To increase the security and manageability of your VMware Horizon environment, you should follow best practices when managing administrator users and groups.

• Create new user groups in Active Directory and assign administrative roles to these groups. Avoid using Windows built-in groups or other existing groups that might contain users who do not need or should not have VMware Horizon privileges.
• Keep the number of users with VMware Horizon administrative privileges to a minimum.
• Because the Administrators role has every privilege, it should not be used for day-to-day administration.
• Because it is highly visible and easily guessed, avoid using the name Administrator when creating administrator users and groups.
• Create access groups to segregate sensitive desktops and farms. Delegate the administration of those access groups to a limited set of users.
• Create separate administrators that can modify global policies and VMware Horizon configuration settings.
• Create federation access groups to segregate sensitive global entitlements. Delegate the administration of those federation access groups to a limited set of users.