User manual

Table Of Contents
Table 35. Horizon Client Configuration Template: Security Settings (Continued)
Setting Description
Display option to Log in as
current user
(Computer and User Conguration
seing)
Determines whether the Log in as current user check box is visible on the
Horizon Client connection dialog box.
When the check box is visible, users can select or deselect it and override its
default value. When the check box is hidden, users cannot override its default
value from the Horizon Client connection dialog box.
You can specify the default value for the Log in as current user check box by
using the policy seing Default value of the 'Log in as current user'
checkbox.
This seing is enabled by default.
The equivalent Windows Registry value is LogInAsCurrentUser_Display.
Enable jump list integration
(Computer Conguration seing)
Determines whether a jump list appears in the Horizon Client icon on the
taskbar of Windows 7 and later systems. The jump list lets users connect to
recent View Connection Server instances and remote desktops.
If Horizon Client is shared, you might not want users to see the names of recent
desktops. You can disable the jump list by disabling this seing.
This seing is enabled by default.
The equivalent Windows Registry value is EnableJumplist.
Enable SSL encrypted framework
channel
(Computer and User Conguration
seing)
Determines whether SSL is enabled for View 5.0 and earlier desktops. Before
View 5.0, the data sent over port TCP 32111 to the desktop was not encrypted.
n
Enable: Enables SSL, but allows fallback to the previous unencrypted
connection if the remote desktop does not have SSL support. For example,
View 5.0 and earlier desktops do not have SSL support. Enable is the
default seing.
n
Disable: Disables SSL. This seing is not recommended but might be useful
for debugging or if the channel is not being tunneled and could potentially
then be optimized by a WAN accelerator product.
n
Enforce: Enables SSL, and refuses to connect to desktops with no SSL
support .
The equivalent Windows Registry value is EnableTicketSSLAuth.
Configures SSL protocols and
cryptographic algorithms
(Computer and User Conguration
seing)
Congures the cipher list to restrict the use of certain cryptographic algorithms
and protocols before establishing an encrypted SSL connection. The cipher list
consists of one or more cipher strings separated by colons.
N The cipher string is case-sensitive.
The default value is TLSv1:TLSv1.1:TLSv1.2:!aNULL:kECDH
+AESGCM:ECDH+AESGCM:RSA+AESGCM:kECDH+AES:ECDH+AES:RSA
+AES.
That means that TLS v1, TLS v1.1 and TLS v1.2 are enabled. (SSL v2.0 and v3.0
are removed.)
Cipher suites use 128- or 256-bit AES, remove anonymous DH algorithms, and
then sort the current cipher list in order of encryption algorithm key length.
Reference link for the conguration:
hp://www.openssl.org/docs/apps/ciphers.html
The equivalent Windows Registry value is SSLCipherList.
Enable Single Sign-On for
smart card authentication
(Computer Conguration seing)
Determines whether single sign-on is enabled for smart card authentication.
When single sign-on is enabled, Horizon Client stores the encrypted smart card
PIN in temporary memory before submiing it to View Connection Server.
When single sign-on is disabled, Horizon Client does not display a custom PIN
dialog.
The equivalent Windows Registry value is EnableSmartCardSSO.
Ignore bad SSL certificate
date received from the server
(Computer Conguration seing)
(View 4.6 and earlier releases only) Determines whether errors that are
associated with invalid server certicate dates are ignored. These errors occur
when a server sends a certicate with a date that has passed.
The equivalent Windows Registry value is IgnoreCertDateInvalid.
Chapter 3 Configuring Horizon Client for End Users
VMware, Inc. 45