The Horizon Agent Configuration ADMX template file (vdm_agent.admx) or ADM template file (vdm_agent.adm) contains policy settings related to the authentication and environmental components of Horizon Agent.

The ADMX files are available in a bundled .zip file named VMware-Horizon-Extras-Bundle-x.x.x-yyyyyyy.zip, which you can download from the VMware download site at https://my.vmware.com/web/vmware/downloads. Under Desktop & End-User Computing, select the VMware Horizon 7 download, which includes the bundled .zip file.

Note:

In Horizon 7 version 7.1, the ADM template files are deprecated and the ADMX template files are added.

The following table describes policy settings in the Horizon Agent Configuration ADMX or ADM template file other than those settings that are used with USB devices. The template contains both Computer Configuration and User Configuration settings. The User Configuration setting overrides the equivalent Computer Configuration setting.

Table 1. Horizon Agent Configuration Template Settings

Setting

Computer

User

Properties

AllowDirectRDP

X

Determines whether clients other than Horizon Client devices can connect directly to remote desktops with RDP. When this setting is disabled, the agent permits only View-managed connections through Horizon Client.

When connecting to a remote desktop from Horizon Client for Mac, do not disable the AllowDirectRDP setting. If this setting is disabled, the connection fails with an Access is denied error.

By default, while a user is logged in to a Horizon 7 desktop session, you can use RDP to connect to the virtual machine from outside of Horizon 7. The RDP connection terminates the Horizon 7 desktop session, and the user's unsaved data and settings might be lost. The user cannot log in to the desktop until the external RDP connection is closed. To avoid this situation, disable the AllowDirectRDP setting.

Important:

The Windows Remote Desktop Services service must be running on the guest operating system of each desktop. You can use this setting to prevent users from making direct RDP connections to their desktops.

This setting is in the VMware View Agent Configuration > Agent Configuration folder in the Group Policy Management Editor.

This setting is enabled by default.

AllowSingleSignon

X

Determines whether single sign-on (SSO) is used to connect users to desktops and applications. When this setting is enabled, users are required to enter their credentials only once, when they log in to the server. When this setting is disabled, users must reauthenticate when the remote connection is made.

This setting is in the VMware View Agent Configuration > Agent Configuration folder in the Group Policy Management Editor.

This setting is enabled by default.

CommandsToRunOnConnect

X

Specifies a list of commands or command scripts to be run when a session is connected for the first time.

This setting is in the VMware View Agent Configuration > Agent Configuration folder in the Group Policy Management Editor.

See Running Commands on View Desktops for more information.

CommandsToRunOnDisconnect

X

Specifies a list of commands or command scripts to be run when a session is disconnected.

This setting is in the VMware View Agent Configuration > Agent Configuration folder in the Group Policy Management Editor.

See Running Commands on View Desktops for more information.

CommandsToRunOnReconnect

X

Specifies a list of commands or command scripts to be run when a session is reconnected after a disconnect.

This setting is in the VMware View Agent Configuration > Agent Configuration folder in the Group Policy Management Editor.

See Running Commands on View Desktops for more information.

ConnectionTicketTimeout

X

Specifies the amount of time in seconds that the View connection ticket is valid.

Horizon Client devices use a connection ticket for verification and single sign-on when connecting to the agent. For security reasons, a connection ticket is valid for a limited amount of time. When a user connects to a remote desktop, authentication must take place within the connection ticket timeout period or the session times out. If this setting is not configured, the default timeout period is 900 seconds.

This setting is in the VMware View Agent Configuration > Agent Configuration folder in the Group Policy Management Editor.

CredentialFilterExceptions

X

Specifies the executable files that are not allowed to load the agent CredentialFilter. Filenames must not include a path or suffix. Use a semicolon to separate multiple filenames.

This setting is in the VMware View Agent Configuration > Agent Configuration folder in the Group Policy Management Editor.

Disable Time Zone Synchronization

X

X

Determines whether the time zone of the View desktop is synchronized with the time zone of the connected client. An enabled setting applies only if the Disable time zone forwarding setting of the Horizon Client Configuration policy is not set to disabled.

This setting is in the VMware View Agent Configuration > Agent Configuration folder in the Group Policy Management Editor.

This setting is disabled by default.

DPI Synchronization

X

X

Adjusts the system-wide DPI setting for the remote session. When this setting is enabled or not configured, the system-wide DPI setting for the remote session is set to match the corresponding DPI setting on the client operating system. When this setting is disabled, the system-wide DPI setting for the remote session is never changed.

