General
Kiosk mode is a method of delivering a VMware Horizon View desktop to a zero client, a thin client or a PC without the need for an end-user to authenticate to the connection server. Instead of associating a VDI with a userID, kiosk mode associates a VDI with a MAC address or a clientID of an endpoint device.This allows an organisation to provide access to a VDI to users that do not have a user ID, which is typically the case in public places.
As there is no user authentication, there is obviously also no need to preserve user data or to deliver persistent desktops.
In some circumstances however, it might be required that all kiosk users log in to the VMware Horizon View desktop with the same, predetermined username and password. This scenario can be desirable when use of the kiosk or an application is restricted to a known set of users, such as company employees or registered students, but is not available to the general public. In this case, people who know the password can use the kiosk, but these users are not identified by personal credentials.
How to setup
The setup of kiosk mode in VMware Horizon View is rather simple, but does require the use of the command line tool vdmadmin.
Step 1: create a new organisational unit (OU) specific for kiosk users
This OU will contain all kiosk mode VDIs and all accounts that will have access to a kiosk mode VDI. Specific GPOs can be associated with this OU to lock down the VDI session.
Example: OU=kiosk,OU=vdi,DC=mydomain,DC=local
Step 2: create a new Active Directory Security group
This security group will contain all accounts that will have access to a kiosk mode VDI
Example: gg-euc-kiosk
Step 3: create a new floating Desktop pool in VMware Horizon View
Add all the VDIs to the OU created in Step 1
Make sure to delete or refresh the VDI immediately at logoff
Entitle the group you created in step 2 to this desktop pool
Step 4: Set default values for the organisational unit (OU), password expiration, and group membership of clients in kiosk mode.
This is done by executing the vdmadmin command line utility. The vdmadmin utility is located at C:\Program Files\VMware\VMware View\Server\tools\bin of each VMware Horizon View Connection server and should be executed from a command line (as administrator) directly from a VMware Horizon View Connection server.
Example: vdmadmin -Q -clientauth -setdefaults -ou “OU=kiosk,OU=vdi,DC=mydomain,DC=local” -noexpirepassword -group gg-euc-kiosk
Step 5: Add accounts for clients in Kiosk mode
The VMware Horizon View Connection Server creates Active Directory user account and passwords for each client based on the client’s MAC address or client ID, which it uses to authenticate the client when connecting it to the View desktop.
The clientid parameter must be in the form <MAC-address>, cm-<MAC-address> or custom-<name> where <MAC-address> is of the form aa:cc:ff:aa-33-99
Example-1: vdmadmin -Q -clientauth -add -domain MYDOMAIN -clientid custom-kiosk01 -password “Secret_Password” -ou “OU=kiosk,OU=vdi,DC=mydomain,DC=local” -group gg-euc-kiosk -description “VDI Kiosk User 01” -noexpirepassword
Example-2: vdmadmin -Q -clientauth -add -domain MYDOMAIN -clientid cm-00:50:56:82:81:ec -genpassword -ou “OU=kiosk,OU=vdi,DC=mydomain,DC=local” -group gg-euc-kiosk -description “Horizon View Kiosk account for client with MAC address 00:50:56:82:81:ec” -noexpirepassword
Step 6: Enable authentication of clients in kiosk mode for each View Connection Server instance
Example: vdmadmin -Q -enable -s MYCONNECTIONSERVER
Step 7: Setup clients to connect to the kiosk mode VDIs
Example when connecting via a specific username:
“C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe” -unattended -serverURL view.mydomain.local -userName custom-kiosk01 -password Secret_Password
Example when connecting via a specific endpoint who’s MAC address has been added as an account (Step 5):
“C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe” -unattended -serverURL view.mydomain.local