VMware, Inc. 127
Chapter 7 Offline Desktop

Oncecheckedout,OfflineDesktopusesthinprovisionedvirtualdiskstostore
informationonthehostsystem.Thistypeofdiskoccupiesnomorespacethanthat
requiredbythedataitcontains,andphysicaldiskspaceisonlyallocatedasdatais
written;thisminimizesthestoragefootprintofthedownl
oadedsystem.
Ifanetworkconnectionispresentontheclientsystem,thedesktopthathasbeen
checkedoutwillcontinuetocommunicatewithViewConnectionServerinorderto
obtainusagedata,providepolicyupdates,andensurethatlocallycached
authenticationcriteriaiscurrent.Contactisattemptedevery5minutes.Intheab
sence
ofanetworkconnection,thedesktopwillfallbackonlocallycachedinformationin
ordertoauthenticatetheuserduringlogin.
Thedataoneachofflinesystemisencryptedandhasalifetimecontrolledthrough
policy—iftheclientlosescontactwiththeViewConnectionServer,themaximumtime
withoutserv
ercontactistheperiodinwhichtheusercancontinuetousethedesktop
beforetheyarerefusedaccess;thiscountdownisresetoncetheconnectionis
re‐established.Priortodisconnection,theuserisnotifiedthattheofflinedesktop
lifetimeisabouttoexpire.
Similarly,ifuseraccessisremov
ed—thatis,ifentitlementiswithdrawnortheaccount
issuspended—theclientsystembecomesinaccessiblewhenthecacheexpiresorafter
theclientismadeawareofthischangebytheViewConnectionServer(whichever
comesfirst).Inthisscenario,theuserisnotnotifiedpriortodisconnection.
Tunneled Communications and SSL
OfflineDesktopsupportstunneledornon‐tunneledcommunicationsforLAN‐based
datatransfers.
 Whentunnelingisenabled,alltrafficisroutedthroughtheViewConnection

Server.
 Whentunnelingisnotenabled,datatransferstakeplacedirectlybetweenthe
onlinedesktophostsystemandtheofflineclient.
YoucandisabletunnelingbyselectingtheDirectconnectionforOfflineDesktop
operationscheckboxintheConfigurationpageoftheadministrativeinterface.
Inadditiontospecifyingtherouteforcommunications,youcanencryptthe
c
ommunicationsanddatatransfersthattakeplacebetweentheOfflineDesktopclient
andtheViewConnectionServ erbyselectingtheRequireSSLforOfflineDesktop
operationscheckboxintheConfigurationpageoftheadministrativeinterface.
N
OTEBypassingthetunnelandusinganunencryptedconnectionincreasesdata
transferspeedattheexpenseofsecuredatacommunication.Theencryptionsettinghas
noeffectontheofflinedataitself,whichisalwaysencryptedontheclientsystem.
View Manager Administration Guide
128 VMware, Inc.

Offline Desktop Policies
CertainOfflineDesktopfeaturescanbecontrolledthroughpolicy.Forinformation
aboutconfiguringandapplyingpoliciestoofflinedesktopsattheglobal,pool,oruser
levelreferto“ClientPolicies”onpage 139.
Supported Desktop Types
NotalltypesofViewManagerdesktopconfigurationsupportOfflineDesktop.
Table 7‐2providesamatrixthatdescribestheavailabilityofthisfeaturetothedifferent
desktoptypes.
Additional Considerations
WhenusingOfflineDesktopyoumustbeawareofthefollowingconsiderations:
 ViewClientwithOfflineDesktopcannotberunonavirtualmachine.
 ViewClientwithOfflineDesktopdoesnotsupporttheuseofsmartcards.
Table 7-2. Offline Desktop – Supported Desktops

Type Persistence Desktop Configuration Offline Desktop
Individual
Desktop
Non‐Persistent Virtualmachinesmanagedby
VirtualCenter
Yes
Virtualmachinesnotmanagedby
VirtualCenter
No
Physicalsystems
Automated
DesktopPool
Persistent Non‐linkedclone Yes
Linkedclone No
Non‐Persistent All
ManualDesktop
Pool
Persistent Virtualmachinesmanagedby
VirtualCenter
Yes
Virtualmachinesnotmanagedby
VirtualCenter
No
Physicalsystems
Non‐Persistent All
Microsoft
TerminalServices
DesktopPool
N/A N/A
VMware, Inc. 129

