Security
Table Of Contents
- View Security
- Contents
- View Security
- View Security Reference
- View Accounts
- View Security Settings
- View Resources
- View Log Files
- View TCP and UDP Ports
- Services on a View Connection Server Host
- Services on a Security Server
- Configuring Security Protocols and Cipher Suites on a View Connection Server Instance or on a Security Server
- Default Global Policies for Security Protocols and Cipher Suites
- Updating JCE Policy Files to Support High-Strength Cipher Suites
- Configuring Global Acceptance and Proposal Policies
- Configure Acceptance Policies on Individual View Servers
- Internet Engineering Task Force Standards
- Perfect Forward Secrecy
- SSLv3 Is Disabled in View
- Deploying USB Devices in a Secure View Environment
- Index
Security-Related Settings in the View Agent Configuration Template
Security-related settings are provided in the ADM template file for View Agent (vdm_agent.adm). Unless
noted otherwise, the settings include only a Computer Configuration setting.
Security Settings are stored in the registry on the guest machine under HKLM\Software\VMware, Inc.\VMware
VDM\Agent\Configuration.
Table 1‑5. Security-Related Settings in the View Agent Configuration Template
Setting Description
AllowDirectRDP
Determines whether non-Horizon Clients can connect directly to View desktops
with RDP. When this setting is disabled, View Agent permits only View-managed
connections through Horizon Client.
By default, while a user is logged in to a View desktop session, you can use RDP
to connect to the virtual machine from outside of View. The RDP connection
terminates the View desktop session, and the View user's unsaved data and
settings might be lost. The View user cannot log in to the desktop until the
external RDP connection is closed. To avoid this situation, disable the
AllowDirectRDP setting.
IMPORTANT For View to operate correctly, the Windows Remote Desktop Services
service must be running on the guest operating system of each desktop. You can
use this setting to prevent users from making direct RDP connections to their
desktops.
This setting is enabled by default.
The equivalent Windows Registry value is AllowDirectRDP.
AllowSingleSignon
Determines whether single sign-on (SSO) is used to connect users to desktops and
applications. When this setting is enabled, users are required to enter only their
credentials when connecting with Horizon Client. When it is disabled, users must
reauthenticate when the remote connection is made.
This setting is enabled by default.
The equivalent Windows Registry value is AllowSingleSignon.
CommandsToRunOnConnect
Specifies a list of commands or command scripts to be run when a session is
connected for the first time.
No list is specified by default.
The equivalent Windows Registry value is CommandsToRunOnConnect.
CommandsToRunOnReconnect
Specifies a list of commands or command scripts to be run when a session is
reconnected after a disconnect.
No list is specified by default.
The equivalent Windows Registry value is CommandsToRunOnReconnect.
CommandsToRunOnDisconnect
Specifies a list of commands or command scripts to be run when a session is
disconnected.
No list is specified by default.
The equivalent Windows Registry value is CommandsToRunOnDisconnect.
ConnectionTicketTimeout
Specifies the amount of time in seconds that the View connection ticket is valid.
If this setting is not configured, the default timeout period is 120 seconds.
The equivalent Windows Registry value is VdmConnectionTicketTimeout.
CredentialFilterExceptions
Specifies the executable files that are not allowed to load the agent
CredentialFilter. Filenames must not include a path or suffix. Use a semicolon to
separate multiple filenames.
No list is specified by default.
The equivalent Windows Registry value is CredentialFilterExceptions.
For more information about these settings and their security implications, see the View Administration
document.
Chapter 1 View Security Reference
VMware, Inc. 11