go to Policies > Global Policies and verify that USB access is set to Allow.
Configuring Remote Desktop Features in Horizon 7 You can configure the USB over Session Enhancement SDK feature to avoid opening TCP port 32111. See Enabling the USB Over Session Enhancement SDK Feature. Note If you are using a zero client, USB traffic is redirected using a PCoIP virtual channel, rather than through TCP port 32111. Data is encapsulated and encrypted by the PCoIP Secure Gateway using TCP/UDP port 4172. If you are using only zero clients, it is not necessary to open TCP port 32111.
Configuring Remote Desktop Features in Horizon 7 the Real-Time Audio-Video feature. In some cases, a USB device might not be excluded from redirection by default but might require administrators to explicitly exclude the device from redirection. For example, the following types of USB devices are not good candidates for USB redirection and must not be automatically connected to a remote desktop: n USB Ethernet devices.
Configuring Remote Desktop Features in Horizon 7 n In Horizon Administrator, edit the USB access policy for a specific pool to either deny or allow access. With this approach, you do not have to change the desktop image and can control access to USB devices in specific desktop and application pools. Only the global USB access policy is available for RDS desktop and application pools. You cannot set this policy for individual RDS desktop or application pools.
Configuring Remote Desktop Features in Horizon 7 Disabling USB Redirection for Specific Devices Some users might have to redirect specific locally-connected USB devices so that they can perform tasks on their remote desktops or applications. For example, a doctor might have to use a Dictaphone USB device to record patients' medical information. In these cases, you cannot disable access to all USB devices. You can use group policy settings to enable or disable USB redirection for specific devices.
Configuring Remote Desktop Features in Horizon 7 Another risk can arise when a remote user logs into a desktop or application and infects it. You can prevent USB access to any Horizon 7 connections that originate from outside the company firewall. The USB device can be used internally but not externally. Be aware that if you block TCP port 32111 to disable external access to USB devices, time zone synchronization will not work because port 32111 is also used for time zone synchronization.
Configuring Remote Desktop Features in Horizon 7 Using Policies to Control USB Redirection You can configure USB policies for both the remote desktop or application (Horizon Agent) and Horizon Client. These policies specify whether the client device should split composite USB devices into separate components for redirection.
Configuring Remote Desktop Features in Horizon 7 Configuring Device Splitting Policy Settings for Composite USB Devices Composite USB devices consist of a combination of two or more different devices, such as a video input device and a storage device or a microphone and a mouse device. If you want to allow one or more of the components to be available for redirection, you can split the composite device into its component interfaces, exclude certain interfaces from redirection and include others.
Configuring Remote Desktop Features in Horizon 7 Horizon 7 applies the device splitting policy settings before it applies any filter policy settings. If you have enabled automatic splitting and do not explicitly exclude a composite USB device from being split by specifying its vendor and product IDs, Horizon 7 examines each interface of the composite USB device to decide which interfaces should be excluded or included according to the filter policy settings.
Configuring Remote Desktop Features in Horizon 7 Horizon Agent does not apply the device splitting policy settings on its side of the connection. Horizon Client evaluates the device splitting policy settings in the following order of precedence. n Exclude Vid/Pid Device From Split n Split Vid/Pid Device A device splitting policy setting that excludes a device from being split takes precedence over any policy setting to split the device.
Configuring Remote Desktop Features in Horizon 7 The device splitting policies are included in the Horizon Agent Configuration ADMX template file (vdm_agent.admx). Interaction of Agent-Enforced USB Settings The following table shows the modifiers that specify how Horizon Client handles a Horizon Agent filter policy setting for an agent-enforceable setting if an equivalent filter policy setting exists for Horizon Client. Table 4‑7.
Configuring Remote Desktop Features in Horizon 7 Table 4‑9.
Configuring Remote Desktop Features in Horizon 7 If you configure a policy setting to exclude devices based on vendor and product ID values, Horizon Client excludes a device whose vendor and product ID values match this policy setting even though you might have configured an Allow policy setting for the family to which the device belongs. The order of precedence for policy settings resolves conflicts between policy settings.
Configuring Remote Desktop Features in Horizon 7 n For all users in a desktop pool, block audio and video devices to ensure that these devices will always be available for the Real-Time Audio-Video feature. Use an agent-side setting:: Exclude Device Family: o:video;audio Note that another strategy would be to exclude specific devices by vendor and product ID.
Configuring Remote Desktop Features in Horizon 7 Table 4‑10. USB Device Families (Continued) Device Family Name Description physical Force feedback devices such as force feedback joysticks. printer Printing devices. security Security devices such as fingerprint readers. smart-card Smart-card devices. storage Mass storage devices such as flash drives and external hard disk drives. unknown Family not known. vendor Devices with vendor-specific functions. video Video-input devices.
Configuring Remote Desktop Features in Horizon 7 Table 4‑11. Horizon Agent Configuration Template: Device-Splitting Settings Setting Properties Allow Auto Device Splitting Allows the automatic splitting of composite USB devices. Property: AllowAutoDeviceSplitting The default value is undefined, which equates to false. Exclude Vid/Pid Device from Split Excludes a composite USB device specified by vendor and product IDs from splitting.
Configuring Remote Desktop Features in Horizon 7 Table 4‑12. Horizon Agent Configuration Template: Agent-Enforced Settings Setting Properties Exclude All Devices Excludes all USB devices from being forwarded. If set to true, you can use other policy Property: ExcludeAllDevices settings to allow specific devices or families of devices to be forwarded. If set to false, you can use other policy settings to prevent specific devices or families of devices from being forwarded.
Configuring Remote Desktop Features in Horizon 7 Table 4‑13. Horizon Agent Configuration Template: Client-Interpreted Settings Setting Properties Allow Audio Input Devices Allows audio input devices to be forwarded. Property: AllowAudioIn The default value is undefined, which equates to true. Allow Audio Output Devices Allows audio output devices to be forwarded. Property: AllowAudioOut The default value is undefined, which equates to false.
Configuring Remote Desktop Features in Horizon 7 n Webcams are not supported for redirection. n The redirection of USB audio devices depends on the state of the network and is not reliable. Some devices require a high data throughput even when they are idle. n USB redirection is not supported for boot devices. If you run Horizon Client on a Windows system that boots from a USB device, and you redirect this device to the remote desktop, the local operating system might become unresponsive or unusable.
Configuring Remote Desktop Features in Horizon 7 n Examine the log on the guest for entries of class ws_vhub, and the log on the client for entries of class vmware-view-usbd. Entries with these classes are written to the logs if a user is not an administrator, or if the USB redirection drivers are not installed or are not working. For the location of these log files, see "Using Log Files for Troubleshooting and to Determine USB Device IDs" in the Configuring Remote Desktop Features in Horizon 7 document.
Configuring Policies for Desktop and Application Pools 5 You can configure policies to control the behavior of desktop and application pools, machines, and users. You use Horizon Administrator to set policies for client sessions. You can use Active Directory group policy settings to control the behavior of Horizon Agent, Horizon Client for Windows, and features that affect single-user machines, RDS hosts, PCoIP, or VMware Blast.
Configuring Remote Desktop Features in Horizon 7 User-level policies inherit settings from the equivalent desktop pool-level policy settings. Similarly, desktop pool-level policies inherit settings from the equivalent global policy settings. A desktop pool-level policy setting takes precedence over the equivalent global policy setting. A user-level policy setting takes precedence over the equivalent global and desktop pool-level policy settings.
Configuring Remote Desktop Features in Horizon 7 Configure Policies for Users You can configure user-level policies to affect specific users. User-level policy settings always take precedence over their equivalent global and desktop pool-level policy settings. Prerequisites Familiarize yourself with the policy descriptions. See Horizon 7 Policies. Procedure 1 In Horizon Administrator, select Catalog > Desktop Pools. 2 Double-click the ID of the desktop pool and click the Policies tab.
Configuring Remote Desktop Features in Horizon 7 Table 5‑1. Horizon Policies Policy Description Multimedia redirection (MMR) Determines whether MMR is enabled for client systems. MMR is a Windows Media Foundation filter that forwards multimedia data from specific codecs on remote desktops directly through a TCP socket to the client system. The data is then decoded directly on the client system, where it is played. The default value is Deny.
Configuring Remote Desktop Features in Horizon 7 Installing User Environment Manager To use Smart Policies to control the behavior of remote desktop features on a remote desktop, you must install User Environment Manager 9.0 or later on the remote desktop. You can download the User Environment Manager installer from the VMware Downloads page. You must install the VMware UEM FlexEngine client component on each remote desktop that you want to manage with User Environment Manager.
Configuring Remote Desktop Features in Horizon 7 n To ensure that Horizon Smart Policy settings are refreshed when users reconnect to desktop sessions, use the User Environment Manager Management Console to create a triggered task. Set the trigger to Reconnect session, set the action to User Environment refresh, and select Horizon Smart Policies for the refresh.
Configuring Remote Desktop Features in Horizon 7 In general, Horizon smart policy settings that you configure for remote desktop features in User Environment Manager override any equivalent registry key and group policy settings. Bandwidth Profile Reference With Smart Policies, you can use the Bandwidth profile policy setting to configure a bandwidth profile for PCoIP or Blast sessions on remote desktops. Table 5‑3.
Configuring Remote Desktop Features in Horizon 7 Table 5‑4 describes the predefined properties that you can select from the Properties drop-down menu when you use the Horizon Client Property condition. Each predefined property corresponds to a ViewClient_ registry key. Table 5‑4. Predefined Properties for the Horizon Client Property Condition Property Corresponding Registry Key Description Client location ViewClient_Broker_GatewayLocation Specifies the location of the user's client system.
Configuring Remote Desktop Features in Horizon 7 Using Other Conditions The User Environment Manager Management Console provides many conditions. The following conditions can be especially useful when creating policies for remote desktop features. Group Member You can use this condition to configure the policy to take effect only if a user is a member of a specific group.
Configuring Remote Desktop Features in Horizon 7 2 Right-click Horizon Smart Policies and select Create Horizon Smart Policy definition to create a new smart policy. The Horizon Smart Policy dialog box appears. 3 Select the Settings tab and define the smart policy settings. a In the General Settings section, type a name for the smart policy in the Name text box. For example, if the smart policy will affect the client drive redirection feature, you might name the smart policy CDR.
Configuring Remote Desktop Features in Horizon 7 Creating an OU for Remote Desktops Create an organizational unit (OU) in Active Directory specifically for your remote desktops. To prevent group policy settings from being applied to other Windows servers or workstations in the same domain as your remote desktops, create a GPO for your Horizon 7 group policies and link it to the OU that contains your remote desktops.
