The Horizon Connection Server must be configured to debug level logging.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-246886 | HRZV-7X-000005 | SV-246886r768618_rule | Medium |
| Description |
|---|
| To ensure that all security-relevant information and events are logged, the Horizon Connection Server must be configured with the "debug" logging level. This is the default value but since it could be changed to "info", this configuration must be verified and maintained. |
| STIG | Date |
|---|---|
| VMware Horizon 7.13 Connection Server Security Technical Implementation Guide | 2021-07-30 |
Details
| Check Text ( C-50318r768616_chk ) |
|---|
| On the Horizon Connection Server, launch the Registry Editor. Traverse the registry tree to "HKLM\Software\VMware, Inc.\VMware VDM". Locate the "DebugEnabled" key. If "DebugEnabled" does not exist, this is NOT a finding. If "DebugEnabled" does not have a value of "true", this is a finding. |
| Fix Text (F-50272r768617_fix) |
|---|
| On the Horizon Connection Server, open the Start menu. Find and launch the "Set Horizon 7 Connection Server Log Levels" shortcut. The precise location will vary depending on the Windows Server version and Start menu options; type the name to find it. In the resulting command window, select option 2, "View Debug". Press any key to exit the command prompt window. |