Configure SSL connections to satisfy Security Tools
Specifies how SSL session negotiation connections are established.
In order to satisfy port scanners, enable this 'Configure SSL connections' setting and on a View Agent, do the following:
1. In Microsoft Management Console, store a correctly named and signed certificate into the Personal store for the Local Machine's computer account. Make sure to mark it exportable.
2. Store the certificate for the Certificate Authority that signed it in the Trusted Root certificate store.
3. Disable connections to VMware View 5.1 and earlier.
4. Configure the agent to load certificates only from the Certificate Store. If the Personal store for the Local Machine is used, leave the certificate store names unchanged as "MY" and "ROOT" (without the quotes), unless a different store location was used in steps 1 and 2.
The resulting PCoIP Server will satisfy Security Tools such as port scanners.
Checking the box to enforce AES-256 or stronger ciphers will prevent the use of AES-128 ciphers suites during SSL negotiation.
If this 'Configure SSL connections' setting is disabled or not configured:
1. This endpoint will connect to VMware View 5.1 and earlier endpoints as well as newer ones.
2. The endpoint will use certificates from the machine account's "MY" store and Certification Authority certificates from the "ROOT" store.
3. An agent will try to load a certificate but generate a unique self-signed certificate if none is found.
4. The minimum key size will be 1024
5. The Server's certificate will be its own, not that of the View Connection Server.
6. The AES-128 cipher suite will be available.
Supported on: Undefined
Disable connections from VMware View 5.1 and earlier| Registry Hive | HKEY_LOCAL_MACHINE |
| Registry Path | Software\Policies\Teradici\PCoIP\pcoip_admin_defaults |
| Value Name | pcoip.ssl_cert_deny_legacy_connections |
| Value Type | REG_DWORD |
| Default Value | 0 |
| True Value | 1 |
| False Value | 0 |
How a Server chooses the certificate it presents to post-VMware View 5.1 components:
- From the Certificate Store
Registry Hive HKEY_LOCAL_MACHINE Registry Path Software\Policies\Teradici\PCoIP\pcoip_admin_defaults Value Name pcoip.ssl_cert_type Value Type REG_DWORD Value 1 - Generate a unique self-signed certificate
Registry Hive HKEY_LOCAL_MACHINE Registry Path Software\Policies\Teradici\PCoIP\pcoip_admin_defaults Value Name pcoip.ssl_cert_type Value Type REG_DWORD Value 2 - From the Certificate Store if possible, otherwise generate
Registry Hive HKEY_LOCAL_MACHINE Registry Path Software\Policies\Teradici\PCoIP\pcoip_admin_defaults Value Name pcoip.ssl_cert_type Value Type REG_DWORD Value 0
Name of the Machine account's Certificate Store to search for a certificate:
| Registry Hive | HKEY_LOCAL_MACHINE |
| Registry Path | Software\Policies\Teradici\PCoIP\pcoip_admin_defaults |
| Value Name | pcoip.cert_store_name |
| Value Type | REG_SZ |
| Default Value | MY |
The minimum keylength enforced when validating the certificate (1024, 2048 or 4096):
- 1024
Registry Hive HKEY_LOCAL_MACHINE Registry Path Software\Policies\Teradici\PCoIP\pcoip_admin_defaults Value Name pcoip.ssl_cert_min_key_length Value Type REG_DWORD Value 1024 - 2048
Registry Hive HKEY_LOCAL_MACHINE Registry Path Software\Policies\Teradici\PCoIP\pcoip_admin_defaults Value Name pcoip.ssl_cert_min_key_length Value Type REG_DWORD Value 2048 - 4096
Registry Hive HKEY_LOCAL_MACHINE Registry Path Software\Policies\Teradici\PCoIP\pcoip_admin_defaults Value Name pcoip.ssl_cert_min_key_length Value Type REG_DWORD Value 4096
Name of the Machine account's Certificate Store to search for a Certificate Authority's certificate:
| Registry Hive | HKEY_LOCAL_MACHINE |
| Registry Path | Software\Policies\Teradici\PCoIP\pcoip_admin_defaults |
| Value Name | pcoip.ca_cert_store_name |
| Value Type | REG_SZ |
| Default Value | ROOT |
Server instructs client to request the View Connection Server's certificate| Registry Hive | HKEY_LOCAL_MACHINE |
| Registry Path | Software\Policies\Teradici\PCoIP\pcoip_admin_defaults |
| Value Name | pcoip.ask_clients_to_use_vcs_sni |
| Value Type | REG_DWORD |
| Default Value | 0 |
| True Value | 1 |
| False Value | 0 |
Enforce AES-256 or stronger ciphers for SSL connection negotiation| Registry Hive | HKEY_LOCAL_MACHINE |
