To increase the security and manageability of your Horizon 7 environment, you should follow best practices when managing administrator users and groups.

  • Create new user groups in Active Directory and assign administrative roles to these groups. Avoid using Windows built-in groups or other existing groups that might contain users who do not need or should not have Horizon 7 privileges.

  • Keep the number of users with Horizon 7 administrative privileges to a minimum.

  • Because the Administrators role has every privilege, it should not be used for day-to-day administration.

  • Because it is highly visible and easily guessed, avoid using the name Administrator when creating administrator users and groups.

  • Create access groups to segregate sensitive desktops and farms. Delegate the administration of those access groups to a limited set of users.

  • Create separate administrators that can modify global policies and Horizon 7 configuration settings.