VMware Horizon Community
Rick_K
Contributor
Contributor
‎04-12-2017 07:34 AM

Locked down, hardware access control (KIOSK Mode?)

Hello everyone,


I finally decided to sign up to here to see if someone has had a similar scenario or managed to resolve this dilemma I am facing.

After many months of trial and error I have finally set up a Pod architecture environment with;

1 vCenter
3 Locations all with 1 connection and 1 security server.

Happy days, created a couple of images and everything works great, even the smartcard authentication.

Now here is the issue I am trying to resolve.

I am trying to create a desktop pool which will be running a fresh image that refreshes daily (non-persistant/floating)

The challenge I am facing is that I only would like the Wyse (P25) boxes that we have to be able to access this specific pool. Not that someone tries to grab another machine fires up the horizon client and logs in that way. This environment is locked down, secure and only has access to 2 web pages.

After many hours of googling I came to the conclusion that I may end up having to set up a second connection server and configure that to use Kiosk mode.

Has anyone attempted to do something similar? As I am guessing there is probably multiple ways of doing this.

Thank you for taking the time to read this post Smiley Happy

0 Kudos
1 Reply
Gagan201110141
Enthusiast
Enthusiast
‎02-08-2018 11:38 AM

Hello;

I am currently doing this now it's pretty simple.

The only issue you have even if you set the machines to recompose instantly on log off you will have to recompose them from the pool nightly

We had the older Dell Wyse just running the

Put in the Windows Startup Folder a .bat like this

Bat Scrip I use

-=-----------------------------------------------------

vmware-view -unattended -serverURL ur connect server here

sleep 15

start "Kiosk" "%~dpnx0"

exit

-=-----------------------------------------------------

Ensure you have a security group created with the MAC address's as the user's name and add them into a security group so they will lunch into the desired desktop.

This way it will use the machines MAC to authenticate into the environment; You would just setup a pool all with the same iamge and only allow them to pull from them. THis can be done with AD using security groups or manually adding each machine into entitlements

Best of luck

0 Kudos