5.2
Table Of Contents
- VMware Horizon View Administration
- Contents
- VMware Horizon View Administration
- Configuring View Connection Server
- Using View Administrator
- Configuring vCenter Server and View Composer
- Create a User Account for View Composer
- Add vCenter Server Instances to View Manager
- Configure View Composer Settings
- Configure View Composer Domains
- Allow vSphere to Reclaim Disk Space in Linked-Clone Virtual Machines
- Configure View Storage Accelerator for vCenter Server
- Concurrent Operations Limits for vCenter Server and View Composer
- Setting a Concurrent Power Operations Rate to Support View Desktop Logon Storms
- Accept the Thumbprint of a Default SSL Certificate
- Remove a vCenter Server Instance from View Manager
- Remove View Composer from View Manager
- Conflicting vCenter Server Unique IDs
- Backing Up View Connection Server
- Configuring Settings for Client Sessions
- Set Options for Client Sessions and Connections
- Change the Data Recovery Password
- Global Settings for Client Sessions
- Global Security Settings for Client Sessions and Connections
- Message Security Mode for View Components
- Configure the Secure Tunnel and PCoIP Secure Gateway
- Configure Secure HTML Access
- Off-load SSL Connections to Intermediate Servers
- Disable or Enable View Connection Server
- Edit the External URLs
- Join or Withdraw from the Customer Experience Program
- View LDAP Directory
- Configuring Role-Based Delegated Administration
- Understanding Roles and Privileges
- Using Folders to Delegate Administration
- Understanding Permissions
- Manage Administrators
- Manage and Review Permissions
- Manage and Review Folders
- Manage Custom Roles
- Predefined Roles and Privileges
- Required Privileges for Common Tasks
- Best Practices for Administrator Users and Groups
- Preparing Unmanaged Desktop Sources
- Creating and Preparing Virtual Machines
- Creating Virtual Machines for View Desktop Deployment
- Install View Agent on a Virtual Machine
- Install View Agent Silently
- Configure a Virtual Machine with Multiple NICs for View Agent
- Optimize Windows Guest Operating System Performance
- Optimize Windows 7 and Windows 8 Guest Operating System Performance
- Optimizing Windows 7 and Windows 8 for Linked-Clone Desktops
- Benefits of Disabling Windows 7 and Windows 8 Services and Tasks
- Overview of Windows 7 and Windows 8 Services and Tasks That Cause Linked-Clone Growth
- Disable Scheduled Disk Defragmentation on Windows 7 and Windows 8 Parent Virtual Machines
- Disable the Windows Update Service on Windows 7 and Windows 8 Virtual Machines
- Disable the Diagnostic Policy Service on Windows 7 and Windows 8 Virtual Machines
- Disable the Prefetch and Superfetch Features on Windows 7 and Windows 8 Virtual Machines
- Disable Windows Registry Backup on Windows 7 and Windows 8 Virtual Machines
- Disable the System Restore on Windows 7 and Windows 8 Virtual Machines
- Disable Windows Defender on Windows 7 and Windows 8 Virtual Machines
- Disable Microsoft Feeds Synchronization on Windows 7 and Windows 8 Virtual Machines
- Preparing Virtual Machines for View Composer
- Prepare a Parent Virtual Machine
- Activating Windows on Linked-Clone Desktops
- Disable Windows Hibernation in the Parent Virtual Machine
- Configure a Parent Virtual Machine to Use Local Storage
- Keep a Record of the Parent Virtual Machine's Paging-File Size
- Increase the Timeout Limit of QuickPrep Customization Scripts
- Creating Virtual Machine Templates
- Creating Customization Specifications
- Creating Desktop Pools
- Automated Pools That Contain Full Virtual Machines
- Linked-Clone Desktop Pools
- Worksheet for Creating a Linked-Clone Desktop Pool
- Create a Linked-Clone Desktop Pool
- Desktop Settings for Linked-Clone Desktop Pools
- View Composer Support for Linked-Clone SIDs and Third-Party Applications
- Choosing QuickPrep or Sysprep to Customize Linked-Clone Desktops
- Storage Sizing for Linked-Clone Desktop Pools
- Set the Storage Overcommit Level for Linked-Clone Desktops
- Storing Linked-Clone Desktops on Local Datastores
- Storing View Composer Replicas and Linked Clones on Separate Datastores
- Using View Composer Array Integration with Native NFS Snapshot Technology (VAAI)
- Reclaim Disk Space on Linked-Clone Desktops
- Keeping Linked-Clone Desktops Provisioned and Ready During View Composer Operations
- Use Existing Active Directory Computer Accounts for Linked Clones
- Linked-Clone Desktop Data Disks
- Manual Desktop Pools
- Microsoft Terminal Services Pools
- Provisioning Desktop Pools
- Setting Power Policies for Desktop Pools
- Configure View Storage Accelerator for Desktop Pools
- Deploying Large Desktop Pools
- Entitling Users and Groups
- Setting Up User Authentication
- Using SAML 2.0 Authentication
