How to grant RDP access to a XA65 host for a non administrator account & granting them access to the App Center.

We have just been taken over by another company. On our side, we are running XenApp 6.5 published desktops. There is a domain trust setup between the 2 domains. I want to allow access to RDP into the Data Collectors & access the AppCenter on our side, to the IT team in the new company (which is on a different domain to the XenApp Servers).
So lets the domain with the XenApp Servers "Domain A" & the domain for the company that has just taken over, "Domain B".

Currently the only way a user account on Domain B can RDP into the XenApp hosts, & also to access the App Center is to make them a domain admin for Domain A.
The problem is that we don't want certain accounts from Domain B to be domain admins for Domain A.

Is it possible to achieve this without making the users domain admins?
HowzattAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Tony JohncockLead Technical ArchitectCommented:
I always set up at least two groups - one will be a CTX_Users and another CTX_Admins. A third might be CTX_RestrictedAdmins.

The user group get all of the group policy lockdowns.

The restricted group may get some level of admin access such as in the Citrix Management Console(s).

Only the members of the Admins group get administrative access to the servers and consoles.

Domain Admins et al never get put into this group - it only ever has users specifically added.

This allows for much more granular control and prevents someone doing something stupid or malicious just by virtue of being a Domain Admin, for example.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Brian CTXSupportCitrix ConsultantCommented:
You could make them local admins on the specific Citrix Servers in question without giving them domain admin as well, and you can use the Add Administrator option in the Citrix Console to grant access there to any user or group, and give specific permissions if you so desire.  Ultimately they will likely get whatever access they want if their company bought yours.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Citrix

From novice to tech pro — start learning today.