Disclaimer

This presentation may contain product features that are currently under development.
This overview of new technology represents no commitment from VMware to deliver these
features in any generally available product.
Features are subject to change, and must not be included in contracts, purchase orders, or
sales agreements of any kind.
Technical feasibility and market demand will affect final delivery.
Pricing and packaging for any new technologies or features discussed or presented have not
been determined.

CONFIDENTIAL 2
Speaker Introduction

Who
Graeme Gordon (Senior EUC Architect,
EUC BU, @graemengordon

Why
Horizon 7 introduces lots of key new
technologies. Learn about the technical
detail on the main new features, why they
are relevant and implementation
considerations.

CONFIDENTIAL 3
Session Agenda

1 Instant Clones

2 Smart Policies

3 Blast Extreme

4 Other New Platform Features

5 Questions

CONFIDENTIAL 4
Instant Clones
Just in Time Desktops
Trade-offs Between Virtual Desktop Types Today

Persistent Non-Persistent
Full VMs / Persistent Linked Clones View Composer Linked Clones
Pros: Pros:
Best user experience Simplified, consistent management
Efficient resource usage
Cons:
- Difficult to manage Cons:
- Potentially inefficient resource usage - Provision and patching time-consuming
- Tradeoffs in user experience

CONFIDENTIAL 6
Evolution: Just-in-Time Desktops

Windows

Windows Windows

Just in Time Desktop

Identical OS clones created one per second from Master VM

Instant Clones (aka NGVC, Project Fargo)
Apps, user data, and user-installed apps stored separately and attached at user login
App Volumes, User Environment Manager (UEM), Folder Redirection
Assemble desktops on-demand

CONFIDENTIAL 7
Instant Clones - Overview
Leverages vmFork in vSphere 6.0u1 and above
Running Parent VM is quiesced and forked
Clones customized
Clones share disk and memory of Parent VM for reads
Disk space and memory efficiency
1 clone created per second on average

Can be persistent or non-persistent

Persistence through App Volumes and UEM

Simplified desktop management and patching for admins

Rolling desktop and app patching as user logs off
Minimum maintenance window
User always gets the latest published OS image
Option to force user logoff for urgent patches

Multiple platforms: Horizon, Horizon Air Hybrid-mode

CONFIDENTIAL 8
Just-in-Time Desktop Features and Support in Horizon 7

Floating VDI Desktop Pools Only

New Guest Customization Process No Reboot Required

Tested to 2000 Desktops per Pool

App Volumes AppStack & Writable Volume support

Up Front & Elastic Provisioning

CONFIDENTIAL 9
Instant Clones versus View Composer
Composer Instant Clones
Recompose, Refresh, Rebalance Delete and Create new clone
Clone level CBRC CBRC only for Replica
Composer Service No separate service
Composer database No database
Long provisioning maintenance windows New desktops provisioned in seconds after
2000 VMs 4 hours to provision* priming
2000 VMs 40 minutes to provision*
Provisioning operations very IO intensive
Far lower disk IO load for provisioning
High vCenter Calls Clone, multiple power
operations
and reconfigure
Fewer vCenter calls Clone and Power

* Example- your mileage may vary CONFIDENTIAL 10

CONFIDENTIAL 11
CONFIDENTIAL 12
Instant Clone Limitations in Horizon 7
No dedicated Desktop Pools - Use Writable Volumes

No RDS Desktop or Application Pools

Limited SVGA Support Fixed max resolution & number of monitors

View Composer for RDSH Hosts
No 3D Rendering / GPU Support

No Sysprep support Single SID across pool

No Multi-VLAN Support in a single Pool

No Reusable Computer Accounts

CONFIDENTIAL 13
Requirements for Instant Clones
Infrastructure

Horizon 7 Broker
Horizon 7 Agent with Instant Clones
vSphere 6.0u1 or higher

Master VM

Virtual Hardware 11
VMXNET3
Windows 7 or Windows 10
On Portgroup with Static Binding (if using DVS)
Ephemeral Binding not supported

CONFIDENTIAL 14
Instant Clone Component Overview
Master VM Disk Linked Clone of Master

Template
Full clone of Template
One per Datastore
Replica

Used to Fork Desktop VMs

Parent (Host 1) Parent (Host 2) Parent (Host n) One per Host Per Datastore

Desktop VMs Desktop VMs Desktop VMs

Instant Clones
Copy on Write

CONFIDENTIAL 15
Initial Pool CreationWalkthrough
1 Template created, powered on and cloned from Master VM

