You must configure Active Directory to accept the accounts that you create to authenticate client devices. Whenever you create a group, you must also entitle that group to the desktop pool that a client accesses. You can also prepare the desktop pool that the clients use.

As a best practice, create a separate organizational unit and group to help minimize your work in administering clients in kiosk mode. You can add individual accounts for clients that do not belong to any group, but this creates a large administrative overhead if you configure more than a small number of clients.

Procedure

  1. In Active Directory, create a separate organizational unit and group to use with clients in kiosk mode.
    You must specify a pre-Windows 2000 name for the group. You use this name to identify the group to the vdmadmin command.
  2. Create the image or template for the guest virtual machine.
    You can use a virtual machine that is managed by vCenter Server as a template for an automated pool, as a parent for an instant-clone desktop pool, or as a virtual machine in a manual desktop pool. You can also install and configure applications on the guest operating system.
  3. Configure the guest operating system so that the clients are not locked when they are left unattended.
    VMware Horizon suppresses the pre-login message for clients that connect in kiosk mode. If you require an event to unlock the screen and display a message, you can configure a suitable application on the guest operating system.
  4. In Horizon Console, create the desktop pool that the clients will use and entitle the group to this pool.
    For example, you might choose to create a floating-assignment, instant-clone desktop pool as being most suitable for the requirements of your client application.
    Important: Do not entitle a client or a group to more than one desktop pool. If you do, VMware Horizon assigns a remote desktop at random from the pools to which a client is entitled, and generates a warning event.
  5. If you want to enable location-based printing for the clients, configure the Active Directory group policy setting AutoConnect Location-based Printing for VMware View, which is located in the Microsoft Group Policy Object Editor in the Software Settings folder under Computer Configuration.
  6. Configure other policies that you need to optimize and secure the remote desktops of the clients.
    For example, you might want to override the policies that connect local USB devices to the remote desktop when it is launched or when the devices are plugged in. By default, Horizon Client for Windows enables these policies for clients in kiosk mode.

Example: Preparing Active Directory for Clients in Kiosk Mode

A company intranet has a domain MYORG, and its organizational unit has the distinguished name OU=myorg-ou,DC=myorg,DC=com. In Active Directory, you create the organizational unit kiosk-ou with the distinguished name OU=kiosk-ou,DC=myorg,DC=com and the group kc-grp for use with clients in kiosk mode.

What to do next

Set default values for the clients.