In certain VMware Horizon environments, it is a priority to prohibit access to VMware Horizon desktops through the RDP display protocol. You can prevent users and administrators from using RDP to access VMware Horizon desktops by configuring pool settings and a group policy setting.
By default, while a user is logged in to a remote desktop session, you can use RDP to connect to the virtual machine. The RDP connection terminates the remote desktop session, and the user's unsaved data and settings might be lost. The user cannot log in to the desktop until the external RDP connection is closed. To avoid this situation, deactivate the AllowDirectRDP setting.
Prerequisites
Verify that the Horizon Agent Configuration Administrative Template (ADMX) file is installed in Active Directory.
Procedure
- Select the display protocol that you want Horizon Connection Server to use to communicate with Horizon Client devices.
Option Description Create a desktop pool - In Horizon Console, start the Add Pool wizard.
- On the Remote Display Protocol page, select VMware Blast or PCoIP as the default display protocol.
Edit an existing desktop pool - In Horizon Console, select the desktop pool and click Edit.
- On the Desktop Pool Settings tab, select VMware Blast or PCoIP as the default display protocol.
- For the Allow users to choose protocol setting, select No.
- Prevent devices that are not running Horizon Client from connecting directly to Horizon desktops through RDP by disabling the AllowDirectRDP group policy setting.
- On your Active Directory server, open the Group Policy Management Console and select .
- Disable the AllowDirectRDP setting.