| Registry Path | Software\Policies\Teradici\PCoIP\pcoip_admin_defaults |
| Value Name | pcoip.ssl_disable_aes_128 |
| Value Type | REG_DWORD |
| Default Value | 0 |
| True Value | 1 |
| False Value | 0 |
pcoip.admx
- PCoIP Client Session Variables
- Overridable Administrator Defaults
- Configure PCoIP client image cache size policy
- Configure PCoIP event log cleanup by size in MB
- Configure PCoIP event log cleanup by time in days
- Configure PCoIP event log verbosity
- Configure PCoIP session encryption algorithms
- Configure PCoIP virtual channels
- Configure SSL cipher list
- Configure SSL connections to satisfy Security Tools
- Configure SSL protocols
- Configure the Client PCoIP UDP port
- Configure the maximum PCoIP session bandwidth
- Configure the PCoIP session bandwidth floor
- Configure the PCoIP session MTU
- Configure the PCoIP transport header
- Enable/disable audio in the PCoIP session
- Overridable Administrator Defaults
- PCoIP Session Variables
- Overridable Administrator Defaults
- Configure clipboard audit
- Configure clipboard memory size on server
- Configure clipboard redirection
- Configure drag and drop direction
- Configure frame rate vs image quality preference
- Configure PCoIP event log cleanup by size in MB
- Configure PCoIP event log cleanup by time in days
- Configure PCoIP event log verbosity
- Configure PCoIP image quality levels
- Configure PCoIP session encryption algorithms
- Configure PCoIP USB allowed and unallowed device rules
- Configure PCoIP virtual channels
- Configure SSL cipher list
- Configure SSL connections to satisfy Security Tools
- Configure SSL protocols
- Configure the maximum PCoIP session bandwidth
- Configure the PCoIP session audio bandwidth limit
- Configure the PCoIP session bandwidth floor
- Configure the PCoIP session MTU
- Configure the PCoIP transport header
- Configure the TCP port to which the PCoIP Server binds and listens
- Configure the UDP port to which the PCoIP Server binds and listens
- Disable sending CAD when users press Ctrl+Alt+Del
- Enable/disable audio in the PCoIP session
- Enable/disable microphone noise and DC offset filter in PCoIP session
- Enable access to a PCoIP session from a vSphere console
- Filter images out of the incoming clipboard data
- Filter images out of the outgoing clipboard data
- Filter Microsoft Chart and Smart Art data out of the incoming clipboard data
- Filter Microsoft Chart and Smart Art data out of the outgoing clipboard data
- Filter Microsoft Office text data out of the incoming clipboard data
- Filter Microsoft Office text data out of the outgoing clipboard data
- Filter Microsoft Text Effects data out of the incoming clipboard data
- Filter Microsoft Text Effects data out of the outgoing clipboard data
- Filter Rich Text Format data out of the incoming clipboard data
- Filter Rich Text Format data out of the outgoing clipboard data
- Filter text out of the incoming clipboard data
- Filter text out of the outgoing clipboard data
- Turn off Build-to-Lossless feature
- Turn on PCoIP user default input language synchronization
- Use alternate key for sending Secure Attention Sequence
- Whether block clipboard redirection to client side when client doesn't support audit
- Overridable Administrator Defaults
- VMware Blast
- Audio playback
- Clipboard memory size on server
- Configure clipboard audit
- Configure clipboard redirection
- Configure drag and drop direction
- Configure file transfer
- Cookie Cleanup Interval
- DSCP from Agent, TCP/IPv4
- DSCP from Agent, TCP/IPv6
- DSCP from Agent, UDP/IPv4
- DSCP from Agent, UDP/IPv6
- DSCP from BSG to Agent, TCP/IPv4
- DSCP from BSG to Agent, TCP/IPv6
- DSCP from BSG to Agent, UDP/IPv4
- DSCP from BSG to Agent, UDP/IPv6
- DSCP from BSG to Client, TCP/IPv4
- DSCP from BSG to Client, TCP/IPv6
- DSCP from BSG to Client, UDP/IPv4
- DSCP from BSG to Client, UDP/IPv6
- DSCP from Client, TCP/IPv4
- DSCP from Client, TCP/IPv6
- DSCP from Client, UDP/IPv4
- DSCP from Client, UDP/IPv6
- DSCP Marking
- Filter images out of the incoming clipboard data
- Filter images out of the outgoing clipboard data
- Filter Microsoft Chart and Smart Art data out of the incoming clipboard data
- Filter Microsoft Chart and Smart Art data out of the outgoing clipboard data
