5 Replies Latest reply on Jan 21, 2015 2:41 PM by MrSeagull

    View Client for Windows Security Problem - Login without password

    Brian Knutsson Enthusiast
    vExpert

      Hi,

       

      I am starting this thread to get VMware to put focus om the security problem they have with the Windows View Client.

       

      The problem discription:

      When a costumer starts using View 4, they often have a lot og old machines. They can be converted to "thin" client, by installing a Windows XP, with nothing else than a View Client. To avoid multiple logins for the user, the machines can be installed as stand-alone (Not part of the domain) with autologin, that means no password, or a predefined password that the user dont know, or all users know.

       

      Then when a user starts the computer the View client starts automatically, and the user is prompet for his credentials, for the first and only time. When he connects to a View Desktop, single sing on connects him, and logs him in.

       

      The users now decides that it is time for a coffee break. And he locks Windows in his Virtual Desktop witch is in full screen mode, but the "thin" physical windows client is not locked. And there is no need to lock it since the user don't know that password.

       

      Now while he is gone another user comes along, and he goes to the top of the screen where the View Client toolbar is, and presses OPTIONS -> Switch Desktop -> Other Desktop

      This brings up the VMware View Connections. Now insted a choosing a VM to start, he closes the lock View Desktop in the background. Now he is able to connect to the same machine again, and Single sign on now logs him in, even though it is not the connect user, and he does not have the password.

       

      I am unable to see how to solve this without putting the "thin" Windows machines in the domain, and that means multiple logons for the user.

       

      Wise clients have a solution to this, where the lock the View client. That is a good solution, but VMware has not thought this through.

       

      Does anyone have some solutions that I have not seen? I had come up with a solution to use the Web Portal, and have iexplore killed after logon to the machine, but View does not support PCoIP when using Web Portal. Another solution is to remove the View Toolbar in the top of the screen, but then users are unable to start more then one machine. Very Annoying.

       

      Please Help

      Regards Mnemonic