Citrix Appliance Lock (Need pass-through authentication)

We are currently using Windows Fundamentals for Legacy PC's with Citrix appliance lock installed.

Right now a user can log into the machine and get directly connected to the citrix receiver client.  The problem is though they have to log in twice.  Once at the windows log on and once at the citrix logon.  

How do we enable "pass-through authentication" for who ever logs into that pc?

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Dirk KotteSECommented:
- the Windows Fundamental Devices must be member of the domain.
    (if not you can configure auto-logon)
- the receiver(enterprise)  has to be installed with SSO Feature.
- you must configure pass throught authentication at the WebInterface Service site
peoplesbnkAuthor Commented:
Yes, but we are not using the web interface.  We are using the actual citrix receiver program.  Does that still matter?
Amit KhilnaneyCommented:
I am assuming the citrix reciever and windows login is using the same credentials and login on to same domain.


Try configuring this option..
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

Dirk KotteSECommented:
the receiver calls his informations and settings from the (not visible) WebInterface SERVICE site.
there are the config.xml file and many other things.
peoplesbnkAuthor Commented:
Well you see, when we log in as a user the citrix application auto starts in full screen mode with the logon box.

We are having a hard time getting to that setting, we cant access any programs outside the VM.
Dirk KotteSECommented:
look to the post from AmitKhilnaney.
if you configute pass-through authentication as the only one, it is also the single option within the PNA-Config.
if the field dont display "pass-through authentication" (only explicit or the field are empty) the SSO option are not installed with the client.
Dirk KotteSECommented:
you can configure "auto logon" at the windows-host with "guest"-like credentials.
then the citrix logon are the only one the user can see.
peoplesbnkAuthor Commented:
@dkotte  The only problem is for citrix appliance lock I think you can only use a domain account for it to work.  For example, when I log into the machine as the local admin I do not get the citrix screen and its just the normal desktop.

I did configure pass-through authentication while I was logged into the local admin account on the computer but I cannot configure pass-through authentication on any domain account that I log into because all programs are locked down and I cannot access the citrix receiver client.  

Is there a command that I can use to get out of the kiosk mode so that I may configure pass through?  Or better yet is there a way to enable pass-through authentication for every domain user that logs into the computer?
Dirk KotteSECommented:
if you are able to select pass-through authentication at the client for some user the installed components support this. good.
now you can change the settings within the WI-service-site  configuration to allow "pass-through authentication" only.
This will change the settings to "pass-through authentication" for all connecting users at the clients supporting this.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
peoplesbnkAuthor Commented:

We cannot have pass through only because there are times that some users are on laptops that log into the web interface and they log onto a generic account but will still need access to their VM through the web interface
Dirk KotteSECommented:
the webinterface for the browser are different from the webinterface-service-site.
look to the webinterface config gui.
Dirk KotteSECommented:
... also the pn-agent ask the costomer for the credentials if pass through fails.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.