How to setup Kiosk Mode
The setup of kiosk mode in VMware Horizon View requires the use of the command line tool vdmadmin.
Step 1: create a new organisational unit (OU) specific for kiosk users
This OU will contain all kiosk mode VDIs and all accounts that will have access to a kiosk mode VDI. Specific GPOs can be associated with this OU to lock down the VDI session.
Example: OU=kiosk,OU=vdi,DC=mydomain,DC=local
Step 2: create a new Active Directory Security group
This security group will contain all accounts that will have access to a kiosk mode VDI
Example: sg_kioskMode
Step 3: create a new floating Desktop pool in VMware Horizon View
Add all the VDIs to the OU created in Step 1
Make sure to delete or refresh the VDI immediately at logoff
Entitle the group you created in step 2 to this desktop pool
Step 4: Set default values for the organisational unit (OU), password expiration, and group membership of clients in kiosk mode.
This is done by executing the vdmadmin command line utility. The vdmadmin utility is located at C:\Program Files\VMware\VMware View\Server\tools\bin of each VMware Horizon View Connection server and should be executed from a command line (as administrator) directly from a VMware Horizon View Connection server.
Example: vdmadmin -Q -clientauth -setdefaults -ou “OU=kiosk,OU=vdi,DC=mydomain,DC=local” -noexpirepassword -group sg_kioskMode
NOTE: if you aren’t using a security group use “-nogroup” instead
Step 5: Add accounts for clients in Kiosk mode
The VMware Horizon View Connection Server creates Active Directory user account and passwords for each client based on the client’s MAC address or client ID, which it uses to authenticate the client when connecting it to the View desktop.
The clientid parameter must be in the form <MAC-address>, cm-<MAC-address> or custom-<name> where <MAC-address> is of the form aa:cc:ff:aa-33-99
Example-1: vdmadmin -Q -clientauth -add -domain MYDOMAIN -clientid custom-kiosk01 -password “Secret_Password” -ou “OU=kiosk,OU=vdi,DC=mydomain,DC=local” -group sg_kioskMode -description “Kiosk 01” -noexpirepassword
Example-2: vdmadmin -Q -clientauth -add -domain MYDOMAIN -clientid cm-00:50:56:82:81:ec -genpassword -ou “OU=kiosk,OU=vdi,DC=mydomain,DC=local” -group sg_kioskMode -description “Horizon View Kiosk account for client with MAC address 00:50:56:82:81:ec” -noexpirepassword
Step 6: Enable authentication of clients in kiosk mode for each View Connection Server instance
Example: vdmadmin -Q -enable -s MYCONNECTIONSERVER
Step 7: Setup clients to connect to the kiosk mode VDIs
Example when connecting via a specific username:
“C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe” -unattended -serverURL view.mydomain.local -userName custom-01 -password Secret_Password
Example when connecting via a specific endpoint who’s MAC address has been added as an account (Step 5):
“C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe” -unattended -serverURL view.mydomain.local