This setting is in the VMware View Agent Configuration > Agent Configuration folder in the Group Policy Management Editor.

This setting is not configured by default.

Note:

This setting applies only to version 7.0.2 or later and to Windows clients on which Horizon Client 4.2 or later is installed.

Enable multi-media acceleration

X

Determines whether multimedia redirection (MMR) is enabled on the remote desktop.

MMR is a Windows Media Foundation filter that forwards multimedia data from specific codecs on the remote system directly through a TCP socket to the client. The data is then decoded directly on the client, where it is played. You can disable MMR if the client has insufficient resources to handle local multimedia decoding.

This setting is in the VMware View Agent Configuration > Agent Configuration folder in the Group Policy Management Editor.

This setting is enabled by default.

Force MMR to use software overlay

X

MMR tries to use the hardware overlay to play back video for better performance. When working with multiple displays, the hardware overlay exists only on one of the displays, either the primary display or the display where WMP was started. If WMP is dragged to another display, the video appears as a black rectangle. Use this option to force MMR to use a software overlay that works on all displays.

This setting is in the VMware View Agent Configuration > Agent Configuration folder in the Group Policy Management Editor.

This setting is not configured by default.

Single sign-on retry timeout

X

Specifies the time, in milliseconds, after which single sign-on is retried. Set the value to 0 to disable single sign-on retry. The default value is 5000 milliseconds.

This setting is in the VMware View Agent Configuration > Agent Configuration folder in the Group Policy Management Editor.

This setting is not configured by default.

ShowDiskActivityIcon

X

This setting is not supported in this release.

This setting is in the VMware View Agent Configuration > Agent Configuration folder in the Group Policy Management Editor.

Toggle Display Settings Control

X

Determines whether to disable the Settings tab in the Display control panel when a client session uses the PCoIP display protocol.

This setting is in the VMware View Agent Configuration > Agent Configuration folder in the Group Policy Management Editor.

This setting is enabled by default.

UnAuthenticatedAccessEnabled

Enables or disables the unauthenticated access feature. When this setting is enabled, unauthenticated access users can access published applications from a Horizon Client without requiring AD credentials. When this setting is disabled, unauthenticated access users cannot access published applications from a Horizon Client without requiring AD credentials.

You must reboot the RDS host for this setting to take effect.

This setting is in the VMware View Agent Configuration > Agent Configuration folder in the Group Policy Management Editor.

This setting is enabled by default.

Allow local files to be opened in Hosted Apps

X

Allows users to directly open files that are local to the agent machine by using entitled hosted applications with the file redirection feature. When this policy is disabled, only files shared through the Client Drive Redirection feature can be opened.

This Computer Configuration setting is in the VMware View Agent Configuration > Unity Touch and Hosted Apps folder in the Group Policy Management Editor. The User Configuration setting is in the VMware View Agent Configuration > Agent Security > Unity Touch and Hosted Apps folder in the Group Policy Management Editor.

This setting is in the folder in the Group Policy Management Editor.

This setting is enabled by default.

Send updates for empty or offscreen windows

X

Specifies whether the client receives updates about empty or offscreen windows. When this setting is disabled, information about window that are smaller than 2x2 pixels, or that are located entirely offscreen, are not sent to the client.

This setting is in the VMware View Agent Configuration > Unity Touch and Hosted Apps folder in the Group Policy Management Editor.

This setting is disabled by default.

Enable Unity Touch

X

Determines whether the Unity Touch functionality is enabled on the remote desktop. Unity Touch supports the delivery of remote applications in Horizon and allows mobile device users to access applications in the Unity Touch sidebar.

This setting is in the VMware View Agent Configuration > Unity Touch and Hosted Apps folder in the Group Policy Management Editor.

This setting is enabled by default.

Enable system tray redirection for Hosted Apps

X

Determines whether system tray redirection is enabled while a user is running remote applications.

This setting is in the VMware View Agent Configuration > Unity Touch and Hosted Apps folder in the Group Policy Management Editor.

This setting is enabled by default.

Enable user profile customization for Hosted Apps

X

X

Specifies whether to customize the user profile when remote applications are used. If this setting is enabled, a user profile is generated, the Windows theme is customized, and startup applications are registered.

This Computer Configuration setting is in the VMware View Agent Configuration > Unity Touch and Hosted Apps folder in the Group Policy Management Editor. The User Configuration setting is in the VMware View Agent Configuration > Agent Security > Unity Touch and Hosted Apps folder in the Group Policy Management Editor.

