Solved

Citrix policies priorities

Posted on 2015-01-15
5
490 Views
Last Modified: 2015-01-21
I have done some readings about Citrix policies, but I believe from one version to another there is difference.

-- Regarding Citrix policies , it is been always the lower priority wins , example policy 0 overrides policy 1, policy 1 overrides policy 2
and it is still the same for newer versions of Citrix. Correct ?

-- Regarding citrix policies applied through Active Directory GPMC. It used to be an import of a citrix .adm template to AD templates. in recent versions of Citrix, I believe Citrix will install GPMC during Xenapp install. So, does that mean there is no need to import .adm template to Active Directory.

-- Now if I import the citrix .adm template to Active Directory(GPMC) and configure policy settings there OR I configure a policy in GPMC that is included with CItrix Xenapp install OR I configure a policy using policy console that is in Xenapp Appcenter  console... which of the policy settings will override the other ?

Thank you

--
0
Comment
Question by:jskfan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 37

Assisted Solution

by:Carl Webster
Carl Webster earned 334 total points
ID: 40551054
http://support.citrix.com/proddocs/topic/xenapp-xendesktop-76/xad-policies-article.html
http://support.citrix.com/proddocs/topic/xenapp-xendesktop-76/xad-policies-intro.html
http://support.citrix.com/proddocs/topic/xenapp-xendesktop-76/xad-policies-prioritize-model.html

"Policy processing order and precedence

Group policy settings are processed in the following order:
1.Local GPO
2.XenApp or XenDesktop Site GPO (stored in the Site database)
3.Site-level GPOs
4.Domain-level GPOs
5.Organizational Units

However, if a conflict occurs, policy settings that are processed last can overwrite those that are processed earlier. This means that policy settings take precedence in the following order:
1.Organizational Units
2.Domain-level GPOs
3.Site-level GPOs
4.XenApp or XenDesktop Site GPO (stored in the Site database)
5.Local GPO
"

"You prioritize policies by giving them different priority numbers in Studio. By default, new policies are given the lowest priority. If policy settings conflict, a policy with a higher priority (a priority number of 1 is the highest) overrides a policy with a lower priority. Settings are merged according to priority and the setting's condition; for example, whether the setting is disabled or enabled. Any disabled setting overrides a lower-ranked setting that is enabled. Policy settings that are not configured are ignored and do not override the settings of lower-ranked settings. "

The only ADM template I know of that was imported was the ICAClient.adm file.

If you wanted to manage Citrix policies within AD (Citrix preference) you had to install the Citrix Group Policy Management module onto a computer, server or Domain Controller.
0
 

Author Comment

by:jskfan
ID: 40551177
so in newer version, the highest priority policy wins ?
install the Citrix Group Policy Management module
where do you get that from ?
Which policy wins the one applied through GPMC or the one applied straight from Appcenter ?
0
 
LVL 37

Accepted Solution

by:
Carl Webster earned 334 total points
ID: 40551193
That is explained in the previous post.  Anything done thru GPMC is an AD policy so it would be a Site, Domain or OU policy based on what level in AD you linked it.

Local GPO is applied first
XD or XA farm/site policy is applied next
AD policies are applied next

XA or XD policies override local policies
Site level AD policies override XA or XD policies
Domain level AD policies override Site policies
OU policies override Domain policies (except for some password settings & depending on DFL and FFL)

The Citrix GP mgmt module is on the install media.

x64\Citrix Policy\CitrixGroupPolicyManagement_x64.msi or
x86\Citrix Policy\CitrixGroupPolicyManagement_x86.msi
0
 
LVL 3

Assisted Solution

by:Barry Molenwijk
Barry Molenwijk earned 166 total points
ID: 40551308
Within the Citrix policies themselves, as far as I know, lowest priority still wins. It is however true that a setting configured in a Citrix policy will be overruled by a Domain GPO if a conflict occurs.
0
 

Author Closing Comment

by:jskfan
ID: 40563424
Thanks
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question