Security
Table Of Contents
- View Security
- Contents
- View Security
- View Security Reference
- View Accounts
- View Security Settings
- View Resources
- View Log Files
- View TCP and UDP Ports
- Services on a View Connection Server Host
- Services on a Security Server
- Configuring Security Protocols and Cipher Suites on a View Connection Server Instance or on a Security Server
- Default Global Policies for Security Protocols and Cipher Suites
- Updating JCE Policy Files to Support High-Strength Cipher Suites
- Configuring Global Acceptance and Proposal Policies
- Configure Acceptance Policies on Individual View Servers
- Internet Engineering Task Force Standards
- Perfect Forward Secrecy
- SSLv3 Is Disabled in View
- Deploying USB Devices in a Secure View Environment
- Index
Table 1‑6. Horizon Client Configuration Template: Security Settings (Continued)
Setting Description
Certificate verification mode
(Computer Configuration setting)
Configures the level of certificate checking that is performed by Horizon Client.
You can select one of these modes:
n
No Security. View does not perform certificate checking.
n
Warn But Allow. When the following server certificate issues occur, a
warning is displayed, but the user can continue to connect to View
Connection Server:
n
A self-signed certificate is provided by View. In this case, it is acceptable
if the certificate name does not match the View Connection Server name
provided by the user in Horizon Client.
n
A verifiable certificate that was configured in your deployment has
expired or is not yet valid.
If any other certificate error condition occurs, View displays an error dialog
and prevents the user from connecting to View Connection Server.
Warn But Allow is the default value.
n
Full Security. If any type of certificate error occurs, the user cannot
connect to View Connection Server. View displays certificate errors to the
user.
When this group policy setting is configured, users can view the selected
certificate verification mode in Horizon Client but cannot configure the setting.
The SSL configuration dialog box informs users that the administrator has
locked the setting.
When this setting is not configured or disabled, Horizon Client users can select
a certificate verification mode.
To allow a View server to perform checking of certificates provided by
Horizon Client, the client must make HTTPS connections to the View
Connection Server or security server host. Certificate checking is not supported
if you off-load SSL to an intermediate device that makes HTTP connections to
the View Connection Server or security server host.
For Windows clients, if you do not want to configure this setting as a group
policy, you can also enable certificate verification by adding the CertCheckMode
value name to one of the following registry keys on the client computer:
n
For 32-bit Windows: HKEY_LOCAL_MACHINE\Software\VMware,
Inc.\VMware VDM\Client\Security
n
For 64-bit Windows: HKLM\SOFTWARE\Wow6432Node\VMware,
Inc.\VMware VDM\Client\Security
Use the following values in the registry key:
n
0 implements No Security.
n
1 implements Warn But Allow.
n
2 implements Full Security.
If you configure both the group policy setting and the CertCheckMode setting in
the Windows Registry key, the group policy setting takes precedence over the
registry key value.
Default value of the 'Log in
as current user' checkbox
(Computer and User Configuration
setting)
Specifies the default value of the Log in as current user check box on
theHorizon Client connection dialog box.
This setting overrides the default value specified during Horizon Client
installation.
If a user runs Horizon Client from the command line and specifies the
logInAsCurrentUser option, that value overrides this setting.
When the Log in as current user check box is selected, the identity and
credential information that the user provided when logging in to the client
system is passed to the View Connection Server instance and ultimately to the
remote desktop. When the check box is deselected, users must provide identity
and credential information multiple times before they can access a remote
desktop.
This setting is disabled by default.
The equivalent Windows Registry value is LogInAsCurrentUser.
Chapter 1 View Security Reference
VMware, Inc. 13