Configuring Remote Desktop Features in Horizon 7 Horizon 7 ADMX Template Files The Horizon 7 ADMX template files provide group policy settings that allow you to control and optimize Horizon 7 components. Table 5‑5. Horizon ADMX Template Files Template Name Template File Description VMware View Agent Configuration vdm_agent.admx Contains policy settings related to the authentication and environmental components of Horizon Agent. VMware Horizon Client Configuration vdm_client.
Configuring Remote Desktop Features in Horizon 7 Table 5‑5. Horizon ADMX Template Files (Continued) Template Name Template File Description Remote Desktop Services vmware_rdsh_server.admx Contains policy settings related to Remote Desktop Services. See Using Remote Desktop Services Group Policies. View RTAV Configuration vdm_agent_rtav.admx Contains policy settings related to webcams that are used with the Real-Time Audio-Video feature. See Real-Time Audio-Video Group Policy Settings.
Configuring Remote Desktop Features in Horizon 7 The file is named VMware-Horizon-Extras-Bundle-x.x.x-yyyyyyy.zip, where x.x.x is the version and yyyyyyy is the build number. All ADMX files that provide group policy settings for Horizon 7 are available in this file. 2 Unzip the VMware-Horizon-Extras-Bundle-x.x.x-yyyyyyy.zip file and copy the ADMX files to your Active Directory server. a Copy the .admx files and the en-US folder to the %systemroot%\PolicyDefinitions folder on your Active Directory server.
Configuring Remote Desktop Features in Horizon 7 Table 5‑6. VMware View Agent Configuration Template Settings Setting Computer AllowDirectRDP X User Properties Determines whether clients other than Horizon Client devices can connect directly to remote desktops with RDP. When this setting is disabled, the agent permits only Horizon-managed connections through Horizon Client. When connecting to a remote desktop from Horizon Client for Mac, do not disable the AllowDirectRDP setting.
Configuring Remote Desktop Features in Horizon 7 Table 5‑6. VMware View Agent Configuration Template Settings (Continued) Setting Computer CommandsToRunOnReconnect X User Properties Specifies a list of commands or command scripts to be run when a session is reconnected after a disconnect. This setting is in the VMware View Agent Configuration > Agent Configuration folder in the Group Policy Management Editor. See Running Commands on Horizon Desktops for more information.
Configuring Remote Desktop Features in Horizon 7 Table 5‑6. VMware View Agent Configuration Template Settings (Continued) Setting Computer Enable multi-media acceleration X User Properties Determines whether multimedia redirection (MMR) is enabled on the remote desktop. MMR is a Windows Media Foundation filter that forwards multimedia data from specific codecs on the remote system directly through a TCP socket to the client. The data is then decoded directly on the client, where it is played.
Configuring Remote Desktop Features in Horizon 7 Table 5‑6. VMware View Agent Configuration Template Settings (Continued) Setting Computer User UnAuthenticatedAccessEnabled Properties Enables or disables the unauthenticated access feature. When this setting is enabled, unauthenticated access users can access published applications from a Horizon Client without requiring AD credentials.
Configuring Remote Desktop Features in Horizon 7 Table 5‑6. VMware View Agent Configuration Template Settings (Continued) Setting Computer Limit usage of Windows hooks X User Properties Disables most hooks when remote applications or Unity Touch are used. This setting is intended for applications that have compatibility issues when OS-level hooks are set. For example, enabling this setting disables the use of most Windows active accessibility and in-process hooks.
Configuring Remote Desktop Features in Horizon 7 Table 5‑6. VMware View Agent Configuration Template Settings (Continued) Setting Computer Set proxy for Java applet X User Properties Sets the proxy for Java applets. The following options are available: n Use client ip transparency for Java proxy - directs a remote connection to use the client's IP address instead of the IP address of the remote desktop machine for Java applets.
Configuring Remote Desktop Features in Horizon 7 Note The Connect using DNS Name setting was removed in the Horizon 6 version 6.1 release. You can set the Horizon 7 LDAP attribute, pae-PreferDNS, to tell Horizon Connection Server to give preference to DNS names when sending the addresses of desktop machines and RDS hosts to clients and gateways. See "Give Preference to DNS Names When Horizon Connection Server Returns Address Information" in the View Installation document.
Configuring Remote Desktop Features in Horizon 7 Table 5‑7. Client System Information Registry Key Description ViewClient_IP_Address The IP address of the client system. ViewClient_MAC_Address The MAC address of the client system.
Configuring Remote Desktop Features in Horizon 7 Table 5‑7. Client System Information (Continued) Registry Key Description ViewClient_Broker_Tunneled The status of the tunnel connection for the View Connection Server, which can be either true Supports Nested Mode Supported Desktops VDI (single-user machine) RDS Supported Client Systems Value is sent directly from View Connection Server, not gathered by Horizon Client. (enabled) or false (disabled).
Configuring Remote Desktop Features in Horizon 7 Table 5‑7. Client System Information (Continued) Supports Nested Mode Registry Key Description ViewClient_Displays.Topolo gy Specifies the arrangement, resolution, and dimensions of displays on the client. VDI (single-user machine) Specifies the type of keyboard being used on the client. For example: Japanese, Korean. VDI (single-user machine) Specifies the session type. The type can be desktop or application.
