- Utilize vdmadmin (e.g., enable/disable Kiosk Mode, assign client to desktop, etc.)
- Identify client device’s identification mechanism (MAC, custom name, etc.)
Before we crack on with Kiosk Mode, what’s the point in it? Well Kiosk Mode is for environments where people don’t login, but need access to some data. An example of this would be my Doctors Surgery. You go in and enter some details on a touch screen to verify you are who you say you are. If you get the details right, you are checked in for your appointment.
Most likely Kiosk Mode desktops are going to be heavily locked down, so with this in mind, I would recommend creating an specific Organisational Unit and Security Group in Active Directory for them.
I have created a Windows 7 Virtual Machine called VMF-KIOSK01 specifically to perform the View Kiosk function.
I have created a Manual Floating Pool for VMF-KIOSK01 and granted the Security Group View Kiosk Users entitlement.
Before we go any further I want to test logging into VMF-KIOSK01 as user Kiosk01 to make sure everything is tickety boo.
Well that’s working fine. Time to leave the GUI behind and head into CLI.
Utilize vdmadmin & Identify Client Device’s Identification Mechanism
vdmadmin is a tool built into the View Connection Server that allows you to perform administrative tasks in CLI such as scripting.
We need to utilize the vdmadmin tool to get our VMF-KIOSK01 working. Specially we are going to use the -Q option to create kiosk accounts and set parameters in Active Directory. The complete syntax is as follows (taken from VMware View Administration – View 5.0)
- vdmadmin -Q -clientauth -add [-b authentication_arguments] -domain domain_name-clientid client_id [-password “password” | -genpassword] [-ou DN] [-expirepassword | -noexpirepassword] [-group group_name | -nogroup] [-description “description_text”]
- vdmadmin -Q -disable [-b authentication_arguments] -s connection_server
- vdmadmin -Q -enable [-b authentication_arguments] -s connection_server [-requirepassword]
- vdmadmin -Q -clientauth -getdefaults [-b authentication_arguments] [-xml]
- vdmadmin -Q -clientauth -list [-b authentication_arguments] [-xml]
- vdmadmin -Q -clientauth -remove [-b authentication_arguments] -domain domain_name-clientid client_id
- vdmadmin -Q -clientauth -removeall [-b authentication_arguments] [-force]
- vdmadmin -Q -clientauth -setdefaults [-b authentication_arguments] [-ou DN] [ -expirepassword | -noexpirepassword ] [-group group_name | -nogroup]
- vdmadmin -Q -clientauth -update [-b authentication_arguments] -domain domain_name-clientid client_id [-password “password” | -genpassword] [-description “description_text”]
vdmadmin is located in C:Program FilesVMwareVMware ViewServertoolsbin by default
Run Command Prompt as a user with administrator rights and navigate into the folder locating vdmadmin.
The command we are going to run is
vdmadmin -Q -clientauth -setdefaults -ou (Organisational Unit) -group (Security Group) -noexpirepassword
Which equates too
vdmadmin -Q -clientauth -setdefaults -ou “OU=View Kiosk,OU=View Infrastructure,DC=vmfocus,DC=local” -group “View Kiosk Users” -noexpirepassword
This command ensures that the User Accounts that View will create for Kiosk mode won’t expire.
Now we need to get the MAC Address of the View Desktops, in my case VMF-KIOSK01. The easiest way to do this is too ping VMF-KIOSK01 and run arp -a from the command line
The next command we are going to run is
vdmadmin -Q -clientauth -add -domain vmfocus -clientid 00:50:56:82:6a:43 -group “View Kiosk Users”
If we check Active Directory we have a new user created called cm-00_50_56_82_6a_43 who is a member of View Kiosk Users
Next we need to enable our View Connection Server to authenticate without needing a password, oh my!
The syntax for this is
vdmadmin -Q -enable -s VMF-CON01
From an administrator perspective, you might want to see which clients are enabled for Kiosk Mode without passwords. To do this run the following syntax
vdmadmin -Q -clientauth -list
Last of all we need to tell the View Client on the physical hardware to access VMF-KIOSK01 using Kiosk mode. VMware have included a handy little example batch file which can be found in C:Program FilesVMwareVMware ViewClientbinkiosk_mode.cmd
The easiest thing to do is run this script against the physical machine using a Windows GPO.
For this particular blog post, kudos to Barry Combs & Mike Laverick for the Building End-User Computing Solutions with VMware View