Solved

Publishing an internal site to only be accessed through Citrix and not locally

Posted on 2010-09-08
8
1,072 Views
Last Modified: 2012-05-10
We are currently running Citrix Presentation Server 4.5 and we have an internal site that only works on IE 6. We are in the process of upgrading our local machine to Windows 7 and it will be setup to use IE 8. Since this internal site is not configured to run on anything other then IE6 we are wanting to find an easier way to re-direct our customers to use Citrix instead. We currently publish this site as an available application but since we want to prevent the users from accessing this site internally on their local machines we need a way to force them to use Citrix. We are currently using an IE redirect application that if this address is typed into the browser locally it will be blocked and an error reminding them to use the publsihed application version will be displayed.

I know with content redirection we can set the site to redirect them to use their local browser I just wasn't sure if this could be configured to go the opposite way. If this address is entered it would launch it on Citrix. Any assistance is appreciated.

I will offer max points for a solution since this is currently a big deal here at my place or work. Thanks.
0
Comment
Question by:tonyenor
  • 4
  • 4
8 Comments
 
LVL 6

Expert Comment

by:TreyBcool
ID: 33629940
So you are already using PNAgent on their local PC to place an IE6 web browser - where the app name is called whatever that website URL is?
You could embed an ICA file for the ie6 browser on this page
"an error reminding "
With pass through authentication it should launch right in.
Or even better maybe, you could even just make that error message webpage a redirect to a WI site with pass through enabled and auto launch the IE6 browser to that web app. Lots of easy options on this one. You may have to do a custom WI site that auto launches that browser if you dont want your normal WI site to auto launch. You can do it on the same WI server - now its managed in the webinterface.conf file or for older sites you can follow this
http://www.thomaskoetzing.de/index.php?option=com_content&task=view&id=65&Itemid=104
0
 
LVL 1

Author Comment

by:tonyenor
ID: 33630067
Yes we are using the local PNA agent on the machines and they will have access to the application from the outside from the already published application pointing to this site using Web Interface. Yes the published application is currently being used and when they launch it it opens up the page using IE 6 that is installed on the Citrix server hosting that application.

I guess what I am trying to accomplish is similiar to what content redirection does with file types you can put in an extension like .doc, or .xls. If someone tries to open an application with a .doc extension Citrix is then opened to launch this application or file. I want this same behavior to happen with this internal site. I don't want them to be able to access it locally on their machines using their local browser and to force them to only use Citrix.

I guess I am just confused on what exactly you are suggesting us to do. The zip files through me off.
0
 
LVL 6

Expert Comment

by:TreyBcool
ID: 33630269
So, the applications you see in your current WI site or PNA site are .ica files. One option is to embed a .ica file that represents your IE6 site onto your current error message page and when the user hits that page it auto opens the ica file which in turn opens IE6. However, probably the best thing to do would be to make your error message page redirect your users to a WI site that auto launches your IE6 ica file.
0
 
LVL 1

Author Comment

by:tonyenor
ID: 33630644
I apologize for appearing clueless at the moment. How would I go about creating a WI site that would auto launch this site? That seems like the best route to go since it would be pretty much seamless to the users without them having to click onto another link. However I am having trouble determining how to create a site to do this within Web interface.
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 6

Accepted Solution

by:
TreyBcool earned 500 total points
ID: 33631272
From your posting:
"We are currently using an IE redirect application that if this address is typed into the browser locally it will be blocked and an error reminding them to use the publsihed application version will be displayed."

So that message is a web page. When that message/webpage posts to the user - you would just redirect the user to your WI site. So create a new WI site, enable pass through (on your xenapp servers you may need to import the icaclient.adm file and enable pass through there as well
http://support.citrix.com/proddocs/index.jsp?topic=/online-plugin-120-windows/ica-import-icaclient-template-v2.html
Pass through is under the user authentication portion. The icaclient.adm file is already on your xenapp servers - find it in program files\citrix\icaclient\configuration - on the server run gpedit.msc - click on administrative templates and import this adm file and enable pass through.

Then on your new WI site that you are redirecting to, enable pass through. What version of WI are you running? This site here has WI customizations for auto launching a specific app
http://www.thomaskoetzing.de/index.php?option=com_content&task=view&id=65&Itemid=104

However, if you are running WI5.x - then in the webinterface.conf file we can specify to autolaunch an app.
Your first step - the web page that your current error message is being posted, set in there to auto redirect you to your new WI site.
0
 
LVL 1

Author Comment

by:tonyenor
ID: 33631315
Okay got it. I will give that a try. Thanks so much for your assistance.

We are running 4.5.1.8215 version for Web Interface
0
 
LVL 1

Author Comment

by:tonyenor
ID: 33755414
Here is our HTML file we are trying to edit but I can't get the PNA file to link successfully in here. Any ideas?
Ths is what I tried and no luck. This can not be this difficult
file:///c:\Program Files (x86)\Citrix\ICA Client\pnagent.exe" /CitrixShortcut: (1) /QLaunch "SMT Portal"

if I copy the actual shortcut into work and open it launches successfully. However if I used the above hyperlink it does not work. Aggghhh please help if you can.
<html>

<head>

<title>Portal requires IE6</title>

</head>

<body bgcolor="silver">

 <h2>

Internet Explorer 6 is required.

 </h2>

 <p>

The browser you are using has been identified as a different IE version or a non-IE browser. Portal requires IE6 to function properly.

 </p>

 <p>

Please access Application via the Portal or by using IE6. Contact the help desk if you have questions.

 </p>



</body>

</html>

Open in new window

0
 
LVL 6

Expert Comment

by:TreyBcool
ID: 33758003
Hmmm, I hadnt thought about doing it with PNAgent. I was thinking the easiest thing to do, so your users dont have to log in or anything, would be to put a link to a web interface site, with pass through authentication as the default authentication and have it autolaunch the IE6. What would happen is the users would click the http://webinterface_auto_launch url, pass through would take the credentials they logged into the pc with and then from there an ica file would be generated for IE6 and auto launched. But, I guess if PNAgent is already logged in locally with all their apps, then there may just be a way to invoke the IE6 from there, good idea. You are saying it works if you click that link in word, but not in internet explorer.
I am thinking something like

<a href="file:////c:\Program Files (x86)\Citrix\ICA Client\pnagent.exe /CitrixShortcut: (1) /QLaunch SMT Portal">Launch IE6</a>

is what you will need to do.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Join & Write a Comment

#CITRIX #XENDESKTOP #POC #Citrix Studio
Citrix XenDesktop 7.6 Citrix Policies Graphics
Google currently has a new report that is in beta and coming soon to Webmaster Tool accounts. This Micro Tutorial will highlight new features for Google Webmaster Tools.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now