Chapter 7 Offline Desktop

 Youcannotdownloadadesktoptoasystemwheretheguestexceedsthe
capabilitiesofthehost;thehostsystemmustbeatleastascapableastheguestin
ordertoruntheViewManagerdesktop.
 Youcannotdownloadades ktopifanotheruseriscurrentlyloggedintothatdesktop.
 ESXsupportstwosimultaneousdesktopcheckouts.ESXisupportsfive
simultaneousdesktopcheckouts.
 HostCD‐ROMredirectionisnotsupported.
 Whenadesktopischeckedout,NATisusedfornetworkcommunications.
The MACaddressoftheofflinesystemremainsthesameasitsonlineequivalent.
 AswithRDP,youcancopyandpastetextbetweenhostandguestsystems.
However,youcannotcopyandpastesystemobjectssuchasfoldersandfiles
betweensystems.
 Localdrivesareautomaticallymountedontheguestsystem.
 Onceadesktopischeckedoutonaclientsystem,anychangesmadewithinView
Administratortothedesktopordesktoppoolsettingswillonlybeappliedafterthe
desktophasbeencheckedinagain.
View Client with Offline Desktop
Inordertoaccessanofflinedesktop,usersmustfirstdownloadacopyoftheonline
virtualmachinetotheirlocalsystemusingtheViewClientwithOfflineDesktop
application.YoucannotinstallViewClientwithOfflineDesktoponanysystemthathas
thefollowingapplicationsinstalled:
 VMwareWorkstation
 VMwareACE
 VMwarePlayer
 VMwareServer
TheaboveapplicationsmustbeuninstalledpriortoinstallingViewClientwithOffline
Desktop.
N

OTETheViewClientapplicationprovidesasubsetofthefunctionalityofferedby
ViewClientforOfflineDesktop;however,manyoftheadministrativetasksand
connectionconsiderationsarecommontobothapplications,includinganumberof
startupoptionsthatcanbeinvokedwhenlaunchingtheapplicationfromacommand
prompt.RefertoChapter
5,“ClientManagement,”onpage 69formoreinformation
aboutthis.
View Manager Administration Guide
130 VMware, Inc.

Beforedownloadinganautomatedpooldesktopforthefirsttime,usersmustconnect
tothisdesktopusinganyViewManagerclient.Thiswillensurethatalocalprofileis
createdonthatdesktopthatcanbeusedtoauthenticateofflinesessionsin
environmentsthathavenonetworkavailability.Itwillalsoen
surethatthedesktopis
correctlyassociatedwiththeuserinViewManager.Thisstepisoptional(although
recommended)forindividualdesktops.
To install View Client with Offline Desktop
1RuntheViewClientwithOfflineDesktopexecutableonthesystemthatwillhost
theclient,wherexxxisthebuildnumberofthefile:
VMware-viewclientwithoffline-xxx.exe
TheInstallationwizardisdi
splayed.ClickNext.
2AccepttheVMwarelicensetermsandclickNext.
3 Chooseyourcustomsetupopt ions.YoumustinstalltheViewClientwithOffline
Desktopcomponent,howeveryoumaydeselecttheUSBRedirectioncomponent
ifvirtualdesktopusersdonotneedtoaccesslocallyconnectedUSBdeviceswith
theirvirtualdesktops.
Clic
kNexttoacceptthedefaultdestinationfolderorclickChangetousea

differentdestinationfolderandthenclickNext.
4 (Optional)EnterthedefaultIPaddressorFQDNoftheservertowhichtheclient
willconnectandclickNext.
5ConfigureshortcutsfortheViewClientwithOfflineDesktopandthe
nclick
Next > Install > Finish.
To start View Client with Offline Desktop
1IfViewClientdoesnotstartautomatically afterinstallati on,click Start>Programs>
VMware>ViewManagerClient.
2IntheConnectionServerdrop‐downmenu,enterthehostnameorIPaddressof
aViewConnectionServerandclickConnect.
3Enterthecredentialsfo
ranentitlesuser,selectthedomainandclickLogin.
N
OTEInenvironmentswhereanetworkconnectionisavailable,theusersessionwill
alwaysbeauthenticatedbyViewConnectionServer.
VMware, Inc. 131
Chapter 7 Offline Desktop

