Configure Citrix load evaluator to allow only domain admin logon

This article seems to describe ways to use the server maint. load eval. We already assign that load eval when doing maint. since it denies ALL logons to that particular server while we are working on it. The problem is that is denies us admins access as well (and when i say that, i mean that we cant run through the process like an end user by going to the web interface, logging in and launching apps). I just need to know how to configure a load eval that basically says the exact same thing as our current load eval but with a stipulation that allows domain admins to still launch apps just like the server wasnt in maint mode. Does that make sense?

I don't have to test this right now but doesn't the drain load evaluator work on ICA connections only?  THerefore you can still RDP to the box because logins are NOT disabled.

Yes, i can always RDP to the box when the load eval is assigned. The server maint load eval does indeed block any and all new incoming ICA connections. That is my problem. I want to be able to have a subset of users have the ability to test app launch while the server is in maint mode. Here is a brief description of the problem i am having.

We packaged office 2010 for streaming. It worked on some of my servers and not on others. After some research i realized that i forgot to add the AppHubWhiteList reg key to all the servers. I added it and it needed a reboot. To reboot i assign the "server maint" load eval which blocks all new incoming connections so i can reboot the box after current ICA sessions log off. So i reboot after the reg key change and now the server SHOULD be ready to run office 2010 streaming but of course i need to test. and to test you always want to do it like an end user would, which is by going to the web interface, logging in and launching the desired app. The problem occurs when i take the server out of "server maint" and put the load eval back to "default" which allows me to test the apps BUT it also allows all new incoming users to hit that server for apps as well. So lets say the office 2010 streaming thing still had issues after that and i needed to continue testing, well now 12 users have hit that node since i put it back into rotation so now i have to go in and re-assign the "server maint" load eval and wait what could be hours for those active sessions to disconnect. The much easier route would be to have a group of users that were able to launch apps even while the server is in maint mode. that way i dont have to worry about flipping it back and forth and waiting for new connections to drop off. This may not even be possible since the point of the load eval is to bloack ALL incoming ICA connections but i thought it was worth looking into.

XenApp 5 or XenApp 6?

5

If you have PowerShell installed and the XenApp 5 PS stuff, you could script this easily.  WHat you need to do is have a test user security group added to the published app.  Remove the other users and or groups and leave the test group.  WHen testing is done, add the other users and or groups back to the app.  That is all I can come up with.  In your evaluator, Allow the restriction on the other users/groups and deny it on your test group.  But if you use a test group, you don't need the evaluator.

yeah, i was thinking of something along those lines or another less than easy way would be to edit the properties of each app and remove the server i am working on from the server list but that would be a bummer because we have so many apps. I was sort of hoping there was just some tweak i could do within the load eval stuff that comes built in, maybe something i was just missing, but it doesnt appear that way.

That is why I suggested PowerShell to script this.

yeah, im not much the scripter. That is something i will have to dedicate some time to and i am a bit short on that. Sure seems like it would be a nice feature to have available out of the box though without having to script stuff.

Anyway, thanks for the help.