VMware Horizon Community
JAClan
Contributor
Contributor

Smart Card behavior changes when App Volume is attached.

Hi. Just some quick environment info. We are running Horizon 7.9 with Windows 10 1809 instant clones, UEM, and AppVolumes 2.18. We are in a DoD environment and have to follow the rules regarding smart card logins and behaviors. If a user is not entitled to an AppVol everything functions normally but as soon as an AppVol is attached the smart card behavior changes.

Our biggest issue currently is that the work stations do not lock when a user with an AppVol attached pulls their CAC. Interactive logon: Smart card removal behavior" to "Lock Workstation" is set via GPO. If I check the registry HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\scremoveoption it is set to "1" which is the value to lock the workstation. The registry value remains a "1" whether the user has an appvol attached or not. Part of the strange behavior is that the very first time a user pulls their CAC after logging in, the work station will lock but fails to lock any subsequent times a user pull their CAC. If I remove them from an appvol the behavior returns to normal.

I'm guessing a registry valued got captured during the AppStacks creation process and is somehow tacking precedence over what is in HKLM on the VM. Has anyone else ever observed this behavior?

Thanks,

Jesse

EDIT: This behavior was not an issue on our old Horizon 7.4 environment utilizing AppVols 2.17 and Windows 10 1703

EDIT 10/25/19 not sure why or how this post got marked 'Solved' it most definitely is not.

Reply
0 Kudos
3 Replies
MelVasquez11
Contributor
Contributor

JAClan,

I've come across the same issue and the only change I made to fix my issue was by going into:

Horizon 7 Administrator - select your desktop pool - edit- desktop pool settings then selecting 'Never' for automatically logoff after disconnect.

Hopefully that will work for you.

Reply
0 Kudos
JAClan
Contributor
Contributor

Thanks for the reply but unfortunately the pool is already configured that way.

Reply
0 Kudos
enowai
Contributor
Contributor

Did you ever get an answer for this?

Reply
0 Kudos