VMware Horizon Community
GTO455
Enthusiast
Enthusiast

Gmail Two-Step Authentication

Hello,

We have an RDS host set up to provide the Google Chrome app to our users in Horizon.

Most of our users use Chrome to check their personal gmail accounts and have Two-Step (aka Two-Factor) authentication enabled. 

Some users are complaining that every time they close the Chrome app and re-open it, they have to authenticate with Two-Factor Authentication again in gmail. It doesn't matter if it is one hour, one day, or whatever, gmail wants them to re-authenticate, and I have confirmed this behavior. This is something they didn't have to do on their personal desktops where Chrome would "remember" them. 

Is their any way to prevent this 2FA from re-occurring every time they launch Chrome? Maybe a setting in DEM or on the configuration on the RDS host?

We are using Horizon 8 with DEM and we can see that DEM is working because Chrome profiles are loading history, bookmarks, etc when the Chrome app is launched on the RDS host.

Any insight to this would be appreciated.

0 Kudos
3 Replies
Mickeybyte
Hot Shot
Hot Shot

@GTO455 ,

You are probably missing some information of the chrome profile in your DEM configuration. 

This is the config I use for Chrome (and also for Edge, but with different folder names): 

[IncludeFiles]
<AppData>\Google\Chrome\User Data\Default\profile.pb

[IncludeRegistryTrees]
HKCU\Software\Google\Chrome
HKCU\Software\Google\EdgeUpdate

[IncludeFolderTrees]
<LocalAppData>\Google\Chrome\User Data\Default
<LocalAppData>\Google\Chrome\User Data\Profile 1
<LocalAppData>\Google\Chrome\User Data\Profile 2

[IncludeIndividualFolders]
<LocalAppData>\Google\Chrome\User Data

[ExcludeFolderTrees]
<LocalAppData>\Google\Chrome\User Data\[MATCHALL]\Cache
<LocalAppData>\Google\Chrome\User Data\[MATCHALL]\Code Cache
<LocalAppData>\Google\Chrome\User Data\[MATCHALL]\GPUCache
<LocalAppData>\Google\Chrome\User Data\[MATCHALL]\IndexedDB
<LocalAppData>\Google\Chrome\User Data\[MATCHALL]\Service Worker\CacheStorage
<LocalAppData>\Google\Chrome\User Data\[MATCHALL]\Service Worker\ScriptCache
<LocalAppData>\Google\Chrome\User Data\[MATCHALL]\optimization_guide_hint_cache_store
<LocalAppData>\Google\Chrome\User Data\[MATCHALL]\optimization_guide_model_metadata_store
<LocalAppData>\Google\Chrome\User Data\[MATCHALL]\optimization_guide_prediction_model_downloads

This grabs the important parts of the Chrome profile (including extra profiles if they have created them) but excludes the unnecessary cache folders in various locations.

Maybe compare this with your config and adjust where necessary.

 


Regards,
Mickeybyte (ITPro blog)

If you found this comment useful or an answer to your question, please mark as 'Solved' and/or click the 'Kudos' button, please ask follow-up questions if you have any.
0 Kudos
GTO455
Enthusiast
Enthusiast

I probably should have added my Chrome DEM config in my initial post. It contains most of the same settings as yours (and then some). I found this config here.

[IncludeRegistryTrees]
HKCU\Software\Google\Chrome

[IncludeFiles]
<LocalAppData>\Google\Chrome\User Data\First Run
<LocalAppData>\Google\Chrome\User Data\Local State

[IncludeFolderTrees]
<LocalAppData>\Google\Chrome\User Data\Default
<LocalAppData>\Google\Chrome\User Data\Profile 1

[ExcludeFolderTrees]
<LocalAppData>\Google\Chrome\Default\Cache
<LocalAppData>\Google\Chrome\User Data\Default\Application Cache
<LocalAppData>\Google\Chrome\User Data\Default\Cache
<LocalAppData>\Google\Chrome\User Data\Default\GPUCache
<LocalAppData>\Google\Chrome\User Data\Default\IndexedDB
#<LocalAppData>\Google\Chrome\User Data\Default\Local Storage (this is where Google Earth Settings are saved)
<LocalAppData>\Google\Chrome\User Data\Default\Media Cache
<LocalAppData>\Google\Chrome\User Data\Default\Session Storage
<LocalAppData>\Google\Chrome\User Data\Default\Storage
<LocalAppData>\Google\Chrome\User Data\Default\Sync Data
<LocalAppData>\Google\Chrome\User Data\Default\Sync Data Backup
<LocalAppData>\Google\Chrome\User Data\Default\Web Applications
#These settings were added to reduce Chrome Profile size. Undo them if you run into any issues
<LocalAppData>\Google\Chrome\User Data\Default\blob_storage
<LocalAppData>\Google\Chrome\User Data\Default\BudgetDatabase
<LocalAppData>\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb
<LocalAppData>\Google\Chrome\User Data\Default\Feature Engagement Tracker
<LocalAppData>\Google\Chrome\User Data\Default\Pepper Data
<LocalAppData>\Google\Chrome\User Data\Default\Platform Notifications
<LocalAppData>\Google\Chrome\User Data\Default\Service Worker
<LocalAppData>\Google\Chrome\User Data\Default\Sync Extension Settings
<LocalAppData>\Google\Chrome\User Data\Default\VideoDecodeStats
<LocalAppData>\Google\Chrome\User Data\Default\webrtc_event_logs
<LocalAppData>\Google\Chrome\User Data\Default\databases
<LocalAppData>\Google\Chrome\User Data\Default\Download Service
<LocalAppData>\Google\Chrome\User Data\Default\File System
<LocalAppData>\Google\Chrome\User Data\Default\GCM Store
<LocalAppData>\Google\Chrome\User Data\Default\Thumbnails
<LocalAppData>\Google\Chrome\User Data\Default\Code Cache

[ExcludeFiles]
<LocalAppData>\Google\Chrome\User Data\Default\Network Action Predictor
<LocalAppData>\Google\Chrome\User Data\Default\Network Action Predictor-journal
<LocalAppData>\Google\Chrome\User Data\Profile 1\Network Action Predictor
<LocalAppData>\Google\Chrome\User Data\Profile 1\Network Action Predictor-journal
*.tmp
0 Kudos
Mickeybyte
Hot Shot
Hot Shot

I suggest you create a new config with the settings I provided (use a condition to limit that config to a test user and exlude that test user from the original Chrome config) and test to see if it works there. I have no problems using that config to keep users signed in to Google.


Regards,
Mickeybyte (ITPro blog)

If you found this comment useful or an answer to your question, please mark as 'Solved' and/or click the 'Kudos' button, please ask follow-up questions if you have any.
0 Kudos