Configuring Remote Desktop Features in Horizon 7 Note The definitions of ViewClient_LoggedOn_Username and ViewClient_LoggedOn_Domainname in Table 5‑7 apply to Horizon Client 2.2 for Windows or later releases. For Horizon Client 5.4 for Windows or earlier releases, ViewClient_LoggedOn_Username sends the user name that was entered in Horizon Client, and ViewClient_LoggedOn_Domainname sends the domain name that was entered in Horizon Client. Horizon Client 2.
Configuring Remote Desktop Features in Horizon 7 Table 5‑8. Virtualization Pack for Skype for Business Policy Settings Setting Description Show Icon Displays the icon for Virtualization Pack for Skype for Business. This policy is enabled by default. The icon does not appear if the Show Icon policy for Virtualization Pack for Skype for Business is disabled. When it is disabled, you cannot view the call statistics or messages.
Configuring Remote Desktop Features in Horizon 7 PCoIP General Settings The PCoIP ADMX template file contains group policy settings that configure general settings such as PCoIP image quality, USB devices, and network ports. All of these settings are in the Computer Configuration > Policies > Administrative Templates > PCoIP Session Variables > Overridable Administrator Defaults folder in the Group Policy Management Editor.
Configuring Remote Desktop Features in Horizon 7 Table 5‑9. PCoIP General Policy Settings (Continued) Setting Description Configure PCoIP image quality levels Controls how PCoIP renders images during periods of network congestion. The Minimum Image Quality, Maximum Initial Image Quality, and Maximum Frame Rate values interoperate to provide fine control in networkbandwidth constrained environments.
Configuring Remote Desktop Features in Horizon 7 Table 5‑9. PCoIP General Policy Settings (Continued) Setting Description Configure PCoIP session encryption algorithms Controls the encryption algorithms advertised by the PCoIP endpoint during session negotiation. Checking one of the check boxes disables the associated encryption algorithm. You must enable at least one algorithm. This setting applies to both agent and client. The endpoints negotiate the actual session encryption algorithm that is used.
Configuring Remote Desktop Features in Horizon 7 Table 5‑9. PCoIP General Policy Settings (Continued) Setting Description Configure PCoIP USB allowed and unallowed device rules Specifies the USB devices that are authorized and not authorized for PCoIP sessions that use a zero client that runs Teradici firmware. USB devices that are used in PCoIP sessions must appear in the USB authorization table. USB devices that appear in the USB unauthorization table cannot be used in PCoIP sessions.
Configuring Remote Desktop Features in Horizon 7 Table 5‑9. PCoIP General Policy Settings (Continued) Setting Description Configure PCoIP virtual channels Specifies the virtual channels that can and cannot operate over PCoIP sessions. This setting also determines whether to disable clipboard processing on the PCoIP host. Virtual channels that are used in PCoIP sessions must appear on the virtual channel authorization list.
Configuring Remote Desktop Features in Horizon 7 Table 5‑9. PCoIP General Policy Settings (Continued) Setting Description Configure the TCP port to which the PCoIP host binds and listens Specifies the TCP agent port bound to by software PCoIP hosts. The TCP port value specifies the base TCP port that the agent attempts to bind to. The TCP port range value determines how many additional ports to try if the base port is not available. The port range must be between 1 and 10.
Configuring Remote Desktop Features in Horizon 7 Table 5‑9. PCoIP General Policy Settings (Continued) Setting Description Configure the UDP port to which the PCoIP host binds and listens Specifies the UDP agent port bound to by software PCoIP hosts. The UDP port value specifies the base UDP port that the agent attempts to bind to. The UDP port range value determines how many additional ports to try if the base port is not available. The port range must be between 1 and 10.
Configuring Remote Desktop Features in Horizon 7 Table 5‑9. PCoIP General Policy Settings (Continued) Setting Description Enable/disable microphone noise and DC offset filter in PCoIP session Determines whether to enable the microphone noise and DC offset filter for microphone input during PCoIP sessions. This setting applies to Horizon Agent and Teradici audio driver only. When this setting is not configured, the Teradici audio driver uses the microphone noise and DC offset filter by default.
Configuring Remote Desktop Features in Horizon 7 PCoIP Clipboard Settings The Horizon PCoIP ADMX template file contains group policy settings that configure clipboard settings for copy-and-paste operations. All of these settings are in the Computer Configuration > Policies > Administrative Templates > PCoIP Session Variables > Overridable Administrator Defaults folder in the Group Policy Management Editor.
Configuring Remote Desktop Features in Horizon 7 Table 5‑10. PCoIP Clipboard Policy Settings (Continued) Setting Description Filter Rich Text Format data out of the incoming clipboard data Specifies whether Rich Text Format data is filtered out of the clipboard data coming from the client to the agent. When this setting is enabled and the check box is selected, the data is filtered out. When this setting is disabled or not configured, the data is allowed. This setting applies to version 7.0.2 and later.
Configuring Remote Desktop Features in Horizon 7 Table 5‑10. PCoIP Clipboard Policy Settings (Continued) Setting Description Filter Microsoft Chart and Smart Art data out of the outgoing clipboard data Specifies whether Microsoft Office Chart and Smart Art data (Art::GVML ClipFormat) is filtered out of the clipboard data sent from the agent to the client. When this setting is enabled and the check box is selected, the data is filtered out.