- Filter Microsoft Office text data out of the incoming clipboard data
- Filter Microsoft Office text data out of the outgoing clipboard data
- Filter Microsoft Text Effects data out of the incoming clipboard data
- Filter Microsoft Text Effects data out of the outgoing clipboard data
- Filter Rich Text Format data out of the incoming clipboard data
- Filter Rich Text Format data out of the outgoing clipboard data
- Filter text out of the incoming clipboard data
- Filter text out of the outgoing clipboard data
- H.264 High Color Accuracy
- H.264 Quality
- H.264
- HEVC
- HTML Access printing
- HTTP Service
- Image Quality
- Keyboard locale synchronization
- Max Frame Rate
- Max Session Bandwidth kbit/s Megapixel Slope
- Max Session Bandwidth
- Min Session Bandwidth
- PNG
- Screen Blanking
- UDP Protocol
- Whether block clipboard redirection to client side when client doesn't support audit
- VMware Horizon Client Configuration
- Scripting definitions
- Account to use for Unauthenticated Access
- Automatically connect if only one launch item is entitled
- Connect all USB devices to the desktop or remote application on launch
- Connect USB devices to the desktop or remote application when they are plugged in
- DesktopLayout
- DesktopName to select
- Disable 3rd-party Terminal Services plugins
- Disconnected application session resumption behavior
- Enable Unauthenticated Access to the server
- Locked Guest Size
- Logon DomainName
- Logon Password
- Logon UserName
- Server URL
- Suppress error messages (when fully scripted only)
- Security Settings
- Allow command line credentials
- Certificate verification mode
- Configures SSL protocols and cryptographic algorithms
- Default value of the 'Log in as current user' checkbox
- Display option to Log in as current user
- Enable jump list integration
- Enable Single Sign-On for smart card authentication
- Enable SSL encrypted framework channel
- Ignore certificate revocation problems
- Servers Trusted For Delegation
- Unlock remote sessions when the client machine is unlocked
- View USB Configuration
- Settings not configurable by Agent
- Allow Audio Input Devices
- Allow Audio Output Devices
- Allow Auto Device Splitting
- Allow HID-Bootable
- Allow keyboard and Mouse Devices
- Allow other input devices
- Allow Smart Cards
- Allow Video Devices
- Exclude All Devices
- Exclude Device Family
- Exclude Vid/Pid Device from Split
- Exclude Vid/Pid Device
- Include Device Family
- Include Vid/Pid Device
- Split Vid/Pid Device
- Allow data sharing
- Allow display scaling
- Allow HEVC Decoding
- Always hide the remote floating language (IME) bar for Hosted Apps
- Automatically install shortcuts when configured on the Horizon server
- Block multiple Horizon Client instances per Windows session
- Default value of the 'Hide the selector after launching an item' checkbox
- Delay the start of replications when starting the Horizon Client with Local Mode
- Disable desktop disconnect messages
- Disable time zone forwarding
- Disable toast notifications
- Disallow passing through client information in a nested session
- Display modifier function key
- Display only smart card certificates during login
- Enable Horizon Client online update
- Enable relative mouse
- Hide items in application context menu
- Hide items in desktop context menu
- Hide items in desktop toolbar
- Hide items in system tray menu
- Hide items in the client toolbar menu
- Redirect smart card readers in Local Mode
- Tunnel proxy bypass address list
- URL for Horizon Client online help
- URL for Horizon Client online update
- Scripting definitions
- VMware Horizon Performance Tracker
- VMware Horizon Printer Redirection
- VMware Horizon URL Redirection
- VMware Integrated Printing
- VMware View Agent Configuration
- Agent Configuration
- AllowDirectRDP
- AllowSingleSignon
- CommandsToRunOnConnect
- CommandsToRunOnDisconnect
- CommandsToRunOnReconnect
- ConnectionTicketTimeout
- CredentialFilterExceptions
- Disable Time Zone Synchronization
- DPI Synchronization Per Connection
- DPI Synchronization
- Enable multi-media acceleration
- Enable Unauthenticated Access
- Force MMR to use software overlay
- ShowDiskActivityIcon
- Single sign-on retry timeout
- Toggle Display Settings Control
- Agent Security
- Collaboration