4 ChooseadesktopfromthelistprovidedandclickConnect.
5ViewClientwithOfflineDesktopwillattempttoconnecttothespecifieddesktop.
Uponconnection,theclientwindowisdisplayed.
Userscandetermineifadesktopiseligibleforcheckoutbyright‐clickingitinthe
listprovidedbyViewClientwithO
fflineDesktoptodisplayitscontextmenu.
If thedesktopcanbeusedoffline,theCheckoutoptionisdisplayed.
Checking Out a Desktop
Whenuserscheckoutadesktopforthefirsttime,theyaregiventheopportunityto
specifywherethedownloadedvirtualmachineshouldresideontheirlocalsystem.
Afterthecheckoutbegins,thedownloadprogressisprovidedbyanon‐screen

indicator.
Oncethedatahasbeendownloaded,useraccessisdi
rectedtotheofflinedesktopuntil
itischeckedbackin.
Offline Desktop Status
Youcanexamineallcurrentofflinesessionsattheglobalordesktoppoollevelby
clickingtheDesktopsandPoolsbuttonandthenselectingtheOfflineSessions
tab—eitherforalldesktopsorforaspecificpool—inViewAdministrator.
Thisviewpresentsyouwithapanethatcontainsastatustableforalltheofflinese
ssions
currentlyknowntotheserver.Thecolumnentriesinthistablearedescribedin
Table 7‐3.
N
OTEOnlytheuserwhochecksoutthedesktopcanaccessit,evenifthedesktop
isentitledtoagroup.
NOTEUserscanpauseorcancelthecheckinorcheckoutprocesswheneverdatais
beingmovedbetweentheonlineandofflinecontextbyright‐clickingtheentryto
displayitscontextmenu.
N
OTEUserscannotusetheirofflinedesktopiftheymanuallymovethevirtual
machinedataontheirsystemtoanalternatelocationorontoadifferentsystem.
View Manager Administration Guide
132 VMware, Inc.

Inadditiontotheaboveinformation,youcanviewthehostnameandIPaddressofa
clientsystemandthenameofthecheckedoutdesktopanditsDNSentryorIPaddress
byselectingadesktopfromthelistandclickingDetails.
Client Connection
Multipleusersmaybeentitledtouseasystem,butonlytheuserwhoinitiallychecks
outadesktopcanaccessitlocallyusingtheViewClientwithOfflineDesktop

application.
Ifauserconnectstotheofflinedesktopintheabsenceofanetworkconnection,the
locallycacheduserinformationisus
edtoauthenticatetheuser.Onceloggedin,ifthe
connectionisrestoredtheusermustreauthenticateinordertocontinuetousetheir
desktop;ifRSAauthenticationisenabled,thisinformationwillalsoberequired.
Table 7-3. Offline Sessions
Field Description
User TheActiveDirectoryIDoftheuserwhocheckedoutthedesktop—this
isintheformdomain\username.
Desktop Thepersistentdesktopordesktoppooldisplayname(ifonewas
providedwhenthedesktoporpoolwascreatedinViewManager).
Status Thecurrentcheckoutstatus,whichcanbeoneofthefoll
owing:
 Checkingout—dataisbeingdownloadedtotheclientsystem,or
hasbeenpausedduringtransfer
 Checkedout—anofflinedesktopexistsontheclientsystemandthe
onlineequivalentislocked
 Checkingin—dataisbeinguploadedfromtheclientsystem
(either intheformofabackuporasafullcheckin)orhasbeen
pausedduringtransfer
Check‐outTime Thetimeatwhichthelastcheckoutwasinitiatedbytheclient.
OfflineDuration Theoveralltimeofofflineusageknowntoth
eViewConnectionServer
sincethedesktopwascheckedout.
LastServerContact ThelasttimeViewClientwithOfflineDesktopmadecontactwithView
ConnectionServer.Whenaconnectioncanbeestablished,theserveris
contactedevery5minutes.
LastBackup ThelasttimetheofflinedesktopwasbackeduptotheVi
ewConnection

Server.Ifnobackuphasyettakenplace,thetimeindicatedisthesame
asCheck‐outTime.
VMware, Inc. 133
Chapter 7 Offline Desktop

