Security
Table Of Contents
- View Security
- Contents
- View Security
- Horizon 7 Accounts, Resources, and Log Files
- View Security Settings
- Ports and Services
- Configuring Security Protocols and Cipher Suites on a View Connection Server Instance or on a Security Server
- Configuring Security Protocols and Cipher Suites for Blast Secure Gateway
- Deploying USB Devices in a Secure Horizon 7 Environment
- HTTP Protection Measures on Connection Servers and Security Servers
n
In View Administrator, after you set the policy at the desktop or application pool level, you can
override the policy for a specific user in the pool by selecting the User Overrides setting and
selecting a user.
n
Set the Exclude All Devices policy to true, on the Horizon Agent side or on the client side, as
appropriate.
n
Use Smart Policies to create a policy that disables the USB redirection Horizon Policy setting. With
this approach, you can disable USB redirection on a specific remote desktop if certain conditions are
met. For example, you can configure a policy that disables USB redirection when users connect to a
remote desktop from outside your corporate network.
If you set the Exclude All Devices policy to true, Horizon Client prevents all USB devices from being
redirected. You can use other policy settings to allow specific devices or families of devices to be
redirected. If you set the policy to false, Horizon Client allows all USB devices to be redirected except
those that are blocked by other policy settings. You can set the policy on both Horizon Agent and
Horizon Client. The following table shows how the Exclude All Devices policy that you can set for
Horizon Agent and Horizon Client combine to produce an effective policy for the client computer. By
default, all USB devices are allowed to be redirected unless otherwise blocked.
Table 6‑1. Eect of Combining Exclude All Devices Policies
Exclude All Devices Policy on Horizon
Agent
Exclude All Devices Policy on
Horizon Client
Combined Effective Exclude All
Devices Policy
false or not defined (include all USB
devices)
false or not defined (include all USB
devices)
Include all USB devices
false (include all USB devices) true (exclude all USB devices) Exclude all USB devices
true (exclude all USB devices) Any or not defined Exclude all USB devices
If you have set Disable Remote Configuration Download policy to true, the value of Exclude All
Devices on Horizon Agent is not passed to Horizon Client, but Horizon Agent and Horizon Client enforce
the local value of Exclude All Devices.
These policies are included in the Horizon Agent Configuration ADMX template file (vdm_agent.admx).
For more information, see "USB Settings in the Horizon Agent Configuration ADMX Template" in
Configuring Remote Desktop Features in Horizon 7.
Disabling USB Redirection for Specific Devices
Some users might have to redirect specific locally-connected USB devices so that they can perform tasks
on their remote desktops or applications. For example, a doctor might have to use a Dictaphone USB
device to record patients' medical information. In these cases, you cannot disable access to all USB
devices. You can use group policy settings to enable or disable USB redirection for specific devices.
Before you enable USB redirection for specific devices, make sure that you trust the physical devices that
are connected to client machines in your enterprise. Be sure that you can trust your supply chain. If
possible, keep track of a chain of custody for the USB devices.
View Security
VMware, Inc. 30