I’ve been playing with XenApp 6.5 the last couple of weeks. I’ve been thinking a lot about Group Policy with regards to Citrix and XenApp servers. Really, there’s two pieces:
- Managing Applications and settings for users on XenApp servers … and…
- Managing the XenApp servers themselves.
This is just part I: Managing Applications and Settings for Users on XenApp Servers.
Managing Applications and Settings for Users on XenApp Servers Using Group Policy
One of the things that people ask me over and over again is… "On my Citrix XenApp servers, is there any way to manage my common applications’ settings using Group Policy?"
Here are the three normal ways you can do this:
Application Has an ADM/ ADMX template
Unless the application has a managed way to deal with it’s settings (ADM or ADMX template) you’ve got a problem. Office applications have ADM templates. Great. But name five other applications with ADM or ADMX templates.
In short: You can’t.
Managing XenApp Applications Using GP Preferences
In some circumstances, you could use Group Policy Preferences if you knew exactly what registry punch to punch (if available.)
Here’s a blog entry from Mr. XenApp Blog (Eric Haavarstein), on exactly how to do this. And, he shows how to use a tool from Fellow Group Policy MVP Mark Heitbrink which converts registry punches to GPPReferences Registry items. Awesome !
So, the blog entry is: http://www.xenappblog.com/2011/group-policy-management-import-registry-files/
And Mark’s tool is found here: http://reg2xml.com/
True Application Lock Down PLUS non-Registry based Applications
I like the tip from Eric and the tool from Mark. They’re great if that’s all you need to do.
But they DO have two major limitations. How to you still perform:
- Dynamic changes if you want to. Do you know what to tweak any specific entry if you needed to to make a simple change? Ouch. Painful.
- True lock down so users can’t work around your settings? You can’t do that with Group Policy Preferences. Users can just change the setting you put down.
- File-based applications like FireFox, OpenOffice, Flash player, or others? You can’t manage those with Group Policy Preferences (since their stuff doesn’t live in the Registry.)
So what are you going to do?
PolicyPak Software (www.PolicyPak.com) can do this. Big time.
Here is a video to show you exactly how you would do this.
The "cherry on top" is that PolicyPak is fully CitrixReady and also works with XenDesktop. Here’s a video for that too: https://www.policypak.com/technology-and-downloads/policypak-expands-xendesktop.html
If you’re interested in trying this out for yourself, you’ll need to sign up for a demonstration at www.PolicyPak.com/webinar. After that, you can get the download can give this a try yourself.