It's inevitable. People leave organizations creating a gap in your service. That's where Percona comes in.
See how Pepper.com relies on Percona to:
-Manage their database
-Guarantee data safety and protection
-Provide database expertise that is available for any situation
Course Of The Month
6 days, 22 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
Loopback GPO for Citrix is not working
Posted on 2012-12-27
Hello,
I am trying to apply my first "loopback" policy on my Citrix server. The policy I want to implement is to hide the Citrx server's local drives (C&D)
I have read several articles on how to do this, and followed them step-by-step but can not get it to work. Here is what I have done:
1. I created a new OU and moved a Citrix server in there. (I have other Citrix servers but for now I only want the local drives on this one hidden.)
2. In this OU, I created a GPO called "Loopback." User configuration has been disabled and "User group policy loopback processing mode" has been enabled and set to "merge."
3. Next, I created another GPO called "Hide Local Drives" and it is linked to the same OU the Citrix server is in.
4. Computer configuration settings have been disabled for this GPO and the setting to hide drives A though D has been selected.
5. In the security tab of the “Hide Local Drives” GPO I unchecked “Read” and “Apply Group Policy” for Authenticated Users I added two test user accounts and checked the “Read” and “Apply Group Policy.” (Note, these test user accounts are in another OU and used just for testing.)
6. On the Citrix server, I ran “gpupdate /force” and even restarted the server and still cannot get the loopback policy to work. If I link the GPO directly to the OU where my test user accounts, the GPO works but then it hides even the local drives to workstations (defeating the purpose of the loopback.)
Any suggestions as to what I may be missing?
A little bit about what I'm working with:
Citrix XenApp 6.0 running on Windows Server 2008 64-bit
I am trying to apply my first "loopback" policy on my Citrix server. The policy I want to implement is to hide the Citrx server's local drives (C&D)
I have read several articles on how to do this, and followed them step-by-step but can not get it to work. Here is what I have done:
1. I created a new OU and moved a Citrix server in there. (I have other Citrix servers but for now I only want the local drives on this one hidden.)
2. In this OU, I created a GPO called "Loopback." User configuration has been disabled and "User group policy loopback processing mode" has been enabled and set to "merge."
3. Next, I created another GPO called "Hide Local Drives" and it is linked to the same OU the Citrix server is in.
4. Computer configuration settings have been disabled for this GPO and the setting to hide drives A though D has been selected.
5. In the security tab of the “Hide Local Drives” GPO I unchecked “Read” and “Apply Group Policy” for Authenticated Users I added two test user accounts and checked the “Read” and “Apply Group Policy.” (Note, these test user accounts are in another OU and used just for testing.)
6. On the Citrix server, I ran “gpupdate /force” and even restarted the server and still cannot get the loopback policy to work. If I link the GPO directly to the OU where my test user accounts, the GPO works but then it hides even the local drives to workstations (defeating the purpose of the loopback.)
Any suggestions as to what I may be missing?
A little bit about what I'm working with:
Citrix XenApp 6.0 running on Windows Server 2008 64-bit
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
-
4
3
8 Comments
Active 1 day ago
your config looks good for me.
use gpresult.msc or the group policy result wizzard to check if the gpo and the settings would be applied to the user.
try to disable the user or machine part of the gpo's later, some times there are a mistake.
use gpresult.msc or the group policy result wizzard to check if the gpo and the settings would be applied to the user.
try to disable the user or machine part of the gpo's later, some times there are a mistake.
In response to amitkulshrestha, if I move my test user ID into the OU where my Citrix server is, yes, the policy is applied.
Active today
Just read this KB
http://support.microsoft.com/kb/231287
http://support.microsoft.com/kb/231287
I ran the the Group Policy Results wizard set to my Citrix server and my test user ID.
The Loopback policy gets applied and looks ok.
The "hide local drive" policy is what is not working. The report under "user configuration summary lists it under the section of "Denied GPO's showing the Unique ID instead of the name of the GPO and says it's "Inaccessible."
I checked once again, and made sure my test user ID has read and apply group policy security settings.
Any idea why the GPO is "inaccessible?"
The Loopback policy gets applied and looks ok.
The "hide local drive" policy is what is not working. The report under "user configuration summary lists it under the section of "Denied GPO's showing the Unique ID instead of the name of the GPO and says it's "Inaccessible."
I checked once again, and made sure my test user ID has read and apply group policy security settings.
Any idea why the GPO is "inaccessible?"
I figured out what the problem was. Contrary to a set of instructions I was following to uncheck "read" and "apply group" policy for Authenticated Users for the GPO and give it to the security group instead is not working. I gave Authenticated Users the "read" permission and my loopback policy now seems to be working fine.
Featured Post
Major incidents can send mastered service desk processes into disorder. Systems and tools produce the data needed to resolve these incidents, but your challenge is getting that information to the right people fast. Check out the Survival Guide and begin bringing order to chaos.
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
Popular third-party chat platforms like Slack, Discord, and Telegram are just a few of the many new productivity applications that are being hijacked by cybercriminals to create command-and-control (C&C) communications infrastructures for their malw…
We take a look at some of the most common obstacles that IT teams run into as they work relentlessly to keep all the alarms and sirens from going off at once.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Suggested Courses
Course of the Month6 days, 22 hours left to enroll
724 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.