- Using Smart Card Authentication
- Using Smart Card Certificate Revocation Checking
- Using Two-Factor Authentication
- Using the Log In as Current User Feature Available with Windows-Based View Client
- Allow Users to Save Credentials
- Configuring Policies
- Setting Policies in View Administrator
- Using Active Directory Group Policies
- Using the View Group Policy Administrative Template Files
- View ADM Template Files
- View Agent Configuration ADM Template Settings
- View Client Configuration ADM Template Settings
- Using Policies to Control USB Redirection
- View Server Configuration ADM Template Settings
- View Common Configuration ADM Template Settings
- View PCoIP Session Variables ADM Template Settings
- Setting Up Location-Based Printing
- Using Terminal Services Group Policies
- Active Directory Group Policy Example
- Configuring User Profiles with View Persona Management
- Providing User Personas in View
- Using View Persona Management with Standalone Systems
- Migrating User Profiles with View Persona Management
- Persona Management and Windows Roaming Profiles
- Configuring a View Persona Management Deployment
- Overview of Setting Up a View Persona Management Deployment
- Configure a User Profile Repository
- Install View Agent with the View Persona Management Option
- Install Standalone View Persona Management
- Add the View Persona Management ADM Template File
- Configure View Persona Management Policies
- Create View Desktops That Use Persona Management
- Best Practices for Configuring a View Persona Management Deployment
- View Persona Management Group Policy Settings
- Managing Linked-Clone Desktops
- Reduce Linked-Clone Size with Desktop Refresh
- Update Linked-Clone Desktops
- Rebalance Linked-Clone Desktops
- Manage View Composer Persistent Disks
- View Composer Persistent Disks
- Detach a View Composer Persistent Disk
- Attach a View Composer Persistent Disk to Another Linked-Clone Desktop
- Edit a View Composer Persistent Disk's Pool or User
- Recreate a Linked-Clone Desktop With a Detached Persistent Disk
- Restore a Linked-Clone Desktop by Importing a Persistent Disk from vSphere
- Delete a Detached View Composer Persistent Disk
- Managing Desktops and Desktop Pools
- Managing Desktop Pools
- Edit a Desktop Pool
- Modifying Settings in an Existing Desktop Pool
- Fixed Settings in an Existing Desktop Pool
- Change the Size of an Automated Pool Provisioned by a Naming Pattern
- Add Desktops to an Automated Pool Provisioned by a List of Names
- Disable or Enable a Desktop Pool
- Disable or Enable Provisioning in a Desktop Pool
- Delete a Desktop Pool from View Manager
- Reducing Adobe Flash Bandwidth
- Managing Virtual-Machine Desktops
- Export View Information to External Files
- Managing Desktop Pools
- Managing Physical Computers and Terminal Servers
- Managing ThinApp Applications in View Administrator
- View Requirements for ThinApp Applications
- Capturing and Storing Application Packages
- Assigning ThinApp Applications to Desktops and Pools
- Best Practices for Assigning ThinApp Applications
- Assign a ThinApp Application to Multiple Desktops
- Assign Multiple ThinApp Applications to a Desktop
- Assign a ThinApp Application to Multiple Pools
- Assign Multiple ThinApp Applications to a Pool
- Assign a ThinApp Template to a Desktop or Pool
- Review ThinApp Application Assignments
- Display MSI Package Information
- Maintaining ThinApp Applications in View Administrator
- Remove a ThinApp Application Assignment from Multiple Desktops
- Remove Multiple ThinApp Application Assignments from a Desktop
- Remove a ThinApp Application Assignment from Multiple Pools
- Remove Multiple ThinApp Application Assignments from a Pool
- Remove a ThinApp Application from View Administrator
- Modify or Delete a ThinApp Template
- Remove an Application Repository
- Monitoring and Troubleshooting ThinApp Applications in View Administrator
- ThinApp Configuration Example
- Managing Local Desktops
- Benefits of Using View Desktops in Local Mode
- Managing View Transfer Server
- Managing the Transfer Server Repository
- Using the Transfer Server Repository to Download System Images
- Determine the Size of a View Composer Base Image
- Configure the Transfer Server Repository
- Publish Package Files in the Transfer Server Repository
- Delete a Package File from the Transfer Server Repository
- Migrate the Transfer Server Repository to a New Location
- Recover from a Corrupted Transfer Server Repository Folder
- Managing Data Transfers
- Configure Security and Optimization for Local Desktop Operations
- Optimizing Data Transfers Between Local-Desktop Host Computers and the Datacenter
- Setting Security Options for Local Desktop Operations
