The View Client Configuration ADM template file (vdm_client.adm) contains policy settings related to the View Client configuration.

View Client Configuration Template: Scripting Definitions describes the scripting definition settings in the View Client Configuration ADM template file. The template provides a Computer Configuration and a User Configuration version of each scripting definition setting. The User Configuration setting overrides the equivalent Computer Configuration setting.

View Client Configuration Template: Scripting Definitions

Setting

Description

Connect all USB devices to the desktop on launch

Determines whether all of the available USB devices on the client system are connected to the desktop when the desktop is launched.

Connect all USB devices to the desktop when they are plugged in

Determines whether USB devices are connected to the desktop when they are plugged in to the client system.

DesktopLayout

Specifies the layout of the View Client window that a user sees when logging into a View desktop. The layout choices are as follows:

Full Screen

Multimonitor

Window - Large

Window - Small

This setting is available only when the DesktopName to select setting is also set.

DesktopName to select

Specifies the default desktop that View Client uses during login.

Disable 3rd-party Terminal Services plugins

Determines whether View Client checks third-party Terminal Services plugins that are installed as normal RDP plugins. If you do not configure this setting, View Client checks third-party plugins by default. This setting does not affect View-specific plugins, such as USB redirection.

Logon DomainName

Specifies the NetBIOS domain that View Client uses during login.

Logon Password

Specifies the password that View Client uses during login. The password is stored in plain text by Active Directory.

Logon UserName

Specifies the username that View Client uses during login.

Server URL

Specifies the URL that View Client uses during login, for example, http://view1.example.com.

Suppress error messages (when fully scripted only)

Determines whether View Client error messages are hidden during login.

This setting applies only when the login process is fully scripted, for example, when all the required login information is prepopulated through policy.

If the login fails because of incorrect login information, the user is not notified and the View Client wswc.exe process is terminated.

View Client Configuration Template: Security Settings describes the security settings in the View Client Configuration ADM template file. This table shows whether the settings include both Computer Configuration and User Configuration settings or Computer Configuration settings only. For the security settings that include both types, the User Configuration setting overrides the equivalent Computer Configuration setting.

View Client Configuration Template: Security Settings

Setting

Computer

User

Description

Allow command line credentials

X

Determines whether user credentials can be provided with View Client command line options. If this setting is enabled, the smartCardPIN and password options are not available when users run View Client from the command line.

This setting is enabled by default.

Servers Trusted For Delegation

X

Specifies the View Connection Server instances that accept the user identity and credential information that is passed when a user selects the Log in as current user check box. If you do not specify any View Connection Server instances, all View Connection Server instances accept this information.

To add a View Connection Server instance, use one of the following formats:

domain\system$

system$@domain.com

The Service Principal Name (SPN) of the View Connection Server service.

Certificate verification mode

X

Configures the level of certificate checking that is performed by View Client. You can select one of these modes:

No Security. View does not perform certificate checking.

Warn But Allow. When the following server certificate issues occur, a warning is displayed, but the user can continue to connect to View Connection Server:

A self-signed certificate is provided by View. In this case, it is acceptable if the certificate name does not match the View Connection Server name provided by the user in View Client.

A verifiable certificate that was configured in your deployment has expired or is not yet valid.

If any other certificate error condition occurs, View displays an error dialog and prevents the user from connecting to View Connection Server.

Warn But Allow is the default value.

Full Security. If any type of certificate error occurs, the user cannot connect to View Connection Server. View displays certificate errors to the user.

When this group policy setting is configured, users can view the selected certificate verification mode in View Client but cannot configure the setting. The SSL configuration dialog box informs users that the administrator has locked the setting.

When this setting is not configured or disabled, View Client users can select a certificate verification mode.

To allow a View server to perform checking of certificates provided by a View Client, the View Client must make HTTPS connections to the View Connection Server or security server host. Certificate checking is not supported if you off-load SSL to an intermediate device that makes HTTP connections to the View Connection Server or security server host.

For Windows clients, if you do not want to configure this setting as a group policy, you can also enable certificate verification by adding the CertCheckMode value name to one of the following registry keys on the client computer:

For 32-bit Windows: HKEY_LOCAL_MACHINE\Software\VMware, Inc.\VMware VDM\Client\Security

For 64-bit Windows: HKLM\SOFTWARE\Wow6432Node\VMware, Inc.\VMware VDM\Client\Security

Use the following values in the registry key:

0 implements No Security.

