You can use GPO template on the agent OS to turn off True SSO at the pool level or to change defaults for certificate settings such as key size and count and settings for reconnect attempts.

Note: The following table shows the settings to use for configuring the agent on individual virtual machines, but you can alternatively use the Horizon Agent Configuration template files. The ADMX template file is named ( vdm_agent.admx). Use the template files to make these policy settings apply to all the virtual machines in a desktop or application pool. If a policy is set the policy takes precedence over the registry settings.

The ADMX files are available in, which you can download from the VMware Downloads site at Under Desktop & End-User Computing, select the VMware Horizon download, which includes the ZIP file.

Table 1. Keys for Configuring True SSO on Horizon Agent
Key Min & Max Description
Disable True SSO N/A Set this key to true to disable the feature on the agent. Use this setting in the group policy to disable True SSO at the pool level. The default is false.
Certificate wait timeout 10 -120 Specifies timeout period of certificates to arrive on the agent, in seconds. The default is 40.
Minimum key size 1024 - 8192 Minimum allowed size for a key. The default is 1024, meaning that by default, if the key size is below 1024, the key cannot be used.
All key sizes N/A Comma-separated list of key sizes that can be used. Up to 5 sizes can be specified; for example: 1024,2048,3072,4096. The default is 2048.
Number of keys to pre-create 1-100 Number of keys to pre-create on RDS servers that provide remote desktops and hosted Windows applications. The default is 5.
Minimum validity period required for a certificate N/A Minimum validity period, in minutes, required for a certificate when it is being reused to reconnect a user. The default is 5.