VMware View – Objective 2.11 Configure The Environment for Kiosk Mode

Knowledge

  • Utilize vdmadmin (e.g., enable/disable Kiosk Mode, assign client to desktop, etc.)
  • Identify client device’s identification mechanism (MAC, custom name, etc.)

Before we crack on with Kiosk Mode, what’s the point in it? Well Kiosk Mode is for environments where people don’t login, but need access to some data.  An example of this would be my Doctors Surgery.  You go in and enter some details on a touch screen to verify you are who you say you are.  If you get the details right, you are checked in for your appointment.

Most likely Kiosk Mode desktops are going to be heavily locked down, so with this in mind, I would recommend creating an specific Organisational Unit and Security Group in Active Directory for them.

View Kiosk 1

I have created a Windows 7 Virtual Machine called VMF-KIOSK01 specifically to perform the View Kiosk function.

Kiosk Pool

I have created a Manual Floating Pool for VMF-KIOSK01 and granted the Security Group View Kiosk Users entitlement.

Before we go any further I want to test logging into VMF-KIOSK01 as user Kiosk01 to make sure everything is tickety boo.

View Kiosk 2

Well that’s working fine.  Time to leave the GUI behind and head into CLI.

Utilize vdmadmin & Identify Client Device’s Identification Mechanism

vdmadmin is a tool built into the View Connection Server that allows you to perform administrative tasks in CLI such as scripting.

We need to utilize the vdmadmin tool to get our VMF-KIOSK01 working.  Specially we are going to use the -Q option to create kiosk accounts and set parameters in Active Directory.  The complete syntax is as follows (taken from VMware View Administration – View 5.0)

  • vdmadmin -Q -clientauth -add [-b authentication_arguments] -domain domain_name-clientid client_id [-password “password” | -genpassword] [-ou DN] [-expirepassword | -noexpirepassword] [-group group_name | -nogroup] [-description “description_text”]
  • vdmadmin -Q -disable [-b authentication_arguments] -s connection_server
  • vdmadmin -Q -enable [-b authentication_arguments] -s connection_server [-requirepassword]
  • vdmadmin -Q -clientauth -getdefaults [-b authentication_arguments] [-xml]
  • vdmadmin -Q -clientauth -list [-b authentication_arguments] [-xml]
  • vdmadmin -Q -clientauth -remove [-b authentication_arguments] -domain domain_name-clientid client_id
  • vdmadmin -Q -clientauth -removeall [-b authentication_arguments] [-force]
  • vdmadmin -Q -clientauth -setdefaults [-b authentication_arguments] [-ou DN] [ -expirepassword | -noexpirepassword ] [-group group_name | -nogroup]
  • vdmadmin -Q -clientauth -update [-b authentication_arguments] -domain domain_name-clientid client_id [-password “password” | -genpassword] [-description “description_text”]

vdmadmin is located in C:\Program Files\VMware\VMware View\Server\tools\bin by default

View Kiosk 3

Run Command Prompt as a user with administrator rights and navigate into the folder locating vdmadmin.

The command we are going to run is

vdmadmin -Q -clientauth -setdefaults -ou (Organisational Unit) -group (Security Group) -noexpirepassword

Which equates too

vdmadmin -Q -clientauth -setdefaults -ou “OU=View Kiosk,OU=View Infrastructure,DC=vmfocus,DC=local” -group “View Kiosk Users” -noexpirepassword

View Kiosk 4

This command ensures that the User Accounts that View will create for Kiosk mode won’t expire.

Now we need to get the MAC Address of the View Desktops, in my case VMF-KIOSK01.  The easiest way to do this is too ping VMF-KIOSK01 and run arp -a from the command line

View Kiosk 5

The next command we are going to run is

vdmadmin -Q -clientauth -add -domain vmfocus -clientid 00:50:56:82:6a:43 -group “View Kiosk Users”

View Kiosk 6

If we check Active Directory we have a new user created called cm-00_50_56_82_6a_43 who is a member of View Kiosk Users

View Kiosk 7

Next we need to enable our View Connection Server to authenticate without needing a password, oh my!

The syntax for this is

vdmadmin -Q -enable -s VMF-CON01

View Kiosk 8

From an administrator perspective, you might want to see which clients are enabled for Kiosk Mode without passwords.  To do this run the following syntax

vdmadmin -Q -clientauth -list

View Kiosk 9

Last of all we need to tell the View Client on the physical hardware to access VMF-KIOSK01 using Kiosk mode.  VMware have included a handy little example batch file which can be found in C:\Program Files\VMware\VMware View\Client\bin\kiosk_mode.cmd

The easiest thing to do is run this script against the physical machine using a Windows GPO.

For this particular blog post, kudos to Barry Combs & Mike Laverick for the Building End-User Computing Solutions with VMware View

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s