I have touched on the subject of troubleshooting zero clients for Imprivata usage before. However, I have been reminded in recent weeks about something I neglected to cover, and which probably deserves its own post anyway. I am referring to a commonly recurring problem that arises when one attempts to mix Imprivata, zero clients, and proximity cards.
Under certain circumstances, attempting to use proximity cards to “tap out” of an active virtual session on a zero client fails. That is, the card reader beeps, but the session remains open. I have also seen other strange behavior as well, such as a user being able to “tap over” his or her own session–where Imprivata locks the zero client and then logs them back in as themselves. Furthermore, this issue does not seem to be exclusive to View or XenDesktop, and obviously, neither of these scenarios is acceptable. Thankfully, the fix is a simple registry change in your master image.
Simply set the following values (ignore the Wow6432Node part if you’re running 32bit virtual machines):
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SSOProvider\DeviceManager\RedirectionSupport DWORD : 1
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SSOProvider\DeviceManager\RemoteOnly DWORD : 1
And your proximity cards should start behaving as desired. Happy tapping, and Merry Christmas. Unless you’re reading this on a date that’s nowhere near Christmas, or if you’re not into Christmas, in which cases strike that last comment.