- Persona Management
- Desktop UI
- Folder Redirection
- Add the administrators group to redirected folders
- Application Data (Roaming)
- Contacts
- Cookies
- Desktop
- Downloads
- Favorites
- Files and folders excluded from Folder Redirection (exceptions)
- Files and folders excluded from Folder Redirection
- History
- Links
- My Documents
- My Music
- My Pictures
- My Videos
- Network Neighborhood
- Printer Neighborhood
- Recent Items
- Saved Games
- Searches
- Send To
- Start Menu
- Startup Items
- Templates
- Temporary Internet Files
- Logging
- Roaming & Synchronization
- Cleanup CLFS Files
- Enable background download for laptops
- Enforces wallpaper setting from GPO
- Excluded Processes
- Files and folders excluded from roaming (exceptions)
- Files and folders excluded from roaming
- Files and folders to preload (exceptions)
- Files and folders to preload
- Folders to background download (exceptions)
- Folders to background download
- Manage user persona
- Persona repository location
- Remove local persona at log off
- Roam local settings folders
- Windows roaming profiles synchronization (exceptions)
- Windows roaming profiles synchronization
- Troubleshooting
- Scanner Redirection
- Serial COM
- Smartcard Redirection
- True SSO Configuration
- Unity Touch and Hosted Apps
- View Agent Direct-Connection Configuration
- Applications Enabled
- Client Config Name Value Pairs
- Client Credential Cache Timeout
- Client Session Timeout
- Client setting: AlwaysConnect
- Client setting: AutoConnect
- Client setting: ScreenSize
- Default Protocol
- Disclaimer Enabled
- Disclaimer Text
- External Blast Port
- External Framework Channel Port
- External IP Address
- External PCoIP Port
- External RDP Port
- HTTPS Port Number
- Multimedia redirection (MMR) Enabled
- Reset Enabled
- Session Timeout
- USB AutoConnect
- USB Enabled
- User Idle Timeout
- X509 Certificate Authentication
- X509 SSL Certificate Authentication Enabled
- View RTAV Configuration
- View USB Configuration
- Client Downloadable only Settings
- Exclude All Devices
- Exclude Device Family
- Exclude Vid/Pid Device
- Include Device Family
- Include Vid/Pid Device
- VMware Client IP Transparency
- VMware Device Bridge
- VMware FlashMMR
- VMware Horizon Client Drive Redirection
- VMware HTML5 Features
- VMware HTML5 Multimedia Redirection
- VMware Virtualization Pack for Skype for Business
- Recursive Enumeration of Trusted Domains
- Agent Configuration
- VMware View Common Configuration
- Log Configuration
- Performance Alarms
- CPU and Memory Sampling Interval in Seconds
- Overall CPU usage percentage to issue log info
- Overall memory usage percentage to issue log info
- Process CPU usage percentage to issue log info
- Processes to check, comma separated name list allowing wild cards and exclusion
- Process memory usage percentage to issue log info
- Security Configuration
- Disk threshold for log and events in Megabytes
- Enable extended logging
- Override the default View Windows event generation
- VMware View Server Configuration
- Windows Components
- Horizon View RDSH Services
- Remote Desktop Session Host
- Horizon View RDSH Services
- Turn off Fair Share CPU Scheduling
- PCoIP Client Session Variables
- Not Overridable Administrator Settings
- Configure PCoIP client image cache size policy
- Configure PCoIP event log cleanup by size in MB
- Configure PCoIP event log cleanup by time in days
- Configure PCoIP event log verbosity
- Configure PCoIP session encryption algorithms
- Configure PCoIP virtual channels
- Configure SSL cipher list
- Configure SSL connections to satisfy Security Tools
- Configure SSL protocols
- Configure the Client PCoIP UDP port
- Configure the maximum PCoIP session bandwidth
- Configure the PCoIP session bandwidth floor
- Configure the PCoIP session MTU
- Configure the PCoIP transport header
- Enable/disable audio in the PCoIP session
- Not Overridable Administrator Settings
- PCoIP Session Variables
- Not Overridable Administrator Settings
- Configure clipboard memory size on server
- Configure clipboard redirection
- Configure frame rate vs image quality preference
- Configure PCoIP event log cleanup by size in MB
- Configure PCoIP event log cleanup by time in days
- Configure PCoIP event log verbosity
- Configure PCoIP image quality levels
