VCP6-DTM Objective 4.2 – Troubleshoot Account and Permissions

Today we'll get into another topic and details concerning VMware certification exam – VCP6-Desktop and mobility. It's a VCP6-DTM Objective 4.2 – Troubleshoot Account and Permissions. All Objectives based on the original exam blueprint are covered on the VCP6-DTM Study Page. It's work in progress, but we're getting close….

Today's topic covers accounts, permissions, groups… Even if VMware Horizon 7 is out, this might not be a topic which will change on the exam as AD entitlements, groups, permissions and those topics usually stays the same…

VMware Knowledge:

• Troubleshoot issues with user accounts
• Remedy entitlement issues
• Given a scenario identify and remedy permission issues

Study Tools from the blueprint:

• Horizon View Administration Guide
• Horizon View Installation Guide
• VMware Horizon with View Optimization Guide for Windows 7 and Windows 8
• Horizon View Administrator

Troubleshoot issues with user accounts

User accounts has to be created in Active Directory (AD) for the users who have access to remote desktops and applications. The user accounts must be members of the Remote Desktop Users group, but the accounts do not require View administrator privileges.

User accounts for vCenter server and View composer has to be created. View Composer user for AD operations allows View Composer to perform certain operations in Active Directory. Check the details in VCP6-DTM Objective 1.5 – Prepare Environment for Horizon (with View)

Further updates: https://kb.vmware.com/selfservice/microsites/microsite.do

Remedy entitlement issues

You can entitle users to desktop pool or to application pool.  You can check current entitlements via admin menu via Users and Groups > Entitlements

You can display informations about users via vdmadmin command too.

Syntax:

vdmadmin -U [-b authentication_arguments] -u domain\user [-w | -n] [-xml]

You can:

• Details from Active Directory about the user's account. Membership of Active Directory groups.
• Machine entitlements including the machine ID, display name, description, folder, and whether a machine has been disabled.
• ThinApp assignments.
• Administrator roles including the administrative rights of a user and the folders in which they have those rights.

You can go further with -help ….

Given a scenario identify and remedy permission issues

Create a Permission which includes specific administrator user or group – To manage permissions in View, go to the Administrators and groups tab where you can select administrator or user > add/remove permission > select role > Finish. If the role applies to access groups, click Next, select one or more access groups, and click Finish. A role must contain at least one objectspecific privilege to apply to an access group.

Create a permission that includes a specific role – Roles tab > select role > click Permissions > add permission.

Click Add, select one or more search criteria, and click Find to find administrator users or groups that match your search criteria. Select an administrator user or group to include in the permission and click OK. You can press the Ctrl and Shift keys to select multiple users and groups.

If the role does not apply to access groups, click Finish.

If the role applies to access groups, click Next, select one or more access groups, and click Finish. A role must contain at least one objectspecific privilege to apply to an access group.

Create a permission that includes a specific access group – On the Access Groups tab, select the access group and click Add Permission.

Click Add, select one or more search criteria, and click Find to find administrator users or groups that match your search criteria.

Select an administrator user or group to include in the permission and click OK. You can press the Ctrl and Shift keys to select multiple users and groups.

Click Next, select a role, and click Finish. A role must contain at least one object-specific privilege to apply to an access group.

Depending of the scenario, you'll have verfiy that this or that user has the right priviledge, role or is part of the specific access group.  Within the same UI you can also delete permissions. A permisson that includes a specific administrator user or group, a specific role, or a specific access group.

To Review Permissions

• Review the permissions that include a specific administrator or group – Select the administrator or group on the Administrators and Groups tab.
• Review the permissions that include a specific role – Select the role on the Roles tab and click Permissions.
• Review the permissions that include a specific access group – Select the folder on the Access Groups tab.

To Review Desktop Pools, App pools, frams in an access group

• Desktop Pools – Select Catalog > Desktop Pools.
• Application Pools – Select Catalog > Application Pools.
• Farms – Select Resources > Farms.

The Study Guide page for VCP6-DTM can be found here. The guide is no mean to be a complete, but it's here as a help for studying. Feel free to send me your feedback or oppinion -:).