VMware Horizon Community
steveherbst
Contributor
Contributor

Disable Password caching on VMware View login screen

We are trying to set up Virtual Desktops for various clients as a pilot and we are having some security issues we have not been able to address.

The first of those is on the WMware View Portal login screen:

We have the username, password and Domain entry fields

when someone types in their name and password it is cached there and when the next person clicks on the username box they can see who had logged in at that machine and can click on their name and it fills in the password and they can then logon as that person. I understand that IE can be set up to not save passwords on a client machine, however since the idea is they can log in from anywhere they may be on a publci machine when they do it and of course those machines can't be onfigured.

What I am looking for is a way to control caching of the passwords so that they are not saved on the IE browser on everyones machine, but control it from the server end...like a banking site does. Everytime of go to my banking site I must enter my username and password. It does not cache them even if I tell it to save passwords. How can I get View to do that also.

The second part of my question is, how do I get rid of the domain drop down. I do not want all our clients to be able to click and see the domains of the other clients that are on there. Is there another way that this can be done and eliminate the drop down in favor of users placing the domain in front of the user name like in windows...domain name\username.

We are struggling to find a way to use the virtual desktops in a shared environment the View. Any help would be greatly appreciated.

0 Kudos
3 Replies
admin
Immortal
Immortal

I'm just wondering which version of VMware View you are using? The web portal should exist in the earliest version 4.5. The save password thing is a browser issue I would think. Couldn't you turn off the save password function there.

Your second question is quite easy to answer. You can use the UPN to login as well as the domain. You can not get rid of the domain dropdown box, but you can hide unwanted domains using the vdmadmin.exe toolwhich you can find on the View Servers in the program folder.

Check the vdmadmin.exe help through using vdmadmin.exe /?

The command should be vdmadmin.exe -N -Domains .......

Regards,

Christoph

Don't forget to award the points if this answer was helpful for you.

Blog:

0 Kudos
steveherbst
Contributor
Contributor

We are using View 4.0

I understand that the cached password can be disabled on IE directly. We are trying to address the other 99% of the machines that we do control and have the ability to apply that policy on. We are looking for a solution that is server/global based for all users and does not depend on their local IE settings.

For example, I have my my cache passwords for me for convenience, however, when I go to my banking site it has not cached the passwords and I have to type them in again for security. This then prevents someone that comes to my computer from just clicking on my previous logon and getting in as me.

Again, we are looking for something we can apply on our infrastructure end, not on every physical desktop.

When I enter my domain\username and try and login is give me teh wrong username or password error.

0 Kudos
Joxster
Contributor
Contributor

I've not looked into this myself but all the VMware login page is is HTML so if you could re-right or edit that page and insert the following in the page.

In perl:

print "Cache-Control: no-cache, no-store\n";

In php:

header("Cache-Control: no-cache, no-store");

With meta tags:

You would want to try the META TAG option first....

These are commands that are returned to before the content of the page. All standards compliant browsers read through the commands which can affect how the page is loaded, stored, ... The above commands will tell the browser that it should not cache the page.

Hope it helps...

Thanks

0 Kudos