Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 7638
  • Last Modified:

Adding trusted site for users on Citrix server

Hi

We are running Citrix PS4.5 on Windows 2003 servers.

There is an app published that has a web component. If our users try and access this component via Citrix then it doesn't work - IE just stays as a blank screen.

If users RDP onto the Citrix server and then add the website as 'trusted site' in IE, then it works.

Does anyone know how we can add this site, http://webapp.domain.com, as a trusted site for all Citrix users on this server?

Are we looking at a Group Policy or is there an easier way? If if it's a GPO, what's the best way to do this exactly?


Cheers
0
bruce_77
Asked:
bruce_77
2 Solutions
 
Carl WebsterCommented:
In case you can't get to that site:

To create a policy to add a site to the Trusted Sites security zone:

01. Log on as a member of the Domain Admins group.

02. Open the Active Directory Users and Computers MMC snap-in.

03. Right-click the domain or Organizational Unit where you want to create the GPO and press Properties.

04. Select the Group Policy tab.

05. Press New.

06. Type a name for the new GPO and press Enter.

07. To prevent the policy from being applied to some users or groups, press Properties. Select the Security tab. Add the user or group that you want to prevent from having this policy and clear the Read and the Apply Group Policy boxes in the Allow column. Press OK.

08. Press the Edit button.

09. Navigate through User Configuration / Windows Settings / Internet Explorer Maintenance / Security.

10. Right-click Security Zones and Content Ratings in the right-hand pane and press Properties.

11. Select Import the current security zones and privacy settings. If prompted, press Continue.

12. Press Modify Settings.

13. Select Trusted Sites and press the Sites button.

14. Type the full URL of the site you wish to add and press Add.

15. Press Close (or OK) and OK.

16. Press Close (or OK) until all dialog boxes are closed, and close any snap-in windows.

17. Allow sufficient time for the policy to propagate throughout the domain.


For Step 17, you can just use GPUPDATE /FORCE from the DC and then from all your Citrix servers.
0
 
JaredJ1Commented:
There is actually a better group policy object that is now available for doing this rather than using the "Import" method in IE Maintenance which was always unreliable.

Look in the following location:
User Configuration > Administrative Templates > Windows Components > internet Explorer > Internet Control Panel > Security Page > Site To Zone Assignment List
Enable this policy and add the url with a value of 2. (2 is for Trusted Sites)

You could apply this to the Computer Configuration so that it will apply to all users on the Citrix server.
0
 
lseemanCommented:
I have been looking for a solution to this and I was going to deploy registry mods via a login script, but that appears to be too extensive with all the associated keys/values.

Instead I also modified my existing GPO by placing it at the domain level (b/c many nested user & computer OU's) and scoped it to specific AD Security groups using the above mentioned settings.

I am not trusting 100% that this will propagate to user & computer settings in Citrix Terminal Server Sessions....

Can anyone further support this?
0
 
kevlauseCommented:
"Look in the following location:
User Configuration > Administrative Templates > Windows Components > internet Explorer > Internet Control Panel > Security Page > Site To Zone Assignment List
Enable this policy and add the url with a value of 2. (2 is for Trusted Sites)"

Just FYI this will disable any trusted sites your users already have in place is you put it in your default policy. Not cool for finance if they have trusted sites for banks and what not. Just a warning!
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now