7.0
Table Of Contents
- Setting Up Desktop and Application Pools in View
- Contents
- Setting Up Desktop and Application Pools in View
- Introduction to Desktop and Application Pools
- Preparing Unmanaged Machines
- Creating and Preparing a Parent Virtual Machine for Cloning
- Creating a Virtual Machine for Cloning
- Create a Virtual Machine in vSphere
- Install a Guest Operating System
- Prepare a Guest Operating System for Remote Desktop Deployment
- Prepare Windows Server Operating Systems for Desktop Use
- Install Desktop Experience on Windows Server 2008 R2
- Install Desktop Experience on Windows Server 2012 or 2012 R2
- Configure the Windows Firewall Service to Restart After Failures
- Install Horizon Agent on a Virtual Machine
- Install Horizon Agent Silently
- Configure a Virtual Machine with Multiple NICs for Horizon Agent
- Optimize Guest Operating System Performance
- Disable the Windows Customer Experience Improvement Program
- Optimizing Windows for Instant-Clone and View Composer Linked-Clone Virtual Machines
- Benefits of Disabling Windows Services and Tasks
- Windows Services and Tasks That Cause Disk Growth in Instant Clones and Linked Clones
- Disable Scheduled Disk Defragmentation on a Windows Parent Virtual Machine
- Disable Windows Update
- Disable the Diagnostic Policy Service on Windows Virtual Machines
- Disable the Prefetch and Superfetch Features on Windows Virtual Machines
- Disable Windows Registry Backup on Windows Virtual Machines
- Disable the System Restore on Windows Virtual Machines
- Disable Windows Defender on Windows Virtual Machines
- Disable Microsoft Feeds Synchronization on Windows Virtual Machines
- Preparing a Parent Virtual Machine
- Configure a Parent Virtual Machine
- Activating Windows on Instant Clones and View Composer Linked Clones
- Disable Windows Hibernation in the Parent Virtual Machine
- Configure Local Storage for View Composer Linked Clones
- Record the Paging File Size of a View Composer Parent Virtual Machine
- Increase the Timeout Limit for ClonePrep and QuickPrep Customization Scripts
- Creating Virtual Machine Templates
- Creating Customization Specifications
- Creating a Virtual Machine for Cloning
- Creating Automated Desktop Pools That Contain Full Virtual Machines
- Creating Linked-Clone Desktop Pools
- Linked-Clone Desktop Pools
- Worksheet for Creating a Linked-Clone Desktop Pool
- Create a Linked-Clone Desktop Pool
- Clone an Automated Desktop Pool
- Desktop Pool Settings for Linked-Clone Desktop Pools
- View Composer Support for Linked-Clone SIDs and Third-Party Applications
- Keeping Linked-Clone Machines Provisioned for Use in Remote Desktop Sessions During View Composer Operations
- Use Existing Active Directory Computer Accounts for Linked Clones
- Creating Instant-Clone Desktop Pools
- Creating Manual Desktop Pools
- Setting Up Remote Desktop Services Hosts
- Remote Desktop Services Hosts
- Install Remote Desktop Services on Windows Server 2008 R2
- Install Remote Desktop Services on Windows Server 2012 or 2012 R2
- Install Desktop Experience on Windows Server 2008 R2
- Install Desktop Experience on Windows Server 2012 or 2012 R2
- Restrict Users to a Single Session
- Install Horizon Agent on a Remote Desktop Services Host
- Enable Time Zone Redirection for RDS Desktop and Application Sessions
- Enable Windows Basic Theme for Applications
- Configure Group Policy to Start Runonce.exe
- RDS Host Performance Options
- Configuring 3D Graphics for RDS Hosts
- Creating Farms
- Creating Application Pools
- Creating RDS Desktop Pools
- Provisioning Desktop Pools
- User Assignment in Desktop Pools
- Naming Machines Manually or Providing a Naming Pattern
- Manually Customizing Machines
- Desktop Pool Settings for All Desktop Pool Types
- Adobe Flash Quality and Throttling
- Setting Power Policies for Desktop Pools
- Power Policies for Desktop Pools
- Configure Dedicated Machines To Be Suspended After Users Disconnect
- How Power Policies Affect Automated Desktop Pools
- Power Policy Examples for Automated Pools with Floating Assignments
- Power Policy Example for Automated Pools with Dedicated Assignments
- Preventing View Power Policy Conflicts
- Configuring 3D Rendering for Desktops
- Prevent Access to View Desktops Through RDP
- Deploying Large Desktop Pools
- Entitling Users and Groups
- Configuring Remote Desktop Features
- Configuring Unity Touch
- Configuring Flash URL Redirection for Multicast or Unicast Streaming
- Configuring Flash Redirection
- Configuring URL Content Redirection
