VMware Horizon Community
MikeC3964
Enthusiast
Enthusiast
‎07-29-2018 11:46 AM

Is UEM capable of restricting login?

We're currently a POC with VMwares' UAG appliance and Microsoft's MFA solution, for remote access. Right now, our production work force connects remotely with Cisco Anyconnect into an ASA then a straight shot into our Connection Server. I was looking into way to somehow restrict/lock down access for only a handful of users with our POC option, and was looking at my options. I know UEM is very powerful, and would like handle it this way, but not entirely sure how. Has anyone ever done this with this tool or have any ideas of things I could try?

I appreciate any feedback.

Thanks,

Mike

4 Replies
DEMdev
VMware Employee
VMware Employee
‎07-29-2018 12:13 PM

Hi MikeC3964,

UEM doesn't really offer any functionality for this. You could use it to drop a shortcut to Logoff.exe into the startup folder or into Explorer's Run key, but the user might be able to interact with the session for a few seconds.

0 Kudos
MikeC3964
Enthusiast
Enthusiast
‎07-29-2018 12:18 PM

Thanks for the response UEMdev​! That might not be too bad, certainly better than nothing. At a high level, how might this design look?

Thanks,

Mike

0 Kudos
DEMdev
VMware Employee
VMware Employee
‎07-30-2018 12:28 AM

Hi MikeC3964,

The following UEM shortcut definition will automatically log off a user shortly after logon:

pastedImage_0.png

Make sure to configure the correct conditions on that item, so as not to log off everyone 🙂

On my 2012R2 test VM the logoff happens 10 seconds after Explorer appears. Turns out that that delay can be overridden by creating a REG_DWORD StartupDelayInMSec at HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Serialize, and setting it to 0. You could do that through UEM Registry Settings:

pastedImage_6.png

MikeC3964
Enthusiast
Enthusiast
‎07-30-2018 05:10 AM

This is fantastic! Thanks so much for the time and effort you put into this.

-Mike