[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

XenApp 6 Block User Group Policy Setting from Published Apps

Posted on 2011-09-13
17
Medium Priority
?
1,235 Views
Last Modified: 2012-05-12
I'm setting up a new XenApp 6 farm. I'm only publishing applications andn ot group policy. I have noticed when you test users login they are processing my domain group policy settings.

1) How can I block users from process user group policy setting when lauching a published application?

2) I have a very small farm that only 100 users use so ever time a users access an application a local profile is created. How can I keep test local profiles in check?
0
Comment
Question by:compdigit44
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 8
17 Comments
 
LVL 26

Expert Comment

by:Tony J
ID: 36529853
Create a new OU in AD.

Move the RDS/Citrix server(s) into it.

From group policy administration, right-click on the new RDS/Citrix OU and choose to block inheritence.
0
 
LVL 20

Author Comment

by:compdigit44
ID: 36529879
I already did that. But the user based group policy is still processing......
0
 
LVL 20

Author Comment

by:compdigit44
ID: 36529885
Is there anyway to see which policy are being applied to a published application when a users access it?
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 26

Expert Comment

by:Tony J
ID: 36529891
Ah alternatively, if you have split the computer and user group policies, create a new RDS/Citrix users group and move all of your users into them.

On the actual group policy, you can put a deny on there for that group for the policy.

But, bear in mind, that in both of these examples, they will not get ANY of the policies (1st answer I gave) or ANY of the denied policies (2nd - this - answer)

So you may want to create a RDS/Citrix-specific group policy and only apply that to the OU/Users.

You have a number of options on the profile front: use roaming profiles so they're all in a single location, use mandatory profiles that don't get changed, use Citrix profile management (which can be thought of as a hybrid between mandatory and roaming/local) or a third party tool to do something similar.

Roaming are probably simpler at this stage.
0
 
LVL 26

Expert Comment

by:Tony J
ID: 36529899
Yes - publish a desktop temporarily for the user and then run RSOP.MSC to get a list of them.
0
 
LVL 26

Expert Comment

by:Tony J
ID: 36529918
Sorry - my fingers are outpacing my thoughts a bit, and I'm getting a bit click-happy on the submit.

To expand on that: When a user logs in via RDS/Citrix, even to a published application, they are still logging onto the server and will process any and all GPO's they normally would.

By publishing the desktop, you can interact with the server to get the resultant set of policies and see exactly which have applied.

If you block inheritance on a OU though, then only GPO's applied directly to that OU will be applied. ALL others from the higher levels (Domain, etc) will not.
0
 
LVL 26

Expert Comment

by:Tony J
ID: 36529934
Depending how many DC's you have, there may be a delay in everything updating. 90+minutes unless you force a refresh on the domain.
0
 
LVL 20

Author Comment

by:compdigit44
ID: 36530342
I already block the inheritance to my citrix servers OU but this doesn't stop the user GP's from the domain for processing.

Regarding profiles. Is there any way for me to setup the profiles so they are temporary and will be distrory once the users loggs off.  I don;t want a mandaory profiles though
0
 
LVL 20

Author Comment

by:compdigit44
ID: 36531021
Would you recommed using profile management 4.0? Can the profile local be controlled via a Xen Policy through deployment console?
0
 
LVL 26

Expert Comment

by:Tony J
ID: 36531049
If the policies aren't being blocked - I can only imagine that would be because they require the loopback processing to be applied, but that's usually machine profiles.

You could always do what I suggested and put an explicit deny on the GPO in the policy editor for the Citrix users group you created.

I would recommend the Citrix profile management tool. It's quite powerful and actually whilst a bit complex to initially understand, is fairly simple once you do.
0
 
LVL 20

Author Comment

by:compdigit44
ID: 36531146
Shouls I place the new profile share on a windows server or create a volume on my xenserver??
0
 
LVL 26

Expert Comment

by:Tony J
ID: 36531273
I would put it where you have the fastest storage.
0
 
LVL 20

Author Comment

by:compdigit44
ID: 36531281
any tips for settings up profile management. Will a local gp work for the profile redirect?
0
 
LVL 20

Author Comment

by:compdigit44
ID: 36535438
If there are setting on the users Active Directory accout that specifiy the TS profile local and there are also GP setting that specify another location which settings take affect??
0
 
LVL 26

Expert Comment

by:Tony J
ID: 36535513
From memory it'll be the group policy setting that takes precedence, as these are run as the user logs on.
0
 
LVL 20

Author Comment

by:compdigit44
ID: 36535708
can I specifiy the profile management setting via a local group policy instead of a domain?
0
 
LVL 26

Accepted Solution

by:
Tony J earned 2000 total points
ID: 36535802
I'd have to check for you there - I've never actually tried.

Bear in mind though, that you could still apply a domain based group policy at the OU level, even with inheritance blocked.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

#Citrix #POC #XenDesktop #vCenter #VMware #ESX
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question