MOQINFRA
asked on
Citrix Groups
Now that we want to publish Applications to Users: lets Say an application like SCCM console
In our Organization we have 2 accounts for administrators
one is the normal account and iother is the account they use for admin work on Servers
The SCCM console has full access for the Admin users but only Limited access to the Normal user account they have.
What is the best way to publish this kind of application
1:Either grant their normal account Admin Privleges
2.Or Publish applications for thie admin accounts
Since we have PassThrough enabled They get logged into Citrix Using the Normal account and will never be able to perform administrative work with applications published to this account
Can they see the apps for both accounts on the same interface if we publish the app to both user and admin groups
Is there somewhay to manage access to published applications in case your organization have 2 accounts for administrators
In our Organization we have 2 accounts for administrators
one is the normal account and iother is the account they use for admin work on Servers
The SCCM console has full access for the Admin users but only Limited access to the Normal user account they have.
What is the best way to publish this kind of application
1:Either grant their normal account Admin Privleges
2.Or Publish applications for thie admin accounts
Since we have PassThrough enabled They get logged into Citrix Using the Normal account and will never be able to perform administrative work with applications published to this account
Can they see the apps for both accounts on the same interface if we publish the app to both user and admin groups
Is there somewhay to manage access to published applications in case your organization have 2 accounts for administrators
ASKER
I never though about of this issue. Now i have another problem . I am an admin and i feel helpless because i cant open the SCCM or any other infrastructure console with correct permissions to make chages...
Stuck Again
Stuck Again
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I figured that out , however just because we have 10 Admins we didnt want our 1000 users to Go through that.
You have 1000 users, out of which 10 are admins. Each of your users have one account except for the 10 admins who have 2 accounts. The latter will then amount to 20 accounts.
What I described in my previous comment will only be applicable to your 10 admins. The rest of the users will only have one account where they will go through passthrough to their applications and no need for anything else.
What I described in my previous comment will only be applicable to your 10 admins. The rest of the users will only have one account where they will go through passthrough to their applications and no need for anything else.
ASKER
But if i enabled Explict and Passthrough both on the web Interface . then users will have to click Ok on the pass through or change to Explict at that same page
I though i would not want that to happen , instead user opens the page and sees the apps ..
I though i would not want that to happen , instead user opens the page and sees the apps ..
When you enable both with Passthrough being the default, the users will not need to click OK and they will be taken directly to the icons.
It is only when you disconnect and attempt to re-login you will be prompted for Passthrough or Explicit.
It is only when you disconnect and attempt to re-login you will be prompted for Passthrough or Explicit.
In your case, I am not sure whether it is possible to have a Micrososft's product like SCCM not integrated with AD and if possible it wouldn't be best practices any way because you will miss all the features and benefits like security that AD will provide.
With your current configuration it will not be possible to see the other account's published app on the same interface. That is a normal account will no be able to see the admin account's published app. However, you need to check the possibility of creating profiles within SCCM as in Microsoft Outlook where you can create different profiles for different accounts that you can access from one AD account. In this scenario, as you launch the app it will prompt you which profile you want to start.