Restrict access to file shares in Citrix for remote users


We have installed Netscaler Access Gateway 10.5 to provide remote access to our Citrix XenApp 6.5 infrastructure with Web Interface 5.4. Users authenticate via LDAP in AD 2008R2 and RSA second factor.

All works as needed but remote users have same access to all file shares same way as they would work in the office. This create potential  security risk as they do not need access to all files when working from home.

Is there a way to restrict access to certain file shares or folders when users logged in remotely via Netscaler? Are there any policies in Citrix or AD which would help us?
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Ess KayEntrapenuerCommented:
Why not restrict it by external IP addresses. If the ip is external, give the separate permissions
glenmosAuthor Commented:
Unfortunately this solution doesn't work,

I've contacted Citrix support and they have confirmed that this is no way to limit access to file shares.

The only solution is to create separate accounts in AD and assign them separate access rights to folders.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Dirk KotteSECommented:
at one customer we build a separate DMZ, place some xenApp servers there and disable fileserver access at the firewall.
glenmosAuthor Commented:
According to Citrix support the only way to have different access rights to folders for remote users, is to create separate AD accounts for remote access.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.