Managing for Kiosk Mode

Kiosk mode uses thin client or locked down PCs running the View Client to connect to virtual desktops

• End users do not login to the client device (kiosk)
• View Manager uses Flexible Aunthentication to authenticate a client device rather than the end user
• This authentication can be by MAC address or by a computer name beginning a configurable prefix string

Prepare AD for Kiosk Mode

Use of vdmadmin.exe command to manage Kiosks
Run the vdmadmin command using the -domain and -clientid options to specify the domain and the name or the MAC address of the client.

vdmadmin -Q -clientauth -add [-b authentication_arguments] -domain domain_name  

-clientid client_id [-password "password" | -genpassword] [-ou DN] 

[-expirepassword | -noexpirepassword] [-group group_name | -nogroup] 

[-description "description_text"]

Option	Description
-clientid client_id	Specifies the name or the MAC address of the client.
-description "description_text"	Creates a description of the account for the client device in Active Directory.
-domain domain_name	Specifies the domain for the client.
-expirepassword	Specifies that the expiry time for the password on the client's account is the same as for the View Connection Server group. If no expiry time is defined for the group, the password does not expire.
-genpassword	Generates a password for the client's account. This is the default behavior if you do not specify either -password or -genpassword. A generated password is 16 characters long, contains at least one uppercase letter, one lowercase letter, one symbol, and one number, and can contain repeated characters. If you require a stronger password, use the -password option to specify the password.
-group group_name	Specifies the name of the group to which the client's account is added. The name of the group must be specified as the pre-Windows 2000 group name from Active Directory. If you previously set a default group, client's account is added to this group.
-noexpirepassword	Specifies that the password on the client's account does not expire.
-nogroup	Specifies that the client's account is not added to the default group.
-ou DN	Specifies the distinguished name of the organizational unit to which the client's account is added. For example: OU=kiosk-ou,DC=myorg,DC=com
-password "password"	Specifies an explicit password for the client's account.

The command creates a user account in Active Directory for the client in the specified domain and group (if any).

Example: Adding Accounts for Clients

Add an account for a client specified by its MAC address to the MYORG domain, using the default settings for the group kc-grp.

vdmadmin -Q -clientauth -add -domain MYORG -clientid 00:10:db:ee:76:80 -group kc-grp

Add an account for a client specified by its MAC address to the MYORG domain, using an automatically generated password.

vdmadmin -Q -clientauth -add -domain MYORG -clientid 00:10:db:ee:76:80 -genpassword

Add an account for a named client, and specify a password to be used with the client.

vdmadmin -Q -clientauth -add -domain MYORG -clientid custom-Terminal21 -password "guest" -ou "OU=kiosk-ou,DC=myorg,DC=com" -description "Terminal 21"

Add an account for a named client, using an automatically generated password.

vdmadmin -Q -clientauth -add -domain MYORG -clientid custom-Kiosk11 -genpassword -ou "OU=kiosk-ou,DC=myorg,DC=com" -description "Kiosk 11"

What to do next

Create OU for Kiosk

Create a user for the Kiosk computers















Set default client values and add client accounts

Set the defaults of the client values.

On the PC running the View Client, urn the command WSWC.exe  to display the MAC address of the PC.

Add the PC accounts that will participate as kiosks. You can configure a View connection server instance to authenticate clients that identify themselves by their MAC or by user name that starts with the characters "custom-" or with an alternative prefix that you have defined in ADAM.



Enable client authentication

Enable client authentication and confirm clients participating as kiosks

Connect to Desktops from Clients in Kiosk Mode

You can run View Client from the command line or use a script to connect a client to a remote session.

You would usually use a command script to run View Client on a deployed client device.

For an example of a script that runs View Client on a Windows system, examine the file C:\Program Files\VMware\VMware View\Client\bin\kiosk_mode.cmd.

Note

On a Windows client, USB devices on the client are not forwarded automatically if they are in use by another application or service when the desktop session starts. You must ensure that you have installed the drivers on the client for any device that you want to forward. On both Windows and Linux clients, human interface devices (HIDs) and smart card readers are not forwarded by default.

Procedure

♦	To connect to a remote session, type the appropriate command for your platform. If View Manager authenticates the kiosk client and a View desktop is available, the command starts the remote session.

Example: Running View Client on Clients in Kiosk Mode

Run View Client on a Windows client whose account name is based on its MAC address, and which has an automatically generated password.

C:\Program Files\VMware\VMware View\Client\bin\wswc -unattended -serverURL consvr2.myorg.com

Run View Client on a Linux client using an assigned name and password.

vmware-view -unattended -s 145.124.24.100 --once -u custom-Terminal21 -p "Secret1!"

VMware script to view client in kiosk mode.

After user logs out, computer re-enters into kiosk mode.  The PC desktop is bypassed and launches View client into kiosk's desktop.