One of the most common questions I get asked from clients setting up thin clients is how to pass key combinations such as CTRL+ALT+DELETE that Windows is designed to intercept for security reasons to a VMware View desktop. For those who have worked with Windows 7 Embedded Thin Clients would know that the default behavior when a user presses CTRL+ALT+DELETE in their VMware View desktop is that the user would get presented with the Thin Client’s CTRL+ALT+DELETE options rather than their VMware View desktop. This is also the same for other key combinations such as ALT+TAB and CTRL+SHIFT+ESC.
Before I write the solution, note that the following would not work:
How to enable or disable the CTRL+ALT+DELETE sequence for logging on to Windows XP, to Windows Vista, and to Windows 7
The above solution doesn’t work because it disables the need to use the CTRL+ALT+DELETE sequence during user logon.
The following policy that exists in the Windows Embedded operating system also would not work:
Computer Configuration –> Administrative Templates –> System –> Keyboard Filter –> Security Keys –> Block Secure Desktop (Ctrl+Alt+Del)
Enabling the policy above only renders the key sequence to not do anything.
It also doesn’t help that trying to Google the words Ctrl+Alt+Del, virtual desktop, thin client, etc. usually yields the 2 results from above.
The solution to the problem is actually quite simple and that is to load the PCoIP ADM template and enable:
Use Enhanced Keyboard on Windows Client if available
More information about this configuration can be found here:
View PCoIP Session Variables for the Keyboard
The requirements for using this feature are as follows:
- You need to use the VMware View Client with Local Mode
- You need to run the View Client with Local Mode as an administrator
The following summarizes the problems I immediately had with the requirements above:
- The View Local Mode capability has been removed from the Windows client in the Horizon View 6.0 release which leads me to believe it will no longer be updated thus requiring a replacment
- You cannot simply run the the View Client with Local Mode with a service account that is a local administrator on the thin client because doing so would prevent you from using the “Log on as user feature” and even if that feature worked, it would be a security risk putting a password into a batch file
I was unable to find any workarounds to the above concerns but what I did find was the following setup provided by a user on the VMware forums:
What the user did was essentially run the VMware View Client with Local mode via a script that would automatically log the user off if the client is closed. When combining this script with disabling the VMware View client bar, a user is essentially locked into their View VDI until they log off and in which case would log them off the client.
While this isn’t a perfect solution, most administrators may have to live with it until new features are released. I will update this post if I come across something better.