Configuring Remote Desktop Features in Horizon 7 Table 5‑11. Horizon PCoIP Session Bandwidth Variables Setting Description Configure the maximum PCoIP session bandwidth Specifies the maximum bandwidth, in kilobits per second, in a PCoIP session. The bandwidth includes all imaging, audio, virtual channel, USB, and control PCoIP traffic. Set this value to the overall capacity of the link to which your endpoint is connected, taking into consideration the number of expected concurrent PCoIP sessions.
Configuring Remote Desktop Features in Horizon 7 Table 5‑11. Horizon PCoIP Session Bandwidth Variables (Continued) Setting Description Configure the PCoIP session MTU Specifies the Maximum Transmission Unit (MTU) size for UDP packets for a PCoIP session. The MTU size includes IP and UDP packet headers. TCP uses the standard MTU discovery mechanism to set MTU and is not affected by this setting. The maximum MTU size is 1500 bytes. The minimum MTU size is 500 bytes. The default value is 1300 bytes.
Configuring Remote Desktop Features in Horizon 7 Table 5‑11. Horizon PCoIP Session Bandwidth Variables (Continued) Setting Description Configure the PCoIP session audio bandwidth limit Specifies the maximum bandwidth that can be used for audio (sound playback) in a PCoIP session. The audio processing monitors the bandwidth used for audio. The processing selects the audio compression algorithm that provides the best audio possible, given the current bandwidth utilization.
Configuring Remote Desktop Features in Horizon 7 All of these settings are also in the User Configuration > Policies > Administrative Templates > PCoIP Session Variables > Not Overridable Administrator Settings folder in the Group Policy Management Editor. Table 5‑12.
Configuring Remote Desktop Features in Horizon 7 The build-to-lossless feature provides the following characteristics: n Dynamically adjusts image quality n Reduces image quality on congested networks n Maintains responsiveness by reducing screen update latency n Resumes maximum image quality when the network is no longer congested You can turn on the build-to-lossless feature by disabling the Turn off Build-to-Lossless feature group policy setting. See PCoIP Bandwidth Settings.
Configuring Remote Desktop Features in Horizon 7 Table 5‑13. VMware Blast Policy Settings (Continued) Setting Description Image Quality Specifies the image quality of the remote display. You can specify two low-quality settings, two highquality settings, and a mid-quality setting. The low-quality settings are for areas of the screen that change often, for example, when scrolling occurs. The high-quality settings are for areas of the screen that are more static, resulting in a better image quality.
Configuring Remote Desktop Features in Horizon 7 Table 5‑13. VMware Blast Policy Settings (Continued) Setting Description Keyboard locale synchronization Specifies whether to synchronize a client's keyboard locale list and default keyboard locale to the remote desktop or application. If this setting is enabled, synchronization occurs. This setting applies to Horizon Agent only. Note This feature is supported only for Horizon Client for Windows.
Configuring Remote Desktop Features in Horizon 7 Table 5‑13. VMware Blast Policy Settings (Continued) Setting Description Filter Rich Text Format data out of the outgoing clipboard data Specifies whether Rich Text Format data is filtered out of the clipboard data sent from the agent to the client. When this setting is enabled and the check box is selected, the data is filtered out. When this setting is disabled or not configured, the data is allowed.
Configuring Remote Desktop Features in Horizon 7 Enabling Lossless Compression for VMware Blast You can enable the VMware Blast display protocol to use an encoding approach called progressive build, or build-to-lossless. This feature provides a highly compressed initial image, called a lossy image, that is then progressively built to a full lossless state. A lossless state means that the image appears with the full fidelity intended.
Configuring Remote Desktop Features in Horizon 7 Procedure 1 Download the Horizon 7 GPO Bundle .zip file from the VMware download site at https://my.vmware.com/web/vmware/downloads. Under Desktop & End-User Computing, select the VMware Horizon 7 download, which includes the GPO Bundle. The file is named VMware-Horizon-Extras-Bundle-x.x.x-yyyyyyy.zip, where x.x.x is the version and yyyyyyy is the build number. All ADMX files that provide group policy settings for Horizon 7 are available in this file.
Configuring Remote Desktop Features in Horizon 7 RDS Application Compatibility Settings The RDS Application Compatibility group policy settings control Windows installer compatibility, remote desktop IP virtualization, network adapter selection, and the use of the RDS host IP address. Table 5‑14.
Configuring Remote Desktop Features in Horizon 7 Table 5‑14. RDS Application Compatibility Group Policy Settings (Continued) Setting Description Select the network adapter to be used for Remote Desktop IP Virtualization This policy setting specifies the IP address and network mask that corresponds to the network adapter used for virtual IP addresses. The IP address and network mask should be entered in Classless Inter-Domain Routing notation. For example: 192.0.2.96/24.
Configuring Remote Desktop Features in Horizon 7 Table 5‑15. RDS Connections Group Policy Settings Setting Description Automatic reconnection Specifies whether to allow remote desktop connection clients to automatically reconnect to sessions on an RDS host if their network link is temporarily lost. By default, a maximum of twenty reconnection attempts are made at five second intervals.
Configuring Remote Desktop Features in Horizon 7 Table 5‑15. RDS Connections Group Policy Settings (Continued) Setting Description Deny logoff of an administrator logged in to the console session This policy setting determines whether an administrator attempting to connect remotely to the console of a server can log off an administrator currently logged on to the console. This policy is useful when the currently connected administrator does not want to be logged off by another administrator.
