Solved

Adding trusted site for users on Citrix server

Posted on 2008-10-30
5
6,706 Views
Last Modified: 2012-06-27
Hi

We are running Citrix PS4.5 on Windows 2003 servers.

There is an app published that has a web component. If our users try and access this component via Citrix then it doesn't work - IE just stays as a blank screen.

If users RDP onto the Citrix server and then add the website as 'trusted site' in IE, then it works.

Does anyone know how we can add this site, http://webapp.domain.com, as a trusted site for all Citrix users on this server?

Are we looking at a Group Policy or is there an easier way? If if it's a GPO, what's the best way to do this exactly?


Cheers
0
Comment
Question by:bruce_77
5 Comments
 
LVL 36

Expert Comment

by:Carl Webster
ID: 22848971
0
 
LVL 36

Assisted Solution

by:Carl Webster
Carl Webster earned 100 total points
ID: 22848984
In case you can't get to that site:

To create a policy to add a site to the Trusted Sites security zone:

01. Log on as a member of the Domain Admins group.

02. Open the Active Directory Users and Computers MMC snap-in.

03. Right-click the domain or Organizational Unit where you want to create the GPO and press Properties.

04. Select the Group Policy tab.

05. Press New.

06. Type a name for the new GPO and press Enter.

07. To prevent the policy from being applied to some users or groups, press Properties. Select the Security tab. Add the user or group that you want to prevent from having this policy and clear the Read and the Apply Group Policy boxes in the Allow column. Press OK.

08. Press the Edit button.

09. Navigate through User Configuration / Windows Settings / Internet Explorer Maintenance / Security.

10. Right-click Security Zones and Content Ratings in the right-hand pane and press Properties.

11. Select Import the current security zones and privacy settings. If prompted, press Continue.

12. Press Modify Settings.

13. Select Trusted Sites and press the Sites button.

14. Type the full URL of the site you wish to add and press Add.

15. Press Close (or OK) and OK.

16. Press Close (or OK) until all dialog boxes are closed, and close any snap-in windows.

17. Allow sufficient time for the policy to propagate throughout the domain.


For Step 17, you can just use GPUPDATE /FORCE from the DC and then from all your Citrix servers.
0
 
LVL 10

Accepted Solution

by:
JaredJ1 earned 400 total points
ID: 22850177
There is actually a better group policy object that is now available for doing this rather than using the "Import" method in IE Maintenance which was always unreliable.

Look in the following location:
User Configuration > Administrative Templates > Windows Components > internet Explorer > Internet Control Panel > Security Page > Site To Zone Assignment List
Enable this policy and add the url with a value of 2. (2 is for Trusted Sites)

You could apply this to the Computer Configuration so that it will apply to all users on the Citrix server.
0
 
LVL 1

Expert Comment

by:lseeman
ID: 23793880
I have been looking for a solution to this and I was going to deploy registry mods via a login script, but that appears to be too extensive with all the associated keys/values.

Instead I also modified my existing GPO by placing it at the domain level (b/c many nested user & computer OU's) and scoped it to specific AD Security groups using the above mentioned settings.

I am not trusting 100% that this will propagate to user & computer settings in Citrix Terminal Server Sessions....

Can anyone further support this?
0
 

Expert Comment

by:kevlause
ID: 26323298
"Look in the following location:
User Configuration > Administrative Templates > Windows Components > internet Explorer > Internet Control Panel > Security Page > Site To Zone Assignment List
Enable this policy and add the url with a value of 2. (2 is for Trusted Sites)"

Just FYI this will disable any trusted sites your users already have in place is you put it in your default policy. Not cool for finance if they have trusted sites for banks and what not. Just a warning!
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

After several days of searching and hunting for limited documentation, I wanted to share this guide to hopefully save someone the hassle of trying to figure this out on their own. I have tested this on Xendesktop 7.1 and PS 4.5 running simultaneous…
Several part series to implement Internet Explorer 11 Enterprise Mode
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now