User manual

Table Of Contents
'vmware-view://view.mycompany.com/Primary%20Desktop?action=start-session'"></form> <br>
</body>
</html>
Configuring Certificate Checking for End Users
Administrators can congure the certicate verication mode so that, for example, full verication is always
performed.
Certicate checking occurs for SSL connections between Connection Server and Horizon Client.
Administrators can congure the verication mode to use one of the following strategies:
n
End users are allowed to choose the verication mode. The rest of this list describes the three
verication modes.
n
(No verication) No certicate checks are performed.
n
(Warn) End users are warned if a self-signed certicate is being presented by the server. Users can
choose whether or not to allow this type of connection.
n
(Full security) Full verication is performed and connections that do not pass full verication are
rejected.
For details about the types of verication checks performed, see “Seing the Certicate Checking Mode for
Horizon Client,” on page 40.
Use the Client Conguration ADM template le (vdm_client.adm) to set the verication mode. All ADM and
ADMX les that provide group policy seings are available in a .zip le named VMware-Horizon-Extras-
Bundle-x.x.x-yyyyyyy.zip, where x.x.x is the version and yyyyyyy is the build number. You can download
this GPO bundle from the VMware Horizon download site at hp://www.vmware.com/go/downloadview.
For information about using this template to control GPO seings, see “Using the Group Policy Template to
Congure VMware Horizon Client for Windows,” on page 41.
N You can also use the Client Conguration ADM template le to restrict the use of certain
cryptographic algorithms and protocols before establishing an encrypted SSL connection. For more
information about this seing, see“Security Seings for Client GPOs,” on page 43.
If you do not want to congure the certicate verication seing as a group policy, you can also enable
certicate verication by adding the CertCheckMode value name to one of the following registry keys on the
client computer:
n
For 32-bit Windows: HKEY_LOCAL_MACHINE\Software\VMware, Inc.\VMware VDM\Client\Security
n
For 64-bit Windows: HKLM\SOFTWARE\Wow6432Node\VMware, Inc.\VMware VDM\Client\Security
Use the following values in the registry key:
n
0 implements Do not verify server identity certificates.
n
1 implements Warn before connecting to untrusted servers.
n
2 implements Never connect to untrusted servers.
If you congure both the group policy seing and the CertCheckMode seing in the registry key, the group
policy seing takes precedence over the registry key value.
N In a future release, conguring this seing using the Windows registry might not be supported. A
GPO seing must be used.
Chapter 3 Configuring Horizon Client for End Users
VMware, Inc. 39