Chris_Nodak
Enthusiast
Enthusiast

Can you block use of mobile phones as an endpoint?

Ok this might be an odd request but is there a way to block access to a Horizon UAG from mobile phones?

Here is the scenario that recently happened and prompted management to ask me to find a solution:

User is late for work. They install Horizon app on their mobile device and access their VM so they can punch in on the internal clock website on time. Then user shows up late and gets busted by management for coming in late. 

They check the time clock and ask how the user clocked in before actually arriving. User admits to what they did using their phone.

Long story short, is there any way we can block remote access from mobile phones or whitelist specific hardware? It's not something I want to deal with but this is apparently a big problem at this specific site.

Currently we are working towards implementing Instant Clones and DEM but these users are still on a linked clone environment. All outside access is routed through a UAG. Internal access goes directly to the connection server.

Love to hear any ideas you folks might have.

0 Kudos
3 Replies
TechMassey
Hot Shot
Hot Shot

If you are running at least version 7.13, you can restrict client versions for Android. Specifying the latest version and earlier would solve the issue but would also block any legitimate use case as well. 

It sounds like the issue is systemic. Resolving user behavior with technology is never an ideal scenario but it does make for an interesting puzzle. 

As an alternate option, the client information such as Client Type, IP Address, Hostname, etc are stored in the 'HKCU\Volatile Environment Key'. If AD user accounts have restricted logon hours or you know the exact users to target. You could leverage command actions in the horizon agent ADMX or similar mechanism to disconnect them. 

Once they connect from a preferred device, hostname, or subnet the auto disconnects would stop. 


Please help out! If you find this post helpful and/or the correct answer. Mark it! It helps recgonize contributions to the VMTN community and well me too 🙂
0 Kudos
Chris_Nodak
Enthusiast
Enthusiast

Can you also block iPhones with this method and how would I go about doing that?

They don't want any of their users to use a phone to login so it would be company wide. They have a dedicated connection server so that's not an issue either.

I can look at the ADMX options. Thanks.

0 Kudos
Chris_Nodak
Enthusiast
Enthusiast

@TechMassey 

Can you point me in the right direction on the ADMX templates? There are so many options. I've no idea where to look to restrict access by device type.

Thanks.

0 Kudos