Solved

Adding trusted site for users on Citrix server

Posted on 2008-10-30
5
7,204 Views
Last Modified: 2012-06-27
Hi

We are running Citrix PS4.5 on Windows 2003 servers.

There is an app published that has a web component. If our users try and access this component via Citrix then it doesn't work - IE just stays as a blank screen.

If users RDP onto the Citrix server and then add the website as 'trusted site' in IE, then it works.

Does anyone know how we can add this site, http://webapp.domain.com, as a trusted site for all Citrix users on this server?

Are we looking at a Group Policy or is there an easier way? If if it's a GPO, what's the best way to do this exactly?


Cheers
0
Comment
Question by:bruce_77
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 37

Expert Comment

by:Carl Webster
ID: 22848971
0
 
LVL 37

Assisted Solution

by:Carl Webster
Carl Webster earned 100 total points
ID: 22848984
In case you can't get to that site:

To create a policy to add a site to the Trusted Sites security zone:

01. Log on as a member of the Domain Admins group.

02. Open the Active Directory Users and Computers MMC snap-in.

03. Right-click the domain or Organizational Unit where you want to create the GPO and press Properties.

04. Select the Group Policy tab.

05. Press New.

06. Type a name for the new GPO and press Enter.

07. To prevent the policy from being applied to some users or groups, press Properties. Select the Security tab. Add the user or group that you want to prevent from having this policy and clear the Read and the Apply Group Policy boxes in the Allow column. Press OK.

08. Press the Edit button.

09. Navigate through User Configuration / Windows Settings / Internet Explorer Maintenance / Security.

10. Right-click Security Zones and Content Ratings in the right-hand pane and press Properties.

11. Select Import the current security zones and privacy settings. If prompted, press Continue.

12. Press Modify Settings.

13. Select Trusted Sites and press the Sites button.

14. Type the full URL of the site you wish to add and press Add.

15. Press Close (or OK) and OK.

16. Press Close (or OK) until all dialog boxes are closed, and close any snap-in windows.

17. Allow sufficient time for the policy to propagate throughout the domain.


For Step 17, you can just use GPUPDATE /FORCE from the DC and then from all your Citrix servers.
0
 
LVL 10

Accepted Solution

by:
JaredJ1 earned 400 total points
ID: 22850177
There is actually a better group policy object that is now available for doing this rather than using the "Import" method in IE Maintenance which was always unreliable.

Look in the following location:
User Configuration > Administrative Templates > Windows Components > internet Explorer > Internet Control Panel > Security Page > Site To Zone Assignment List
Enable this policy and add the url with a value of 2. (2 is for Trusted Sites)

You could apply this to the Computer Configuration so that it will apply to all users on the Citrix server.
0
 
LVL 1

Expert Comment

by:lseeman
ID: 23793880
I have been looking for a solution to this and I was going to deploy registry mods via a login script, but that appears to be too extensive with all the associated keys/values.

Instead I also modified my existing GPO by placing it at the domain level (b/c many nested user & computer OU's) and scoped it to specific AD Security groups using the above mentioned settings.

I am not trusting 100% that this will propagate to user & computer settings in Citrix Terminal Server Sessions....

Can anyone further support this?
0
 

Expert Comment

by:kevlause
ID: 26323298
"Look in the following location:
User Configuration > Administrative Templates > Windows Components > internet Explorer > Internet Control Panel > Security Page > Site To Zone Assignment List
Enable this policy and add the url with a value of 2. (2 is for Trusted Sites)"

Just FYI this will disable any trusted sites your users already have in place is you put it in your default policy. Not cool for finance if they have trusted sites for banks and what not. Just a warning!
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question