- Change the Local Desktop Encryption Key Cipher for New Key Generation
- Change the Encryption Key Cipher for an Existing Local Desktop
- Determining the Effects of Deduplication and Compression on Data Transfers
- Guest File System Optimization of Data Transfers
- Configuring Endpoint Resource Usage
- Configuring an HTTP Cache to Provision Local Desktops Over a WAN
- Configuring the Heartbeat Interval for Local Desktop Client Computers
- Manually Downloading a Local Desktop to a Location with Poor Network Connections
- Troubleshooting View Transfer Server and Local Desktop Operations
- Check-Out Fails with "No Available Transfer Server" Error
- Problems with Desktop Check-Outs After Initial Check-Out
- Login Window Takes a Long Time to Appear
- View Transfer Server Remains in a Pending State
- View Transfer Server Fails to Enter Maintenance Mode
- The Transfer Server Repository Is Invalid
- View Transfer Server Cannot Connect to the Transfer Server Repository
- View Transfer Server Fails the Health Check
- The Transfer Server Repository Is Not Configured
- View Transfer Server Instances Have Conflicting Transfer Server Repositories
- The View Transfer Server Web Service Is Down
- Local Mode Operation Fails After the Datacenter Desktop Was Modified
- Recover Data from a Local Desktop
- Maintaining View Components
- Backing Up and Restoring View Configuration Data
- Monitor View Components
- Monitor Desktop Status
- Understanding View Manager Services
- Add Licenses to VMware Horizon View
- Update General User Information from Active Directory
- Migrate View Composer to Another Computer
- Update the Certificates on a View Connection Server Instance, Security Server, or View Composer
- Information Collected by the Customer Experience Improvement Program
- Global View Data Collected by VMware
- View Connection Server Data Collected by VMware
- Security Server Data Collected by VMware
- Desktop Pool Data Collected by VMware
- Desktop Data Collected by VMware
- vCenter Server Data Collected by VMware
- View Transfer Server and Transfer Server Repository Data Collected by VMware
- Troubleshooting View Components
- Monitoring System Health
- Monitor Events in View Manager
- Send Messages to Desktop Users
- Display Desktops with Suspected Problems
- Troubleshoot a Problem Desktop Virtual Machine Using the vSphere Web Client
- Manage Desktops and Policies for Unentitled Users
- Collecting Diagnostic Information for VMware Horizon View
- Create a Data Collection Tool Bundle for View Agent
- Save Diagnostic Information for View Client
- Collect Diagnostic Information for View Composer Using the Support Script
- Collect Diagnostic Information for View Connection Server Using the Support Tool
- Collect Diagnostic Information for View Agent, View Client, or View Connection Server from the Console
- Update Support Requests
- Troubleshooting Network Connection Problems
- Troubleshooting Desktop Pool Creation Problems
- Pool Creation Fails if Customization Specifications Cannot Be Found
- Pool Creation Fails Because of a Permissions Problem
- Pool Provisioning Fails Due to a Configuration Problem
- Pool Provisioning Fails Due to a View Connection Server Instance Being Unable to Connect to vCenter
- Pool Provisioning Fails Due to Datastore Problems
- Pool Provisioning Fails Due to vCenter Server Being Overloaded
- Virtual Machines Are Stuck in the Provisioning State
- Virtual Machines Are Stuck in the Customizing State
- Troubleshooting an Unsuccessful Security Server Pairing with View Connection Server
- Troubleshooting View Server Certificate Revocation Checking
- Troubleshooting Smart Card Certificate Revocation Checking
- Troubleshooting USB Redirection Problems
- Troubleshooting Desktops That Are Repeatedly Deleted and Recreated
- Troubleshooting QuickPrep Customization Problems
- View Composer Provisioning Errors
- Removing Orphaned or Deleted Linked Clones
- Finding and Unprotecting Unused View Composer Replicas
- Windows XP Linked Clones Fail to Join the Domain
- Troubleshooting GINA Problems on Windows XP Desktops
- Further Troubleshooting Information
- Using the vdmadmin Command
- vdmadmin Command Usage
- Configuring Logging in View Agent Using the ‑A Option
- Overriding IP Addresses Using the ‑A Option
- Setting the Name of a View Connection Server Group Using the ‑C Option
- Updating Foreign Security Principals Using the ‑F Option
- Listing and Displaying Health Monitors Using the ‑H Option
- Listing and Displaying Reports of View Manager Operation Using the ‑I Option
- Generating View Event Log Messages in Syslog Format Using the ‑I Option
- Assigning Dedicated Desktops Using the ‑L Option
- Displaying Information About Machines Using the ‑M Option
- Reclaiming Disk Space on Virtual Machines Using the ‑M Option
