AD Group Policy vs Citrix Policies

Does anyone have input on using windows group policy vs Citrix policies.  I am specifically looking for information on which one is better for performance in XenApp 6.5.  Will using one over the other affect performance (ex:logins) ?  I did some research on my own and did not finding anything on it.  I was thinking that performance would be the same whichever one you use but wanted to reach out to the experts to get some input.  Please let me know what you think.
WestCoastboundAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

AmitIT ArchitectCommented:
My citrix admin regularly asked me to create GPO for Citrix requirement. So, If you ask me from my experience. GPO is the answer. However, you can explore Citrix policy as well, as it is from same vendor.
0
WestCoastboundAuthor Commented:
hi Amit,

thanks for your response, but I am just wondering if one strategy is better for performance.  For example, will logons be faster if you just use Citrix Policies or does is not make a difference which one you choose.
0
AmitIT ArchitectCommented:
I haven't explored citrix policy, so cannot comment on the performance part. However, you can setup one test lab and test it. I hardly think you will get the performance issue.
0
Casey HermanCitrix EngineerCommented:
To be completely honest.. I had all my policies in Citrix GPO at one point. Once you do this things will start to come to a screeching halt. Mainly printers assigned via citrix policy were the problem.

We have 120 different printer polices for all our remote sites.  Plus the config polices for the servers themselves.

At first it was ok as we added more and more polices we started to have policy related issues.  

So I highly recommend if you are using a lot of polices to do 90% of them within windows GPO.  

You can use the Citrix ADM plugins to get to the citrix polices (IE assign printers).  

USB drive polices and drive map through polices you can do in appcenter.

Drive mappings and such I would still use windows GPO..


Just my 2 cents

-Casey
0
Carl WebsterCommented:
This will be the typical "consultant" answer: It Depends.

In some places, the Citrix Admins will not have access to AD so they cannot use AD based policies.  Also, there are places that forbid the use of GPOs because of the change management overhead.

IMA based policies will usually be under the control of the Citrix admins and usually have no change control mgmt. (unfortunately).

I did some work for a place where they had over 1000 GPOs JUST for assigning printers!!!

As far as login times, MANY MANY things can affect login times.  I have seen badly written computer startup scripts, user login scripts, printer policies, GPOs with many hundreds of settings, improperly created mandatory profiles, bad folder redirection policies - you name it I have seen it.  They all can negatively impact login times.

YOU are the only one who can fix this.  YOU have to understand what is involved when a user logs in.

AD based policies will be under the replication control of AD and FRS or DFS-R and will have multiple retrieval sources (i.e. the policies exist on more than one domain controller in SYSVOL).

IMA Based policies are cached in the Local Host Cache file on every XenApp Server.  If the data store becomes unavailable, users will still get the IMA based policies.

Have you seen these from Citrix:

http://support.citrix.com/servlet/KbServlet/download/29413-102-705928/XA%20-%20Windows%202008%20R2%20Optimization%20Guide.pdf.pdf

http://support.citrix.com/servlet/KbServlet/download/31435-102-696944/Planning%20Guide%20-%20Citrix%20XenApp%20and%20XenDesktop%20Policies.pdf

Also, if you use any of the settings on the Remote Desktop Services Profile tab in Active Directory Users & Computers, you disable logon optimization and will revert back to legacy logon handling.

Like I said, there are LOTS of things that impact a user's logon experience besides whether to use AD or IMA based policy.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Citrix

From novice to tech pro — start learning today.