The authorization mechanism that allows a user to access desktops and applications directly is controlled within a local entitlement group called View Agent Direct-Connection Users (Windows) or vmwvadc (Linux).

If a user is a member of this entitlement group, that user is authorized to connect to the virtual machine-based desktop, published desktop, or published applications.

When VADC Plug-In is first installed on a Windows machine, the View Agent Direct-Connection Users local entitlement group is created and contains the Authenticated Users group. Anyone who is successfully authenticated by the plug-in is authorized to access the desktop or applications.

When VADC Plug-In is first installed on a Linux machine, the vmwvadc local entitlement group is created without any members. To authorize a user to access the desktop or applications based on the machine, add a user entitlement through one of the following methods:

To restrict access to a desktop or multi-session host, you can modify the membership of the entitlement group to specify a list of users. These users can be local or domain users and user groups. If the user is not in this group, the user gets a message after authentication saying that the user is not entitled to access this virtual machine-based desktop or the published desktop and applications that are hosted on this multi-session host.