Hello,
is it possible to restrict launching desktops from graphical clients (web or non-web) and allowing only Command line interface launch?
what I wish to achieve with this, is to restrict access to view desktops that are bound to a physical location, while allowing "ALL users" to login to those desktops only when approaching to those, and not from remote.
It sounds like using kiosk mode to do the broker authentication and desktop connection, and then disable SSO and instead have users log on manually inside the VM, would fit your usecase?
It sounds like using kiosk mode to do the broker authentication and desktop connection, and then disable SSO and instead have users log on manually inside the VM, would fit your usecase?
thanks for your suggestion,
it makes perfect sense - but - it requires me to entitle regular users on the pool as well as kiosk users
and once regular users are entitled, they should be able to login from remote location just as well - not what I intended.
or should they not?
Edit: I figured out the entitlement question: no need to entitle the pool with regular users, just have it arranged from AD level....
brilliant!, thanks!
Looks like you already figured this out, but you should only need to entitle the pool to the kiosk accounts. In the non-SSO scenario, you should also make sure users are allowed to login interactively to the VMs in question using an AD group and GPO settings.