Citrix DaaS


Policies are a collection of settings that define how sessions, bandwidth, and security are managed for a group of users, devices, or connection types.

You can apply policy settings to VDAs or to users. You can edit settings in Web Studio or in the Active Directory Group policy objects (GPOs). You can specify filters (object assignments) for policies. If you do not specifically assign policies to filters, settings are applied to all user sessions.

Localized image

You can apply policies on different levels of the network. Policy settings placed at the Organizational Unit GPO level take the highest precedence on the network. Policies at the Domain GPO level override policies on the Site Group Policy Object level. The Site Group Policy Object level overrides any conflicting policies on both the Microsoft and Citrix Local Policies levels.

All Citrix Site Policies are created and managed in the Web Studio console and stored in the Site Database. Group Policies are created and managed by using the Microsoft Group Policy Management Console (GPMC) and stored in the Active Directory. Microsoft Local Policies are created in the Windows Operating System and are stored in the registry.

Web Studio uses a Modeling Wizard to help administrators compare configuration settings within templates and policies to help eliminate conflicting and redundant settings.

Settings are merged according to priority and their condition. Any disabled setting overrides a lower-ranked enabled setting. Unconfigured policy settings are ignored and do not override lower-ranked settings.

Web Studio policies can also have conflicts with group policies in the Active Directory, which might override each other depending on the situation.

All policies are processed in the following order:

  1. From the Citrix Workspace app, the end user logs on to a VDA using domain credentials.
  2. Citrix policies are processed for the end user and for the VDA
  3. Policies are applied in the following order:

    1. Local policies
    2. Site policies
    3. Domain policies
    4. OU (Organizational unit) policies


  • All policies might not be present at the four levels. For most of the customers, only site policies are used. Local policies require the user to log on to VDA to edit policies. Hence, these policies are almost never used.
  • We do not support mixing Windows and Citrix policies in the same GPO.

For complete information about Citrix policies, see the following:


In this article