The Horizon URL Content Redirection ADM template file (urlRedirection-enUS.adm) contains policy settings related to controlling whether a URL link is opened on the client or on the agent side, in a remote desktop or application. For example, for added security, administrators can set a policy so that, for all employees working inside the company network, all URL links that point outside the company network are opened in a remote desktop or application.

This ADM file is available in a bundled .zip file named VMware-Horizon-Extras-Bundle-x.x.x-yyyyyyy.zip, which you can download from the VMware download site at https://my.vmware.com/web/vmware/downloads. Under Desktop & End-User Computing, select the VMware Horizon 7 download, which includes the bundled .zip file.

URL Content Redirection can occur when end users click a URL link in a browser or an application, such as a Microsoft Word document or an email, or if a user clicks or types a URL into an Internet Explorer 9, 10, or 11 browser. URL links can be links to Web pages, telephone numbers, email addresses, and more.

Syntax for URL Content Redirection Rules

When specifying which URLs to open on the client or agent, you can use regular expressions. Separate multiple entries with semicolons. Spaces are not allowed between entries.

Following are some examples.

Entry

Description

.*

(Dot-star) Specifies that all URLs should be redirected. If you use this setting for the agentRules option, all URLs are redirected to the agent side, which means URLs are opened in a remote desktop or application. If you use this setting for the clientRules option, the specified URLs are redirected to the client.

.*.acme.com;.*.example.com

Specifies that all URLs that have the text .acme.com or example.com in them should be redirected.

[space or leave empty]

To specify that no URLs should be directed, use a space or leave the setting empty. For example, leaving clientRules empty specifies that no URLs should be redirected to the client.

For agentRules you must also use the brokerHostname option to specify the IP address or fully qualified domain name of the connection server, and you must use the remoteItem option to specify the display name of the desktop or application pool, as shown in View Administrator.

Agent-to-Client Redirection

Add this template to the GPO for a remote desktop or application pool if you want certain URLs to be redirected to the client.

For example, agent-to-client redirection might be used to conserve resources or as an added security layer. If employees are working in a remote desktop or application and they want to watch videos, for example, you might redirect those URLs to the client machine so that no extra load is put on the data center. Or for security purposes, for employees working outside the company network, you might want all URLs that point to external locations outside the company network to be opened on an employee's own client machine.

You could, for example, configure rules so that any content that is not company-related, that is, any URLs that do not point to the company network, are redirected to open on the client machine. In this case you could use the following settings, which include regular expressions:

  • For agentRules: .*.mycompany.com

    This rule means that any URL that contains the text mycompany.com should be opened on the agent.

  • For clientRules: .*

    This rule means that all URLs should be opened on the client, with the default client browser.

The feature uses the following process for applying the rules:

  1. When a user clicks a link in a remote application or desktop, the client rules are checked first.

  2. If a pattern in the URL matches a client rule, the agent rules are checked next.

  3. If there is a conflict between the agent rules and the client rules, the link is opened locally, which means in this case, on the agent machine.

  4. If there is no conflict, the URL is redirected to the client.

    In the example above, there is a rules conflict because URLs with mycompany.com are a subset of all URLs. Because of this conflict, URLs with mycompany.com in them are opened locally. If you click a link with mycompany.com in the URL while in a remote desktop, the URL will be opened on that remote desktop. If you click a link with mycompany.com in the URL in it from a client system, the URL will be opened on the client.

Client-to-Agent Redirection

Add this template to the GPO for a group of client computers if you want certain URLs to be redirected to a remote desktop or application. For example, for security purposes you might want all URLs that point to the company network to be opened in a remote desktop or application. In that case you could set agentRules to:

 .*.mycompany.com

To redirect URLs to a remote desktop or application pool, you must also specify which pool to use. Use the brokerHostname option to specify the IP address or fully qualified domain name of the connection server, and use the remoteItem option to specify the display name of the desktop or application pool, as shown in View Administrator.

If the URL is redirected to a remote desktop, the link is opened in the default browser for that desktop. If the URL is redirected to a remote application, the link is opened using the specified application pool. The end user must be entitled to the desktop or application pool specified.

You can add this template to GPOs for both agent and client, but if you do so, ensure that the rules do not conflict, or that any conflicts are intentional.

Template Setting Details

The following table describes policy settings in the Horizon URL Content Redirection ADM template file. The template contains Computer Configuration settings only.

Table 1. Horizon URL Content Redirection Template Settings

Setting

Properties

IE Policy: Users can't disable URL Redirection plugin

Determines whether users can disable URL Content Redirection.

This setting is disabled by default.

IE Policy: Automatically activate newly installed plugins

Determines whether newly installed Internet Explorer plug-ins are automatically activated.

This setting is disabled by default.

Url Redirection Enabled

Determines whether this feature is turned on.

This setting is enabled by default. You can use this setting to disable the feature even if the component has been installed.

Url Redirection Protocol 'http'

For all URLs that use the HTTP protocol, specifies the URLs that should be redirected.

For example, if you set agentRules to .*.mycompany.com then all URLs that have "mycompany.com" in them are redirected to a remote desktop or remote application. You can further specify which connection server to use by setting brokerHostname, and you can specify which desktop or application pool to use by setting remoteItem to the display name of the pool, as shown in View Administrator.

If you set clientRules to .*.mycompany.com then all URLs that have "mycompany.com" in them are redirected to the Windows-based client and opened in the default browser on the client.

Note:

As a best practice, set the same rules for the HTTP protocol and the HTTPS protocol. That way, if a user types a partial URL, such as mycompany.com into Internet Explorer, if that site automatically redirects from HTTP to HTTPS, the URL Content Redirection feature will work as desired. In this case, if you set a rule for HTTPS but not HTTP, the partial URL that the user types would not be redirected.

This setting is disabled by default.

Url Redirection Protocol 'https'

For all URLs that use the HTTPS protocol, specifies the URLs that should be redirected.

The options are the same as for Url Redirection Protocol 'http'.

Note:

As a best practice, set the same rules for the HTTPS protocol and the HTTP protocol.

This setting is disabled by default.

Url Redirection Protocol 'callto'

For all URLs that use the callto protocol, specifies the URLs that should be redirected.

The options are the same as for Url Redirection Protocol 'http'.

This setting is disabled by default.

Url Redirection Protocol 'email'

For all URLs that use the email or mailto protocol, specifies the URLs that should be redirected.

The options are the same as for Url Redirection Protocol 'http'.

This setting is disabled by default.

Url Redirection Protocol '[...]'

This is a template that you can modify for any additional protocol. If you do not need to configure any additional protocol, you can delete or comment out this entry before adding the ADM template to Active Directory.

Note:

For client-to-agent redirection, if you configure a protocol that does not have a default handler, after you configure a GPO setting for this protocol, you must launch Horizon Client once before URLs that specify this protocol are redirected.