Installation guide
Table Of Contents
- VMware View Installation Guide
- Contents
- About This Book
- System Requirements for Server Components
- System Requirements for Client Components
- Supported Operating Systems for View Agent
- Supported Operating Systems for View Client and View Client with Local Mode
- Hardware Requirements for Local Mode Desktops
- Client Browser Requirements for View Portal
- Remote Display Protocol and Software Support
- Adobe Flash Requirements
- Smart Card Authentication Requirements
- Preparing Active Directory
- Configuring Domains and Trust Relationships
- Creating an OU for View Desktops
- Creating OUs and Groups for Kiosk Mode Client Accounts
- Creating Groups for View Users
- Creating a User Account for vCenter Server
- Create a User Account for View Composer
- Configure the Restricted Groups Policy
- Using View Group Policy Administrative Template Files
- Prepare Active Directory for Smart Card Authentication
- Installing View Composer
- Installing View Connection Server
- Installing the View Connection Server Software
- Installation Prerequisites for View Connection Server
- Install View Connection Server with a New Configuration
- Install a Replicated Instance of View Connection Server
- Configure a Security Server Pairing Password
- Install a Security Server
- Microsoft Windows Installer Command-Line Options
- Uninstalling View Products Silently by Using MSI Command-Line Options
- Configuring User Accounts for vCenter Server and View Composer
- Where to Use the vCenter Server User and Domain User for View Composer
- Configure a vCenter Server User for View Manager, View Composer, and Local Mode
- View Manager Privileges Required for the vCenter Server User
- View Composer Privileges Required for the vCenter Server User
- Local Mode Privileges Required for the vCenter Server User
- Configuring View Connection Server for the First Time
- Configuring View Client Connections
- Sizing Windows Server Settings to Support Your Deployment
- Installing the View Connection Server Software
- Installing View Transfer Server
- Configuring Certificate Authentication
- Replacing the Default Certificate
- Add keytool and openssl to the System Path
- Export an Existing Microsoft IIS SSL Server Certificate
- Creating a New SSL Certificate
- Configure a View Connection Server Instance or Security Server to Use a New Certificate
- Configure a View Transfer Server Instance to Use a New Certificate
- Configure SSL for Client Connections
- Configure SSL for View Transfer Server Communications
- Using Group Policy to Configure Certificate Checking in View Client
- Creating an Event Database
- Installing and Starting View Client
- Install the Windows-Based View Client or View Client with Local Mode
- Start the Windows-Based View Client or View Client with Local Mode
- Install View Client by Using View Portal
- Install View Client on Mac OS X
- Start View Client on Mac OS X
- Set Printing Preferences for the Virtual Printer Feature
- Using USB Printers
- Installing View Client Silently
- Index
You must give the user account privileges to perform certain operations in vCenter Server. If you use View
Composer, you must give the user account additional privileges. See “Configuring User Accounts for vCenter
Server and View Composer,” on page 51 for information on configuring these privileges.
Create a User Account for View Composer
If you use View Composer, you must create a user account in Active Directory to use with View Composer.
View Composer requires this account to join linked-clone desktops to your Active Directory domain.
To ensure security, you should create a separate user account to use with View Composer. By creating a
separate account, you can guarantee that it does not have additional privileges that are defined for another
purpose. You can give the account the minimum privileges that it needs to create and remove computer objects
in a specified Active Directory container. For example, the View Composer account does not require domain
administrator privileges.
Procedure
1 In Active Directory, create a user account in the same domain as your View Connection Server host or in
a trusted domain.
2 Add the Create Computer Objects, Delete Computer Objects, and Write All Properties permissions to
the account in the Active Directory container in which the linked-clone computer accounts are created or
to which the linked-clone computer accounts are moved.
The following list shows all the required permissions for the user account, including permissions that are
assigned by default:
n
List Contents
n
Read All Properties
n
Write All Properties
n
Read Permissions
n
Create Computer Objects
n
Delete Computer Objects
3 Make sure that the user account's permissions apply to the Active Directory container and to all child
objects of the container.
What to do next
Specify the account in View Administrator when you configure View Composer for vCenter Server and when
you configure and deploy linked-clone desktop pools.
Configure the Restricted Groups Policy
To be able to log in to a View desktop, users must belong to the local Remote Desktop Users group of the View
desktop. You can use the Restricted Groups policy in Active Directory to add users or groups to the local
Remote Desktop Users group of every View desktop that is joined to your domain.
The Restricted Groups policy sets the local group membership of computers in the domain to match the
membership list settings defined in the Restricted Groups policy. The members of your View desktop users
group are always added to the local Remote Desktop Users group of every View desktop that is joined to your
domain. When adding new users, you need only add them to your View desktop users group.
Prerequisites
Create a group for View desktop users in your domain in Active Directory.
Chapter 3 Preparing Active Directory
VMware, Inc. 25