Configuring Remote Desktop Features in Horizon 7 Table 5‑15. RDS Connections Group Policy Settings (Continued) Setting Description Limit number of connections Specifies whether Remote Desktop Services limits the number of simultaneous connections to the server. You can use this setting to restrict the number of Remote Desktop Services sessions that can be active on a server.
Configuring Remote Desktop Features in Horizon 7 Table 5‑15. RDS Connections Group Policy Settings (Continued) Setting Description Restrict Remote Desktop Services users to a single Remote Desktop Services session Use this policy setting to restrict users to a single Remote Desktop Services session. If you enable this policy setting, users who log on remotely using Remote Desktop Services will be restricted to a single session (either active or disconnected) on that server.
Configuring Remote Desktop Features in Horizon 7 RDS Device and Resource Redirection Settings The RDS device and resource redirection group policy settings control access to devices and resources on a client computer in Remote Desktop Services sessions. The Horizon 7 RDS group policy settings are installed in the Computer Configuration > Policies > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Device and Resource Redirection folder.
Configuring Remote Desktop Features in Horizon 7 Table 5‑16. RDS Device and Resource Redirection Group Policy Settings Setting Description Allow audio and video playback redirection Use this policy setting to specify whether users can redirect the remote computer's audio and video output in a Remote Desktop Services session. Users can specify where to play the remote computer's audio output by configuring the remote audio settings on the Local Resources tab in Remote Desktop Connection (RDC).
Configuring Remote Desktop Features in Horizon 7 Table 5‑16. RDS Device and Resource Redirection Group Policy Settings (Continued) Setting Description Limit audio playback quality Use this policy setting to limit the audio playback quality for a Remote Desktop Services session. Limiting the quality of audio playback can improve connection performance, particularly over slow links. If you enable this policy setting, you must select one of the following: High, Medium, or Dynamic.
Configuring Remote Desktop Features in Horizon 7 Table 5‑16. RDS Device and Resource Redirection Group Policy Settings (Continued) Setting Description Do not allow COM port redirection Specifies whether to prevent the redirection of data to client COM ports from the remote computer in a Remote Desktop Services session. You can use this setting to prevent users from redirecting data to COM port peripherals or mapping local COM ports while they are logged on to a Remote Desktop Services session.
Configuring Remote Desktop Features in Horizon 7 Table 5‑16. RDS Device and Resource Redirection Group Policy Settings (Continued) Setting Description Do not allow supported Plug and Play device redirection Use this policy setting to control the redirection of supported Plug and Play devices, such as Windows Portable Devices, to the remote computer in a Remote Desktop Services session. By default, Remote Desktop Services allows redirection of supported Plug and Play devices.
Configuring Remote Desktop Features in Horizon 7 RDS Licensing Settings The RDS Licensing group policy settings control the order in which RDS license servers are located, whether problem notifications are displayed, and whether Per User or Per Device licensing is used for RDS Client Access Licenses (CALs).
Configuring Remote Desktop Features in Horizon 7 Table 5‑17. RDS Licensing Group Policy Settings Setting Description Use the specified Remote Desktop license servers This policy setting allows you to specify the order in which an RDS host server attempts to locate Remote Desktop license severs. If you enable this policy setting, an RDS host server first attempts to locate the license servers that you specify.
Configuring Remote Desktop Features in Horizon 7 RDS Printer Redirection Settings The RDS Printer Redirection group policy settings let users configure policies for printer redirection. The Horizon 7 RDS group policy settings are installed in the Computer Configuration > Policies > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Printer Redirection folder.
Configuring Remote Desktop Features in Horizon 7 Table 5‑18. RDS Printer Redirection Group Policy Settings (Continued) Setting Description Use Remote Desktop Easy Print printer driver first Use this policy setting to specify whether the Remote Desktop Easy Print printer driver is used first to install all client printers. If you enable or do not configure this policy setting, the RDS host first tries to use the Remote Desktop Easy Print printer driver to install all client printers.
Configuring Remote Desktop Features in Horizon 7 Table 5‑18. RDS Printer Redirection Group Policy Settings (Continued) Setting Description Specify RD Session Host Server fallback printer driver behavior Use this policy setting to specify the RDS host fallback printer driver behavior. By default, the RDS host fallback printer driver is disabled. If the RDS host does not have a printer driver that matches the client's printer, no printer will be available for the Remote Desktop Services session.
Configuring Remote Desktop Features in Horizon 7 RDS Profiles Settings The RDS Profiles group policy settings control roaming profile and home directory settings for Remote Desktop Services sessions. Table 5‑19. RDS Profiles Group Policy Settings Setting Description Limit the size of the entire roaming user profile cache This policy setting allows you to limit the size of the entire roaming user profile cache on the local drive.
Configuring Remote Desktop Features in Horizon 7 Table 5‑19. RDS Profiles Group Policy Settings (Continued) Setting Description If the status is set to Enabled, Remote Desktop Services creates the user's home directory in the specified location on the local computer or the network. The home directory path for each user is the specified Home Dir Root Path and the user's alias. If the status is set to Disabled or Not Configured, the user's home directory is as specified at the server. VMware, Inc.
Configuring Remote Desktop Features in Horizon 7 Table 5‑19. RDS Profiles Group Policy Settings (Continued) Setting Description Use mandatory profiles on the RD Session Host server This policy setting allows you to specify whether Remote Desktop Services uses a mandatory profile for all users connecting remotely to the RDS host.