2 Template is powered off

3 Replica cloned to datastore(s) where VMs will be placed

4 Reconfigure replica

5 Replica powered on and placed on a host in the cluster

6 Replica shuts down

7 CBRC Digest created on replica

8 Snapshot replica

9 Clone Parents to hosts / datastores

10 Power on Parents

11 Create and power on desktop VMs (VMFork) Priming: 5 - 40 Mins

12 Customize Desktop VMs (ClonePrep) Push: @1 Sec/Desktop

CONFIDENTIAL 16
ClonePrep

Change Machine Name

Change Machine Password

Domain Join

MS License Activation

No Power Operations Required

CONFIDENTIAL 17
Desktop Types Revisited Just-in-Time
App Volumes & User Environment Manager

Instant Clones Corporate Apps User Data User-installed

Apps
Personalization
User 1 Applications 2
Personalization

+ + +
Windows User 2

Data/Files Applications 1
User 1

Data/Files
User 2

Windows Windows

Non-Persistent Persistent
Desktops Desktops

Best user experience

Simplified, consistent management, no patch maintenance window
Provisioning on-demand
Space efficient CONFIDENTIAL 18
Smart Policies
Policy-Managed Client Features
Smart Policies
Overview Benefits
Customize desktop features Secures the desktop or application based on the users
identity or location; real-time monitoring that changes
Features include: capabilities during the session.
Clipboard Cut/Paste
Streamlined desktop experience a single desktop image
Client Drive Redirection
can be easily customized based on flexible policies.
USB
Printing
Bandwidth Profile
Policies based on
User Identity
Location
Pool Name
etc.

CONFIDENTIAL 20
How It Works
Allows or disables desktop features.
Policies can be applied based on a set of conditions:
Users login or group membership
Whether the user is accessing the desktop from a remote
location
A general list of conditions such as any tags associated with
a desktop pool
Can define multiple policies.
Each policy is orderly evaluated and can independently
block or allow feature access.
Policies are re-evaluated each time the desktop is
connected or reconnected and the settings customized
based on the current conditions.

CONFIDENTIAL 21
Policy Settings

CONFIDENTIAL 22
Policy Settings

Enable / Disable USB Redirection

CONFIDENTIAL 23
Policy Settings

Enable / Disable USB Redirection

Enable / Disable Printing

CONFIDENTIAL 24
Policy Settings

Enable / Disable USB Redirection

Enable / Disable Printing

Granular Clipboard Sharing Settings

CONFIDENTIAL 25
Policy Settings

Enable / Disable USB Redirection

Enable / Disable Printing

Granular Clipboard Sharing Settings

Granular Client Drive Redirection Settings

CONFIDENTIAL 26
Policy Settings

Enable / Disable USB Redirection

Enable / Disable Printing

Granular Clipboard Sharing Settings

Granular Client Drive Redirection Settings

Bandwidth Profiles

CONFIDENTIAL 27
Visualization
Client Horizon Desktop/
RDSH

Session Connection

Refresh P Functionality:
Triggers o Client Drive
O Redirection
L o USB Redirection
I o ThinPrint
C o Clipboard
User Redirection
Session Y o Bandwidth Profiles
Environment Environment
Variables Manager FlexEngine Agent

Horizon Agent

CONFIDENTIAL 28
Horizon Condition Variables
The default Horizon Condition variables are:
HKLM\Software\VMware, Inc.\
Client Location VMware VDM\SessionData\n\
Launch Tag(s)
Pool name (only for Desktops)

CONFIDENTIAL 29
Session Environment Variables

Additional variables passed from the Client

can be used (freeform typed):
Drop the ViewClient_ when using in a Horizon
Client Property condition.

ViewClient_Broker_GatewayType Value Source

SG-cohosted Connection Server
SG Security Server
AP Access Point
F5 (Future) F5 Devices

CONFIDENTIAL 30
Triggered Task to Refresh Horizon Policies

Update Horizon Settings dynamically at:

Reconnect session
Disconnect session
Lock workstation
Unlock workstation

CONFIDENTIAL 31
Blast Extreme
New Protocol
Blast Extreme
Overview
A new protocol option in Horizon 7
Feature and performance parity with PCoIP
PCoIP is NOT going away
Ability to leverage hardware based encode/decode
H.264 codec support
Most devices have H.264 hardware decode support
Hardware H.264 encode with NVIDIA GRID
Proprietary JPG/PNG codec support
Same as used in Blast Extreme HTML / Linux
Supports both TCP and UDP
TCP is default, UDP is optional
Native Horizon Client 4.x required
CONFIDENTIAL 34
Broad Client and Feature Support
Overview Supported Features
Blast supports HTML Access H.264 offload (Decode)

Blast Extreme for Linux Clients VDI Desktops

RDS Desktops
Blast Extreme for Windows Clients RDS Applications

Blast Extreme for Mac OS X Unified Communications

Microsoft Lync 2013
Blast Extreme for Mobile Devices (iOS, Android) RTAV

Blast Extreme requires Horizon Client 4.0 or later Windows Media MMR
Flash URL Multicast
Printer Redirection

Benefit Smartcard Redirection

Support for client devices regardless of OS

Scanner Redirection
USB (VDI) Redirection

Greatest flexibility for deployment and access Port Level USB Storage (RDSH)

Client availability via public app stores Client Drive Redirection

Linux Desktops
Native device gesture and UI support Central Management
Locked Down Endpoint

CONFIDENTIAL 35
Blast Extreme: Encoding & Decoding Technologies

H.264 Codec JPG/PNG Codec

CONFIDENTIAL 36
What is H.264?

Overview
MPEG-4 Part 10, Advanced Video Coding
Video Coding Format
One of the video encoding standards for Blue Ray
Supports lossy compression
Standards based

https://en.wikipedia.org/wiki/H.264/MPEG-4_AVC

CONFIDENTIAL 37
H.264 Codec Overview
H.264 standards based codec
Ability to leverage hardware based encode on GPU
Lossy Compression with high compression ratios
Supports both TCP and UDP
Leverage client side H.264 hardware decode

Benefit
Better for bandwidth challenged environments
AES for lower impact network security
Enable low cost PCs to deliver great user experience
Lower CPU utilization by offloading decode
Better for delivering video
Windows Media offload today for VDI and RDSH
Leverage H.264 transcode for other media formats
CONFIDENTIAL 38
Blast Extreme: NVIDIA GRID Optimized
Overview
Guest OS Guest OS
Blast Extreme delivers exceptional 3D graphics user experience
NVIDIA NVIDIA even on lower cost PCs
Driver Driver
Supports NVIDIA GRID K1, K2, M6 and M60 graphics cards
VM VM Leverage H.264 encoder option on NVIDIA GRID GPUs to lower
CPU consumption and increase scalability.
vGPU vGPU

Benefit
HYPERVISOR vGPU Manager Better frame rate
Higher server scalability
Server Reduced latency
Better bandwidth optimization
CPU GRID Deliver up to 4K resolution displays for workstation environments.

CONFIDENTIAL 39
JPG/PNG Codec
Overview
Proprietary codec, same as HTML Access / Linux
Default codec for Multi-Monitor Support
Default codec for Linux VDI
Supports both TCP and UDP

Benefit
Can be tuned with Group Policy
Lossless compression support
Better for static content delivery

CONFIDENTIAL 40
Adaptation Network Adaptation
TCP is initial default connection
Tries to connect via UDP if enabled
Automatically falls back to TCP if unable to connect on UDP
Codec Adaptation
Use hardware encode with NVIDIA GRID if available
Use software H.264 if client can decode H.264
Use JPG/PNG if client cant decode H.264
Multi-Monitor will default to JPG/PNG
Protocol Adaptation
If a pool is forced to Blast Extreme
Zero client will connect with PCoIP
Pre 4.x Horizon clients will connect with PCoIP/RDP

CONFIDENTIAL 41
Codec Options

Host OS Endpoint Options Endpoint OS Codec Type

Windows VDI Single Display Windows, Linux, ioS, MacOS, Android, H.264 HW Encode
Chrome Default: H.264
Fallback: JPG/PNG

Windows VDI Multiple Displays Windows, MacOS, Linux Default: JPG/PNG

Linux VDI Single Display Windows, MacOS, Linux, ioS, Android, Default: JPG/PNG
Chrome

Linux VDI Multiple Displays Windows, MacOS, Linux Default: JPG/PNG

CONFIDENTIAL 42
Networking

Overview
Blast Extreme supports both TCP and UDP
User can choose transport protocol from Client
Defaults to TCP, UDP is optional
UDP disabled on agent by default - enabled via GPO
External Ports 443 (HTTPS) and 8443 (TCP/UDP)
Blast port sharing on 443 (TCP) with Access Point 2.5
Remote experience traffic on VMware Virtual Channel
USB Redirection on TCP Side Channel
MMR/CDR on TCP Side Channel by default
MMR/CDR can be configured to run on VVC

CONFIDENTIAL 43
Other New Platform Features
Horizon 7 introduced many more new features
here are some highlights.
TrueSSO: Access & Authentication
Overview
Certificate User access to Horizon resources through VMware Identity
AD Authority Manager
Single sign-on using a variety of credential options.
Enrollment
Server Once authenticated, users can select any Windows desktop or
application without needing to present AD or Smartcard
credentials.
Connection
Server Uses SAML to connect the Identity Providers (IdP)
Identity
Manager
authentication with the users UPN for access to AD credentials.
Appliance VM /
RDSH True SSO generates a unique, short-lived certificate to manage
the Windows logon process.
Benefits
Separates Authentication from Access
Client
Enhanced security
Device
Supports a wide range of authentication methods
CONFIDENTIAL 46
Cloud Pod Architecture
Scale and Failover Improvements
Overview
Increased scale, allows federation of up to:
25 Horizon Pods
5 sites
50 View Connection servers
50,000 sessions
50K for desktop sessions
20K for RDSH Desktops & App sessions

Flexible entitlements allows users or groups to be

assigned to a particular home site or Pod
Fine grained control with Home Site & Home site
Override
Improved failover support.
Admin UI Updates
CONFIDENTIAL 47
Flash Redirection
Overview
Off-load Flash rendering to the client if capable
Invokes local flash player to play directly on client side.
Agent fetches Flash content and passes to client for rendering.
Whitelisted URLs
Uses a TCP side-channel to the client

Benefits
CPU load on agent side reduced.
Network bandwidth reduction.
Smoother video playback

CONFIDENTIAL 48
 Client
URL Content Redirection Machine
Horizon
Overview Client

Redirect selected URL Content

From a virtual session to the client.
From a virtual session to another virtual session. VDI Desktop 1
From the client into a virtual session. Horizon Agent

Supports URL schemas such as HTTP, HTTPs, Callto, Mailto Horizon Client

Benefits
Enhanced security RDSH Desktop / App 2
E.g. Open certain content in a secure Published App
Horizon Agent
Reduce impact on datacenter resources.
Offload unwanted content to the client

CONFIDENTIAL 49
Horizon 7 Upgrade Enhancements
Horizon 6.2 Horizon 7

CONFIDENTIAL 50
RDSH Licensing Improvements

New Options

Save only on Broker

The Per Device CAL will be stored
within the ADAM Database
Save on both Clients and Broker
The Per Device CAL will be stored
within the ADAM Database and on the
client device
Dont save the Per Device CAL
This is the default behavior

CONFIDENTIAL 51
Enhanced Pool Deletion Protection

Overview
Default behavior:
Pool will be deleted along with all VMs in it.
Enhanced Protection:
Implementing this flag adds an extra layer of
protection.
Attribute = cs-disableNonEmptyPoolDelete
"cn=common,ou=global,ou=properties in "pae-
NameValuePair
You are not able delete a pool without going
through a workflow:
Disable Provisioning on the pool
Delete all VMs within the pool
Pool Deletion will only now be possible
CONFIDENTIAL 52
Enhanced SAML Integration

Feature
Enable Connection Servers to accept multiple
SAML Identity Providers
Enable 3rd Party solutions such as F5 to take
advantage of these new capabilities
Support for Static or Dynamic SAML metadata

Benefit
3rd Party integration with Connection Server
using SAML (IdP)
Separate Authentication from Access SAML
Flexible approach to Authentication

CONFIDENTIAL 53
Resources for Reference (vmLive Recordings and Presentations)
Horizon 7 Platform / Integration + Access Point Link

Horizon 7 Client and Agent (CART 4.0) Link

Horizon 7 Instant Clones Link

Horizon 7 Blast Extreme Link

User Environment Manager 9.0 Link

Workspace ONE Link

Identity Manager 2.6 Technical Overview Link

Tips & Tricks on delivering a Workspace ONE POC Link

Identity Manager - Office 365 and Azure Integration CONFIDENTIAL Link 54

Questions?

CONFIDENTIAL 55
We value your
feedback.
Please take the brief
survey

CONFIDENTIAL 56
CONFIDENTIAL
57
vmware.com/go/SalesBriefcase
CONFIDENTIAL 59
VMware End-User Computing Training
Courses More Training Options
VMware Horizon 7: Install, Configure, Manage [V7.0] On Demand Courses
Classroom and Live Online coming soon Self-paced learning

VMware App Volumes: Application and User Profile Meets certification requirements
Management [V2.X] VMware Learning Zone
Classroom, Live Online and Onsite
Cloud-based learning
AirWatch Supplements traditional training
AirWatch Enterprise Mobility: Configure and Manage
AirWatch Enterprise Mobility: Configure and Deploy
Integrated Solutions
AirWatch Enterprise Mobility: Install and Deploy
Desktop and Mobility Certifications
On Premise Solutions
Learn the requirements and more

Partial list of courses. View complete options and descriptions:

www.vmware.com/education CONFIDENTIAL 60
URL Content Redirection
Push certain content to be opened in the client or a virtual session
URL Content Redirection
Overview
Redirect selected URL Content
From a virtual session to the client.
From a virtual session to another virtual session.
From the client into a virtual session.
Supports URL schemas such as HTTP, HTTPs, Callto, Mailto

Benefits
Enhanced security
URL
E.g. Open certain content in a secure Published App
Reduce impact on datacenter resources.
Offload unwanted content to the client

CONFIDENTIAL 62
HTTP, HTTPS Redirection From VDI To RDSH
VDI Desktop 1 RDSH Desktop / App 2
Client Machine
Horizon Agent Horizon Agent
Horizon Client

Horizon Client

Internal Web Links External Web Links

From inside VDI desktop, user clicks on
internal URL link or types in URL link in
browser address bar
The webpage will open up on browser
inside VDI desktop
From inside VDI desktop, user clicks on
external URL link or types in URL link in
browser address bar
The Horizon client will launch and the
webpage will open up inside RDSH desktop
/ app
CONFIDENTIAL 63
CallTo Redirection From VDI to Client
VDI Desktop 1
Client Machine
Horizon Agent
Horizon Client

External CallTo Links

From inside VDI desktop, user clicks on
Skype URI link
The Skype URI will be redirected to the local
client and Skype on the client will initiate the
call
CONFIDENTIAL 64
MailTo Redirection From VDI to Client
VDI Desktop 1
Client Machine
Horizon Agent
Horizon Client

External CallTo Links

From inside VDI desktop, user clicks on
MailTo link
The MailTo link will be redirected to the
local client and the chosen email client will
open up
CONFIDENTIAL 65
URL Content Redirection Requirements

Re-directing Side Requires Internet Explorer add on required to redirect

URLs typed into a browser.
Windows Required at whichever side you want to redirect
from.

Internet Explorer 9 and later

Add-on On the Client when it receives a redirection it
will use the default program for that schema
Horizon Agent 7.0 or Client 4.0
or later
Supports URL schemas such as:
PCoIP and Blast HTTP, HTTPs, Callto, and Mailto
No RDP support

CONFIDENTIAL 66
Installation
Install Horizon Agent and Client from command line with the option
/v URL_FILTERING_ENABLED=1
e.g. VMware-viewagent-x86_64-xxx.exe /v URL_FILTERING_ENABLED=1
On the Client to redirect from the Client Agent
On the Agent to redirect from the Agent Client
If both the client and agent are installed on the same machine
Both cannot have the feature enabled.
First one wins.

How to tell if feature is installed

Internet Explorer add-on
On Agent - %PROGRAMFILES\VMware\VMware View\Agent\bin\UrlRedirection\
On Client - %PROGRAMFILES\VMware\VMware Horizon View Client\
vmware-url-protocol-launch-helper.exe & vmware-url-filtering-plugin.dll
CONFIDENTIAL 67
Configuration
Use urlRedirection-enUS.adm GPO template
Computer Configuration > Policies > Administrative
Templates > Classic Administrative Templates > VMware
Horizon URL Redirection
Assign to agent or client depending on where you want to
direct from; or both if you want bi-directional
Enable
For each protocol required define:
Setting Description Example
URLs that we want to always open on the Client .*.ebay.com
ClientRules
side www.yahoo.com
URLs that we want to always open on the Agent
Agent Rules .*.vmware.com
side
brokerHostName Name or IP address of Connection Server(s) cs1.domain.com
remoteItem Name of the RDS Application or Desktop pool Internet Explorer

HKLM\SOFTWARE\VMware, Inc.\VMware VDM\URLRedirection

CONFIDENTIAL 68
Flash Redirection
Offload Flash processing to the Client
Flash Redirection
Overview
Off-load Flash rendering to the client if capable
Invokes local flash player to play directly on client side.
Agent fetches Flash content and passes to client for rendering.
Whitelisted URLs
Uses a TCP side-channel to the client

Benefits
CPU load on agent side reduced.
Network bandwidth reduction.
Smoother video playback

CONFIDENTIAL 70
Flash Redirection Requirements

Client Machine VDI Desktop

Horizon Client Horizon Agent

Client 4.0 or later Agent 7.0 or later

Internet Explorer 9, 10 or 11 Internet Explorer 9, 10 or 11

Flash ActiveX plug-in Flash ActiveX plug-in

installed and enabled installed and enabled

Windows 7, 8, 8.1 Windows 7, 8, 8.1

PCoIP and Blast Horizon desktop only (single user)

PCoIP and Blast

Blast requires Agent 7.0.1 and Client 4.1

CONFIDENTIAL 71
Configuration
1. Configure Horizon Agent (desktop)
By default the Agent install does
Install Horizon Agent 7.0 or later not enable Flash redirection
Select the option for Flash Redirection
Install Internet Explorer 9, 10, or 11.
Install Flash Player ActiveX version (if not IE11)
Enable add-on
In Internet Explorer, select Tools > Manage add-ons from the menu bar
Verify that VMware View FlashMMR Server add-on is listed and enabled.

2. Configure Client
Install Horizon Client 4.0 or later.
Install Internet Explorer 9, 10, or 11.
Install Flash Player ActiveX version (if not IE 11).

CONFIDENTIAL 72
Computer Configuration
Use View Agent Configuration GPO Template - vdm_agent.adm
Computer Configuration > Policies > Administrative Templates > Classic Administrative
Templates > VMware View Agent Configuration > VMware FlashMMR

Setting Notes Value

Specifies if Flash Redirection (FlashMMR) is enabled on the remote
desktop (agent-side).
Enable Flash multi-
When enabled, this feature forwards Flash multi-media data from the Enabled
media redirection
designated URLs through a TCP channel to the client, and invokes the
local Flash Player on the client system.
Minimum width and height (pixels) in which the Flash content is played.
Default
Minimum rect size to Flash Redirection will be used only if the Flash content is equal to or
320,200
enable FlashMMR greater than the values.
If not configured, the default value used is 320,200

Registry Key: HKLM\Software\Policies\VMware, Inc.\VMware FlashMMR\

CONFIDENTIAL 74
User Configuration
User Configuration > Policies > Administrative Templates > Classic Administrative Templates
> VMware View Agent Configuration > VMware FlashMMR

Enable and create Whitelist

List websites you want to redirect Flash for.
You can use regular expressions.
Prefix with https:// or http://
e.g.
https://*.youtube.com
http://www.cnn.com

Creates values (REG_SZ) in

HKCU\Software\Policies\VMware,
Inc.\VMware FlashMMR\UrlWhiteList\

CONFIDENTIAL 75
Internet Explorer Configuration
Whitelist sites need to be added to Internet Explorer's:
Internet Options\ Security\ Trusted Sites\
Compatibility View Setting
Option 1 Manual Script
1) Open CMD prompt
2) %Program Files%\Common
Files\VMware\RemoteExperience
3) cscript mergeflashmmrwhitelist.vbs
4) Restart Internet Explorer
Option 2 GPO Settings
1) Add entries to Trusted Sites List
User Configuration/Policies/Administrative Templates/
Windows Components/Internet Explorer/Internet Control Panel/Security Page/
Enable Site to Zone Assignment List
Add entries with same format as whitelist (e.g. http://*.youtube.com) with
value = 2
2) Add entries to Compatibility View
User Configuration/Policies/Administrative Templates/
Windows Components/Internet Explorer/Compatibility View/
Use Policy List of Internet Explorer 7 sites
Enable Use Policy List of Internet Explorer 7 sites
Add entries without prefix (e.g. youtube.com)
CONFIDENTIAL 76