- Configuring Domain Filters Using the ‑N Option
- Configuring Domain Filters
- Displaying the Desktops and Policies of Unentitled Users Using the ‑O and ‑P Options
- Configuring Clients in Kiosk Mode Using the ‑Q Option
- Displaying the First User of a Desktop Using the ‑R Option
- Removing the Entry for a View Connection Server Instance or Security Server Using the ‑S Option
- Setting the Split Limit for Publishing View Transfer Server Packages Using the ‑T Option
- Displaying Information About Users Using the ‑U Option
- Decrypting the Virtual Machine of a Local Desktop Using the ‑V Option
- Recovering a Local Desktop by Using the ‑V Option When the Desktop Was Modified in the Datacenter
- Unlocking or Locking Virtual Machines Using the ‑V Option
- Detecting and Resolving LDAP Entry Collisions Using the -X Option
- Setting Up Clients in Kiosk Mode
- Configure Clients in Kiosk Mode
- Prepare Active Directory and View Manager for Clients in Kiosk Mode
- Set Default Values for Clients in Kiosk Mode
- Display the MAC Addresses of Client Devices
- Add Accounts for Clients in Kiosk Mode
- Enable Authentication of Clients in Kiosk Mode
- Verify the Configuration of Clients in Kiosk Mode
- Connect to Desktops from Clients in Kiosk Mode
- Configure Clients in Kiosk Mode
- Index
Add Accounts for Clients in Kiosk Mode
You can use the vdmadmin command to add accounts for clients to the configuration of a View Connection
Server group. After you add a client, it is available for use with a View Connection Server instance on which
you have enabled authentication of clients. You can also update the configuration of clients, or remove their
accounts from the system.
You
must run the vdmadmin command on one of the View Connection Server instances in the group that contains
the View Connection Server instance that clients will use to connect to their desktops.
When you add a client in kiosk mode, View Manager creates a user account for the client in Active Directory.
If you specify a name for a client, this name must start with a recognized prefix string, such as "custom-", or
with an alternate prefix string that you have defined in ADAM, and it cannot be more than 20 characters long.
If you do not specify a name for a client, View Manager generates a name from the MAC address that you
specify for the client device. For example, if the MAC address is 00:10:db:ee:76:80, the corresponding account
name is cm-00_10_db_ee_76_80. You can only use these accounts with View Connection Server instances that
you enable to authenticate clients.
IMPORTANT Do not use a specified name with more than one client device. Future releases might not support
this configuration.
Procedure
u
Run the vdmadmin command using the -domain and -clientid options to specify the domain and the
name or the MAC address of the client.
vdmadmin -Q -clientauth -add [-b
authentication_arguments
] -domain
domain_name
-clientid
client_id
[-password "
password
" | -genpassword] [-ou
DN
] [-expirepassword | -noexpirepassword]
[-group
group_name
| -nogroup] [-description "
description_text
"]
Option Description
-clientid client_id
Specifies the name or the MAC address of the client.
-description "description_text"
Creates a description of the account for the client device in Active Directory.
-domain domain_name
Specifies the domain for the client.
-expirepassword
Specifies that the expiry time for the password on the client's account is the
same as for the View Connection Server group. If no expiry time is defined
for the group, the password does not expire.
-genpassword
Generates a password for the client's account. This is the default behavior if
you do not specify either -password or -genpassword.
A
generated password is 16 characters long, contains at least one uppercase
letter, one lowercase letter, one symbol, and one number, and can contain
repeated characters. If you require a stronger password, use the
-password option to specify the password.
-group group_name
Specifies the name of the group to which the client's account is added. The
name of the group must be specified as the pre-Windows 2000 group name
from
Active Directory. If you previously set a default group, client's account
is added to this group.
-noexpirepassword
Specifies that the password on the client's account does not expire.
-nogroup
Specifies that the client's account is not added to the default group.
-ou DN
Specifies the distinguished name of the organizational unit to which the
client's account is added.
For example: OU=kiosk-ou,DC=myorg,DC=com
-password "password"
Specifies an explicit password for the client's account.
The
command creates a user account in Active Directory for the client in the specified domain and group
(if any).
Chapter 18 Setting Up Clients in Kiosk Mode
VMware, Inc. 443