Configuring Remote Desktop Features in Horizon 7 Table 5‑19. RDS Profiles Group Policy Settings (Continued) Setting Description Templates\Windows Components\Remote Desktop Services\RD Session Host\Profiles. The path set in the Set path for Remote Desktop Services Roaming User Profile policy setting should contain the mandatory profile. RDS Connection Server Settings The RDS Connection Server group policy settings let users set policies for Connection Server.
Configuring Remote Desktop Features in Horizon 7 Table 5‑20. RDS Connection Server Group Policy Settings Setting Description Join RD Connection Broker Use this policy setting to specify whether the RDS host should join a farm in Connection Server that is installed on an RDS host. Connection Server on an RDS host tracks user sessions and allows a user to reconnect to their existing session in a load-balanced RDS farm.
Configuring Remote Desktop Features in Horizon 7 Table 5‑20. RDS Connection Server Group Policy Settings (Continued) Setting Description If you disable or do not configure this policy setting, the farm name is not specified by Group Policy. In this case, you can adjust the farm name by using the Remote Desktop Session Host Configuration tool or the Terminal Services WMI provider. Note For Windows Server 2008, this policy setting is supported on at least Windows Server 2008 Standard.
Configuring Remote Desktop Features in Horizon 7 Table 5‑20. RDS Connection Server Group Policy Settings (Continued) Setting Description Configure RD Connection Broker Server name Use this policy setting to specify the Connection Server that the RDS host uses to track and redirect user sessions for a loadbalanced RDS farm. The specified RDS host must be running the Connection Server service. All RDS hosts in a load-balanced farm should use the same Connection Server.
Configuring Remote Desktop Features in Horizon 7 RDS Remote Session Environment Settings The RDS Remote Session Environment group policy settings control configuration of the user interface in Remote Desktop Services sessions. The Horizon 7 RDS group policy settings are installed in the Computer Configuration > Policies > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Remote Session Environment folder.
Configuring Remote Desktop Features in Horizon 7 Table 5‑21. RDS Remote Session Environment Group Policy Settings (Continued) Setting Description Configure RemoteFX Use this policy setting to control the availability of RemoteFX on both a Remote Desktop Virtualization Host (RD Virtualization host) and an RDS host. When deployed on an RD Virtualization host, RemoteFX delivers a rich user experience by rendering content on the server by using graphics processing units (GPUs) or hardware.
Configuring Remote Desktop Features in Horizon 7 Table 5‑21. RDS Remote Session Environment Group Policy Settings (Continued) Setting Description Remove "Disconnect" option from Shut Down dialog Use this policy setting to remove the "Disconnect" option from the Shut Down Windows dialog box in Remote Desktop Services sessions. You can use this policy setting to prevent users from using this familiar method to disconnect their client from an RDS host.
Configuring Remote Desktop Features in Horizon 7 Table 5‑21. RDS Remote Session Environment Group Policy Settings (Continued) Setting Description Set compression algorithm for RDP data Use this policy setting to specify which Remote Desktop Protocol (RDP) compression algorithm to use. By default, servers use an RDP compression algorithm that is based on the server's hardware configuration. If you enable this policy setting, you can specify which RDP compression algorithm to use.
Configuring Remote Desktop Features in Horizon 7 Table 5‑21. RDS Remote Session Environment Group Policy Settings (Continued) Setting Description Start a program on connection Configures Remote Desktop Services to run a specified program automatically upon connection. You can use this setting to specify a program to run automatically when a user logs on to a remote computer.
Configuring Remote Desktop Features in Horizon 7 Table 5‑21. RDS Remote Session Environment Group Policy Settings (Continued) Setting Description Always show desktop on connection This policy setting determines whether the desktop is always displayed after a client connects to a remote computer or an initial program can run.
Configuring Remote Desktop Features in Horizon 7 Table 5‑21. RDS Remote Session Environment Group Policy Settings (Continued) Setting Description Do not allow font smoothing Use this policy setting to specify whether font smoothing is allowed for remote connections. Font smoothing provides ClearType functionality for a remote connection. ClearType is a technology for displaying computer fonts so that they appear clear and smooth, especially when you are using an LCD monitor.
Configuring Remote Desktop Features in Horizon 7 Table 5‑22. RDS Security Group Policy Settings Setting Description Server Authentication Certificate Template Use this policy setting to specify the name of the certificate template that determines which certificate is automatically selected to authenticate an RDS host. A certificate is needed to authenticate an RDS host when SSL (TLS 1.0) is used to secure communication between a client and an RDS host during RDP connections.
Configuring Remote Desktop Features in Horizon 7 Table 5‑22. RDS Security Group Policy Settings (Continued) Setting Description If you disable or do not configure this setting, the encryption level to be used for remote connections to RDS host is not enforced through Group Policy. However, you can configure a required encryption level for these connections by using the Remote Desktop Session Host Configuration tool.
Configuring Remote Desktop Features in Horizon 7 Table 5‑22. RDS Security Group Policy Settings (Continued) Setting Description Require secure RPC communication Specifies whether an RDS host requires secure RPC communication with all clients or allows unsecured communication. You can use this setting to strengthen the security of RPC communication with clients by allowing only authenticated and encrypted requests.
Configuring Remote Desktop Features in Horizon 7 Table 5‑22. RDS Security Group Policy Settings (Continued) Setting Description Require user authentication for remote connections by using Network Use this policy setting to specify whether to require user authentication for remote connections to the RDS host by using Network Level Authentication. This policy setting enhances security by requiring that user authentication occur earlier in the remote connection process.
