Link to home
Start Free TrialLog in
Avatar of MOQINFRA

asked on

Citrix Groups

Now that we want to publish Applications to Users: lets Say an application like SCCM console

In our Organization we have 2 accounts for administrators
one is the normal account and iother is the account they use for admin work on Servers

The SCCM console has full access for the Admin users but only Limited access to the Normal user account they have.

What is the best way to publish this kind of application

1:Either grant their normal account Admin Privleges
2.Or Publish applications for thie admin accounts

Since we have PassThrough enabled They get logged into Citrix Using the Normal account and will never be able to perform administrative work with applications published to this account

Can they see the apps for both accounts on the same interface  if we publish the app to both user and admin groups

Is there somewhay to manage access to published applications in case your organization have 2 accounts for administrators
Avatar of Ayman Bakr
Ayman Bakr
Flag of United Arab Emirates image

We are using another solution (not Microsoft's) called AMP from Numara. In this solution we could use AD integrated accounts or have AMP manage its own accounts in its database. The way we have configured it is to use its own accounts (thus profiles). This means, while passthrough is enabled in our environment once we launch AMP we have to put in the account we need before logging in; therefore allowing to choose which profile to start (normal or admin).

In your case, I am not sure whether it is possible to have a Micrososft's product like SCCM not integrated with AD and if possible it wouldn't be best practices any way because you will miss all the features and benefits like security that AD will provide.

With your current configuration it will not be possible to see the other account's published app on the same interface. That is a normal account will no be able to see the admin account's published app. However, you need to check the possibility of creating profiles within SCCM as in Microsoft Outlook where you can create different profiles for different accounts that you can access from one AD account. In this scenario, as you launch the app it will prompt you which profile you want to start.
Avatar of MOQINFRA


I never though about of this issue. Now i have another problem . I am an admin and i feel helpless because i cant open the SCCM or any other infrastructure  console with correct permissions to make chages...

Stuck Again
Avatar of Ayman Bakr
Ayman Bakr
Flag of United Arab Emirates image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
I figured that out , however just because we have 10 Admins we didnt want our 1000 users to Go through that.
You have 1000 users, out of which 10 are admins. Each of your users have one account except for the 10 admins who have 2 accounts. The latter will then amount to 20 accounts.

What I described in my previous comment will only be applicable to your 10 admins. The rest of the users will only have one account where they will go through passthrough to their applications and no need for anything else.
But if i enabled Explict and Passthrough both on the web Interface . then users will have to click Ok on the pass through or change to Explict at that same page

I though i would not want that to happen , instead user opens the page and sees the apps ..
When you enable both with Passthrough being the default, the users will not need to click OK and they will be taken directly to the icons.

It is only when you disconnect and attempt to re-login you will be prompted for Passthrough or Explicit.