1 implements Warn But Allow.

2 implements Full Security.

If you configure both the group policy setting and the CertCheckMode setting in the registry key, the group policy setting takes precedence over the registry key value.

Default value of the 'Log in as current user' checkbox

X

X

Specifies the default value of the Log in as current user check box on the View Client connection dialog box.

This setting overrides the default value specified during View Client installation.

If a user runs View Client from the command line and specifies the logInAsCurrentUser option, that value overrides this setting.

When the Log in as current user check box is selected, the identity and credential information that the user provided when logging in to the client system is passed to the View Connection Server instance and ultimately to the View desktop. When the check box is deselected, users must provide identity and credential information multiple times before they can access a View desktop.

This setting is disabled by default.

Display option to Log in as current user

X

X

Determines whether the Log in as current user check box is visible on the View Client connection dialog box.

When the check box is visible, users can select or deselect it and override its default value. When the check box is hidden, users cannot override its default value from the View Client connection dialog box.

You can specify the default value for the Log in as current user check box by using the policy setting Default value of the 'Log in as current user' checkbox.

This setting is enabled by default.

Enable jump list integration

X

Determines whether a jump list appears in the View Client icon on the taskbar of Windows 7 and later systems. The jump list lets users connect to recent View Connection Server instances and View desktops.

If View Client is shared, you might not want users to see the names of recent desktops. You can disable the jump list by disabling this setting.

This setting is enabled by default.

Enable Single Sign-On for smart card authentication

X

Determines whether single sign-on is enabled for smart card authentication. When single sign-on is enabled, View Client stores the encrypted smart card PIN in temporary memory before submitting it to View Connection Server. When single sign-on is disabled, View Client does not display a custom PIN dialog.

Ignore bad SSL certificate date received from the server

X

Determines whether errors that are associated with invalid server certificate dates are ignored. These errors occur when a server sends a certificate with a date that has passed.

This setting applies to View 4.6 and earlier releases only.

Ignore certificate revocation problems

X

Determines whether errors that are associated with a revoked server certificate are ignored. These errors occur when the server sends a certificate that has been revoked and when the client cannot verify a certificate's revocation status.

This setting is disabled by default.

This setting applies to View 4.6 and earlier releases only.

Ignore incorrect SSL certificate common name (host name field)

X

Determines whether errors that are associated with incorrect server certificate common names are ignored. These errors occur when the common name on the certificate does not match the hostname of the server that sends it.

This setting applies to View 4.6 and earlier releases only.

Ignore incorrect usage problems

X

Determines whether errors that are associated with incorrect usage of a server certificate are ignored. These errors occur when the server sends a certificate that is intended for a purpose other than verifying the identity of the sender and encrypting server communications.

This setting applies to View 4.6 and earlier releases only.

Ignore unknown certificate authority problems

X

Determines whether errors that are associated with an unknown Certificate Authority (CA) on the server certificate are ignored. These errors occur when the server sends a certificate that is signed by an untrusted third-party CA.

This setting applies to View 4.6 and earlier releases only.

View Client Configuration Administrative Template: RDP Settings describes the Remote Desktop Protocol (RDP) settings in the View Client Configuration ADM template file. All RDP settings are User Configuration settings.

View Client Configuration Administrative Template: RDP Settings

Setting

Description

Audio redirection

Determines whether audio information played on the View desktop is redirected. Select one of the following settings:

Disable Audio

Audio is disabled.

Play VM (needed for VoIP USB Support)

Audio plays within the View desktop. This setting requires a shared USB audio device to provide sound on the client.

Redirect to client

Audio is redirected to the client. This is the default mode.

This setting applies only to RDP audio. Audio that is redirected through MMR plays in the client.

Audio capture redirection

Determines whether the default audio input device is redirected from the client to the remote session. When this setting is enabled, the audio recording device on the client appears in the View desktop and can record audio input.

The default setting is disabled.

Bitmap cache file size in

unit

for

number

bpp bitmaps

Specifies the size of the bitmap cache, in kilobytes or megabytes, to use for specific bits per pixel (bpp) bitmap color settings.

Separate versions of this setting are provided for the following unit and bpp combinations:

KB/8bpp

MB/8bpp

MB/16bpp

MB/24bpp

MB/32bpp

Bitmap caching/cache persistence active

Determines whether persistent bitmap caching is used (active). Persistent bitmap caching can improve performance, but it requires additional disk space.