Configuring Remote Desktop Features in Horizon 7 RDS Session Time Limits The RDS Session Time Limits group policy settings let users set policies for time limits to sessions on RDS hosts. The Horizon 7 RDS group policy settings are installed in the Computer Configuration > Policies > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Session Time Limits folder.
Configuring Remote Desktop Features in Horizon 7 Table 5‑23. RDS Session Time Limits Group Policy Settings Setting Description Set time limit for disconnected sessions Use this policy setting to configure a time limit for disconnected Remote Desktop Services sessions. You can use this policy setting to specify the maximum amount of time that a disconnected session is kept active on the server.
Configuring Remote Desktop Features in Horizon 7 Table 5‑23. RDS Session Time Limits Group Policy Settings (Continued) Setting Description If you want Remote Desktop Services to terminate-instead of disconnect-a session when the time limit is reached, you can configure the "Terminate session when time limits are reached" policy setting in the Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Session Time Limits folder.
Configuring Remote Desktop Features in Horizon 7 Table 5‑23. RDS Session Time Limits Group Policy Settings (Continued) Setting Description Terminate session when time limits are reached Specifies whether to terminate a timed-out Remote Desktop Services session instead of disconnecting it. You can use this setting to direct Remote Desktop Services to terminate a session (that is, the user is logged off and the session is deleted from the server) after time limits for active or idle sessions are reached.
Configuring Remote Desktop Features in Horizon 7 RDS Temporary Folders Settings The RDS Connections group policy settings control the creation and deletion of temporary folders for Remote Desktop Services sessions. Table 5‑24. RDS Temporary Folders Group Policy Settings Setting Description Do not delete temp folder upon exit Specifies whether Remote Desktop Services retains a user's persession temporary folders at logoff.
Configuring Remote Desktop Features in Horizon 7 Filtering Printers for Virtual Printing When the virtual printing feature is enabled, users can print to any printer available on their client systems from their remote desktops and applications. You can use the Specify a filter in redirecting client printers agent group policy setting to prevent the virtual printing feature from redirecting specific client printers to remote desktops and applications.
Configuring Remote Desktop Features in Horizon 7 Location-based printing is supported on the following remote desktops and applications: n Desktops that are deployed on single-user machines, including Windows Desktop and Windows Server machines n Desktops that are deployed on RDS hosts, where the RDS hosts are virtual machines n Published applications n Published applications that are launched from Horizon Client inside remote desktops To use the location-based printing feature, you must install th
Configuring Remote Desktop Features in Horizon 7 Persistent settings for location-based printers are not supported if the settings are saved in the printer driver's private space and not in the DEVMODE extended part of the printer driver, as recommended by Microsoft. To support persistent settings, deploy printers that have the settings saved in the DEVMODE part of the printer driver.
Configuring Remote Desktop Features in Horizon 7 n Verify that the Virtual Printing setup option was installed with Horizon Agent on your desktops. To verify, check if the TP AutoConnect Service and TP VC Gateway Service are installed in the desktop operating system. n Because print jobs are sent directly from the Horizon desktop to the printer, verify that the required printer drivers are installed on your desktops. Procedure 1 On the Active Directory server, edit the GPO.
Configuring Remote Desktop Features in Horizon 7 Location-based printing maps local printers to remote desktops but does not support mapping network printers that are configured by using UNC paths. Table 5‑26. Translation Table Columns and Values Column Description IP Range A translation rule that specifies a range of IP addresses for client systems. To specify IP addresses in a specific range, use the following notation: ip_address-ip_address For example: 10.112.116.0-10.112.119.
Configuring Remote Desktop Features in Horizon 7 Table 5‑26. Translation Table Columns and Values (Continued) Column Description IP Port/ThinPrint Port For network printers, the IP address of the printer prepended with IP_. For example: IP_10.114.24.1 The default port is 9100. You can specify a non-default port by appending the port number to the IP address. For example: IP_10.114.24.1:9104 Default Indicates whether the printer is the default printer.
Configuring Remote Desktop Features in Horizon 7 Create an OU for Horizon 7 Machines To apply group policies to the machines that deliver remote desktop sessions without affecting other Windows computers in the same Active Directory domain, create an OU specifically for your Horizon 7 machines. You might create one OU for your entire Horizon 7 deployment, or create separate OUs for virtual desktop machines and RDS hosts.
Configuring Remote Desktop Features in Horizon 7 2 Expand your domain, right-click the OU that contains your Horizon 7 machines, and select Create a GPO in this domain, and Link it here. 3 Type a name for the GPO and click OK. The new GPO appears under the OU in the left pane. 4 (Optional) Apply the GPO to specific Horizon 7 machines in the OU. a Select the GPO in the left pane. b Select Security Filtering > Add. c Type the computer names of the Horizon 7 machines and click OK.
Configuring Remote Desktop Features in Horizon 7 2 Unzip the VMware-Horizon-Extras-Bundle-x.x.x-yyyyyyy.zip file and copy the ADMX files to your Active Directory server. a Copy the .admx files and the en-US folder to the %systemroot%\PolicyDefinitions folder on your Active Directory server. b Copy the language resource (.adml) files to the appropriate subfolder in %systemroot %\PolicyDefinitions\ on your Active Directory server.
