VMware Horizon Community
RomeoJava
Contributor
Contributor

Restricting Vmware View Copy/Paste functionality

Does anybody know if it's possible to restrict VMware View copy/paste functionality depending on the source of the client?

We have some users accessing VDIs from internal systems where we'd like to enable copy/paste in and out of VDIs but we've also got some users accessing VDIs remotely where we'd like to disable copy/paste to mitigate malware and data loss risks.

It seems VDIs can have GPOs set to restrict copy/paste functionality but that means it's set per VDI, not where that VDI is being accessed from. I was wondering whether for example there was an alternative where VDIs accessed via a VMware View Security server can have it disabled but VDIs accessed via the normal view server can have it enabled? Surely I'm not the only person to have this type of requirement?

Any help would be most appreciated!

Rich

Reply
0 Kudos
3 Replies
RyanH84
Expert
Expert

Hi Rich,

Do you have any load balancing in your environment?

I haven't done this before, but my gut feeling would be to deploy a separate security/connection server(s) for your external users and when they hit the load balancer, this directs them to the separate sec/con server. (Based on IP/Geo/etc).

On the external connection server, create pool(s) that are the same for your internal users, you can even use the same gold image. Create a separate OU for this desktop pool and apply a separate GPO with copy/paste disabled that applies to them.

Does that make sense? I'm happy to be told a better way!

------------------------------------------------------------------------------------------------------------------------------------------------- Regards, Ryan vExpert, VCP5, VCAP5-DCA, MCITP, VCE-CIAE, NPP4 @vRyanH http://vRyan.co.uk
Reply
0 Kudos
amr12
Enthusiast
Enthusiast

Maybe use a powershell log on script that looks at their IP address  in the registry and if it internal change the appropriate registry keys to enable and if internal do the opposite.  I don't know off the top of my head what registry keys make this work but I know they are in HKLM/Policies/teredici/Pcoip...i THINK.

Some quick Google-Fu will help you out with their location.

Reply
0 Kudos
Rausche
Contributor
Contributor

Maybe create a GPO that uses a filter based on the 'Volatile Environment' registry keys to determine if the connecting client is internal or not and set the GPO accordingly. Should be simple enough, no need for extra pools or OUs.

Reply
0 Kudos