Create A User Account For View Composer; Configure The Restricted Groups Policy - VMware View Manager 4.5 Installation Manual
Hide thumbs
Also See for View Manager 4.5:
- Admin manual (342 pages) ,
- Integration manual (70 pages) ,
- Upgrade manual (46 pages)
Table of Contents
Advertisement
You must give the user account privileges to perform certain operations in vCenter Server. If you use View
Composer, you must give the user account additional privileges. See
Server and View Composer,"
Create a User Account for View Composer
If you use View Composer, you must create a user account in Active Directory to use with View Composer.
View Composer requires this account to join linked-clone desktops to your Active Directory domain.
To ensure security, you should create a separate user account to use with View Composer. By creating a
separate account, you can guarantee that it does not have additional privileges that are defined for another
purpose. You can give the account the minimum privileges that it needs to create and remove computer objects
in a specified Active Directory container. For example, the View Composer account does not require domain
administrator privileges.
Procedure
1
In Active Directory, create a user account in the same domain as your View Connection Server host or in
a trusted domain.
2
Add the Create Computer Objects, Delete Computer Objects, and Write All Properties permissions to
the account in the Active Directory container in which the linked-clone computer accounts are created or
to which the linked-clone computer accounts are moved.
The following list shows all the required permissions for the user account, including permissions that are
assigned by default:
List Contents
n
Read All Properties
n
Write All Properties
n
Read Permissions
n
Create Computer Objects
n
Delete Computer Objects
n
3
Make sure that the user account's permissions apply to the Active Directory container and to all child
objects of the container.
What to do next
Specify the account in View Administrator when you configure View Composer for vCenter Server and when
you configure and deploy linked-clone desktop pools.
Configure the Restricted Groups Policy
To be able to log in to a View desktop, users must belong to the local Remote Desktop Users group of the View
desktop. You can use the Restricted Groups policy in Active Directory to add users or groups to the local
Remote Desktop Users group of every View desktop that is joined to your domain.
The Restricted Groups policy sets the local group membership of computers in the domain to match the
membership list settings defined in the Restricted Groups policy. The members of your View desktop users
group are always added to the local Remote Desktop Users group of every View desktop that is joined to your
domain. When adding new users, you need only add them to your View desktop users group.
Prerequisites
Create a group for View desktop users in your domain in Active Directory.
VMware, Inc.
on page 51 for information on configuring these privileges.
Chapter 3 Preparing Active Directory
"Configuring User Accounts for vCenter
25
Advertisement
Table of Contents
