To increase the security and manageability of your VMware Horizon environment, you should follow best practices when managing administrator users and groups.
- Create new user groups in Active Directory and assign administrative roles to these groups. Avoid using Windows built-in groups or other existing groups that might contain users who do not need or should not have VMware Horizon privileges.
- Keep the number of users with VMware Horizon administrative privileges to a minimum.
- Because the Administrators role has every privilege, it should not be used for day-to-day administration.
- Because it is highly visible and easily guessed, avoid using the name Administrator when creating administrator users and groups.
- Create access groups to segregate sensitive desktops and farms. Delegate the administration of those access groups to a limited set of users.
- Create separate administrators that can modify global policies and VMware Horizon configuration settings.
- Create federation access groups to segregate sensitive global entitlements. Delegate the administration of those federation access groups to a limited set of users.