You can use GPO template on the agent OS to turn off True SSO at the pool level or to change defaults for certificate settings such as key size and count and settings for reconnect attempts.

Note:

The following table shows the settings to use for configuring the agent on individual virtual machines, but you can alternatively use the Horizon Agent Configuration template files. The ADMX template file is named (vdm_agent.admx). The ADM template file is named (vdm_agent.adm). Use the template files to make these policy settings apply to all the virtual machines in a desktop or application pool. If a policy is set the policy takes precedence over the registry settings. In Horizon 7 version 7.1, the ADM template files are deprecated and the ADMX template files are added.

The ADMX files are available in a bundled .zip file named VMware-Horizon-Extras-Bundle-x.x.x-yyyyyyy.zip, which you can download from the VMware download site at https://my.vmware.com/web/vmware/downloads. Under Desktop & End-User Computing, select the VMware Horizon 7 download, which includes the bundled .zip file.

Table 1. Keys for Configuring True SSO on Horizon Agent

Key

Min & Max

Description

Disable True SSO

N/A

Set this key to true to disable the feature on the agent. Use this setting in the group policy to disable True SSO at the pool level. The default is false.

Certificate wait timeout

10 -120

Specifies timeout period of certificates to arrive on the agent, in seconds. The default is 40.

Minimum key size

1024 - 8192

Minimum allowed size for a key. The default is 1024, meaning that by default, if the key size is below 1024, the key cannot be used.

All key sizes

N/A

Comma-separated list of key sizes that can be used. Up to 5 sizes can be specified; for example: 1024,2048,3072,4096. The default is 2048.

Number of keys to pre-create

1-100

Number of keys to pre-create on RDS servers that provide remote desktops and hosted Windows applications. The default is 5.

Minimum validity period required for a certificate

N/A

Minimum validity period, in minutes, required for a certificate when it is being reused to reconnect a user. The default is 5.