Blocking access to Server drive in Citrix

Hi All

I have just installed my first Citrix 4.5 app - Notepad.

All working fine, however when I try to save the file, I am able to browse the drives on the server that the app is published...anyone know how to stop this?

Secondly, is there a 4.5 equivalent of the Citrix Connection Tool in 4.0?

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

A couple things you can do:
1) Use a GPO to hide drive letters A-D or whatever is appropriate on your servers, and
2) Use NTFS permissions to prevent people from browsing the areas your don't want them browsing.  For example, you probably created an AD group for each published app allowing users to see that published app.  Just use that same AD group at the file/folder level to allow them ability to launch that app.

Also, regarding the Citrix Connection Tool:

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
PS: method #1 just hides the drive letters so users can still type "C:\" in the save box and get to it if they know to try that.  If you want to lock it down, you need to use NTFS for that.  Method #1 prevents most people from saving stuff on the server drives, but does not really lock anything down if they know what to look for.
Carl WebsterCitrix Technology Professional - FellowCommented:
In Group Policy:

User Configuration | Administrative Templates | Windows Components | Windows Explorer | Hide these specified drives from My Computer

User Configuration | Administrative Templates | Windows Components | Windows Explorer | Prevent access to drives from My Computer
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

kam_ukAuthor Commented:
Hi Guys


For the moment, we are just in testing so will look at GPO's soon.

Regarding the NTFS permissions - I'm a little bit confused....I don't want them to be able to browse the C: drive at this possible?
Carl WebsterCitrix Technology Professional - FellowCommented:
NO - if you do that they will not even be able to run the programs installed on the server's C drive.  Been there, done that and got the 3rd degree burns to prove it.
kam_ukAuthor Commented:
Ok - no worries.

So the only option is GPO - there is nothing within Citrix to hide server drives?

Also - I see the Citrix Connection Tool (not Citrix Connection Test Tool) has disappeared in 4.5 - do you know where you set config for client drive mapping etc on the server?
Carl WebsterCitrix Technology Professional - FellowCommented:
There is nothing native to Citrix to hide server drives.

Citrix Best Practice is to use a Citrix Policy to set you client drive mappings.
kam_ukAuthor Commented:
Ok - so just to confirm...

Citrix Policy for client drive mappings
GPO for server mappings

That's the best way to go?
Carl WebsterCitrix Technology Professional - FellowCommented:
Yes - Best practice on both counts

Also, take a look at this cool utility:
You can alternatively use a GPO specified TS login script to do the drive mappings especially if they are based on AD groups (for example, if they are in this AD group then they get these drive mapping, etc).

And although you certainly would not want to lock people out of the entire C drive, you definatelty can definately use NTFS permissions to lock users out of specific program execuatbles and/or directories to ensure you comply with your licensing restrictions.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.