Avatar of smoker49
smoker49
 asked on

Loopback GPO for Citrix is not working

Hello,

I am trying to apply my first "loopback" policy on my Citrix server. The policy I want to implement is to hide the Citrx server's local drives (C&D)

I have read several articles on how to do this, and followed them step-by-step but can not get it to work. Here is what I have done:

1. I created a new OU and moved a Citrix server in there. (I have other Citrix servers but for now I only want the local drives on this one hidden.)

2. In this OU, I created a GPO called "Loopback." User configuration has been disabled and "User group policy loopback processing mode" has been enabled and set to "merge."

3. Next, I created another GPO called "Hide Local Drives" and it is linked to the same OU the Citrix server is in.

4. Computer configuration settings have been disabled for this GPO and the setting to hide drives A though D has been selected.

5. In the security tab of the “Hide Local Drives” GPO I unchecked “Read” and “Apply Group Policy” for Authenticated Users I added two test user accounts and checked  the “Read” and “Apply Group Policy.” (Note, these test user accounts are in another OU and used just for testing.)

6. On the Citrix server, I ran  “gpupdate /force” and even restarted the server and still cannot get the loopback policy to work. If I link the GPO directly to the OU where my test user accounts, the GPO works but then it hides even the local drives to workstations (defeating the purpose of the loopback.)

Any suggestions as to what I may be missing?

A little bit about what I'm working with:
Citrix XenApp 6.0 running on Windows Server 2008 64-bit
CitrixActive DirectoryIT Administration

Avatar of undefined
Last Comment
smoker49

8/22/2022 - Mon
Amit

can you create test user in same OU and check again.
Dirk Kotte

your config looks good for me.

use gpresult.msc or the group policy result wizzard to check if the gpo and the settings would be applied to the user.
try to disable the user or machine part of the gpo's later, some times there are a mistake.
smoker49

ASKER
In response to amitkulshrestha, if I move my test user ID into the OU where my Citrix server is, yes, the policy is applied.
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
Amit

smoker49

ASKER
I ran the the Group Policy Results wizard set to my Citrix server and my test user ID.
The Loopback policy gets applied and looks ok.

The "hide local drive" policy is what is not working. The report under "user configuration summary lists it under the section of "Denied GPO's showing the Unique ID instead of the name of the GPO and says it's "Inaccessible."
I checked once again, and made sure my test user ID has read and apply group policy security settings.

Any idea why the GPO is "inaccessible?"
ASKER CERTIFIED SOLUTION
smoker49

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
Amit

Great you found the issue.
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
smoker49

ASKER
The configuration of the loopback policy may differ from what other users do.