Removing Access
Inadditiontothestandardmethodsofaccountsuspensionorremovalofferedby
ActiveDirectory,OfflineDesktopsessionscanbeterminatedfromwithinthe
administrativeinterfacebyremovinguserentitlementfromanindividualdesktopor
desktoppool,orbydiscardingtheofflinesession.
Ifyouremoveentitlementfromanindividualdesktopordes
ktoppoolthatcontainsan
activecheckedoutsessionwheretheViewConnectionServerisabletocommunicate
withtheclient,thedesktopissuspendedassoonastheclientdetectsthatentitlement
hasbeenwithdrawn.Uponsuspension,theuserispresentedwithanerrorthatinforms
themthatthede
sktopisnolongerallowedtorunoffline.
Ifnocommunicationcanbeestablishedwiththeofflineclient,theuserisnotifiedthat
theiraccesshasbeenremovedthenexttimetheyattempttoaccesstheirdesktopinthe
presenceofanetworkconnection.
Rolling Back a Desktop
Youcanalsoremoveclientaccesstotheirofflinedesktopbyrollingbacktheiroffline
session.Oncearollbackeventhasbeeninitiated,theofflineclient—ifitcanbe
contacted—isnotifiedthattheuserisnolongerallowedtologintotheircheckedout
desktop.
 Ifacheckedoutdesktopisrolledbackwhiletheuserisloggedin,thecurrent
sessionisterminatedassoonasViewClientwithOfflineDesktopreceives
notification.
 Iftheuserisnotloggedin,subsequentattemptsto connectwillberedirectedtothe
onlinedesktop.

Inordertocontinueworkingoffline,theusermustnowcheckoutthedesktopfromthe
server.
Torollbackanofflinedesktopsession,selectthedesktopfromthelistprovidedinthe
tableun
dertheOfflineSessionstab,andclickRollback.
Iftheclientpolicyallowsit,userscanalsorollbackadesktopfromwithinViewClient
orViewPortaldesktopbyright‐clickingontheofflinedesktopentryandclicking
Rollbackfromthecontextmenu.Onlytheuserwhocheckedoutthede
sktopisallowed
todothis.
NOTEARollbackcannotbeexecutedduringanytypeofactivetransfer.
View Manager Administration Guide
134 VMware, Inc.

VMware, Inc. 135

8
Apolicyisaruleorsetofrulesdefinedbyasystemadministratorthatgovernsthe
behaviorofanapplication.WithinViewManager,policiescanbeusedtoestablishthe
configurationofconstituentcomponentsbycontrollingtheloggingofinformation,
managingclientaccess,restrictingdeviceusage,establishingsecurityparametersfor
c
lientusage,andsoforth.
SomecomponentpoliciescanbeassignedthroughViewAdministrator,whereasothers
arecontainedwithinGroupPolicyObjectsinsideActiveDirectoryandareappliedto
usersordesktopsattheWindowsregistrylevel.Thefollowingsectionsdescribethe
purposeofeachtypeofpolicy,andwheretheyareconfig
uredandapplied.
Thischapterdiscussesthefollowingtopics:
 “PowerPolicy”onpage 135

 “ClientPolicies”onpage 139
 “GroupPolicyObjects”onpage 142
Power Policy
Duringthedeploymentprocess,manytypesofdesktopordesktoppoolpresentyou
withtheopportunitytoconfigurethepowerpolicyoftheirdesktopsources.Power
policycontrolshowdesktopsbehavewhentheyarenotinuseandisthereforean
importantmechanismforthemanagementofresourceswithinyourVIenvi
ronment.
Component Policies
8
NOTEAViewManagerdesktopisnotinusebeforetheuserhasloggedin,orafterthe
userhasdisconnectedorloggedoff.
View Manager Administration Guide
136 VMware, Inc.

Table 8‐1describesthedifferentvirtualmachinepowerpolicystatesthatcanbe
assignedtoadesktopordesktoppoolduringdeployment.
Table 8‐2describesthecircumstancesunderwhichthepowerpolicyisapplied
Table 8-1. Power Policy Definitions
Property Description
Donothing(VMremainson) Virtualmachinesthatarepoweredoffwillbestarted
whenrequiredandwillremainon,evenwhennotinuse,
untiltheyareshutdown.
EnsureVMisalwayspoweredon Allvirtualmachinesinthepoolremainpoweredon,
evenwhentheyarenotinuse.Ifth
eyareshutdown,
theywillimmediatelyrestart.
Suspend Allvirtualmachinesinthepoolenterasuspendedstate
whennotinuse.
Poweroff Allvirtualmachinesinthepoolshutdownwhennotin

