6.0
Table Of Contents
- View Agent Direct-Connection Plug-In Administration
- Contents
- View Agent Direct-Connection Plug-In Administration
- Installing View Agent Direct-Connection Plug-In
- View Agent Direct-Connection Plug-In Advanced Configuration
- Setting Up HTML Access
- Setting Up View Agent Direct Connection on Remote Desktop Services Hosts
- Troubleshooting View Agent Direct-Connection Plug-In
- Index
Table 2‑1. View Agent Direct-Connection Plug-In Configuration Settings (Continued)
Setting Registry Value Type Description
USB Enabled usbEnabled REG_SZ
The value can be set to TRUE or FALSE. Determines
whether desktops can use USB devices connected to
the client system. The default value is enabled. To
prevent the use of external devices for security
reasons, change the setting to disabled (FALSE).
Client setting: USB
AutoConnect
usbAutoConnect REG_SZ
The value can be set to TRUE or FALSE. Connect USB
devices to the desktop when they are plugged in. If
this policy is set, it overrides any saved client
preferences. No value is set by default.
Reset Enabled resetEnabled REG_SZ
The value can be set to TRUE or FALSE. When set to
TRUE, an authenticated Horizon client can perform an
operating system level reboot. The default setting is
disabled (FALSE).
Client Credential
Cache Timeout
clientCredentialCacheTi
meout
REG_SZ The time period, in minutes, that a Horizon client
allows a user to use a saved password. 0 means
never, and -1 means forever. Horizon Client offers
users the option of saving their passwords if this
setting is set to a valid value. The default is 0 (never).
User Idle Timeout userIdleTimeout REG_SZ If there is no user activity on the Horizon client for
this period of time, the user's desktop and application
sessions are disconnected. The value is set in minutes.
If this policy is not configured or disabled, the default
is 600 minutes. The default is 600 minutes (10 hours).
The External Port numbers and External IP Address values are used for Network Address Translation
(NAT) and port mapping support. For more information see, “Using Network Address Translation and Port
Mapping,” on page 13.
You can set policies that override these registry settings by using the Local Policy Editor or by using Group
Policy Objects (GPOs) in Active directory. Policy settings have precedence over normal registry settings. A
GPO template file is supplied to configure policies. When ViewView Agent and the plug-in are installed in
the default location, the template file has the following location:
C:\Program Files\VMware\VMware View\Agent\extras\view_agent_direct_connection.adm
You can import this template file into Active Directory or the Local Group Policy Editor to simplify the
management of these configuration settings. See the Microsoft Policy Editor and GPO handling
documentation for details of managing policy settings in this way. Policy settings for the plug-in are stored
in the registry key:
HKEY_LOCAL_MACHINE Software\Policies\VMware, Inc.\VMware VDM\Agent\Configuration\XMLAPI
Disabling Weak Ciphers in SSL/TLS
To achieve greater security, you can ensure that communications that use the SSL/TLS protocol between
Horizon Clients and virtual machine-based desktops or RDS hosts do not allow weak cyphers.
The configuration for disabling weak ciphers is stored in the Windows registry. Changes to these settings
must be done on all machines that run View Agent Direct-Connection Plug-In.
NOTE These settings affect all use of SSL/TLS on the operating system.
Both SSL 3.0 and TLS 1.0 (RFC2246) with INTERNET-DRAFT 56-bit Export Cipher Suites For TLS
draft-ietf-tls-56-bit-ciphersuites-00.txt provide options to use different cipher suits. Each cipher suite
determines the key exchange, authentication, encryption, and MAC algorithms used within a SSL/TLS
session.
Chapter 2 View Agent Direct-Connection Plug-In Advanced Configuration
VMware, Inc. 11