6.0
Table Of Contents
- View Security
- Contents
- View Security
- View Security Reference
- View Accounts
- View Security Settings
- View Resources
- View Log Files
- View TCP and UDP Ports
- Services on a View Connection Server Host
- Services on a Security Server
- Configuring Security Protocols and Cipher Suites on a View Connection Server Instance or on a Security Server
- Index
Table 1‑5. Security-Related Settings in the View Agent Configuration Template
Setting Registry Value Name Description
AllowDirectRDP AllowDirectRDP
Determines whether non-Horizon Clients can connect directly to
View desktops with RDP. When this setting is disabled, View
Agent permits only View-managed connections through
Horizon Client.
By default, while a user is logged in to a View desktop session,
you can use RDP to connect to the virtual machine from outside
of View. The RDP connection terminates the View desktop
session, and the View user's unsaved data and settings might be
lost. The View user cannot log in to the desktop until the external
RDP connection is closed. To avoid this situation, disable the
AllowDirectRDP setting.
IMPORTANT For View to operate correctly, the Windows Remote
Desktop Services service must be running on the guest operating
system of each desktop. You can use this setting to prevent users
from making direct RDP connections to their desktops.
This setting is enabled by default.
AllowSingleSignon AllowSingleSignon
Determines whether single sign-on (SSO) is used to connect users
to desktops and applications. When this setting is enabled, users
are required to enter only their credentials when connecting with
Horizon Client. When it is disabled, users must reauthenticate
when the remote connection is made.
This setting is enabled by default.
CommandsToRunOnConne
ct
CommandsToRunOnConn
ect
Specifies a list of commands or command scripts to be run when
a session is connected for the first time.
No list is specified by default.
CommandsToRunOnRecon
nect
CommandsToRunOnReco
nnect
Specifies a list of commands or command scripts to be run when
a session is reconnected after a disconnect.
No list is specified by default.
CommandsToRunOnDisco
nnect
CommandsToRunOnDisc
onnect
Specifies a list of commands or command scripts to be run when
a session is disconnected.
No list is specified by default.
ConnectionTicketTime
out
VdmConnectionTicket
Timeout
Specifies the amount of time in seconds that the View connection
ticket is valid.
If this setting is not configured, the default timeout period is 120
seconds.
CredentialFilterExce
ptions
CredentialFilterExc
eptions
Specifies the executable files that are not allowed to load the
agent CredentialFilter. Filenames must not include a path or
suffix. Use a semicolon to separate multiple filenames.
No list is specified by default.
For more information about these settings and their security implications, see the View Administration
document.
Security Settings in the Horizon Client Configuration Template
Security-related settings are provided in the ADM template file for Horizon Client (vdm_client.adm). Except
where noted, the settings include only a Computer Configuration setting. If a User Configuration setting is
available and you define a value for it, it overrides the equivalent Computer Configuration setting.
Security Settings are stored in the registry on the host machine under HKLM\Software\Policies\VMware,
Inc.\VMware VDM\Client\Security.
Chapter 1 View Security Reference
VMware, Inc. 11