Security
Table Of Contents
- View Security
- Contents
- View Security
- View Security Reference
- View Accounts
- View Security Settings
- View Resources
- View Log Files
- View TCP and UDP Ports
- Services on a View Connection Server Host
- Services on a Security Server
- Configuring Security Protocols and Cipher Suites on a View Connection Server Instance or on a Security Server
- Default Global Policies for Security Protocols and Cipher Suites
- Updating JCE Policy Files to Support High-Strength Cipher Suites
- Configuring Global Acceptance and Proposal Policies
- Configure Acceptance Policies on Individual View Servers
- Internet Engineering Task Force Standards
- Perfect Forward Secrecy
- SSLv3 Is Disabled in View
- Deploying USB Devices in a Secure View Environment
- Index
Table 1‑6. Horizon Client Configuration Template: Security Settings (Continued)
Setting Description
Display option to Log in as
current user
(Computer and User Configuration
setting)
Determines whether the Log in as current user check box is visible on the
Horizon Client connection dialog box.
When the check box is visible, users can select or deselect it and override its
default value. When the check box is hidden, users cannot override its default
value from the Horizon Client connection dialog box.
You can specify the default value for the Log in as current user check box by
using the policy setting Default value of the 'Log in as current user'
checkbox.
This setting is enabled by default.
The equivalent Windows Registry value is LogInAsCurrentUser_Display.
Enable jump list integration
(Computer Configuration setting)
Determines whether a jump list appears in the Horizon Client icon on the
taskbar of Windows 7 and later systems. The jump list lets users connect to
recent View Connection Server instances and remote desktops.
If Horizon Client is shared, you might not want users to see the names of recent
desktops. You can disable the jump list by disabling this setting.
This setting is enabled by default.
The equivalent Windows Registry value is EnableJumplist.
Enable SSL encrypted framework
channel
(Computer and User Configuration
setting)
Determines whether SSL is enabled for View 5.0 and earlier desktops. Before
View 5.0, the data sent over port TCP 32111 to the desktop was not encrypted.
n
Enable: Enables SSL, but allows fallback to the previous unencrypted
connection if the remote desktop does not have SSL support. For example,
View 5.0 and earlier desktops do not have SSL support. Enable is the
default setting.
n
Disable: Disables SSL. This setting is not recommended but might be useful
for debugging or if the channel is not being tunneled and could potentially
then be optimized by a WAN accelerator product.
n
Enforce: Enables SSL, and refuses to connect to desktops with no SSL
support .
The equivalent Windows Registry value is EnableTicketSSLAuth.
Configures SSL protocols and
cryptographic algorithms
(Computer and User Configuration
setting)
Configures the cipher list to restrict the use of certain cryptographic algorithms
and protocols before establishing an encrypted SSL connection. The cipher list
consists of one or more cipher strings separated by colons.
NOTE All cipher strings are case-sensitive.
If this feature is enabled, the default value for Horizon Client 3.3 and later is
TLSv1:TLSv1.1:AES:!aNULL:@STRENGTH. The value for Horizon Client 3.2
and earlier is SSLv3:TLSv1:TLSv1.1:AES:!aNULL:@STRENGTH.
That means that In Horizon Client 3.3 and later, TLS v1.0 and TLS v1.1 are
enabled. (SSL v2.0 and v3.0, and TLS v1.2 are disabled.) In Horizon Client 3.2
and earlier, SSL v3.0 is also enabled. (SSL v2.0 and TLS v1.2 are disabled.)
Cipher suites use 128- or 256-bit AES, remove anonymous DH algorithms, and
then sort the current cipher list in order of encryption algorithm key length.
Reference link for the configuration:
http://www.openssl.org/docs/apps/ciphers.html
The equivalent Windows Registry value is SSLCipherList.
Enable Single Sign-On for
smart card authentication
(Computer Configuration setting)
Determines whether single sign-on is enabled for smart card authentication.
When single sign-on is enabled, Horizon Client stores the encrypted smart card
PIN in temporary memory before submitting it to View Connection Server.
When single sign-on is disabled, Horizon Client does not display a custom PIN
dialog.
The equivalent Windows Registry value is EnableSmartCardSSO.
Ignore bad SSL certificate
date received from the server
(Computer Configuration setting)
(View 4.6 and earlier releases only) Determines whether errors that are
associated with invalid server certificate dates are ignored. These errors occur
when a server sends a certificate with a date that has passed.
The equivalent Windows Registry value is IgnoreCertDateInvalid.
View Security
14 VMware, Inc.