<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Re: View Persona Management support for CryptProtectData in Horizon Desktops and Apps</title>
    <link>https://communities.vmware.com/t5/Horizon-Desktops-and-Apps/View-Persona-Management-support-for-CryptProtectData/m-p/1334690#M35618</link>
    <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;This post has been moved from the &lt;A _jive_internal="true" href="https://communities.vmware.com/community/vmtn/desktop/view/bootcamp"&gt;VMware View™ Bootcamp&lt;/A&gt; to &lt;A _jive_internal="true" href="https://communities.vmware.com/community/vmtn/desktop/view"&gt;VMware View™ (with View Manager)&lt;/A&gt; forum.&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
    <pubDate>Wed, 19 Dec 2012 14:00:43 GMT</pubDate>
    <dc:creator>mittim12</dc:creator>
    <dc:date>2012-12-19T14:00:43Z</dc:date>
    <item>
      <title>View Persona Management support for CryptProtectData</title>
      <link>https://communities.vmware.com/t5/Horizon-Desktops-and-Apps/View-Persona-Management-support-for-CryptProtectData/m-p/1334689#M35617</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;I'm working on a Windows client which uses the &lt;STRONG&gt;Windows Data Protection APIs&lt;/STRONG&gt; (&lt;STRONG&gt;CryptProtectData &lt;/STRONG&gt;&amp;amp; &lt;STRONG&gt;CryptUnprotectData&lt;/STRONG&gt;). These APIs encrypt &amp;amp; decrypt a credentials file by tying a session key to the &lt;STRONG&gt;Windows User Profile&lt;/STRONG&gt;. This allows the user to securely choose to "remember" usernames &amp;amp; passwords. i.e. The user does not need to re-enter when the client restarts.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;The credentials file is stored in the Roaming directory (C:\Users\&lt;EM&gt;&amp;lt;user&amp;gt;&lt;/EM&gt;\AppData\Roaming). Assuming the &lt;STRONG&gt;Roaming Profile&lt;/STRONG&gt; is enabled, if a user logs onto another machine, with the same username/password, the credentials file is automatically downloaded. &lt;STRONG&gt;CryptUnprotectData&lt;/STRONG&gt; supports roaming so this means the file can be decrypted. Hence when the user starts the client, on another machine, he/she does not need to enter a username or password.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;If the &lt;STRONG&gt;Roaming Profile&lt;/STRONG&gt; is disabled the file cannot be decrypted. e.g. If manually copied to another machine. It is tied to the machine upon which it was encrypted &amp;amp; can only be decrypted on that machine.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;This has worked for two releases of our client. But recently a larger customer exposed a hole with this approach.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;They have a subset of users who have been provisioned with virtual environments. Every time one of these users signs in a "new" machine is provided. The &lt;STRONG&gt;Windows Roaming Profile&lt;/STRONG&gt; is disabled. So to keep the users settings they are using &lt;STRONG&gt;View Persona Management&lt;/STRONG&gt;. &lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;This poses a problem for our client. The credentials file is downloaded by &lt;STRONG&gt;View Persona Management&lt;/STRONG&gt;. But since the file was encrypted on "another" machine, &amp;amp; because roaming is disabled, it cannot be decrypted by &lt;STRONG&gt;CryptUnprotectData&lt;/STRONG&gt;. From the Windows point of view this is very deliberate. But it means that every time a user logs into a VM a username/password is required by our client.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;We asked the customer if they would be willing to enable the &lt;STRONG&gt;Windows Roaming Profile&lt;/STRONG&gt; (since it works in conjunction with &lt;STRONG&gt;View Persona Management&lt;/STRONG&gt;). But they believe this is a step backwards and are unwilling to proceed.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;This &lt;EM&gt;seems&lt;/EM&gt; like a common requirement. Hence my questions are:&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;UL&gt;&lt;LI&gt;Does VMWare provide an alternative to the &lt;STRONG&gt;Windows Data Protection APIs&lt;/STRONG&gt; in deployments where the &lt;STRONG&gt;Windows Roaming Profile&lt;/STRONG&gt; is disabled?&lt;/LI&gt;&lt;/UL&gt;&lt;P&gt;&lt;/P&gt;&lt;UL&gt;&lt;LI&gt;Are there any additional steps the customer can carry out to get &lt;STRONG&gt;CryptProtectData&lt;/STRONG&gt; to work nicely with &lt;STRONG&gt;View Persona Management&lt;/STRONG&gt;?&lt;/LI&gt;&lt;/UL&gt;&lt;P&gt;&lt;/P&gt;&lt;UL&gt;&lt;LI&gt;Have VMWare an official stance on &lt;STRONG&gt;CryptProtectData &lt;/STRONG&gt;&amp;amp; &lt;STRONG&gt;View Persona Management&lt;/STRONG&gt; working together? &lt;/LI&gt;&lt;/UL&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Wed, 19 Dec 2012 11:39:38 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/Horizon-Desktops-and-Apps/View-Persona-Management-support-for-CryptProtectData/m-p/1334689#M35617</guid>
      <dc:creator>ShaneGannon</dc:creator>
      <dc:date>2012-12-19T11:39:38Z</dc:date>
    </item>
    <item>
      <title>Re: View Persona Management support for CryptProtectData</title>
      <link>https://communities.vmware.com/t5/Horizon-Desktops-and-Apps/View-Persona-Management-support-for-CryptProtectData/m-p/1334690#M35618</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;This post has been moved from the &lt;A _jive_internal="true" href="https://communities.vmware.com/community/vmtn/desktop/view/bootcamp"&gt;VMware View™ Bootcamp&lt;/A&gt; to &lt;A _jive_internal="true" href="https://communities.vmware.com/community/vmtn/desktop/view"&gt;VMware View™ (with View Manager)&lt;/A&gt; forum.&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Wed, 19 Dec 2012 14:00:43 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/Horizon-Desktops-and-Apps/View-Persona-Management-support-for-CryptProtectData/m-p/1334690#M35618</guid>
      <dc:creator>mittim12</dc:creator>
      <dc:date>2012-12-19T14:00:43Z</dc:date>
    </item>
    <item>
      <title>Re: View Persona Management support for CryptProtectData</title>
      <link>https://communities.vmware.com/t5/Horizon-Desktops-and-Apps/View-Persona-Management-support-for-CryptProtectData/m-p/1334691#M35619</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;I discussed this issue with the VMWare team directly. Turns out my customer had a bug in their VMWare infrastructure. View Persona Manager does support the Windows Data Protect APIs.&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Tue, 19 Mar 2013 09:51:38 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/Horizon-Desktops-and-Apps/View-Persona-Management-support-for-CryptProtectData/m-p/1334691#M35619</guid>
      <dc:creator>ShaneGannon</dc:creator>
      <dc:date>2013-03-19T09:51:38Z</dc:date>
    </item>
    <item>
      <title>Re: View Persona Management support for CryptProtectData</title>
      <link>https://communities.vmware.com/t5/Horizon-Desktops-and-Apps/View-Persona-Management-support-for-CryptProtectData/m-p/1334692#M35620</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;Shane, do you know what exactly the problem was? I just asked VMware support about this and the response I got was exactly the opposite: the agent said that credentials cannot be stored with the user's persona. Thanks!!&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Fri, 11 Apr 2014 21:52:37 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/Horizon-Desktops-and-Apps/View-Persona-Management-support-for-CryptProtectData/m-p/1334692#M35620</guid>
      <dc:creator>vinoceros</dc:creator>
      <dc:date>2014-04-11T21:52:37Z</dc:date>
    </item>
  </channel>
</rss>

