Controlling application and desktop access

There are multiple ways available to hide or show applications and desktops from users based on their username, group membership, connection method, etc.

Below are a list of some of the common methods you can use to control resource access.

Users and Groups

To assign a resource based on the user or group membership, edit your Delivery Group and under the Users section add a user group or username(s).

1-min

Connection Type

Again when editing a Delivery Group under the Access Policy section you can allow connections that do not come through NetScaler Gateway, do come through NetScaler Gateway or both.

2-min

Limit Visibility

To limit the visibility of an application to some users, locate the desired application and right-click, Properties.

4-min

Click Limit Visibility -> Limit Visibility for this application to the users listed below.

5-min

Per store via description

You can hide or show applications and desktops completely from stores based on the description of the resource. This cannot be done from the GUI so instead use PowerShell.

Log on to your primary StoreFront server and browse to C:\Program Files\Citrix\Receiver StoreFront\Scripts and copy the ImportModules.ps1 file.

6-min

Now browse to C:\Windows\System32\WindowsPowerShell\v1.0\Modules\ and create a new folder called ImportModules. Now copy the ImportModules.ps1 file to this folder.

7-min

Launch PowerShell as an administrator.

8-min

Run command Import-Module ImportModules.ps1.

9-min

Now in my scenario I have two stores, XenApp and CitrixPro.

10-min

Before continuing we need to find out the IIS Site ID for the web site hosting our Citrix store virtual directories. The Site ID in most cases will be 1. Launch IIS and then highlight the site which stores the Citrix virtual directories (in most cases Default Web Site).

11-min

Right-click the site, Manage Website -> Advanced Settings…

12-min

Next take note of the ID number and then close IIS.

13-min

I want to show only desktop resources in store CitrixPro and applications in store XenApp. The filtering of resource is done based on the description an application or desktop has been given. To make things easy, I am assigning a description of App to my applications only, and not giving any description to the desktops, however I could do if I wanted to get more granular with extra stores.

Using Citrix Studio, open the properties of an application and under Identification enter KEYWORDS: App then click OK.

14-min

Return to PowerShell and run command Set-DSResourceFilterKeyword -SiteID 1 -VirtualPath “/Citrix/CitrixPro” -ExcludeKeywords @(“App”)

15-min

Now run command Set-DSResourceFilterKeyword -SiteID 1 -VirtualPath “/Citrix/XenApp” -ExcludeKeywords @(“App”)

16-min

Browse to the CitrixPro Receiver for Web site and only the desktop resource appears.

17-min

Over on the XenApp Receiver for Web site the applications only appear.18-min

Per application or desktop

You can set Citrix stores to only show applications or desktops.

Launch PowerShell on your StoreFront server and import the required modules using the same method found above.

Run command Set-DSResourceFilterType -SiteID 1 -VirtualPath “/Citrix/XenApp” -IncludeTypes @(“Applications”)

Next run command Set-DSResourceFilterType -SiteID 1 -VirtualPath “/Citrix/CitrixPro” -IncludeTypes @(“Desktops”)

19-min

Now depending on which store you visit, you will either see Desktops or Applications.

20-min

Based on NetScaler Gateway connection

You can limit Delivery Groups to certain NetScaler Gateway addresses. To do this firstly edit the Delivery Group and browse to the Access Policy section.

Click Add.

Specify the URL for your NetScaler Gateway and click OK.

21-min

Uncheck All connections not through NetScaler Gateway if you wish. Click OK.

22-min

Now when using a different NetScaler Gateway URL the resources will not appear.

23-min

 


Leave a Reply