You can use the vdmadmin command to set the default values for the organizational unit, password expiry, and group membership in Active Directory for clients in kiosk mode.

You must run the vdmadmin command on one of the Connection Server instances in the group that contains the Connection Server instance that clients use to connect to their published desktops.

When you configure defaults for password expiry and Active Directory group membership, these settings are shared by all Connection Server instances in a group.

Procedure

  • Set the default values for clients.
    vdmadmin -Q -clientauth -setdefaults [-b authentication_arguments] [-ou DN] [ -expirepassword | -noexpirepassword ] [-group group_name | -nogroup]
    Option Description
    -expirepassword Specifies that the expiry time for passwords on the client accounts is the same as for the Connection Server group. If no expiry time is defined for the group, passwords do not expire.
    -group group_name Specifies the name of the default group to which client accounts are added. The name of the group must be specified as the pre-Windows 2000 group name from Active Directory.
    -noexpirepassword Specifies that passwords on client accounts do not expire.
    -nogroup Clears the setting for the default group.
    -ou DN Specifies the distinguished name of the default organizational unit to which client accounts are added.

    For example: OU=kiosk-ou,DC=myorg,DC=com

    Note: You cannot use the command to change the configuration of an organizational unit.
    The command updates the default values for clients in the Connection Server group.

Example: Setting Default Values for Clients in Kiosk Mode

Set the default values for the organizational unit, password expiry, and group membership of clients.

vdmadmin -Q -clientauth -setdefaults -ou "OU=kiosk-ou,DC=myorg,DC=com" -noexpirepassword -group kc-grp

What to do next

Find out the MAC addresses of client devices that use their MAC address for authentication.