Implementing VMware Horizon 7.7
上QQ阅读APP看书,第一时间看更新

Configuring the Instant Clone Engine AD user account

Horizon requires an AD account with specific permissions in order to manage the desktop AD computer objects for Instant Clone desktops. Refer to the Delegating permissions for Horizon Composer in Active Directory section of Chapter 3, Implementing Horizon Composer, for the procedure used to delegate these permissions, although refer to the following list of updates to that procedure as the permissions required and AD account used are different. It is assumed that prior to performing this procedure you have already created the AD user account you intend to use (svc-horizonic in this example):

  • In step 5 of the Delegating permissions for Horizon Composer in Active Directory section of Chapter 3Implementing Horizon Composer, in the Select Users, Computers, or Groups window, type the name of the Horizon Composer service account (svc-horizonic), click OK to return to the Delegation of Control Wizard - Users or Groups window, and then click Next >.

Note that we are using a dedicated AD account for Instant Clone operations. I recommend using dedicated accounts for Horizon, Horizon Composer, and Horizon Instant Clone (AD operations) for security reasons and to make it easier to troubleshoot any issues that may occur.

  • In step 8 of the Delegating permissions for Horizon Composer in Active Directory section of Chapter 3Implementing Horizon Composer, in the Delegation of Control Wizard | Permissions window, click the General, Property-specific, Read, Read All Properties, Write All Properties, and Reset password checkboxes, and then click Next >.