?
Solved

XenApp 6 and UnderStanding how policies Are applied

Posted on 2011-10-06
16
Medium Priority
?
579 Views
Last Modified: 2012-05-12
I'm settings up a new XenAPP 6 farm and have the following. I have created a new OU and placed all of my new XenAPP server in the OU which is then assigned to a WorkerGroup. This ou only contain the XenAPP server and no user accounts.

My user account resides in another ou. Here is my question. When I log into XenAPP using the Windows Reciver 3.0 on my workstation are Group Polices applied to my account that I logged into the Windows Receiver 3.0 with? Even though my user account is not in the same OU as my Citrix server will any of the GP applied to this OU which are enforced be applied.

I trying to figure out the best way to deploy customer hotkey settings for the PNAgent and Web Interface.
0
Comment
Question by:compdigit44
16 Comments
 
LVL 37

Expert Comment

by:Carl Webster
ID: 36924582
TS/RDS/XA GPOs should use the Loopback functionality to ensure a consistent application to all users on all servers.

Policies are applied in this order:

Microsoft local policies
Citrix IMA local policies
Site GPOs
Domain GPOs
OU GPOs

Precedence is in reverse order:

OU GPOs have precedence over Domain GPOs which have precedence over Site GPOs which have precedence over Citrix IMA policies which have precedence over Microsoft local policies.
0
 
LVL 20

Author Comment

by:compdigit44
ID: 36924646
IN a nutshell if I use loopback processing and my servers and users are inseperate OU I can have user specific settings take effect on a user that is not part of the same OU as the servers?

Very Confusing
0
 
LVL 37

Accepted Solution

by:
Carl Webster earned 2000 total points
ID: 36924677
0
Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

 
LVL 57

Expert Comment

by:Mike Kline
ID: 36924681
Loopback can definitely be confusing, see this writeup Darren (GP MVP) did on loopback

http://www.sdmsoftware.com/general-stuff/please-explain-loopback-processing/

If you want to go under the weeds my friends at CB5 did a really good in-depth series on loopback

http://www.grouppolicy.biz/tag/loopback/

Thanks

Mike
0
 
LVL 20

Author Comment

by:compdigit44
ID: 36924705
I have such unique keybord mappings that I may end up. pushing out a custom appsrv.ini file.
0
 
LVL 20

Author Comment

by:compdigit44
ID: 36924736
What is the best way to push out custom setting in the appsrv.ini to workstation that are both 32 & 64 bit :-(
0
 
LVL 37

Expert Comment

by:Carl Webster
ID: 36924786
Where are you placing the custom appsrv.ini?
0
 
LVL 20

Author Comment

by:compdigit44
ID: 36924799
Well the default directory for the appsrv.ini is C:\Program Files\Citrix\ICA Client or C:\Program Files(x86)\Citrix\ICA Client
0
 
LVL 37

Expert Comment

by:Carl Webster
ID: 36924805
On my Windows 7 x64 system, my appsrv.ini is in:

C:\Users\cwebster\AppData\Roaming\ICAClient

You could use the UserProfile environment variable.

0
 
LVL 37

Expert Comment

by:Carl Webster
ID: 36924832
There are these two env variables:

ProgramFiles=C:\Program Files
ProgramFiles(x86)=C:\Program Files (x86)

I would think on a 32-bit computer, the ProgramFiles(x86)=C:\Program Files (x86) should not exist.

Use a logon script to copy the appsrv.ini file to the right place.
0
 
LVL 3

Expert Comment

by:mwadmin
ID: 36925436
When configuring the GPO are you configring it under user settings or computer settings?
0
 
LVL 20

Author Comment

by:compdigit44
ID: 36925503
How do I know which APPSV.ini location to edit?
0
 
LVL 20

Author Comment

by:compdigit44
ID: 36925507
How do I update my 5.4 web interface to have the hotkey settings as well
0
 
LVL 37

Expert Comment

by:Carl Webster
ID: 36925675
If ProgramFiles(x86) env var exists, you are on a 64-bit system.
0
 
LVL 20

Author Comment

by:compdigit44
ID: 36925814
I have both 32 and 64 workstation in my enviroment
0
 
LVL 37

Expert Comment

by:Carl Webster
ID: 36926355
Check for the existance of appsrv.ini in both locations and replace the one that exists with your updated copy.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question