User manual
Table Of Contents
- Using VMware Horizon Client for Windows
- Contents
- Using VMware Horizon Client for Windows
- System Requirements and Setup for Windows-Based Clients
- System Requirements for Windows Clients
- System Requirements for Real-Time Audio-Video
- Requirements for Scanner Redirection
- Requirements for Serial Port Redirection
- Requirements for Multimedia Redirection (MMR)
- Requirements for Flash Redirection
- Requirements for Using Flash URL Redirection
- Requirements for URL Content Redirection
- Requirements for Using Microsoft Lync with Horizon Client
- Smart Card Authentication Requirements
- Device Authentication Requirements
- Supported Desktop Operating Systems
- Preparing Connection Server for Horizon Client
- Configure VMware Blast Options
- Horizon Client Data Collected by VMware
- Installing Horizon Client for Windows
- Configuring Horizon Client for End Users
- Managing Remote Desktop and Application Connections
- Connect to a Remote Desktop or Application
- Tips for Using the Desktop and Application Selector
- Share Access to Local Folders and Drives
- Hide the VMware Horizon Client Window
- Reconnecting to a Desktop or Application
- Create a Desktop or Application Shortcut on Your Client Desktop or Start Menu
- Switch Desktops or Applications
- Log Off or Disconnect
- Working in a Remote Desktop or Application
- Feature Support Matrix for Windows Clients
- Internationalization
- Enabling Support for Onscreen Keyboards
- Monitors and Screen Resolution
- Connect USB Devices
- Using the Real-Time Audio-Video Feature for Webcams and Microphones
- Copying and Pasting Text and Images
- Using Remote Applications
- Printing from a Remote Desktop or Application
- Control Adobe Flash Display
- Clicking URL Links That Open Outside of Horizon Client
- Using the Relative Mouse Feature for CAD and 3D Applications
- Using Scanners
- Using Serial Port Redirection
- Keyboard Shortcuts
- Troubleshooting Horizon Client
- Index
Use the Client Configuration ADM template file (vdm_client.adm) to set the verification mode. All ADM and
ADMX files that provide group policy settings are available in a .zip file named VMware-Horizon-Extras-
Bundle-x.x.x-yyyyyyy.zip, where x.x.x is the version and yyyyyyy is the build number. You can download
this GPO bundle from the VMware Horizon download site at http://www.vmware.com/go/downloadview.
For information about using this template to control GPO settings, see “Using the Group Policy Template to
Configure VMware Horizon Client for Windows,” on page 41.
NOTE You can also use the Client Configuration ADM template file to restrict the use of certain
cryptographic algorithms and protocols before establishing an encrypted SSL connection. For more
information about this setting, see“Security Settings for Client GPOs,” on page 42.
If you do not want to configure the certificate verification setting as a group policy, you can also enable
certificate verification by adding the CertCheckMode value name to one of the following registry keys on the
client computer:
n
For 32-bit Windows: HKEY_LOCAL_MACHINE\Software\VMware, Inc.\VMware VDM\Client\Security
n
For 64-bit Windows: HKLM\SOFTWARE\Wow6432Node\VMware, Inc.\VMware VDM\Client\Security
Use the following values in the registry key:
n
0 implements Do not verify server identity certificates.
n
1 implements Warn before connecting to untrusted servers.
n
2 implements Never connect to untrusted servers.
If you configure both the group policy setting and the CertCheckMode setting in the registry key, the group
policy setting takes precedence over the registry key value.
NOTE In a future release, configuring this setting using the Windows registry might not be supported. A
GPO setting must be used.
Certificate Checking Modes for Horizon Client
Administrators and sometimes end users can configure whether client connections are rejected if any or
some server certificate checks fail.
Certificate checking occurs for SSL connections between Connection Server and Horizon Client. Certificate
verification includes the following checks:
n
Has the certificate been revoked?
n
Is the certificate intended for a purpose other than verifying the identity of the sender and encrypting
server communications? That is, is it the correct type of certificate?
n
Has the certificate expired, or is it valid only in the future? That is, is the certificate valid according to
the computer clock?
n
Does the common name on the certificate match the host name of the server that sends it? A mismatch
can occur if a load balancer redirects Horizon Client to a server that has a certificate that does not match
the host name entered in Horizon Client. Another reason a mismatch can occur is if you enter an IP
address rather than a host name in the client.
n
Is the certificate signed by an unknown or untrusted certificate authority (CA)? Self-signed certificates
are one type of untrusted CA.
To pass this check, the certificate's chain of trust must be rooted in the device's local certificate store.
NOTE For instructions about distributing a self-signed root certificate to all Windows client systems in a
domain, see the topic called "Add the Root Certificate to Trusted Root Certification Authorities" in the View
Installation document.
Chapter 3 Configuring Horizon Client for End Users
VMware, Inc. 39