You can restrict access to entitled published desktop and application pools to specific client computers. To restrict access, you must add the names of the client computers that are allowed to access the published desktops or applications in an Active Directory security group and then entitle this group to a pool. The Active Directory security group can contain client computers that belong to any AD Organizational Units (OUs) or default Computer container.
The client restrictions features has certain requirements and limitations.
- You must enable the client restrictions policy when you create or modify the published desktop or application pool. By default, the client restrictions policy is disabled. For published desktop pool settings, see Published Desktop Pools Settings. For application pool settings, see Worksheet for Creating an Application Pool Manually in Horizon Console.
- When you create or modify entitlements for the published desktop or application pool, you must add the Active Directory security group that contains the names of the client computers that are allowed to access the published desktop or application pool.
- The client restrictions feature allows only specific client computers to access published desktop and application pools. It does not give users access to non-entitled desktop and application pools. For example, if a user is not included in an application pool entitlement (either as a user or as a member of a user group), the user cannot access the application pool, even if the user's client computer is part of the AD security group that is entitled to the application pool.
- The client restrictions feature is supported only with Windows client computers in this release. Horizon Client 4.6 for Windows or later is required on the client computers.
- When the client restrictions policy is enabled for published desktop or application pools, non-Windows clients, Windows clients running pre-4.6 versions of Horizon Client for Windows, and HTML Access clients cannot launch the desktops or applications from the restricted pools.
- The client restrictions feature only restricts new sessions from Windows clients. This feature does not restrict existing application session connections from previous user sessions.
- Horizon Client for Windows version 5.0 requires that the client computers belonging to an Active Directory security group be located in the default AD location "CN=Computers."