Security
Table Of Contents
- View Security
- Contents
- View Security
- View Security Reference
- View Accounts
- View Security Settings
- View Resources
- View Log Files
- View TCP and UDP Ports
- Services on a View Connection Server Host
- Services on a Security Server
- Configuring Security Protocols and Cipher Suites on a View Connection Server Instance or on a Security Server
- Default Global Policies for Security Protocols and Cipher Suites
- Updating JCE Policy Files to Support High-Strength Cipher Suites
- Configuring Global Acceptance and Proposal Policies
- Configure Acceptance Policies on Individual View Servers
- Internet Engineering Task Force Standards
- Perfect Forward Secrecy
- SSLv3 Is Disabled in View
- Deploying USB Devices in a Secure View Environment
- Index
Table 1‑7. Security-Related Settings in the Scripting Definitions Section
Setting Description
Connect all USB devices to the
desktop on launch
Determines whether all of the available USB devices on the client system are
connected to the desktop when the desktop is launched.
This setting is disabled by default.
The equivalent Windows Registry value is connectUSBOnStartup.
Connect all USB devices to the
desktop when they are plugged
in
Determines whether USB devices are connected to the desktop when they are
plugged in to the client system.
This setting is disabled by default.
The equivalent Windows Registry value is connectUSBOnInsert.
Logon Password
Specifies the password that Horizon Client uses during login. The password is
stored in plain text by Active Directory.
This setting is undefined by default.
The equivalent Windows Registry value is Password.
For more information about these settings and their security implications, see the Using VMware Horizon
Client for Windows document.
Security-Related Settings in View LDAP
Security-related settings are provided in View LDAP under the object path
cn=common,ou=global,ou=properties,dc=vdi,dc=vmware,dc=int. You can use the ADSI Edit utility to change
the value of these settings on a View Connection Server instance. The change propagates automatically to all
other View Connection Server instances in a group.
Table 1‑8. Security-Related Settings in View LDAP
Name-value pair Description
cs-allowunencryptedstartsession
The attribute is pae-NameValuePair.
This attribute controls whether a secure channel is required between a View
Connection Server instance and a desktop when a remote user session is being
started.
When View Agent 5.1 or later is installed on a desktop computer, this attribute
has no effect and a secure channel is always required. When a View Agent older
than View 5.1 is installed, a secure channel cannot be established if the desktop
computer is not a member of a domain with a two-way trust to the domain of the
View Connection Server instance. In this case, the attribute is important to
determine whether a remote user session can be started without a secure channel.
In all cases, user credentials and authorization tickets are protected by a static
key. A secure channel provides further assurance of confidentiality by using
dynamic keys.
If set to 0, a remote user session will not start if a secure channel cannot be
established. This setting is suitable if all the desktops are in trusted domains or
all desktops have View Agent 5.1 or later installed.
If set to 1, a remote user session can be started even if a secure channel cannot be
established. This setting is suitable if some desktops have older View Agents
installed and are not in trusted domains.
The default setting is 1.
View Security
16 VMware, Inc.