Color depth

Specifies the color depth of the View desktop. Select one of the available settings:

8 bit

15 bit

16 bit

24 bit

32 bit

For 24-bit Windows XP systems, you must enable the Limit Maximum Color Depth policy in Computer Configuration > Administrative Templates > Windows Components > Terminal Services and set it to 24 bits.

Cursor shadow

Determines whether a shadow appears under the cursor on the View desktop.

Desktop background

Determines whether the desktop background appears when clients connect to a View desktop.

Desktop composition

(Windows Vista or later) Determines whether desktop composition is enabled on the View desktop.

When desktop composition is enabled, individual windows no longer draw directly to the screen or primary display device as they did in previous versions of Microsoft Windows. Instead, drawing is redirected to off-screen surfaces in video memory, which are then rendered into a desktop image and presented on the display.

Enable compression

Determines whether RDP data is compressed. This setting is enabled by default.

Enable Credential Security Service Provider

Specifies whether the View desktop connection uses Network Level Authentication (NLA). In Windows Vista, remote desktop connections require NLA by default.

If the guest operating system requires NLA for remote desktop connections, you must enable this setting or View Client will not be able to connect to the View desktop.

In addition to enabling this setting, you must also verify that the following conditions are met:

Both the client and guest operating systems support NLA.

Direct client connections are enabled for the View Connection Server instance. Tunneled connections are not supported with NLA.

Enable RDP Auto-Reconnect

Determines whether the RDP client component attempts to reconnect to a View desktop after an RDP protocol connection failure. This setting has no effect if the Use secure tunnel connection to desktop option is enabled in View Administrator. This setting is disabled by default.

Note

RDP auto-reconnection is supported for desktops running View Agent version 4.5 or later only. If a desktop has an earlier version of View Agent, some features will not work.

Font smoothing

(Windows Vista or later) Determines whether antialiasing is applied to the fonts on the View desktop.

Menu and window animation

Determines whether animation for menus and windows is enabled when clients connect to a View desktop.

Redirect clipboard

Determines whether the local clipboard information is redirected when clients connect to the View desktop.

Redirect drives

Determines whether local disk drives are redirected when clients connect to the View desktop. By default, local drives are redirected.

Enabling this setting, or leaving it unconfigured, allows data on the redirected drive on the remote desktop to be copied to the drive on the client computer. Disable this setting if allowing data to pass from the remote desktop to users' client computers represents a potential security risk in your deployment. Another approach is to disable folder redirection in the remote desktop virtual machine by enabling the Microsoft Windows group policy setting, Do not allow drive redirection.

The Redirect drives setting applies to RDP only.

Redirect printers

Determines whether local printers are redirected when clients connect to the View desktop.

Redirect serial ports

Determines whether local COM ports are redirected when clients connect to the View desktop.

Redirect smart cards

Determines whether local smart cards are redirected when clients connect to the View desktop.

Note

This setting applies to both RDP and PCoIP connections.

Redirect supported plug-and-play devices

Determines whether local plug-and-play and point-of-sale devices are redirected when clients connect to the View desktop. This behavior is different from the redirection that is managed by the USB Redirection component of View Agent.

Shadow bitmaps

Determines whether bitmaps are shadowed. This setting has no effect in full-screen mode.

Show contents of window while dragging

Determines whether the folder contents appear when users drag a folder to a new location.

Themes

Determines whether themes appear when clients connect to a View desktop.

Windows key combination redirection

Determines where Windows key combinations are applied.

This setting lets you send key combinations to the remote virtual machine or apply key combinations locally.

If this setting is not configured, key combinations are applied locally.

View Client Configuration Template: General Settings describes the general settings in the View Client Configuration ADM template file. General settings include both Computer Configuration and User Configuration settings. The User Configuration setting overrides the equivalent Computer Configuration setting.

View Client Configuration Template: General Settings

Setting

Computer

User

Description

Always on top

X

Determines whether the View Client window is always the topmost window. Enabling this setting prevents the Windows taskbar from obscuring a full-screen View Client window. This setting is enabled by default.

Default Exit Behavior For Local Mode Desktops

X

Controls the default exit behavior of desktops that are running in local mode. The default setting is Shutdown, which causes the guest operating system to shut down.

