Configure SSL connections to satisfy Security Tools

Specifies how SSL session negotiation connections are established.

In order to satisfy port scanners, enable this 'Configure SSL connections' setting and on a View Agent, do the following:

1. In Microsoft Management Console, store a correctly named and signed certificate into the Personal store for the Local Machine's computer account. Make sure to mark it exportable.
2. Store the certificate for the Certificate Authority that signed it in the Trusted Root certificate store.
3. Disable connections to VMware View 5.1 and earlier.
4. Configure the agent to load certificates only from the Certificate Store. If the Personal store for the Local Machine is used, leave the certificate store names unchanged as "MY" and "ROOT" (without the quotes), unless a different store location was used in steps 1 and 2.

The resulting PCoIP Server will satisfy Security Tools such as port scanners.

Checking the box to enforce AES-256 or stronger ciphers will prevent the use of AES-128 ciphers suites during SSL negotiation.

If this 'Configure SSL connections' setting is disabled or not configured:

1. This endpoint will connect to VMware View 5.1 and earlier endpoints as well as newer ones.
2. The endpoint will use certificates from the machine account's "MY" store and Certification Authority certificates from the "ROOT" store.
3. An agent will try to load a certificate but generate a unique self-signed certificate if none is found.
4. The minimum key size will be 1024
5. The Server's certificate will be its own, not that of the View Connection Server.
6. The AES-128 cipher suite will be available.

Supported on: Teradici PCoIP Session

Name of the Machine account's Certificate Store to search for a certificate:

Registry HiveHKEY_LOCAL_MACHINE
Registry PathSoftware\Policies\Teradici\PCoIP\pcoip_admin_defaults
Value Namepcoip.cert_store_name
Value TypeREG_SZ
Default Value
Name of the Machine account's Certificate Store to search for a Certificate Authority's certificate:

Registry HiveHKEY_LOCAL_MACHINE
Registry PathSoftware\Policies\Teradici\PCoIP\pcoip_admin_defaults
Value Namepcoip.ca_cert_store_name
Value TypeREG_SZ
Default Value
Enforce AES-256 or stronger ciphers for SSL connection negotiation
Registry HiveHKEY_LOCAL_MACHINE
Registry PathSoftware\Policies\Teradici\PCoIP\pcoip_admin_defaults
Value Namepcoip.ssl_disable_aes_128
Value TypeREG_DWORD
Default Value0
True Value1
False Value0

pcoip.admx

Administrative Templates (Computers)

Administrative Templates (Users)