use.
Table 8-2. Power Policy Notes
Desktop Type Power Policy is Applied
IndividualDesktop(VirtualCenter
ManagedVM)
Afteruserdisconnectionorlogoff.
PersistentAutomatedPool Whennotinuseorafteruserdisconnectionorlogoff.
Thispolicyonlyappliestounassigneddesktops.
Non‐PersistentAutomatedPool Whennotinuseorafteruserdisconnectionorlogoff.
Note:IfthePowerOffpolicyisappliedaftera
disconnection,th
esessionisdiscarded.IftheSuspend
policyisappliedafteradisconnection,anorphaned
sessioncouldbecreated(thedesktopisnon‐persistent
sothereisnoguaranteethattheuserwilleverbeableto
returntoit).
EnsurethatAutomaticlogoffafterdisconnectissetto
Immediatelyinor
dertopreventeitherscenario.
PersistentManualPool
(VirtualCenterManagedVMs)
Afteruserdisconnectionorlogoff.Thispolicyonly
appliestounassigneddesktops.
VMware, Inc. 137
Chapter 8 Component Policies

Power Policy in Automated Pools
Inanautomatedpool,powerpolicyisacquiescenttotherulesregardingdesktop
availability.Anavailabledesktopisonethatisactive,doesnotcontainausersession,
isnotassignedtoauser,andhasanactiveViewAgentservicethatconfirmsits

availabilitytoViewConnectionServerbasedupontheprecedingcri
teria.
Power Policy Example 1
Ifaparticularnumberofdesktopsarerequiredtobeavailableatanygiventime,the
powerpolicyforthosedesktopsensuresthattheyarealwayspoweredon.This
behaviorisillustratedinthefollowingpoolingexample,theparametersforwhichare
providedinTable 8‐3.
Afterthedeploymentprocessisco
mpleted,10desktopsarecreated:2arepoweredon
andimmediatelyavailable,and8areinasuspendedstate.Foreachnewuserthat
connects,adesktopispoweredonsoastomaintaintheavailabilitylevel.
Whenthenumberofconnectedusersexceeds8,additionaldesktops—uptoalimit
of 20—arecreat
edsothattheavailabilitylevelcanbemaintained.Oncethemaximum
numberisreached,thedesktopsofthefirst2userstodisconnectremainpoweredonin
ordertomaintaintheavailabilitythreshold.Thedesktopofeachsubsequentuserto
disconnectissuspended,asperpolicy.
Non‐PersistentmanualPool Afteruserdisconnectionorlogoff.
Note:IfthePowerOffpolicyisappliedaftera
disconnection,thesessionisdiscarded.IftheSuspend
policyisappliedafteradisconnection,anorphaned
sessioncouldbecreated(thedesktopisnon‐persistent
sothereisnoguaranteethattheuserwillev
erbeableto
returntoit).
EnsurethatAutomaticlogoffafterdisconnectissetto
Immediatelyinordertopreventeitherscenario.
PhysicalSystems/Terminal
ServicesDesktopPool
N/A

Table 8-2. Power Policy Notes (Continued)
Desktop Type Power Policy is Applied
Table 8-3. Pooling Example 1
Type Minimum Maximum Available Power Policy
Non‐PersistentAutomatedPool 10 20 2 Suspend
View Manager Administration Guide
138 VMware, Inc.

Power Policy Example 2
Inthefollowingpoolingexample—theparametersforwhichareprovidedin
Table 8‐4—themaximumandminimumnumberofdesktopsareequal.
Initially,5desktopsarecreated:3suspendedand2poweredonandavailable.Ifa
fourthsysteminthispoolissuspended,noadditionaldesktopiscreatedasthe
maximumnu
mberhasalreadybeenreached.Instead,oneoftheexistingsystemis
resumed.
Power Policy Example 3
Persistentautomatedpoolsbehaveslightlydifferently.Althoughadesktopmaybe
poweredon,itmayalsobeassignedtoauserandisthereforenotconsideredtobe
available.Table 8‐5containsexampleparametersforapoolofthistype.
Inthisexample,3desktopsarecreatedandpoweredon.Ifthede
sktopsarethen
manuallypoweredoffinVirtualCentertheywillallimmediatelypoweronagain,as
perpolicy.
Onceauserconnectstoadesktop,itbecomespermanentlyassignedtothem;afterthey
disconnect,itisnolongeravailabletoanyotheruser.Iftheassigneddesktopisshut
downfromwithinVi
rtualCenter,itremainspowereddown—thepowerpolicyno
longerapplies—althoughthereconnectionofitsassignedViewManageruserwill
automaticallypoweronthedesktoponcemore.