Delay the start of replications when starting the View Client with Local Mode

X

Specifies the number of seconds to delay the start of replication after View Client with Local Mode starts. A replication copies any changes in local desktop files to the corresponding remote desktop.

The next scheduled replication begins after the delay period. Replications occur at intervals that you specify in local mode policies in View Administrator.

The default delay period is 900 seconds (15 minutes).

Determines if the VMware View Client should use proxy.pac file

X

Determines whether View Client uses a Proxy Auto Config (PAC) file. Enabling this setting causes View Client to use a PAC file.

A PAC file (commonly called proxy.pac) helps Web browsers and other user agents find the appropriate proxy server for a particular URL or Web site request.

If you enable this setting on a multi-core machine, the WinINet application that View Client uses to find the proxy server information might crash. Disable this setting if this problem occurs on your machine.

This setting is disabled by default.

Note

This setting applies to direct connections only. It does not affect tunnel connections.

This setting applies to View 4.6 and earlier releases only.

Disable time zone forwarding

X

Determines whether time zone synchronization between the View desktop and the connected client is disabled.

Disable toast notifications

Determines whether to disable toast notifications from View Client.

Enable this setting if you do not want the user to see toast notifications in the corner of the screen.

Note

If you enable this setting, the user does not see a 5-minute warning when the Session Timeout function is active.

Don't check monitor alignment on spanning

X

By default, the client desktop does not span multiple monitors if the screens do not form an exact rectangle when they are combined. Enable this setting to override the default. This setting is disabled by default.

Enable multi-media acceleration

X

Determines whether multimedia redirection (MMR) is enabled on the client.

MMR does not work correctly if the View Client video display hardware does not have overlay support. MMR policy does not apply to local-desktop sessions.

Enable the shade

X

Determines whether the shade menu bar at the top of the View Client window is visible. This setting is enabled by default.

Note

The shade menu bar is disabled by default for kiosk mode.

Redirect smart card readers in Local Mode

X

Determines whether smart card readers are redirected to local desktops. The readers are shared with the client system.

This setting is enabled by default.

Tunnel proxy bypass address list

X

Specifies a list of tunnel addresses. The proxy server is not used for these addresses. Use a semicolon (;) to separate multiple entries.

URL for View Client online help

X

Specifies an alternate URL from which View Client can retrieve help pages. This setting is intended for use in environments that cannot retrieve the remotely-hosted help system because they do not have internet access.

Pin the shade

X

Determines whether the pin on the shade at the top of the View Client window is enabled and autohiding of the menu bar does not occur. This setting has no effect if the shade is disabled. This setting is enabled by default.

You can define USB policy settings for both View Agent and View Client for Windows. On connection, View Client downloads the USB policy settings from View Agent and uses them in conjunction with the View Client USB policy settings to decide which devices it will allow to be available for redirection from the host machine.

View Client Configuration Template: USB Splitting Settings describes each policy setting for splitting composite USB in the View Client Configuration ADM template file. The settings apply at computer level. View Client preferentially reads the settings from the GPO at computer level, and otherwise from the registry at HKLM\Software\Policies\VMware, Inc.\VMware VDM\Client\USB. For a description of how View applies the policies for splitting composite USB devices, see Configuring Device Splitting Policy Settings for Composite USB Devices.

View Client Configuration Template: USB Splitting Settings

Setting

Properties

Allow Auto Device Splitting

Allow the automatic splitting of composite USB devices.

The default value is undefined, which equates to false.

Exclude Vid/Pid Device From Split

Excludes a composite USB device specified by vendor and product IDs from splitting. The format of the setting is vid-xxx1_pid-yyy2[;vid-xxx2_pid-yyy2]...

You must specify ID numbers in hexadecimal. You can use the wildcard character (*) in place of individual digits in an ID.

For example: vid-0781_pid-55**

The default value is undefined.

Split Vid/Pid Device

Treats the components of a composite USB device specified by vendor and product IDs as separate devices. The format of the setting is

vid-xxxx_pid-yyyy(exintf:zz[;exintf:ww ])

You can use the exintf keyword to exclude components from redirection by specifying their interface number. You must specify ID numbers in hexadecimal, and interface numbers in decimal including any leading zero. You can use the wildcard character (*) in place of individual digits in an ID.

