Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Creating a Group Policy for Citrix Servers problem 1

Status
Not open for further replies.
blfrd76

blfrd76

Programmer
Jul 17, 2003
34
0
0
US
I've got two Citrix servers running Win2K.

ON the domain controller (also Win2K):
-Opened AD
- Created an OU called "Terminal Servers"
- Moved the two Citrix servers from "Computers" folder
into the "Terminal Servers" OU
- Clicked "Properties" on the "TS" OU
- Created a GPO called "Citrix Servers"
- Edited the GPO to disable viewiing of the C,D drives
Closed AD
- Made sure the Security tab was checked to "Apply Policy" for Authenticated users

- On the DC, ran secedit /refreshpolicy machine_policy /enforce

- Logged on to Citrix Program Neighborhood as a non-Admin user

The policy is not working. People can open published apps and still navigate to the C and D Drives on the Citrix server.

What am I forgetting?

 
Sort by date Sort by votes
How about make a loopback policy and apply those GP's to a new group called "citrix policy" then add your persons to that group. You don't want to accidentely take out admins priveledge to see the local drives since you set it to authenticated users..admin is part of those
 
Upvote 0 Downvote
Solved!!
Here's the soloution:

- Create an OU called Terminal Services
- Move the Citrix servers from Computers to the Terminal
Services OU.
- Right click the TS OU and choose properties
- Go to the Group policy tab and make sure the Citrix GPO
is chosen. Then choose edit.

- Go to Computer Config > Admin Templates > System >
Group Policy and enable Loopback Processing. I chose "replace" option.
- Set whatever policies you want to. For me, I chose to hide C and Drives from Citrix users. Close the GP editor.

- On the Group policy tab that lists the new Citrix GPO:
- click Properties
- Under Security,
ADD Authenticated Users and check Apply Policy
ADD the two Citrix servers and check APPLy policy
- To filter this policy from admins
- choose the Domain Admins Group
- Check DENY on the Apply policy security setting.
-Click OK until you're back at AD, then close AD

Open a command line prompt,type this and press enter:

secedit /refreshpolicy machine_policy /enforce

Then type this and press enter:

secedit /refreshpolicy user_policy /enforce

I did the command line stuff on the server I was working on and the Citrix servers too.

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

mattmontalto
  • Locked
  • Question
MS Threat Management Gateway Alternative
Replies
0
Views
59
mattmontalto
mattmontalto
damienenglish
  • Locked
  • Question
Citrix Replication Fault Detection
Replies
0
Views
54
damienenglish
damienenglish
DreemaGurl
  • Locked
  • Question
Can't log on to Citrix through emote access portal
Replies
1
Views
120
ntinlin
ntinlin
dpsmith
  • Locked
  • Question
Citrix Policy disappears?
Replies
0
Views
46
dpsmith
dpsmith
wavestar69
  • Locked
  • Question
Trouble starting WinFrame 1.7 after replacing server
Replies
0
Views
54
wavestar69
wavestar69

Part and Inventory Search

Sponsor

Back
Top