Product Documentation

Enabling the Sharing of the Same Resources or Workstation Among Many Users (Hot Desktop)

Feb 06, 2011

The Hot Desktop feature allows users to share workstations efficiently and securely. With Hot Desktop, you get the convenience of fast user switching in addition to Single Sign-on capability through Single Sign-on.

Before you can implement Hot Desktop, however, you must:
  • Create Hot Desktop-related user configurations
  • Configure a Hot Desktop shared account
  • Edit the scripts that define what applications run on Hot Desktop devices and their start up and shut down behavior

Hot Desktop functionality is not installed by default; you can select it during the initial installation of the plug-in software. You can also upgrade existing deployments to use Hot Desktop.

If you deploy Hot Desktop in an environment where users log on with smart cards and your selected smart card key source is DPAPI with Profile, do not select Prompt user to enter the previous password as the only key recovery method for those users. Users in such an environment cannot enter the correct previous password and, consequently, are irretrievably locked out of the system. To avoid this problem, select the automatic key management option or make question-based authentication available as an option.

Controlling Applications with Hot Desktop

With Hot Desktop, users can authenticate quickly using their Windows account credentials or smart card strong authenticator. As the administrator, you can configure Hot Desktop to launch applications in the Hot Desktop environment so your users do not have to search for and wait for their applications to launch.

You can also configure Hot Desktop to help ensure that all applications terminate properly, leaving behind a clean environment for the next user session.

The Hot Desktop User Experience

When the shared account logs on, it places the device into “fast user switch” mode, which causes a standard Windows authentication prompt to appear on the screen. The shared account remains logged on regardless of Hot Desktop user activity.

When users authenticate, they do not log on to Hot Desktop in the traditional sense. Instead, Hot Desktop uses their Windows credentials to start a Hot Desktop session. Because users are not truly logging on but rather authenticating, time-consuming events normally associated with logging on, such as applying group policy, initializing printers, and so on, do not occur. This creates the “fast-switch” users experience when running Hot Desktop. A user can start a session, perform any job-related tasks, and end the session so the next user can enter the system and do the same. The switch from user to user occurs quickly and efficiently.

The Single Sign-on Plug-in software launches when the Hot Desktop session starts. After the session is established, Hot Desktop accesses the user’s Windows account credentials to launch applications using the standard shell interface. Typically, these lightweight client applications prompt users for their credentials, which can be supplied by the plug-in software using settings associated with their Windows account.