Configuring Remote Desktop Features
Table Of Contents
- Configuring Remote Desktop Features in Horizon 7
- Contents
- Configuring Remote Desktop Features in Horizon 7
- Configuring Remote Desktop Features
- Configuring Unity Touch
- Configuring Flash URL Redirection for Multicast or Unicast Streaming
- Configuring Flash Redirection
- Configuring HTML5 Multimedia Redirection
- Configuring Real-Time Audio-Video
- Configuration Choices for Real-Time Audio-Video
- System Requirements for Real-Time Audio-Video
- Ensuring That Real-Time Audio-Video Is Used Instead of USB Redirection
- Selecting Preferred Webcams and Microphones
- Select a Preferred Webcam or Microphone on a Windows Client System
- Select a Default Microphone on a Mac Client System
- Configuring Real-Time Audio-Video on a Mac Client
- Configure a Preferred Webcam or Microphone on a Mac Client System
- Select a Default Microphone on a Linux Client System
- Select a Preferred Webcam or Microphone on a Linux Client System
- Configuring Real-Time Audio-Video Group Policy Settings
- Real-Time Audio-Video Bandwidth
- Configuring Scanner Redirection
- Configuring Serial Port Redirection
- Managing Access to Windows Media Multimedia Redirection (MMR)
- Managing Access to Client Drive Redirection
- Configuring Fingerprint Scanner Redirection
- Configuring Session Collaboration
- Configure Skype for Business
- Activate the BEAT Side Channel for USB, Windows Media Player MMR, or Client Drive Redirection
- Configuring URL Content Redirection
- Understanding URL Content Redirection
- Requirements for URL Content Redirection
- Using URL Content Redirection in a Cloud Pod Architecture Environment
- Installing Horizon Agent with the URL Content Redirection Feature
- Configuring Agent-to-Client Redirection
- Configuring Client-to-Agent Redirection
- Installing Horizon Client for Windows with the URL Content Redirection Feature
- Using the vdmutil Command-Line Utility
- Create a Local URL Content Redirection Setting
- Create a Global URL Content Redirection Setting
- Assign a URL Content Redirection Setting to a User or Group
- Test a URL Content Redirection Setting
- Managing URL Content Redirection Settings
- Using Group Policy Settings to Configure Client-to-Agent Redirection
- URL Content Redirection Limitations
- Unsupported URL Content Redirection Features
- Install and Enable the URL Content Redirection Helper Extension for Chrome on Windows
- Enable the URL Content Redirection Helper for Chrome on a Mac
- Using USB Devices with Remote Desktops and Applications
- Limitations Regarding USB Device Types
- Overview of Setting Up USB Redirection
- Network Traffic and USB Redirection
- Automatic Connections to USB Devices
- Deploying USB Devices in a Secure Horizon 7 Environment
- Using Log Files for Troubleshooting and to Determine USB Device IDs
- Using Policies to Control USB Redirection
- Troubleshooting USB Redirection Problems
- Configuring Policies for Desktop and Application Pools
- Setting Policies in Horizon Administrator
- Using Smart Policies
- Using Active Directory Group Policies
- Using Horizon 7 Group Policy Administrative Template Files
- Horizon 7 ADMX Template Files
- Add the ADMX Template Files to Active Directory
- VMware View Agent Configuration ADMX Template Settings
- Session Collaboration Policy Settings
- Device Bridge BAS Plugin Policy Settings
- VMware Virtualization Pack for Skype for Business Policy Settings
- PCoIP Policy Settings
- VMware Blast Policy Settings
- Using Remote Desktop Services Group Policies
- Add the Remote Desktop Services ADMX File to Active Directory
- RDS Application Compatibility Settings
- RDS Connections Settings
- RDS Device and Resource Redirection Settings
- RDS Licensing Settings
- RDS Printer Redirection Settings
- RDS Profiles Settings
- RDS Connection Server Settings
- RDS Remote Session Environment Settings
- RDS Security Settings
- RDS Session Time Limits
- RDS Temporary Folders Settings
- Filtering Printers for Virtual Printing
- Setting Up Location-Based Printing
- Active Directory Group Policy Example
Before you enable USB redirection for specific devices, make sure that you trust the physical devices that
are connected to client machines in your enterprise. Be sure that you can trust your supply chain. If
possible, keep track of a chain of custody for the USB devices.
In addition, educate your employees to ensure that they do not connect devices from unknown sources. If
possible, restrict the devices in your environment to those that accept only signed firmware updates, are
FIPS 140-2 Level 3-certified, and do not support any kind of field-updatable firmware. These types of
USB devices are hard to source and, depending on your device requirements, might be impossible to
find. These choices might not be practical, but they are worth considering.
Each USB device has its own vendor and product ID that identifies it to the computer. By configuring
Horizon Agent Configuration group policy settings, you can set an include policy for known device types.
With this approach, you remove the risk of allowing unknown devices to be inserted into your
environment.
For example, you can prevent all devices except a known device vendor and product ID,
vid/pid=0123/abcd, from being redirected to the remote desktop or application:
ExcludeAllDevices Enabled
IncludeVidPid o:vid-0123_pid-abcd
Note This example configuration provides protection, but a compromised device can report any vid/pid,
so a possible attack could still occur.
By default, Horizon 7 blocks certain device families from being redirected to the remote desktop or
application. For example, HID (human interface devices) and keyboards are blocked from appearing in
the guest. Some released BadUSB code targets USB keyboard devices.
You can prevent specific device families from being redirected to the remote desktop or application. For
example, you can block all video, audio, and mass storage devices:
ExcludeDeviceFamily o:video;audio;storage
Conversely, you can create a whitelist by preventing all devices from being redirected but allowing a
specific device family to be used. For example, you can block all devices except storage devices:
ExcludeAllDevices Enabled
IncludeDeviceFamily o:storage
Another risk can arise when a remote user logs into a desktop or application and infects it. You can
prevent USB access to any Horizon 7 connections that originate from outside the company firewall. The
USB device can be used internally but not externally.
Configuring Remote Desktop Features in Horizon 7
VMware, Inc. 97