- Configuring Real-Time Audio-Video
- Configuration Choices for Real-Time Audio-Video
- System Requirements for Real-Time Audio-Video
- Ensuring That Real-Time Audio-Video Is Used Instead of USB Redirection
- Selecting Preferred Webcams and Microphones
- Select a Default Microphone on a Windows Client System
- Select a Preferred Webcam on a Windows Client System
- Select a Default Microphone on a Mac OS X Client System
- Configuring Real-Time Audio-Video on a Mac OS X Client
- Configure a Preferred Webcam or Microphone on a Mac OS X Client System
- Select a Default Microphone on a Linux Client System
- Select a Preferred Webcam or Microphone on a Linux Client System
- Configuring Real-Time Audio-Video Group Policy Settings
- Real-Time Audio-Video Bandwidth
- Configuring Scanner Redirection
- Configuring Serial Port Redirection
- Managing Access to Windows Media Multimedia Redirection (MMR)
- Managing Access to Client Drive Redirection
- Using USB Devices with Remote Desktops and Applications
- Limitations Regarding USB Device Types
- Overview of Setting Up USB Redirection
- Network Traffic and USB Redirection
- Automatic Connections to USB Devices
- Deploying USB Devices in a Secure View Environment
- Using Log Files for Troubleshooting and to Determine USB Device IDs
- Using Policies to Control USB Redirection
- Troubleshooting USB Redirection Problems
- Reducing and Managing Storage Requirements
- Managing Storage with vSphere
- Reducing Storage Requirements with Instant Clones
- Reducing Storage Requirements with View Composer
- Storage Sizing for Instant-Clone and View Composer Linked-Clone Desktop Pools
- Storage Overcommit for View Composer Linked-Clone Virtual Machines
- View Composer Linked-Clone Data Disks
- Storing View Composer Linked Clones on Local Datastores
- Storing Replicas and Clones on Separate Datastores for Instant Clones and View Composer Linked Clones
- Configure View Storage Accelerator for View Composer Linked Clones
- Reclaim Disk Space on View Composer Linked Clones
- Using VAAI Storage for View Composer Linked Clones
- Set Storage Accelerator and Space Reclamation Blackout Times for View Composer Linked Clones
- Configuring Policies for Desktop and Application Pools
- Setting Policies in View Administrator
- Using Smart Policies
- Using Active Directory Group Policies
- Using View Group Policy Administrative Template Files
- View ADM and ADMX Template Files
- Horizon Agent Configuration ADM Template Settings
- PCoIP Policy Settings
- VMware Blast Policy Settings
- Using Remote Desktop Services Group Policies
- Configure the RDS Per Device CAL Storage
- Add the Remote Desktop Services ADMX Files to Active Directory
- RDS Application Compatibility Settings
- RDS Connections Settings
- RDS Device and Resource Redirection Settings
- RDS Licensing Settings
- RDS Profiles Settings
- RDS Remote Session Environment Settings
- RDS Security Settings
- RDS Temporary Folders Settings
- Setting Up Location-Based Printing
- Active Directory Group Policy Example
- Configuring User Profiles with View Persona Management
- Providing User Personas in View
- Using View Persona Management with Standalone Systems
- Migrating User Profiles with View Persona Management
- Persona Management and Windows Roaming Profiles
- Configuring a View Persona Management Deployment
- Overview of Setting Up a View Persona Management Deployment
- Configure a User Profile Repository
- Install Horizon Agent with the View Persona Management Option
- Install Standalone View Persona Management
- Add the View Persona Management ADM Template File
- Configure View Persona Management Policies
- Create Desktop Pools That Use Persona Management
- Best Practices for Configuring a View Persona Management Deployment
- View Persona Management Group Policy Settings
- Troubleshooting Machines and Desktop Pools
- Display Problem Machines
- Send Messages to Desktop Users
- Problems Provisoning or Recreating a Desktop Pool
- Instant-Clone Provisioning or Push Image Failure
- Instant Clone Image Publish Failure
- Endless Error Recovery During Instant-Clone Provisioning
- Cannot Delete Orphaned Instant Clones
- Pool Creation Fails if Customization Specifications Cannot Be Found
- Pool Creation Fails Because of a Permissions Problem
- Pool Provisioning Fails Due to a Configuration Problem
- Pool Provisioning Fails Due to a View Connection Server Instance Being Unable to Connect to vCenter
- Pool Provisioning Fails Due to Datastore Problems
- Pool Provisioning Fails Due to vCenter Server Being Overloaded
