WinHorizon server configuration

Updating the local built-in ‘Distributed COM Users’ group

For Domain Controllers and computers to be able to enroll (i.e. contact the DCOM service on the WinHorizon server), they need to be members of the built-in local group ‘Distributed COM Users’.

1. Access the WinHorizon server (local console or Terminal Services) using a local administrator account;

2. Launch the ‘Local User and Groups’ management console;

3. Edit the built-in group ‘Distributed COM Users’:

4. Add the groups that should be able to enroll/auto enroll:

For Domain Controllers: Domain Controllers;
For workstation: Domain Computers.

EverTrust WinHorizon Configurator

1. Search and start the EverTrust WinHorizon configurator application using Domain Administrator account.

2. Fill the following fields:

Horizon URL:
Enter the Horizon instance URL to connect to. Should end with /api/v1 Example: https://horizon.evertrust.fr/api/v1

WinHorizon uses a certificate to authenticate on Horizon. There are two ways to store this certificate. Firstly store it as PKCS12 in C:\ProgramData\EverTrust\WinHorizon\clientCertificate.p12. Secondly import PKCS12 in Microsoft Certificate store.

PKCS12 Password (if WinHorizon certificate is stored as PKCS12 file) Password of the PKCS12.
Auth Cert Serial (if WinHorizon certificate is stored in Microsoft Certificate Store) Certificate serial number of the WinHorizon certificate stored in the Microsoft Certificate Store.

WinHorizon is registered as an Enrollment Service in Active Directory. CA Name and WinHorizon Hostname are used to create the Enrollment Service entry.

CA Name:
CA Name will be used as cn.
WinHorizon Hostname:
WinHorizon Hostname will be used as dNSHostName.
Internet Ports :
WinHorizon uses the port 135 as management port and then affects a port for each client. By default, the port is randomly chosen between 1024 and 65535 but if the option is turned on, the port range can be restricted.

To restrict this range to specific ports, this section must be followed.

3. Click on Add ES Entry and import the CA certificate file that has signed the WinHorizon Certificate.

4. Click on Template. A wizard 'Certificate Template' appears.

5. Write down each template managed by the WinHorizon instance separate by ; . Click Ok. Example: EverTrustDomainController;EverTrustIIS;EverTrustUser;EverTrustServer.

6. Click on Save

WinHorizon service restart

1. Access the Services Management Console (services.msc).

2. Restart the WinHorizon service: