Disablecapioverrideforrsa

In environments utilizing smart cards or RSA SecurID tokens for two-factor authentication, the VMware Horizon Client and the Connection Server interact to verify user identity. By default, certain versions of the Horizon software attempt to optimize the authentication flow by handling Input/Output (I/O) operations for the smart card reader locally on the client side, rather than redirecting the entire smart card device to the virtual desktop.

The system is forced to use the legacy CAPI provider (RSAENH.dll) directly, bypassing the CNG redirection. Why Disable the Override? disablecapioverrideforrsa

DisableCapIOOverrideForRSA is a specific configuration setting found within the VMware Horizon (formerly Horizon View) environment. This setting is relevant to system administrators managing Virtual Desktop Infrastructure (VDI) and determines how smart card authentication and certificate handling are processed during user logins. In environments utilizing smart cards or RSA SecurID

This setting is typically configured within the Windows Registry of the client machine or managed via Group Policy Objects (GPO) using the VMware Horizon Administrative Templates. It is often located under the registry path related to SmartCard or SSPI configurations within the VMware folder (e.g., HKCU\Software\VMware, Inc.\VMware VDM\Client\Security ). Why Disable the Override