You can use the default View Direct-Connection Plug-In configuration settings or customize them through Windows Active Directory group policy objects (GPOs) or by modifying specific Windows registry settings. View Agent Direct-Connection Plug-In Configuration SettingsAll configuration settings for View Agent Direct-Connection Plug-In are stored in the local registry on each virtual machine-based desktop or RDS host. You can manage these settings using Windows Active Directory group policy objects (GPOs), through the local policy editor, or by directly modifying the registry. Disabling Weak Ciphers in SSL/TLSTo achieve greater security, you can configure the domain policy GPO (group policy object) to ensure that communications that use the SSL/TLS protocol between Horizon Clients and virtual machine-based desktops or RDS hosts do not allow weak ciphers. Replacing the Default Self-Signed SSL Server CertificateA self-signed SSL server certificate cannot give Horizon Client sufficient protection against threats of tampering and eavesdropping. To protect your desktops from these threats, you must replace the generated self-signed certificate. Authorizing Horizon Client to Access Desktops and ApplicationsThe authorization mechanism that allows a user to access desktops and applications directly is controlled within a local operating system group called View Agent Direct-Connection Users. Using Network Address Translation and Port MappingNetwork Address Translation (NAT) and port mapping configuration are required if Horizon Clients connect to virtual machine-based desktops on different networks. Add a Certificate Authority to the Windows Certificate StoreFor smart card authentication, the certificate authority (CA) that signs the smart card certificate must exist in the Windows certificate store. If not, you can add the CA to the Windows certificate store.