Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Citrix access and Remote Desktop Users group

Posted on 2008-11-19
Medium Priority
Last Modified: 2013-11-21

I have an application, App1, published to 4 Citrix PS4 servers; ServerA - D.

We have a multi-domain forest. Our domain is uk.company.com

Within the CMC, App1 is published to the uk.cpmpany.com/HR security group.

On Servers A  - D, the uk.company.com/Domain Users is added to the Remote Desktop Group.

Everything works fine. However, we have a user in us.company.com that wants to be able to use App1. he has been added to uk.company.com\HR, however cannot access the app.

Couple of questions;

a) Does the HR group need to be Universal
b) Does the user from us.company.com need to be added to the Remote Desktop Users group of the four servers?


Question by:kam_uk
  • 2

Assisted Solution

calltms earned 200 total points
ID: 22996687
The HR group should be part of Active Directory, not local to each server. The application should be listed in the CMC only once, referencing all four servers with load balancing established. The application should have the AD Group "HR" as a group that can access the application (it's typically as DOMAIN\group if you just add it by typing instead of browsing).  Check all of these things and let me know.

Expert Comment

ID: 22996696
a) Yes
b) Yes, either directly or as part of a group such as "us.company.com\domain users"

Accepted Solution

Herrmannator earned 800 total points
ID: 22996753
FYI, might be better to have a somewhat stricter policy as to who is part of the RDP users group.  One easy way to do this would be to create a Universal AD group called "Citrix User Groups" or something similar.  Then add all AD groups that have explicit access to some part of the Citrix farm (such as the HR security AD group you referenced earlier, and all the other AD groups).
Then, once all the groups are added, including Admins, then you add this group to the Remote Desktop Users group on each server, and remove the domain users groups.
(All this does is make sure just any domain user cannot RDP to your server if they have no reason to be using it.  So if everyone in all domains should be accessing Citrix, then I guess it was OK the way you already had it).

Featured Post

Granular recovery for Microsoft Exchange

With Veeam Explorer for Microsoft Exchange you can choose the Exchange Servers and restore points you’re interested in, and Veeam Explorer will present the contents of those mailbox stores for browsing, searching and exporting.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

#Citrix #Citrix Policies #XenDesktop #VDI #POC #Citrix Univeral Printer Driver #Citrix UPD
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
Suggested Courses

581 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question