You can use GPO template on the agent OS to turn off True SSO at the pool level or to change defaults for certificate settings such as key size and count and settings for reconnect attempts.


The following table shows the settings to use for configuring the agent on individual virtual machines, but you can alternatively use the Horizon Agent Configuration template files. The ADMX template file is named (vdm_agent.admx). Use the template files to make these policy settings apply to all the virtual machines in a desktop or application pool. If a policy is set the policy takes precedence over the registry settings.

The ADMX files are available in, which you can download from the VMware Downloads site at Under Desktop & End-User Computing, select the VMware Horizon 7 download, which includes the ZIP file.

Table 1. Keys for Configuring True SSO on Horizon Agent


Min & Max


Disable True SSO


Set this key to true to disable the feature on the agent. Use this setting in the group policy to disable True SSO at the pool level. The default is false.

Certificate wait timeout

10 -120

Specifies timeout period of certificates to arrive on the agent, in seconds. The default is 40.

Minimum key size

1024 - 8192

Minimum allowed size for a key. The default is 1024, meaning that by default, if the key size is below 1024, the key cannot be used.

All key sizes


Comma-separated list of key sizes that can be used. Up to 5 sizes can be specified; for example: 1024,2048,3072,4096. The default is 2048.

Number of keys to pre-create


Number of keys to pre-create on RDS servers that provide remote desktops and hosted Windows applications. The default is 5.

Minimum validity period required for a certificate


Minimum validity period, in minutes, required for a certificate when it is being reused to reconnect a user. The default is 5.