Atthistime,therearestillasufficientnumberofunassigneddesktopsremaininginthe
poolfortheavailabilitycriteriatobemet.However,whenan
otheruserconnectsa
seconddesktopbecomesassigned.Now,thenumberofavailabledesktopshasfallen
belowthethresholdlevelsoanewdesktopiscreatedandpoweredon.
Intheabovescenario,thecreationofadditionaldesktopstakesplaceeverytimeanew
userisassigneduntilthem
aximumdesktopthresholdisreached.
Table 8-4. Pooling Example 2
Type Minimum Maximum Available Power Policy
Non‐PersistentAutomatedPool 5 5 2 Suspend
Table 8-5. Pooling Example 3
Type Minimum Maximum Available Power Policy
PersistentAutomatedPool 3 5 2 E nsureVMis
always
poweredon
VMware, Inc. 139
Chapter 8 Component Policies

Client Policies
ThepropertiesprovidedunderthepoliciestabinVi ewAdministratorar eusedtoassert
behavioralcontroloverclientcomponentsattheglobal,desktoppool,ordesktopuser
level.Bydefault,eachuser‐levelpolicyinheritsitssettingfromapool‐levelpolicythat,
inturn,inheritsitssettingfromaglobalpolicy
.
Anumberofgeneralcomponentbehaviorsrelatingtodesktopsessionscanbe
configureddirectlyfromwithinViewAdministrator.Thesepoliciescanapplytoboth
ViewClientandViewClientwithOfflineDesktopandaredescribedinTable 8‐6.
Table 8-6. Client Policies
Property Description

USBAccess SpecifiesifdesktopscanuseUSBdevicesconnectedtotheclientsystem.
Administratorscanpreventuseofexternaldevicesasasecuritymeasure.
AvailableoptionsareAllowandDeny.Pool‐anduser‐levelpoliciesmayalso
Inheritthedefaultsettingfromtheirparent.
ThedefaultisAllow.
MMR Specifiesifmulti
mediaredirection(MMR)isenabledontheclient.MMRisa
MicrosoftDirectShowfilterthatforwardsmultimediadatafromspecificcodecs
ontheremotesystemdirectlythroughaTCPsockettotheclient.Thedatais
thendecodeddirectlyontheclient,whereitisplayed.
AdministratorscandisableMMRifth
eclienthasinsufficientresourcesto
handlelocalmultimediadecoding.
AvailableoptionsareAllowandDeny.Pool‐anduser‐levelpoliciesmayalso
Inherittheirdefaultsettingsfromtheirparent.
Note:MMRwillnotwo rkcorrectlyiftheclientvideodisplayhardwaredoesnot
haveoverlaysupport.MMRpolicydoesnotapplytoOf
flineDesktopsessions.
ThedefaultisAllow.
View Manager Administration Guide
140 VMware, Inc.

TheViewManagerpoliciesthatrelatespecificallytoOfflineDesktopsessionsare
describedinTable 8‐7.
Configuring and Applying Client Policies
Wherethenewpool‐levelpolicyismorerestrictive,apool‐levelpolicycanbe
configuredtooverridetheequivalentglobalpolicy.
Forexample,iftheglobalpolicyfordesktopcheckoutisAllow,youcansetthe
equivalentpool‐levelpolicytoDeny.Thereverseisnottrue.Iftheglobalpolicyfor
de

sktopcheckoutisDeny,youcannotapplytheequivalentpool‐levelpolicytoAllow.
Table 8-7. Client Policies for Offline Desktop
Property Description
OfflineDesktop Specifiesifdesktopscanbecheckedoutforlocaluse.
AvailableoptionsareAllowandDeny.Pool‐and
user‐levelpoliciesmayalsoInheritthedefaultsetting
fromtheirparent.
ThedefaultisAllow.
User‐initiatedRollback Specifiesifusersareallowedtodiscardtheiroffline
desktopinordertore
verttousingtheonlineversion.
Whenthisactioniscarriedout,thelockontheonline
desktopisreleasedandtheofflinedesktopis
abandoned—thelocalfolderthatcontainstheoffline
desktopdatacanthenbemanuallyremovedanddeleted
ifnecessary.
AvailableoptionsareAllowandDeny.Pool‐and
user‐lev
elpoliciesmayalsoInherittheirdefaultsettings
fromtheirparent.
ThedefaultisAllow.
Maxtimewithoutservercontact SpecifiestheamountoftimeanOfflineDesktopdesktop
canrunwithoutsuccessfullycontactingtheView
ConnectionServerforpolicyupdates.Whenthistimeis
reached,awarningisdi
splayedtotheuserandtheoffline
desktopissuspended.
Theavailableoptionsforpool‐anduser‐levelpoliciesare
Inherit,wherethedefaultsettingisinheritedfromthe
parent,andSet.

