Citrix access and Remote Desktop Users group

Posted on 2008-11-19
Last Modified: 2013-11-21

I have an application, App1, published to 4 Citrix PS4 servers; ServerA - D.

We have a multi-domain forest. Our domain is

Within the CMC, App1 is published to the security group.

On Servers A  - D, the Users is added to the Remote Desktop Group.

Everything works fine. However, we have a user in that wants to be able to use App1. he has been added to\HR, however cannot access the app.

Couple of questions;

a) Does the HR group need to be Universal
b) Does the user from need to be added to the Remote Desktop Users group of the four servers?


Question by:kam_uk
    LVL 3

    Assisted Solution

    The HR group should be part of Active Directory, not local to each server. The application should be listed in the CMC only once, referencing all four servers with load balancing established. The application should have the AD Group "HR" as a group that can access the application (it's typically as DOMAIN\group if you just add it by typing instead of browsing).  Check all of these things and let me know.
    LVL 8

    Expert Comment

    a) Yes
    b) Yes, either directly or as part of a group such as "\domain users"
    LVL 8

    Accepted Solution

    FYI, might be better to have a somewhat stricter policy as to who is part of the RDP users group.  One easy way to do this would be to create a Universal AD group called "Citrix User Groups" or something similar.  Then add all AD groups that have explicit access to some part of the Citrix farm (such as the HR security AD group you referenced earlier, and all the other AD groups).
    Then, once all the groups are added, including Admins, then you add this group to the Remote Desktop Users group on each server, and remove the domain users groups.
    (All this does is make sure just any domain user cannot RDP to your server if they have no reason to be using it.  So if everyone in all domains should be accessing Citrix, then I guess it was OK the way you already had it).

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Join & Write a Comment

    Know what services you can and cannot, should and should not combine on your server.
    How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
    This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now