Shando1971
asked on
Proxy setting for citrix users
I have a main site with group policy that has proxy setting enabled, and there is a remote site with no proxy setting, the citrix server in the main site, sometimes users from the remote site travel and use citrix, but they are unable to use the internet because no proxy setting is configured in their group policy, is there a way that I can enable proxy setting for them only when they connect through citrix?
We have windows 2003 domain environment.
We have windows 2003 domain environment.
Create a gpo that has just the proxy setting, attach it to the citrix server ou, remove authenticated users and the group the proxy users are in.
proxy? i was setting citrix Access Essential so its can be used through web browser without needing proxy , just set altaddr command
altaddr /set xx.yy.zz.ww
(the static IP ) , and on router set port forwarding to these ports :
8080
1494
334
27000
i don't know if its same idea or not
its settings issue
altaddr /set xx.yy.zz.ww
(the static IP ) , and on router set port forwarding to these ports :
8080
1494
334
27000
i don't know if its same idea or not
its settings issue
ASKER
CarlWebster,
can you please explain;
1- "attach it to the citrix server ou" you mean the OU that the citrix server computer account is under?
how do i attach it?
2- "remove authenticated users and the group the proxy users are in" for the main site?
and remove it from where?
can you please explain;
1- "attach it to the citrix server ou" you mean the OU that the citrix server computer account is under?
how do i attach it?
2- "remove authenticated users and the group the proxy users are in" for the main site?
and remove it from where?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Coralon,
I want all the users that login to the particular citrix server to use proxy, so I guess your per machine idea will be better to use.
the proxy setting policy we have is for the whole main site's users, so I don't want to disable it, can you please give me steps on how to keep it for the site and just do that one citrix server exception?
the intended citrix server is under an OU that includes other member servers and PCs, should I move it to an isolated OU, there is no GP applied to its OU.
Loop-back mode is disabled.
I want all the users that login to the particular citrix server to use proxy, so I guess your per machine idea will be better to use.
the proxy setting policy we have is for the whole main site's users, so I don't want to disable it, can you please give me steps on how to keep it for the site and just do that one citrix server exception?
the intended citrix server is under an OU that includes other member servers and PCs, should I move it to an isolated OU, there is no GP applied to its OU.
Loop-back mode is disabled.
You have a couple of options then, since you only want it to affect the 1 server.
1. Use Loopback processing - either merge or replace. I use replace generally, since that guarantees *exactly* what the user gets affected by. If you use Merge, then you have a combo of the machine policies, the user's native policies, and the user policies from the machine OU. (The Machine OU overrides the native user policies in the event of a conflict). To do this, you want it in an isolated OU (generally with inheritance blocked).
2. Set up a second policy for just that one server. Change the security filter from "authenticated users" to that particular server only. Set the GPO to set the proxy settings at the machine level, and then configure the proxy as an admin, or in the gpo itself. That will prevent it from affecting the other servers.
1. Use Loopback processing - either merge or replace. I use replace generally, since that guarantees *exactly* what the user gets affected by. If you use Merge, then you have a combo of the machine policies, the user's native policies, and the user policies from the machine OU. (The Machine OU overrides the native user policies in the event of a conflict). To do this, you want it in an isolated OU (generally with inheritance blocked).
2. Set up a second policy for just that one server. Change the security filter from "authenticated users" to that particular server only. Set the GPO to set the proxy settings at the machine level, and then configure the proxy as an admin, or in the gpo itself. That will prevent it from affecting the other servers.
ASKER
If I want to do option 2, I still have create a separate OU for the server, and apply the new gpo to it, correct?
ASKER
Please scratch my previous question, I see that you already put " That will prevent it from affecting the other servers ".
I'll apply the policy and let you know..thank you..
I'll apply the policy and let you know..thank you..
ASKER
It didn't work, here is what I did :
1- I added the proxy setting to the server using the domain admin account.
2- Created the new GPO to the OU that contains the citrix server.
3- Configured the new policy by going to [Machine\Administrative Templates\Windows Components\Internet Explorer\Make Proxy Settings per-Machine (rather than Per-User)] and enabled it.
4- Went to the property of the new policy, security tab, and removed authenticated users, and added the server (I noticed that it added $ to the end of server name), I also noticed that special permission is unchecked unlike the authenticated users before I remove it.
1- I added the proxy setting to the server using the domain admin account.
2- Created the new GPO to the OU that contains the citrix server.
3- Configured the new policy by going to [Machine\Administrative Templates\Windows Components\Internet Explorer\Make Proxy Settings per-Machine (rather than Per-User)] and enabled it.
4- Went to the property of the new policy, security tab, and removed authenticated users, and added the server (I noticed that it added $ to the end of server name), I also noticed that special permission is unchecked unlike the authenticated users before I remove it.
Looks like you got the order reversed :-) When you configure the policy *after* the browser, it is not going to pick up the settings. In theory, all you need to do is change the settings and then change them back. But, I haven't tried this method directly.
The settings need to be stored in HKLM for it to affect everyone, so the correct location is:
That should do the trick :-)
Coralon
The settings need to be stored in HKLM for it to affect everyone, so the correct location is:
hklm\software\microsoft\windows\currentversion\internet settings\proxy server
That should do the trick :-)
Coralon
ASKER
I was unable to find the proxy server part in the registry!
also would this do the proxy for any browser?
also would this do the proxy for any browser?
what citrix you use? is it xenapp?
ASKER
metaframe presentation server 3.
ASKER
I didn't need this article or changing the registry key.
I found the group policy working today, I guess it just needed some time to push the policy to the other domain controller.
I found the group policy working today, I guess it just needed some time to push the policy to the other domain controller.
ASKER
Thank you.