Enabling Kiosk Mode
Video Content [TBA]
Introduction to Kiosk Mode
Version: Horizon View 5.1
In View 4.5 VMware added the Kiosk Mode feature. Unsurprisingly, Kiosk mode is designed for devices being used in a kiosk fashion. When we say “kiosk”, we are referring to use cases where people can walk up to a machine and use it without logging in, usually for a specific application. Some examples include purchasing and collecting train tickets, doctor’s surgery check in, or as a tourist information point. The desktop that is delivered is normally heavily locked down and there is more often a specifically designed kiosk application that will run in a full screen manner. Obviously the traditional way for a user to gain access to a View desktop would be to login to the View client with their domain credentials. This clearly wouldn’t work for this type of use case.
When we configure Kiosk mode we are configuring certain end point devices to be able to log in with credentials that are provided by the View Connection Server. We need to pre-register any devices we wish to use in this way, create the relevant desktops pools, prepare the domain for the accounts to be created and allow View to create the relevant accounts for these desktops.
Configuring the pre-requisites
Before we get started it should be understood that this whole process is done from the command line from the View Connection Server. Next, we use the vdmadmin.exe to prepare for Kiosk mode and register the end devices. On the end device itself we are then going to start the View Client from the command line. The first step in the process is for us to create a dedicated OU and Security Group for the kiosks. Note down what you call them and record the full path to the OU as you will need it later.
Creating the Kiosk Pool
We will then need to create the desktop pool for the kiosks. The pool will be created from the template that has already been prepared with the Kiosk applications and relevant restrictions. It doesn’t matter what type of pool you create, but for our example we have created an automated linked clone pool.
Once the pool is created be sure to entitle the pool with the Security Group you created earlier.
Unfortunately that is all that can be done from the GUI, so we will now need to jump to the command line. From the View Connection Server open a command prompt. We are now going to set the defaults that will be used to register the client devices. When we register a device vdmadmin.exe will go off to Active Directory and create the relevant user account. It will then use the defaults we set now when doing this:
The command we will use is as follows:
vdmadmin –Q –clientauth –setdefaults –ou[full path to the OU you created] –group[name of the security group you created] –noexpirepassword
For our environment the command will look as follows:
vdmadmin -Q -clientauth -setdefaults -ou "OU=kiosks,DC=Corp,DC=com" -group KioskUsers –noexpirepassword
Once we have configured the defaults we will need to get the MAC addresses of the devices we are going to use for the Kiosk endpoints. This can be achieved by either a simple ipconfig –all command on a windows PC, or you can use the tools built into the View Client as follows.
From a command prompt, browse to the following directory:
C:\Program Files\VMware\VMware View\Client\bin
Once you are at this location you can use the following command to get the MAC address:
Once we have the MAC addresses for all our devices, we will register them with the View Connection Server so it can go off to the domain and create the relevant accounts. In this example we are letting the View Connection server automatically create the accounts for us. If the MAC address of your end user device is 00:FD:B8:BC:29:D0, View will create a account called cm-00:FD:B8:BC:29:D0 in the OU that you select.
We will use the following command to register the end user device:
vdmadmin –Q –clientauth –add –domain corp –clientid 00:FD:B8:BC:29:D0 –group KioskUsers
Note: When running this command ensure you have started the command prompt with a user that has permissions to enter data in Active Directory or the command will fail.
If we now check the Active Directory OU and the Security Group we will see the cm-00:FD:B8:BC:29:D0 user has been created.
We now need to enable the View Connection Server to allow users to authenticate without the need for a password. From the View Connection Server we will run the following command:
vdmadmin –Q –enable –s cs01
We can then use the following command to verify that the end devices are in Kiosk Mode
vdmadmin –Q –clientauth –list
The last piece of the puzzle is for us to start the View Client in Kiosk Mode on our end user devices. This would normally be part of a start-up script or action on the end use devices.
On Windows we need to run the following command:
C:\Program Files\VMware\VMware View\Client\bin\wswc –unattended –serverURL cs01.corp.com
On a Linux client we can run:
vmware-view –unattended –s cs01.corp.com
When the script runs at login, the client will be automatically logged into the View desktop without the user needing to authenticate.
This process can seem quite intimidating to start with due to its command driven nature. Once you’ve done a couple it is very simple. We would hope to see this functionality making it into the GUI in a future version as it would make the process a lot more user friendly and a lot easier to administer moving forward. When completing the various steps, ensure you are using a valid user account and obtain accurate MAC addresses. If both are done accurately, you will be just fine. In our next chapter we will be looking at the typical set-up and configuration of thin clients. Of course there are many different types of thin clients available on the market. We’ve chosen a wide range of vendors as examples. Our aim here is not to endorse or promote a particular vendor, but instead give you an insight into what thin clients can be like when brought into your environment to manage. Once again you might have already decided that thin clients are not appropriate in your design. If that’s the case, feel free to press on to the next chapter.