- Configure PCoIP session encryption algorithms
- Configure PCoIP USB allowed and unallowed device rules
- Configure PCoIP virtual channels
- Configure SSL cipher list
- Configure SSL connections to satisfy Security Tools
- Configure SSL protocols
- Configure the maximum PCoIP session bandwidth
- Configure the PCoIP session audio bandwidth limit
- Configure the PCoIP session bandwidth floor
- Configure the PCoIP session MTU
- Configure the PCoIP transport header
- Configure the TCP port to which the PCoIP Server binds and listens
- Configure the UDP port to which the PCoIP Server binds and listens
- Disable sending CAD when users press Ctrl+Alt+Del
- Enable/disable audio in the PCoIP session
- Enable/disable microphone noise and DC offset filter in PCoIP session
- Enable access to a PCoIP session from a vSphere console
- Filter images out of the incoming clipboard data
- Filter images out of the outgoing clipboard data
- Filter Microsoft Chart and Smart Art data out of the incoming clipboard data
- Filter Microsoft Chart and Smart Art data out of the outgoing clipboard data
- Filter Microsoft Office text data out of the incoming clipboard data
- Filter Microsoft Office text data out of the outgoing clipboard data
- Filter Microsoft Text Effects data out of the incoming clipboard data
- Filter Microsoft Text Effects data out of the outgoing clipboard data
- Filter Rich Text Format data out of the incoming clipboard data
- Filter Rich Text Format data out of the outgoing clipboard data
- Filter text out of the incoming clipboard data
- Filter text out of the outgoing clipboard data
- Turn off Build-to-Lossless feature
- Turn on PCoIP user default input language synchronization
- Use alternate key for sending Secure Attention Sequence
- Not Overridable Administrator Settings
- VMware Horizon Client Configuration
- RDP Settings
- Audio redirection
- Bitmap cache file size in MB for 8bpp bitmaps
- Bitmap cache file size in MB for 16bpp bitmaps
- Bitmap cache file size in Mb for 24bpp bitmaps
- Bitmap cache file size in MB for 32bpp bitmaps
- Bitmap caching / cache persistence active
- Color depth
- Cursor shadow
- Desktop background
- Desktop composition
- Enable audio capture redirection
- Enable compression
- Enable Credential Security Service Provider
- Enable RDP Auto-Reconnect
- Font smoothing
- In-memory bitmap cache size in KB for 8bpp bitmaps
- Menu and window animation
- Redirect clipboard
- Redirect drives
- Redirect printers
- Redirect serial ports
- Redirect smart cards
- Redirect supported plug-and-play devices
- Shadow bitmaps
- Show contents of window while dragging
- Themes
- Windows key combination redirection
- Scripting definitions
- Account to use for Unauthenticated Access
- Automatically connect if only one launch item is entitled
- Connect all USB devices to the desktop or remote application on launch
- Connect USB devices to the desktop or remote application when they are plugged in
- DesktopLayout
- DesktopName to select
- Disable 3rd-party Terminal Services plugins
- Disconnected application session resumption behavior
- Enable Unauthenticated Access to the server
- Locked Guest Size
- Logon DomainName
- Logon Password
- Logon UserName
- Server URL
- Suppress error messages (when fully scripted only)
- Security Settings
- Allow display scaling
- Always hide the remote floating language (IME) bar for Hosted Apps
- Always on top
- Automatically install shortcuts when configured on the Horizon server
- Default Exit Behavior For Local Mode Desktops
- Default value of the 'Hide the selector after launching an item' checkbox
- Disable desktop disconnect messages
- Disable opening local files in hosted applications
- Disable sharing files and folders
- Disable toast notifications
- Display modifier function key
- Don't check monitor alignment on spanning
- Enable multi-media acceleration
- Enable relative mouse
- Enable the shade
- Hide items in application context menu
- Hide items in desktop context menu
- Hide items in desktop toolbar
- Hide items in system tray menu
- Hide items in the client toolbar menu
- Pin the shade
- RDP Settings
- VMware Horizon URL Redirection
- VMware View Agent Configuration
- Agent Configuration
- Agent Security
- Scanner Redirection
- Serial COM
- VMware FlashMMR