User manual
Table Of Contents
- Using VMware Horizon Client for Windows
- Contents
- Using VMware Horizon Client for Windows
- System Requirements and Setup for Windows-Based Clients
- System Requirements for Windows Clients
- System Requirements for Real-Time Audio-Video
- Requirements for Scanner Redirection
- Requirements for Serial Port Redirection
- Requirements for Multimedia Redirection (MMR)
- Requirements for Flash Redirection
- Requirements for Using Flash URL Redirection
- Requirements for URL Content Redirection
- Requirements for Using Microsoft Lync with Horizon Client
- Smart Card Authentication Requirements
- Device Authentication Requirements
- Supported Desktop Operating Systems
- Preparing Connection Server for Horizon Client
- Configure VMware Blast Options
- Horizon Client Data Collected by VMware
- Installing Horizon Client for Windows
- Configuring Horizon Client for End Users
- Common Configuration Settings
- Using URIs to Configure Horizon Client
- Configuring Certificate Checking for End Users
- Configuring Advanced TLS/SSL Options
- Configure Application Reconnection Behavior
- Using the Group Policy Template to Configure VMware Horizon Client for Windows
- Running Horizon Client from the Command Line
- Using the Windows Registry to Configure Horizon Client
- Managing Remote Desktop and Application Connections
- Connect to a Remote Desktop or Application
- Tips for Using the Desktop and Application Selector
- Share Access to Local Folders and Drives
- Hide the VMware Horizon Client Window
- Reconnecting to a Desktop or Application
- Create a Desktop or Application Shortcut on Your Client Desktop or Start Menu
- Switch Desktops or Applications
- Log Off or Disconnect
- Working in a Remote Desktop or Application
- Feature Support Matrix for Windows Clients
- Internationalization
- Enabling Support for Onscreen Keyboards
- Monitors and Screen Resolution
- Connect USB Devices
- Using the Real-Time Audio-Video Feature for Webcams and Microphones
- Copying and Pasting Text and Images
- Using Remote Applications
- Printing from a Remote Desktop or Application
- Control Adobe Flash Display
- Clicking URL Links That Open Outside of Horizon Client
- Using the Relative Mouse Feature for CAD and 3D Applications
- Using Scanners
- Using Serial Port Redirection
- Keyboard Shortcuts
- Troubleshooting Horizon Client
- Index
Setting the Certificate Checking Mode for Horizon Client
Administrators and sometimes end users can congure whether client connections are rejected if any or
some server certicate checks fail.
Certicate checking occurs for SSL connections between Connection Server and Horizon Client. Certicate
verication includes the following checks:
n
Has the certicate been revoked?
n
Is the certicate intended for a purpose other than verifying the identity of the sender and encrypting
server communications? That is, is it the correct type of certicate?
n
Has the certicate expired, or is it valid only in the future? That is, is the certicate valid according to
the computer clock?
n
Does the common name on the certicate match the host name of the server that sends it? A mismatch
can occur if a load balancer redirects Horizon Client to a server that has a certicate that does not match
the host name entered in Horizon Client. Another reason a mismatch can occur is if you enter an IP
address rather than a host name in the client.
n
Is the certicate signed by an unknown or untrusted certicate authority (CA)? Self-signed certicates
are one type of untrusted CA.
To pass this check, the certicate's chain of trust must be rooted in the device's local certicate store.
N For information about distributing a self-signed root certicate to all Windows client systems in a
domain, see "Add the Root Certicate to Trusted Root Certication Authorities" in the View Installation
document.
When you use Horizon Client to log in to a desktop, if your administrator has allowed it, you can click
SSL to set the certicate checking mode. You have three choices:
n
Never connect to untrusted servers. If any of the certicate checks fails, the client cannot connect to the
server. An error message lists the checks that failed.
n
Warn before connecting to untrusted servers. If a certicate check fails because the server uses a self-
signed certicate, you can click Continue to ignore the warning. For self-signed certicates, the
certicate name is not required to match the server name you entered in Horizon Client.
You can also receive a warning if the certicate has expired.
n
Do not verify server identity . This seing means that no certicate checking occurs.
If the certicate checking mode is set to Warn, you can still connect to a Connection Server instance that uses
a self-signed certicate.
If an administrator later installs a security certicate from a trusted certicate authority, so that all certicate
checks pass when you connect, this trusted connection is remembered for that specic server. In the future,
if that server ever presents a self-signed certicate again, the connection fails. After a particular server
presents a fully veriable certicate, it must always do so.
I If you previously congured your company's client systems to use a specic cipher via GPO,
such as by conguring SSL Cipher Suite Order group policy seings, you must now use a Horizon Client
group policy security seing included in the View ADM template le. See “Security Seings for Client
GPOs,” on page 44. You can alternatively use the SSLCipherList registry seing on the client. See “Using
the Windows Registry to Congure Horizon Client,” on page 60.
Using VMware Horizon Client for Windows
40 VMware, Inc.