Solved

Citrix policies priorities

Posted on 2015-01-15
5
466 Views
Last Modified: 2015-01-21
I have done some readings about Citrix policies, but I believe from one version to another there is difference.

-- Regarding Citrix policies , it is been always the lower priority wins , example policy 0 overrides policy 1, policy 1 overrides policy 2
and it is still the same for newer versions of Citrix. Correct ?

-- Regarding citrix policies applied through Active Directory GPMC. It used to be an import of a citrix .adm template to AD templates. in recent versions of Citrix, I believe Citrix will install GPMC during Xenapp install. So, does that mean there is no need to import .adm template to Active Directory.

-- Now if I import the citrix .adm template to Active Directory(GPMC) and configure policy settings there OR I configure a policy in GPMC that is included with CItrix Xenapp install OR I configure a policy using policy console that is in Xenapp Appcenter  console... which of the policy settings will override the other ?

Thank you

--
0
Comment
Question by:jskfan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 36

Assisted Solution

by:Carl Webster
Carl Webster earned 334 total points
ID: 40551054
http://support.citrix.com/proddocs/topic/xenapp-xendesktop-76/xad-policies-article.html
http://support.citrix.com/proddocs/topic/xenapp-xendesktop-76/xad-policies-intro.html
http://support.citrix.com/proddocs/topic/xenapp-xendesktop-76/xad-policies-prioritize-model.html

"Policy processing order and precedence

Group policy settings are processed in the following order:
1.Local GPO
2.XenApp or XenDesktop Site GPO (stored in the Site database)
3.Site-level GPOs
4.Domain-level GPOs
5.Organizational Units

However, if a conflict occurs, policy settings that are processed last can overwrite those that are processed earlier. This means that policy settings take precedence in the following order:
1.Organizational Units
2.Domain-level GPOs
3.Site-level GPOs
4.XenApp or XenDesktop Site GPO (stored in the Site database)
5.Local GPO
"

"You prioritize policies by giving them different priority numbers in Studio. By default, new policies are given the lowest priority. If policy settings conflict, a policy with a higher priority (a priority number of 1 is the highest) overrides a policy with a lower priority. Settings are merged according to priority and the setting's condition; for example, whether the setting is disabled or enabled. Any disabled setting overrides a lower-ranked setting that is enabled. Policy settings that are not configured are ignored and do not override the settings of lower-ranked settings. "

The only ADM template I know of that was imported was the ICAClient.adm file.

If you wanted to manage Citrix policies within AD (Citrix preference) you had to install the Citrix Group Policy Management module onto a computer, server or Domain Controller.
0
 

Author Comment

by:jskfan
ID: 40551177
so in newer version, the highest priority policy wins ?
install the Citrix Group Policy Management module
where do you get that from ?
Which policy wins the one applied through GPMC or the one applied straight from Appcenter ?
0
 
LVL 36

Accepted Solution

by:
Carl Webster earned 334 total points
ID: 40551193
That is explained in the previous post.  Anything done thru GPMC is an AD policy so it would be a Site, Domain or OU policy based on what level in AD you linked it.

Local GPO is applied first
XD or XA farm/site policy is applied next
AD policies are applied next

XA or XD policies override local policies
Site level AD policies override XA or XD policies
Domain level AD policies override Site policies
OU policies override Domain policies (except for some password settings & depending on DFL and FFL)

The Citrix GP mgmt module is on the install media.

x64\Citrix Policy\CitrixGroupPolicyManagement_x64.msi or
x86\Citrix Policy\CitrixGroupPolicyManagement_x86.msi
0
 
LVL 3

Assisted Solution

by:Barry Molenwijk
Barry Molenwijk earned 166 total points
ID: 40551308
Within the Citrix policies themselves, as far as I know, lowest priority still wins. It is however true that a setting configured in a Citrix policy will be overruled by a Domain GPO if a conflict occurs.
0
 

Author Closing Comment

by:jskfan
ID: 40563424
Thanks
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question