Access to Xen App Fundamentals

We have a xen app server that is running xen app fundamentals.  We have 25 licenses. We are running into a problem where users who dont need access are logging into Xen Apps.
What can be done to only allow the 25 users that should have access log in?  And when a user that is not suppose to have access be denied?  When a user that logs in and is not suppose to have access, it take a license and then it needs to be revoked to free it up.
maximus7569Asked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
maximus7569Connect With a Mentor Author Commented:
Would it be easier to take out domain users out of here and add the security group I made?
XenApp.JPG
0
 
rruschCommented:
Hi

Make sure that only allowed users (and possibly admin) are in the local "remote desktop users" group on the terminal server.

Actually I create a Group in the Domain called TS_USERS and then I add this group to all terminal servers "remote desktop users" group. Then I can simply add users to TS_USERS.
0
 
maximus7569Author Commented:
Will this work even though I am running Citrix and not just Terminal server?  
0
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
maximus7569Author Commented:
Could you be a more specific as to step by step?  The admin who does this actually quit and I got stuck with this.
0
 
rruschCommented:
Ok, no prob. Citrix is an extension to microsoft terminal server.

1. Create a security group in your AD called for ex. GE_TSUSER
2. Add allowed users to this group
3. open computer management on the terminal server
4. add GE_TSUSER to the local "Remote Desktop Users"
5. remove other groups like "domain users" or "Everyone"

Don't do that if all users are logged on since group membership is only evaluated on logon.
If you are unsure what to remove from "Remote Desktop Users" please post a list of users/groups in this local group.





Remotedesktopverbindung-2011-02-.png
0
 
maximus7569Author Commented:
Citrix ServerThis is what I have.  Is this right?
0
 
rruschCommented:
No, you are looking at "Terminal Server Computers".
The Group in question is "Remote Desktop Users" - 7 Lines up in your image.
0
 
maximus7569Author Commented:
Sorry about that I meant the remote desktop users.  I created the security group Xen Apps with all the users who need access to Xen App server.  I added the Xen apps group to Remote Desktop on the Xen App server.  I tried to log in as another user and was able to.  Did  I miss something.  Here are some snap shots. Remote Desktop
0
 
rruschCommented:
You have to remove "Authenticated Users" since almost all users are a member of this windows built in group.
0
 
maximus7569Author Commented:
Done should this block any other domain user to login now?
0
 
maximus7569Author Commented:
I am still able to login with another user that is not part of the Xen Apps group.  Did I miss something?
0
 
rruschCommented:
Please also check Group Policy:

Start > run
type gpedit.msc
Check value of "Allow log on through Terminal Services"

There should be no more than Administrators and Remote Desktop Users

Remotedesktopverbindung-2011-02-.png
0
 
maximus7569Author Commented:
This is what I have. Terminal Server Logon
0
 
rruschCommented:
Do your users work as administrators?
0
 
maximus7569Author Commented:
I actually just created a new user and he is only a domain user.  I was able to login as him.
0
 
rruschCommented:
There seems to be a strange configuration in place. Please check the members of the local "Administrators" group.
0
 
maximus7569Author Commented:
ok I will check that.
0
 
maximus7569Author Commented:
no they are not in there
0
 
rruschCommented:
Ok, it is also possible to set user access in Terminal Services Configuration. Please check that also: Start > run > tscc.msc


Remotedesktopverbindung-2011-02-.png
0
 
maximus7569Author Commented:
I dont have that. This is what I have.

Terminal-Cofig.JPG
0
 
rruschCommented:
In Windows 2008 Server its in role configuration. Sorry for the printscreen in german but i have no english win 2k8 terminal server at the moment.
Remotedesktopverbindung-2011-02-.png
0
 
maximus7569Author Commented:
0
 
rruschCommented:
Yes, you can do that. I think you should also add Domain Admins group.
0
 
maximus7569Author Commented:
Looks like modifying access in the Xen App console fixed it.
0
 
maximus7569Author Commented:
As I was looking to fix this solution, I looked in the Xen App console and looked to where you could secure Xen App by OUs.  I was unable to fix with the assistance that was provided.
0
All Courses

From novice to tech pro — start learning today.