Installation and Setup Guide
Table Of Contents
- VMware Horizon Client for Windows Installation and Setup Guide
- Contents
- VMware Horizon Client for Windows Installation and Setup Guide
- System Requirements and Setup for Windows-Based Clients
- System Requirements for Windows Client Systems
- System Requirements for Horizon Client Features
- Smart Card Authentication Requirements
- System Requirements for Real-Time Audio-Video
- System Requirements for Scanner Redirection
- System Requirements for Serial Port Redirection
- System Requirements for Multimedia Redirection (MMR)
- System Requirements for Flash Redirection
- Requirements for Using Flash URL Redirection
- System Requirements for HTML5 Multimedia Redirection
- System Requirements for Microsoft Lync with Horizon Client
- Requirements for Using URL Content Redirection
- Requirements for Using Skype for Business with Horizon Client
- Supported Desktop Operating Systems
- Preparing Connection Server for Horizon Client
- Clearing the Last User Name Used to Log In to a Server
- Configure VMware Blast Options
- Using Internet Explorer Proxy Settings
- Horizon Client Data Collected by VMware
- Installing Horizon Client for Windows
- Configuring Horizon Client for End Users
- Common Configuration Settings
- Using URIs to Configure Horizon Client
- Setting the Certificate Checking Mode in Horizon Client
- Configuring Advanced TLS/SSL Options
- Configure Application Reconnection Behavior
- Using the Group Policy Template to Configure VMware Horizon Client for Windows
- Running Horizon Client From the Command Line
- Using the Windows Registry to Configure Horizon Client
- Managing Remote Desktop and Application Connections
- Connect to a Remote Desktop or Application
- Use Unauthenticated Access to Connect to Remote Applications
- Tips for Using the Desktop and Application Selector
- Share Access to Local Folders and Drives with Client Drive Redirection
- Hide the VMware Horizon Client Window
- Reconnecting to a Desktop or Application
- Create a Desktop or Application Shortcut on the Client Desktop or Start Menu
- Using Start Menu Shortcuts That the Server Creates
- Switch Desktops or Applications
- Log Off or Disconnect
- Working in a Remote Desktop or Application
- Feature Support Matrix for Windows Clients
- Internationalization
- Enabling Support for Onscreen Keyboards
- Resizing the Remote Desktop Window
- Monitors and Screen Resolution
- Connect USB Devices with USB Redirection
- Using the Real-Time Audio-Video Feature for Webcams and Microphones
- Copying and Pasting Text and Images
- Using Remote Applications
- Printing from a Remote Desktop or Application
- Control Adobe Flash Display
- Clicking URL Links That Open Outside of Horizon Client
- Using the Relative Mouse Feature for CAD and 3D Applications
- Using Scanners
- Using Serial Port Redirection
- Keyboard Shortcuts
- Troubleshooting Horizon Client
- Index
Table 3‑10. PCoIP Client Session Variables (Continued)
Setting Description
Configure PCoIP
session encryption
algorithms
Controls the encryption algorithms advertised by the PCoIP endpoint during session
negotiation.
Checking one of the check boxes disables the associated encryption algorithm. You must
enable at least one algorithm.
This seing applies to both agent and client. The endpoints negotiate the actual session
encryption algorithm that is used. If FIPS140-2 approved mode is enabled, the Disable
AES-128-GCM encryption value will be overridden if both AES-128-GCM encryption and
AES-256-GCM encryption are disabled.
If the Configure SSL Connections seing is disabled or not congured, both the
Salsa20-256round12 and AES-128-GCM algorithms are available for negotiation by this
endpoint.
Supported encryption algorithms, in order of preference, are SALSA20/12-256, AES-
GCM-128, and AES-GCM-256. By default, all supported encryption algorithms are available
for negotiation by this endpoint.
Configure PCoIP
virtual channels
Species the virtual channels that can and cannot operate over PCoIP sessions. This seing
also determines whether to disable clipboard processing on the PCoIP host.
Virtual channels that are used in PCoIP sessions must appear on the virtual channel
authorization list. Virtual channels that appear in the unauthorized virtual channel list
cannot be used in PCoIP sessions.
You can specify a maximum of 15 virtual channels for use in PCoIP sessions.
Separate multiple channel names with the vertical bar (|) character. For example, the virtual
channel authorization string to allow the mksvchan and vdp_rdpvcbridge virtual channels
is mksvchan|vdp_rdpvcbridge.
If a channel name contains the vertical bar or backslash (\) character, insert a backslash
character before it. For example, type the channel name awk|ward\channel as
awk\|ward\\channel.
When the authorized virtual channel list is empty, all virtual channels are disallowed. When
the unauthorized virtual channel list is empty, all virtual channels are allowed.
The virtual channels seing applies to both agent and client. Virtual channels must be
enabled on both agent and client for virtual channels to be used.
The virtual channels seing provides a separate check box that allows you to disable remote
clipboard processing on the PCoIP host. This value applies to the agent only.
By default, all virtual channels are enabled, including clipboard processing.
Configure SSL cipher
list
Congures an SSL cipher list to restrict the use of cipher suites before establishing an
encrypted SSL connection. The list consists of one or more cipher suite strings separated by
colons. All cipher suite strings are case insensitive.
The default value is ECDHE-RSA-AES256-GCM-SHA384:AES256-SHA256:AES256-
SHA:ECDHE-RSA-AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:@STRENGTH.
If this seing is congured, the Enforce AES-256 or stronger ciphers for SSL connection
negotiation check box in the Configure SSL connections to satisfy Security
Tools seing is ignored.
This seing must be applied to both the PCoIP server and the PCoIP client.
Configure SSL
connections to
satisfy Security
Tools
Species how SSL session negotiation connections are established. To satisfy security tools,
such as port scanners, enable this seing and do the following:
1 Store the certicate for the Certicate Authority that signed any Server certicate to be
used with PCoIP in the Trusted Root certicate store.
2 Congure the agent to load certicates only from the Certicate Store. If the Personal
store for the Local Machine is used, leave the CA Certicate store name unchanged with
the value ROOT, unless a dierent store location was used in step 1.
If this seing is disabled or not congured, the AES-128 cipher suite is not available and the
endpoint uses Certication Authority certicates from the machine account's MY store and
Certication Authority certicates from the ROOT store.
Chapter 3 Configuring Horizon Client for End Users
VMware, Inc. 61