We've recently switch over to new Thin Clients running WES8 & View Client 3.5.2 but have come across an issue with is a security concern for us.
When I user only has access to 1 View Pool, the View Client will automatically close after logging of or disconnecting from the virtual desktop. The thin client will 'reset' & require user authentication again. This is the behaviour we need.
However, when a user has access to multiple View Pools, when they logoff or disconnect from the virtual desktop it returns to the Pool selection window, still authenticated from earlier. This means if they lock their session & switch to a new desk, the session on their old desk will drop back to the pool selection window & anybody can just double click to get logged in to a desktop as the other user; creating a pretty big security risk.
With earlier versions of the view client, the behaviour for both scenarios (1 pool vs multiple pools) was the same & the client would full close at logoff or disconnection.
We need a way to force the 3.5.2 (and future) clients to close whenever a virtual desktop session is closed or disconnected; hopefully there is a registry setting or similar that we can use?
Thanks in advance
Hi No Dowt,
For you case, you can use the command line option –hideClientAfterLaunchSession True/False to change the behavior, you can combine the option (along with other options) to proceed to the desktop list page, launch desktop then disconnects.
For normally log in client with multiple entitled pools, it is not reasonable to logoff or disconnect one virtual desktop will close client directly. User can click the disconnect from the server button in the desktop selector,Thanks.
Thanks for your input this worked for my Environment. I simply added the -hideClientAfterLaunchSession true to the desktop shortcut on my devices and this helped a lot! Thanks!
Example of our desktop shortcut in case anyone else needs details:
Target : "C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe" -desktopLayout fullscreen -domainName example.net -hideClientAfterLaunchSession true -serverURL conn.example.net
Did you ever get a decent solution to this? I have exactly the same issue and It just seems like quite a glaring security hole to me. Yes we can use the CloseSessionAfterLaunch switch via the cmd line, but it's not that elegant so was wondering how you got round it in the end.
Thanks in advance.
Sorry for the late reply... We still don't have a good solution for this.
As a workaround for the security side of things, we've disabled SSO for View... So now even if a Thin Client drops back to the still logged in pool selection Window, there is less exposure since when you initial a connection to a pool you still need to login to windows manually.
I know this is an old post but if anyone stumbles upon this months later like me I found a solution. I am using Raspberry Pi's for thin clients and was able to add the line view.once = "TRUE" to /etc/vmware/view-default-config. You could also add run the view client from command line with vmware-view --once . I believe the "--once" switch will also work on Windows (haven't tested) "C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe" -once. Hope this helps someone.
"-once" doesnt work on Windows unfortunately.
You have to use:
"C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe" -hideClientAfterLaunchSession true
Then if you want to get really into it and are provisioning a PC as a thin client then you can run a script like this to auto restart the client after a user logs off:
tasklist /FI "IMAGENAME eq vmware-view.exe" 2>NUL | find /I /N "vmware-view.exe">NUL
if NOT "%ERRORLEVEL%" == "0" start "" "C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe" -hideClientAfterLaunchSession true"
This is Horizon 7/8 client specific. Hope it helps someone.