For example: vid-0781_pid-554c(exintf:01;exintf:02)

Note

View does not automatically include the components that you have not explicitly excluded. You must specify a filter policy such as Include Vid/Pid Device to include those components.

The default value is undefined.

View Client Configuration Template: USB Filtering Settings describes each policy setting for filtering USB devices in the View Client Configuration ADM template file. The settings apply at computer level. View Client preferentially reads the settings from the GPO at computer level, and otherwise from the registry at HKLM\Software\Policies\VMware, Inc.\VMware VDM\Client\USB. For a description of how View applies the policies for filtering USB devices, see Configuring Filter Policy Settings for USB Devices.

View Client Configuration Template: USB Filtering Settings

Setting

Properties

Allow Audio Input Devices

Allows audio input devices to be redirected.

The default value is undefined, which equates to true.

Allow Audio Output Devices

Allows audio output devices to be redirected.

The default value is undefined, which equates to false.

Allow HIDBootable

Allows input devices other than keyboards or mice that are available at boot time (also known as hid-bootable devices) to be redirected.

The default value is undefined, which equates to true.

Allow Device Descriptor Failsafe Behavior

Allows devices to be redirected even if the View client fails to get the config/device descriptors.

To allow a device even if it fails the config/desc, include it in the Include filters, such IncludeVidPid or IncludePath.

The default value is undefined, which equates to false.

Allow Other Input Devices

Allows input devices other than hid-bootable devices or keyboards with integrated pointing devices to be redirected.

The default value is undefined, which equates to true.

Allow Keyboard and Mouse Devices

Allows keyboards with integrated pointing devices (such as a mouse, trackball, or touch pad) to be redirected.

The default value is undefined, which equates to false.

Allow Smart Cards

Allows smart-card devices to be redirected.

The default value is undefined, which equates to false.

Allow Video Devices

Allows video devices to be redirected.

The default value is undefined, which equates to true.

Disable Remote Configuration

Disables the use of View Agent settings when performing USB device filtering.

The default value is undefined, which equates to false.

Exclude All Devices

Excludes all USB devices from being redirected. If set to true, you can use other policy settings to allow specific devices or families of devices to be redirected. If set to false, you can use other policy settings to prevent specific devices or families of devices from being redirected.

If you set the value of Exclude All Devices to true on View Agent, and this setting is passed to View Client, the View Agent setting overrides the View Client setting.

The default value is undefined, which equates to false.

Exclude Device Family

Excludes families of devices from being redirected. The format of the setting is family_name_1[;family_name_2]...

For example: bluetooth;smart-card

If you have enabled automatic device splitting, View examines the device family of each interface of a composite USB device to decide which interfaces should be excluded. If you have disabled automatic device splitting, View examines the device family of the whole composite USB device.

The default value is undefined.

Exclude Vid/Pid Device

Excludes devices with specified vendor and product IDs from being redirected. The format of the setting is vid-xxx1_pid-yyy2[;vid-xxx2_pid-yyy2]...

You must specify ID numbers in hexadecimal. You can use the wildcard character (*) in place of individual digits in an ID.

For example: vid-0781_pid-****;vid-0561_pid-554c

The default value is undefined.

Exclude Path

Exclude devices at specified hub or port paths from being redirected. The format of the setting is bus-x1[/y1].../port-z1[;bus-x2[/y2].../port-z2]...

You must specify bus and port numbers in hexadecimal. You cannot use the wildcard character in paths.

For example: bus-1/2/3_port-02;bus-1/1/1/4_port-ff

The default value is undefined.

Include Device Family

Includes families of devices that can be redirected. The format of the setting is family_name_1[;family_name_2]...

For example: storage

The default value is undefined.

Include Path

Include devices at a specified hub or port paths that can be redirected. The format of the setting is bus-x1[/y1].../port-z1[;bus-x2[/y2].../port-z2]...

You must specify bus and port numbers in hexadecimal. You cannot use the wildcard character in paths.

For example: bus-1/2_port-02;bus-1/7/1/4_port-0f

The default value is undefined.

Include Vid/Pid Device

Includes devices with specified vendor and product IDs that can be redirected. The format of the setting is vid-xxx1_pid-yyy2[;vid-xxx2_pid-yyy2]...

You must specify ID numbers in hexadecimal. You can use the wildcard character (*) in place of individual digits in an ID.

For example: vid-0561_pid-554c

The default value is undefined.