Solved

Adding trusted site for users on Citrix server

Posted on 2008-10-30
5
6,813 Views
Last Modified: 2012-06-27
Hi

We are running Citrix PS4.5 on Windows 2003 servers.

There is an app published that has a web component. If our users try and access this component via Citrix then it doesn't work - IE just stays as a blank screen.

If users RDP onto the Citrix server and then add the website as 'trusted site' in IE, then it works.

Does anyone know how we can add this site, http://webapp.domain.com, as a trusted site for all Citrix users on this server?

Are we looking at a Group Policy or is there an easier way? If if it's a GPO, what's the best way to do this exactly?


Cheers
0
Comment
Question by:bruce_77
5 Comments
 
LVL 36

Expert Comment

by:Carl Webster
ID: 22848971
0
 
LVL 36

Assisted Solution

by:Carl Webster
Carl Webster earned 100 total points
ID: 22848984
In case you can't get to that site:

To create a policy to add a site to the Trusted Sites security zone:

01. Log on as a member of the Domain Admins group.

02. Open the Active Directory Users and Computers MMC snap-in.

03. Right-click the domain or Organizational Unit where you want to create the GPO and press Properties.

04. Select the Group Policy tab.

05. Press New.

06. Type a name for the new GPO and press Enter.

07. To prevent the policy from being applied to some users or groups, press Properties. Select the Security tab. Add the user or group that you want to prevent from having this policy and clear the Read and the Apply Group Policy boxes in the Allow column. Press OK.

08. Press the Edit button.

09. Navigate through User Configuration / Windows Settings / Internet Explorer Maintenance / Security.

10. Right-click Security Zones and Content Ratings in the right-hand pane and press Properties.

11. Select Import the current security zones and privacy settings. If prompted, press Continue.

12. Press Modify Settings.

13. Select Trusted Sites and press the Sites button.

14. Type the full URL of the site you wish to add and press Add.

15. Press Close (or OK) and OK.

16. Press Close (or OK) until all dialog boxes are closed, and close any snap-in windows.

17. Allow sufficient time for the policy to propagate throughout the domain.


For Step 17, you can just use GPUPDATE /FORCE from the DC and then from all your Citrix servers.
0
 
LVL 10

Accepted Solution

by:
JaredJ1 earned 400 total points
ID: 22850177
There is actually a better group policy object that is now available for doing this rather than using the "Import" method in IE Maintenance which was always unreliable.

Look in the following location:
User Configuration > Administrative Templates > Windows Components > internet Explorer > Internet Control Panel > Security Page > Site To Zone Assignment List
Enable this policy and add the url with a value of 2. (2 is for Trusted Sites)

You could apply this to the Computer Configuration so that it will apply to all users on the Citrix server.
0
 
LVL 1

Expert Comment

by:lseeman
ID: 23793880
I have been looking for a solution to this and I was going to deploy registry mods via a login script, but that appears to be too extensive with all the associated keys/values.

Instead I also modified my existing GPO by placing it at the domain level (b/c many nested user & computer OU's) and scoped it to specific AD Security groups using the above mentioned settings.

I am not trusting 100% that this will propagate to user & computer settings in Citrix Terminal Server Sessions....

Can anyone further support this?
0
 

Expert Comment

by:kevlause
ID: 26323298
"Look in the following location:
User Configuration > Administrative Templates > Windows Components > internet Explorer > Internet Control Panel > Security Page > Site To Zone Assignment List
Enable this policy and add the url with a value of 2. (2 is for Trusted Sites)"

Just FYI this will disable any trusted sites your users already have in place is you put it in your default policy. Not cool for finance if they have trusted sites for banks and what not. Just a warning!
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Citrix policies are the most efficient method to configure and tune XenDesktop environments, allowing organizations to control connection, security and bandwidth settings based on various combinations of users, devices or connection types.  Citrix …
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now