Client users must have accounts in Active Directory.

Horizon Client User Accounts

Configure user accounts in Active Directory for the users who have access to remote desktops and applications. The user accounts must be members of the Remote Desktop Users group if you plan to use the RDP protocol.

End users should not normally be Horizon administrators. If a Horizon administrator needs to verify the user experience, create and entitle a separate test account. On the desktop, Horizon end users should not be members of privileged groups such as Administrators because they will then be able to modify locked down configuration files and the Windows Registry.

System Accounts Created During Installation

No service user accounts are created on any type of client by the Horizon Client application. For the services created by Horizon Client for Windows, the log-on ID is Local System.

On the Mac client, on the first startup, the user must grant Local Admin access to start the USB and virtual printing (ThinPrint) services. After these services are started for the first time, the standard user has execution access for them. Similarly, on the Linux client, the vmware-usbarbitrator and vmware-view-used daemons start automatically if you click the Register and start the service(s) after installation check box during installation. These processes run as root.

No service user accounts are created by View Agent or Horizon Agent on Windows desktops. On Linux desktops a system account, vmwblast, is created. On Linux desktops, the StandaloneAgent daemon runs with root privileges and the VmwareBlastServer daemon runs with vmwblast privileges.