When you deploy Horizon Client 3.5 or later and View Agent 6.2 or later with client drive redirection (CDR), folders and files are sent across the network with encryption. CDR connections between clients and the View Secure Gateway and connections from the View Secure Gateway to desktop machines are secure.
With earlier client or View Agent releases, CDR folders and files are sent across the network without encryption and might contain sensitive data, depending on the content being redirected. If the secure tunnel is enabled, CDR connections between Horizon Clients and the View Secure Gateway are secure, but connections from the View Secure Gateway to desktop machines are not encrypted. If the secure tunnel is disabled, CDR connections from Horizon Clients to the desktop machines are not encrypted. To ensure that this data cannot be monitored on the network, use CDR only on a secure network if Horizon Client is earlier than version 3.5 or View Agent is earlier than version 6.2.
The Client Drive Redirection setup option in the View Agent installer is selected by default. As a best practice, install the Client Drive Redirection setup option only in desktop pools where users require this feature.
You can disable CDR by configuring a Microsoft Remote Desktop Services group policy setting for remote desktops and RDS hosts in Active Directory.
- In the Group Policy Editor, go to Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection.
This navigation path is for Active Directory on Windows Server 2012. The navigation path differs on other Windows operating systems.
- Enable the Do not allow drive redirection group policy setting.
Currently, this feature is supported on Horizon Client for Mac OS X, Horizon Client for Windows, and Horizon Client for Linux. For more information, see the Using VMware Horizon Client document for the specific type of desktop client device. Go to https://www.vmware.com/support/viewclients/doc/viewclients_pubs.html.