WhenSetisselectedyoucanthenenterthelifetimeofthe
cacheinDays,Hours,orMinutesinth
efieldprovided.
Thispolicycanbemodifiedatthegloballevelinth esame
wayandstartswithadefaultof7days.
VMware, Inc. 141
Chapter 8 Component Policies

Similarly,iftheglobalpolicythatspecifiestheamountoftimeacheckedoutdesktop
canrunwithoutsuccessfullycontactingtheserverissetto10minutes,youcannot
applyaservercontactpolicyof30minutestoanydesktoppool.
User‐levelpoliciesoverrideglobal‐orpool‐levelpolicies—thatis,theycanbemoreor
le
ssrestrictivethaneither.Forexample,iftheglobalservercontactpolicyforall
checkedoutdesktopsis10minutes,andthepool‐levelequivalentis 5minutes,youcan
assignaservercontactpolicyof30minutestoanyuserinthatpool.
To configure and assign global policy settings
1FromViewAd
ministrator,clicktheDesk topsandPoolsbutton()todisplaythe
GlobaldesktopandpoolviewandthenclicktheInventorytab.IntheInventory
pane,ensurethatthetop‐levelDesktopsentry()isselected.
2IntheDesktopspane,clicktheGlobalPoliciestab.Youarepresentedwiththe
globalpoliciespage.
3I
ntheVi ewPoliciesboxorOfflineDesktopPoliciesbox,clickEdit.Theappropriate
policieswindowisdisplayed.
4SpecifythepolicysettingsandclickOK.Theglobalpolicysettingsarenow
applied.
To configure and assign pool-level policy settings
1FromViewAdministrator,clicktheDesktopsandPoolsbutton()todisplaythe

Globaldesktopandpoolvi
ewandthenclicktheInventorytab.
2IntheInventorypane,selectthedesktoppoolentry()thatcorrespondstothe
poolyouwanttoapplythepolicyto.
3IntheDesktopspane,clickthePoliciestab.Youarepresentedwiththepolicies
pageforthisdesktoppool.
4IntheVi
ewPoliciesbox,clickEditPoolPolicies.Ifyouhaveselectedanoffline
desktopandwanttoconfigureofflinepolicies,clickOfflineDesktopPolicies.
The appropriatepolicieswindowisdisplayed.
5SpecifytheOfflineDesktop,User‐initiatedrollback,andMaxtimewithout
servercontactpolicysettingsandclickOK.Thepool‐lev
elpolicysettingsarenow
applied.
N
OTEViewAdministratorwarnsyouifyouattempttoapplyalessrestrictivepolicy
toapool.
View Manager Administration Guide
142 VMware, Inc.

To configure and assign user-level policy settings
1FromViewAdministrator,clicktheDesktopsandPoolsbutton()todisplaythe
GlobaldesktopandpoolviewandthenclicktheInventorytab.
2IntheInventorypane,selectthedesktoppoolentry()thatcorrespondstothe
poolyouwanttoapplythepolicyto.
3IntheDesktopspane,clickthePoliciestab
.Youarepresentedwiththepolicies
pageforthisdesktoppool.
4InthePolicyOverridesbox,clickAddUser.ThePolicyOverridewindowis
displayed.

5ClickAddandenterthenameordescriptionoftheuserorusersyouwanttoassign
thepolicyto,andclickFindNow.
6
SelectoneormoreusersfromthelistandclickOKtoreturntothePolicyOverride
window.
7 Selecttheuser,orusers,youwanttoassignanewpolicytoandclickNext.
8SpecifythepolicysettingsandclickOK.Theuser‐levelpolicysettingsarenow
applied.
Group Policy Objects
GroupPolicyisafeatureoftheMicrosoftWindowsNTfamilyofoperatingsystemsthat
providescentralizedmanagementandconfigurationofcomputersandremoteusersin
anActiveDirectoryenvironment.Policypropertiesarecontainedwithinentitiescalled
GroupPolicyObjects(GPOs)andcanbeconfiguredbyusingtheGroupPolicyeditor
fe
aturesprovidedbyActiveDirectory.
GPOscanbeappliedtoViewManagercomponentsatadomain‐widelevelinorderto
providegranularcontrolovervariousareasoftheViewManagerenvironment.Once
applied,GPOpropertiesarestoredinthelocalWindowsregistryofthespecified
component.
N
OTEIfyouwanttoviewalistofallusersinthedomain,leavetheNameand
Descriptionfieldsblank.
VMware, Inc. 143
Chapter 8 Component Policies

