VMware Horizon Community
crgnjul
Contributor
Contributor
‎09-07-2012 05:34 AM

Lock workstation issue

We are using View 5 with Windows XP and Windows 7 pools.  Our internal policy says workstations must lock after 15 minutes of inactivity.  We currently do so by setting the screen saver to start and require a password to exit the screen saver.  We set that on the physical desktops/laptops but not on the VM figuring that if you can't get into the local hardware you can't get to the VM.

We have recently started using zero clients.  Since the policy only applies to physical machines, these users don't get locked. I can easily set the policy to apply to VMs as well, but then users on physical machines will have to unlock the physical machines as well as the VM.

Without creating 2 pools in different OUs (one for zero client users and one for desktop/laptop useres) what are my options to lock the VM for zero clients and the physical machine for desktop/laptop users?

TIA

Craig

Tags (4)
0 Kudos
4 Replies
LarryBlanco2
Expert
Expert
‎09-07-2012 09:22 AM

I think your best solution / approach would be to create a powershell script (preferred) or a vbscript on the VM.

Have it read the registry to get to volatile setting of the client machine within the vm "HKCU\Volatile Environment ".  Based on name or mac prefix assign the screen saver.

U can use this as a reference:

http://blogs.vmware.com/euc/2009/05/vmwre-view-client-variables.html

U can execute the script in both connect and reconnect registry settings. 

basically if the name (or part of the name) and/or mac prefix matches then set the screen saver setting to what u want.  I they do not match then turn off the screen saver on the vm.

You will be covered for both use cases at that point.

Hope it helps!

Larry B.

0 Kudos
LarryBlanco2
Expert
Expert
‎09-07-2012 09:28 AM

Actually u can use the ViewClient_Type:

It shoudl read: "Zero"  or something like that. This would be the best key to use.

Heck u can likely just use a GPO setting and target that registry key with the specific setting.

And you are all done and a hero in your company!

LarryB.

0 Kudos
crgnjul
Contributor
Contributor
‎09-07-2012 12:33 PM

This is a great idea!  I found the key ViewClient_Type="Teradici_PCoIP"

I can't however figure out how to create a WMI filter for that.  In fact I keep seeing that this can't be done

"Though WMI can be usesd to query registry keys/values by writing script code
(example: http://www.microsoft.com/technet/scriptcenter/resources/qanda/oct04/hey1029.mspx),
such a query cannot be included in a WQL based WMI query.
Why?
WQL queries are based on certain WMI classes which offere a set of properties.
The WMI registry actions instead are based on the "StdRegProv" in the "Default" namespace and
certain methods have to be called to get a result.
=> that means a registry query bases WMI filter is not possible."

(taken from http://social.technet.microsoft.com/Forums/en-US/winserverGP/thread/5cd1b80a-2f90-4d46-bf65-dba52dcf... )

Anyone have any other ideas?

0 Kudos
LarryBlanco2
Expert
Expert
‎09-08-2012 08:50 AM

Hmm.. I had said that Group Policy Preferences were the way to go.

Take a look at this blog:  http://evilgpo.blogspot.com/2012/03/how-to-save-my-screen.html

Specifically look at the

"Skip Administrative Templates, use Preferences!"

section.

Target the same key as stated above.

It will solve your problem.

Larry B.

0 Kudos