You must set up system and database accounts to administer Horizon 7 components.

Table 1. Horizon 7 System Accounts

Horizon Component

Required Accounts

Horizon Client

Configure user accounts in Active Directory for the users who have access to remote desktops and applications. The user accounts must be members of the Remote Desktop Users group, but the accounts do not require Horizon administrator privileges.

vCenter Server

Configure a user account in Active Directory with permission to perform the operations in vCenter Server that are necessary to support Horizon 7.

For information about the required privileges, see the View Installation document.

View Composer

Create a user account in Active Directory to use with View Composer. View Composer requires this account to join linked-clone desktops to your Active Directory domain.

The user account should not be a Horizon administrative account. Give the account the minimum privileges that it requires to create and remove computer objects in a specified Active Directory container. For example, the account does not require domain administrator privileges.

For information about the required privileges, see the View Installation document.

Connection Server

When you install Horizon 7, you can specify a specific domain user, the local Administrators group, or a specific domain user group as Horizon administrators. We recommend creating a dedicated domain user group of Horizon administrators. The default is the currently logged in domain user.

In Horizon Administrator, you can use View Configuration > Administrators to change the list of Horizon administrators.

See the View Administration document for information about the privileges that are required.

Table 2. Horizon Database Accounts

Horizon Component

Required Accounts

View Composer database

An SQL Server or Oracle database stores View Composer data. You create an administrative account for the database that you can associate with the View Composer user account.

For information about setting up a View Composer database, see the View Installation document.

Event database used by Horizon Connection Server

An SQL Server or Oracle database stores Horizon event data. You create an administrative account for the database that Horizon Administrator can use to access the event data.

For information about setting up a View Composer database, see the View Installation document.

To reduce the risk of security vulnerabilities, take the following actions:

  • Configure Horizon 7 databases on servers that are separate from other database servers that your organization uses.

  • Do not allow a single user account to access multiple databases.

  • Configure separate accounts for access to the View Composer and event databases.