Inordertominimizetheadministrativeoverheadofcreatingbespokepolices,anumber
ofcomponent‐specificGPOtemplatesareprovidedwithViewConnectionServerthat
canbeimportedintoActiveDirectory.ThetemplatefilesthataccompanyView
Manageraredescribedbelow:
 vdm_agent.admcontainspropertiesrelatingtotheauthenticationand

environmentalcomponentsofaclientdesktopcontrolledbyViewAgent
 vdm_client.admcontainspropertiesrelatingtotheconfigurationparametersof
ViewClient
 vdm_server.admcontainspropertiesrelatingtoViewConnectionServer
 vdm_common.admcontainspropertiesrelatingtoallcomponentsofViewManager
TheGPOtemplatefilesarestoredinthefollowinglocation:
C:\Program Files\VMware\View Manager\Server\Extras\GroupPolicyFiles
MicrosoftTechNetprovidesdetailedguidanceonhowtoloadGPOtemplatesdirectly
intoActiveDirectory:
/>Application of Group Policies
OncetheGPOtemplateshavebeenloadedintoActiveDirectorytheyarereadand
applied:atstartupfordesktops,andduringlogonforusers.Bydefault,clientsystems
refreshmostGroupPolicysettingsapproximatelyevery90minutes.
Computer Configuration GPO
WiththeComputerConfigurationGPOyoucansetpoliciesthatareappliedtoall
systems,regardlessofwhoconnectstothedesktop.Whereequivalentpoliciesexistin
theUserConfigurationGPO,thepoliciescontainedinthisgroupareoverridden.
N
OTEClientsconnectingfromoutsidetheViewConnectionServerdomainare
unaffectedbyanyGPOsappliedtotheViewClientcomponent.
NOTEThepolicyupdateintervaliscontrolledbyageneralWindowspolicy,andcan
itselfbemodified.
View Manager Administration Guide
144 VMware, Inc.

View Agent Configuration
UsetheGPOsdescribedinTable 8‐8andTable 8‐9toconfigureViewAgentbehavior.
Table 8-8. View Agent Configuration Properties
Property Description
Recursive enumeration of

trusted domains
Determinesifeverydomaintrustedbythedomainin
whichtheagentresidesisenumerated.Inorderto
establishacompletechainoftrust,thedomainstrustedby
eachtrusteddomainarealsoenumeratedandtheprocess
continuesrecursivelyuntilalltrusteddomainsare
discovered.ThisinformationispassedtoV
iew
ConnectionServerinordertoensurethatalltrusted
domainsareavailabletotheclientonlogin.
Thispropertyisenabledbydefault.Whendisabled,only
directlytrusteddomainsareenumeratedandconnection
toremotedomaincontrollersdoesnottakeplace.
Note:Inenvironmentswithcomplexdomain
relationships—suchasthoseth
atusemultipleforest
structureswithtrustbetweendomainsintheir
forests—thisprocesscantakeafewminutestocomplete.
Table 8-9. View Agent Configuration Properties - Agent Configuration
Property Description
AllowDirectRDP Determinesifnon‐Viewclientscanconnectdirectlyto
desktopsusingRDP.Whendisabled,theagentwillonly
permitViewManager‐managedconnectionsviaView
ClientorViewPortal.
Thispropertyisenabledbydefault.
AllowSingleSignon Determinesifsinglesign‐on(SSO)isusedtoconnect
userstoViewManagerdesktops.Whene
nabled,usersare
onlyrequiredtoentertheircredentialswhenconnecting
toViewClientorViewPortal.Whendisabled,usersmust

reauthenticatewhentheremoteconnectionismade.
ThispropertyrequiresthattheSecureAuthentication
componentofViewAg entisinstalledonthedesktop,and
isenabledbydefault.
ConnectionTicketTimeout Specifiesth
etimeinsecondsforwhichtheView
connectionticketisvalid.Theconnectionticketisusedby
ViewclientswhenconnectingtoViewAgentandisused
forverificationandsinglesign‐onpurposes.
Forsecurityreasons,theseticketsareonlyvalidwithin
thespecifiedtimeperiod.Ifthispropertyisno
texplicitly
set,adefaultof900secondsapplies.