When you run a VM full screen and press CTRL+ALT+DEL (secure attention sequence) you should get the remote VM security screen, not the local thin client OS security screen.
HP now have an add-on for WES7 called HP Hotkey Filter (the Nov2014 update working well. Extract the MSI within the EXE and it also works on repurposed Windows 7 desktops). Now when your VDI client is running CTRL+ALT+DEL doesn’t drop you out of your session.
I also like this product http://thinscaletechnology.com/thinkiosk/
Find more IT Infrastructure tips at www.alexmags.com