In certain Horizon 7 environments, it is a priority to prohibit access to Horizon 7 desktops through the RDP display protocol. You can prevent users and administrators from using RDP to access Horizon 7 desktops by configuring pool settings and a group policy setting.

About this task

By default, while a user is logged in to a Horizon 7 desktop session, you can use RDP to connect to the virtual machine from outside of Horizon 7. The RDP connection terminates the Horizon 7 desktop session, and the user's unsaved data and settings might be lost. The user cannot log in to the desktop until the external RDP connection is closed. To avoid this situation, disable the AllowDirectRDP setting.

Note:

Remote Desktop Services must be started on the virtual machine that you use to create pools and on the virtual machines that are deployed in the pools. Remote Desktop Services are required for Horizon Agent installation, SSO, and other Horizon session-management operations.

Prerequisites

Verify that the Horizon Agent Configuration Administrative Template (ADMX or ADM) file is installed in Active Directory. See "Using Horizon 7 Group Policy Administrative Template Files" in the Configuring Remote Desktop Features in Horizon 7.

Note:

In Horizon 7 version 7.1, the ADM template files are deprecated and the ADMX template files are added.

Procedure

  1. Select PCoIP as the display protocol that you want Horizon Connection Server to use to communicate with Horizon Client devices.

    Option

    Description

    Create a desktop pool

    1. In Horizon Administrator, start the Add Desktop Pool wizard.

    2. On the Desktop Pool Settings page, select VMware Blast or PCoIP as the default display protocol.

    Edit an existing desktop pool

    1. In Horizon Administrator, select the desktop pool and click Edit.

    2. On the Desktop Pool Settings tab, select VMware Blast or PCoIP as the default display protocol.

  2. For the Allow users to choose protocol setting, select No.
  3. Prevent devices that are not running Horizon Client from connecting directly to Horizon desktops through RDP by disabling the AllowDirectRDP group policy setting.
    1. On your Active Directory server, open the Group Policy Management Console and select Computer Configuration > Policies > Administrative Templates > Classic Administrative Templates (ADM) > VMware Horizon Agent Configuration.
    2. Disable the AllowDirectRDP setting.