At some companies, an administrator might integrate Unified Access Gateway with the third-party OPSWAT MetaAccess application. This integration, which is typically used on unmanaged devices in corporate bring-your-own-device (BYOD) environments, activates organizations to define device acceptance policies for Horizon Client devices.

For example, an administrator might define a device acceptance policy that requires client devices to be password protected or have a minimum operating system version. Client devices that comply with the device acceptance policy can access remote desktops and published applications through Unified Access Gateway. Unified Access Gateway denies access to remote resources from client devices that do not comply with the device acceptance policy.

Normally, applications downloaded from Unified Access Gateway are run on the client in the context of the user. This behavior can be changed by setting a flag on Unified Access Gateway as documented below. The default flag is RUN_AS_USER.
Flag Description
User has admin Rights User does not have admin Rights
RUN_AS_USER Run in the user context. Do not copy code to the client install path. Run in the user context. Do not copy code to the client install path.
RUN_AS_USER_IF_ADMIN Run in the user context. Do not copy code to the client install path. Do not run.
RUN_AS_USER_IF_NON_ADMIN Do not run. Run in the user context. Do not copy code to the client install path.
RUN_AS_SYSTEM Run in the system context, including copying code to the client install path. Run in the system context, including copying code to the client install path.
RUN_AS_SYSTEM_IF_ADMIN Run in the system context, including copying code to the client install path. Do not run.

For more information, see the Deploying and Configuring VMware Unified Access Gateway document.