D81 Posted October 9 Share Posted October 9 (edited) Hi Im have recently implemented a Horizon 8 site. The test users are complaining regarding one basic thing when a user wants to access his published Destlops: The user log into his local computer (which is joined to the AD) Then he launches the Horizon client and selects the Horizon Connection server Then he logs again with the AD credentials on the horizon client So, is there any way to automaticaly passthrough the credentials of the user computer (AD) to the horizon client? The main problem is that the customer has a GPO that forced to lock the screen of the user sesion each 10 minutes, so in case the user is idle for 10 minutes the session closes on both the VDI and the local computer and when the user comes back he must first unlock his computer session and later he must unlock his VDI session again. Thanks Edited October 10 by D81 SOLVED Quote Link to comment Share on other sites More sharing options...
Dominik Posted October 9 Share Posted October 9 Hello @D81, please check: https://docs.omnissa.com/bundle/Horizon-AdministrationV2312/page/UsingtheLogInasCurrentUserFeatureAvailablewithWindows-BasedHorizonClient.html 1 Quote Dominik Jakubowski EUC Expert | vExpert ⭐️⭐️⭐️ VDI Ninja https://vdesktop.ninja Link to comment Share on other sites More sharing options...
D81 Posted October 9 Author Share Posted October 9 Thanks! Thats suposed to be the solution but I have activated the "login as current user" and it doesnt work. The user has to log in always on both the local computer and the VDI session. This is the current config: Quote Link to comment Share on other sites More sharing options...
Sean Massey-1 Posted October 9 Share Posted October 9 So can you clarify the problem you're looking to solve? I'm hearing two different things here. 1. The user has to enter their username and password to sign into Horizon and launch a virtual desktop. 2. The user's session (both local and remote) get locked when the local session locks after 10 minutes of inactivity. Am I understanding this correctly? I feel like there are details missing here, like is the user launching the Horizon Client for the first time (ie - the client is closed/not running on the PC) and seeing this? Or is the client running but minimized and they are constantly being prompted for their password because they're local session is idle? Quote Sean Massey Independent Consultant/Analyst/Blogger | VCDX-EUC 247 Vice Chairman of the Board - World of EUC Blog: thevirtualhorizon.com Mastodon: @seanpmassey@vmst.io Instagram/Thread: @seanpmassey LI: https://www.linkedin.com/in/seanpmassey/ Link to comment Share on other sites More sharing options...
D81 Posted October 9 Author Share Posted October 9 5 minutes ago, Sean Massey-1 said: So can you clarify the problem you're looking to solve? I'm hearing two different things here. 1. The user has to enter their username and password to sign into Horizon and launch a virtual desktop. 2. The user's session (both local and remote) get locked when the local session locks after 10 minutes of inactivity. Am I understanding this correctly? I feel like there are details missing here, like is the user launching the Horizon Client for the first time (ie - the client is closed/not running on the PC) and seeing this? Or is the client running but minimized and they are constantly being prompted for their password because they're local session is idle? Hi @Sean Massey-1 Sorry if I wasn't clear on my explanations. Let me explain it again... The customer has two different anoying behaviours related with the user logins: In the first case the problem is that when the userarrives at the morning to his office and logs in the local computer with his AD credentials, then he has to login again with the same credentials on the Horizon client. This is not very anoying cause it is suposed to happens just once a day, but it would be nice if the first "local computer login" could pass the credentials to the Horizon client authomaticaly. The second problem is that the customer has a GPO to block sessions at 10 minutes of idle activity which is applied by default to all the computers of the Domain. Thus it also affects both the local (laptop) and remote (VDI) sessions. So when the user session is idle for 10 minutes then both the local and remote sessions get locked. At that point when the user comes back and logs into his local computer, he has to log again with the same credentials on the remote VDI sesion. That is the most annoying problem for them. As far as I understand the feature mentioned on the previous message "Accept logon as current user" should fix the problem (at least on the first case) cause when the user logs for the first time on the local computer and then he opens the Horizon client, he should not be requested for credentials cause it should use the local computer credentials. However he still is.. So at this point I'm not sure if I'm doing something wrong or if I haven't properly understood the "accept logon as current user" use case. Quote Link to comment Share on other sites More sharing options...
Solution Sean Massey-1 Posted October 9 Solution Share Posted October 9 7 minutes ago, D81 said: In the first case the problem is that when the userarrives at the morning to his office and logs in the local computer with his AD credentials, then he has to login again with the same credentials on the Horizon client. This is not very anoying cause it is suposed to happens just once a day, but it would be nice if the first "local computer login" could pass the credentials to the Horizon client authomaticaly. So this can be easy to solve. It requires two things. First, it requires enabling the connection server to accept logon as the current user as @Dominik stated and posted directions for. Second, it requires the user to enable the logon as current user option in the Horizon Client as documented in step 3 here: https://docs.omnissa.com/bundle/HorizonClient-WindowsGuideV2406/page/ConnecttoaRemoteDesktoporPublishedApplicationfromHorizonWindowsClient.html Quote To log in as the currently logged-in Windows domain user, click the Options menu (… icon) in the upper-right corner of the menu bar and select Log in As Current User. 9 minutes ago, D81 said: The second problem is that the customer has a GPO to block sessions at 10 minutes of idle activity which is applied by default to all the computers of the Domain. Thus it also affects both the local (laptop) and remote (VDI) sessions. So when the user session is idle for 10 minutes then both the local and remote sessions get locked. At that point when the user comes back and logs into his local computer, he has to log again with the same credentials on the remote VDI sesion. That is the most annoying problem for them. As far as I understand the feature mentioned on the previous message "Accept logon as current user" should fix the problem (at least on the first case) cause when the user logs for the first time on the local computer and then he opens the Horizon client, he should not be requested for credentials cause it should use the local computer credentials. However he still is.. I'll be honest. I've never tested that feature. So I can't say how well that works. It has been an annoyance for users I've worked with in the past, and it may just be a change they need to get used to. 1 Quote Sean Massey Independent Consultant/Analyst/Blogger | VCDX-EUC 247 Vice Chairman of the Board - World of EUC Blog: thevirtualhorizon.com Mastodon: @seanpmassey@vmst.io Instagram/Thread: @seanpmassey LI: https://www.linkedin.com/in/seanpmassey/ Link to comment Share on other sites More sharing options...
D81 Posted October 10 Author Share Posted October 10 (edited) Thanks Sean! I didnt see the Login as current user option on the horizon client but I will check it again and I will provide with feedback. Regarding the second case, I think that one simple option could be to apply the lock screen GPO only to the client machine and not to the VDI (or at least increase the timeout for the VDI). Cause if the main reason is that if the user client session is already blocked then anyone can log into the user session from it. EDIT: It works! by activating the "Log as current user" on both Connection Server and Horizon Client it fixed the first and the second annoying issues, so both cases are solved! Edited October 10 by D81 fixed 1 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.