This setting is disabled by default.

Limit usage of Windows hooks

X

Disables most hooks when remote applications or Unity Touch are used. This setting is intended for applications that have compatibility issues when OS-level hooks are set. For example, enabling this setting disables the use of most Windows active accessibility and in-process hooks.

This setting is in the VMware View Agent Configuration > Unity Touch and Hosted Apps folder in the Group Policy Management Editor.

This setting is disabled by default, which means that all preferred hooks are used.

Accept SSL encrypted framework channel

X

Enables the SSL encrypted framework channel. The following options are available:

  • Disable - Disable SSL.

  • Enable - Enable SSL. Allow legacy clients to connect without SSL.

  • Enforce - Enable SSL. Refuse legacy client connections.

This setting is in the VMware View Agent Configuration > Agent Security folder in the Group Policy Management Editor.

This setting is not configured by default. The default value is Enable.

Default Proxy Server

X

Default Internet Explorer connection setting for the proxy server. Specifies the proxy server to use in Internet Options > Local Area Network (LAN) Settings.

This setting is in the VMware View Agent Configuration > VMware Client IP Transparency folder in the Group Policy Management Editor.

This setting is not enabled by default.

Enable

X

Enables VMware Client IP Transparency. Remote connections to Internet Explorer use the client's IP address instead of the IP address of the remote desktop machine. This setting takes effect at the next login.

This setting is in the VMware View Agent Configuration > VMware Client IP Transparency folder in the Group Policy Management Editor.

If the VMware Client IP Transparency custom setup option is selected in the Horizon Agent installer, this setting is enabled by default.

Default auto detect proxy

X

Default Internet Explorer connection setting. Turns on Automatically detect settings in Internet Options > Local Area Network (LAN) Settings.

This setting is in the VMware View Agent Configuration > VMware Client IP Transparency folder in the Group Policy Management Editor.

This setting is not enabled by default.

Set proxy for Java applet

X

Sets the proxy for Java applets. The following options are available:

  • Use client ip transparency for Java proxy - directs a remote connection to use the client's IP address instead of the IP address of the remote desktop machine for Java applets.

  • Use direct connection for Java proxy - uses a direct connection to bypass the browser setting for Java applets.

  • Use the default value for Java proxy - restores the original Java proxy settings.

This setting is in the VMware View Agent Configuration > VMware Client IP Transparency folder in the Group Policy Management Editor.

This setting is not enabled by default.

Enable flash multi-media redirection

X

Specifies whether Flash Redirection is enabled on the agent.

This setting is in the VMware View Agent Configuration > VMware FlashMMR folder in the Group Policy Management Editor.

Minimum rect size to enable FlashMMR

X

Specifies the minimum rect size to enable Flash Redirection.

This setting is in the VMware View Agent Configuration > VMware FlashMMR folder in the Group Policy Management Editor.

The default width is 320 pixels and the default height is 200 pixels.

Definition for FlashMMR url list usage

X

Defines the white list or black list rule that enables or disables URLs from using Flash Redirection.

If you select Enable white list from the Definition for FlashMMR url list usage drop-down menu, only the URLs in the URL list are enabled to use Flash Redirection.

If you select Enable black list from the Definition for FlashMMR url list usage drop-down menu, the URLs in the URL list are not able to use Flash Redirection.

You specify the URL list in the Hosts Url list to enable FlashMMR group policy setting.

This setting is in the VMware View Agent Configuration > VMware FlashMMR folder in the Group Policy Management Editor.

This setting specifies a white list by default.

Hosts Url list to enable FlashMMR

X

Specifies the URL list that is enabled or disabled to use Flash Redirection based on the Definition for FlashMMR url list usage group policy setting.

You must include http:// or https://. You can use regular expressions. For example, you can specify https://*.google.com and http://www.cnn.com.

This setting is in the VMware View Agent Configuration > VMware FlashMMR folder in the Group Policy Management Editor.

Note:

The Connect using DNS Name setting was removed in the Horizon 6 version 6.1 release. You can set the View LDAP attribute, pae-PreferDNS, to tell View Connection Server to give preference to DNS names when sending the addresses of desktop machines and RDS hosts to clients and gateways. See "Give Preference to DNS Names When View Connection Server Returns Address Information" in the View Installation document.

USB Settings for the Horizon Agent

See USB Settings in the Horizon Agent Configuration ADMX or ADM Template.