- Virtual Machines Are Stuck in the Provisioning State
- Virtual Machines Are Stuck in the Customizing State
- Removing Orphaned or Deleted Linked Clones
- Troubleshooting Machines That Are Repeatedly Deleted and Recreated
- Troubleshooting QuickPrep Customization Problems
- Finding and Unprotecting Unused View Composer Replicas
- View Composer Provisioning Errors
- Troubleshooting Network Connection Problems
- Troubleshooting USB Redirection Problems
- Manage Machines and Policies for Unentitled Users
- Resolving Database Inconsistencies with the ViewDbChk Command
- Further Troubleshooting Information
- Index
n
Use Smart Policies to create a policy that disables the USB redirection Horizon Policy setting. With this
approach, you can disable USB redirection on a specific remote desktop if certain conditions are met.
For example, you can configure a policy that disables USB redirection when users connect to a remote
desktop from outside your corporate network.
If you set the Exclude All Devices policy to true, Horizon Client prevents all USB devices from being
redirected. You can use other policy settings to allow specific devices or families of devices to be redirected.
If you set the policy to false, Horizon Client allows all USB devices to be redirected except those that are
blocked by other policy settings. You can set the policy on both Horizon Agent and Horizon Client. The
following table shows how the Exclude All Devices policy that you can set for Horizon Agent and
Horizon Client combine to produce an effective policy for the client computer. By default, all USB devices
are allowed to be redirected unless otherwise blocked.
Table 15‑1. Effect of Combining Exclude All Devices Policies
Exclude All Devices Policy on
Horizon Agent
Exclude All Devices Policy on
Horizon Client
Combined Effective Exclude All
Devices Policy
false or not defined (include all USB
devices)
false or not defined (include all USB
devices)
Include all USB devices
false (include all USB devices) true (exclude all USB devices)
Exclude all USB devices
true (exclude all USB devices)
Any or not defined Exclude all USB devices
If you have set Disable Remote Configuration Download policy to true, the value of Exclude All Devices
on Horizon Agent is not passed to Horizon Client, but Horizon Agent and Horizon Client enforce the local
value of Exclude All Devices.
These policies are included in the Horizon Agent Configuration ADM template file (vdm_agent.adm). For
more information, see “USB Settings in the Horizon Agent Configuration ADM Template,” on page 227.
Disabling USB Redirection for Specific Devices
Some users might have to redirect specific locally-connected USB devices so that they can perform tasks on
their remote desktops or applications. For example, a doctor might have to use a Dictaphone USB device to
record patients' medical information. In these cases, you cannot disable access to all USB devices. You can
use group policy settings to enable or disable USB redirection for specific devices.
Before you enable USB redirection for specific devices, make sure that you trust the physical devices that are
connected to client machines in your enterprise. Be sure that you can trust your supply chain. If possible,
keep track of a chain of custody for the USB devices.
In addition, educate your employees to ensure that they do not connect devices from unknown sources. If
possible, restrict the devices in your environment to those that accept only signed firmware updates, are
FIPS 140-2 Level 3-certified, and do not support any kind of field-updatable firmware. These types of USB
devices are hard to source and, depending on your device requirements, might be impossible to find. These
choices might not be practical, but they are worth considering.
Each USB device has its own vendor and product ID that identifies it to the computer. By configuring
Horizon Agent Configuration group policy settings, you can set an include policy for known device types.
With this approach, you remove the risk of allowing unknown devices to be inserted into your environment.
For example, you can prevent all devices except a known device vendor and product ID,
vid/pid=0123/abcd, from being redirected to the remote desktop or application:
ExcludeAllDevices Enabled
IncludeVidPid o:vid-0123_pid-abcd
NOTE This example configuration provides protection, but a compromised device can report any vid/pid,
so a possible attack could still occur.
Setting Up Desktop and Application Pools in View
218 VMware, Inc.