Citrix Workspace app

Scenario 3

February 28, 2024

Contributed by:

This scenario covers how to disable App Protection for users in a specific Active Directory group.

Following are the steps to disable App Protection for Win10Desktop users who are part of the Active Directory group xd.local\sales:

Run Get-BrokerAccessPolicyRule to view the two broker access policies for Win10Desktop. For a delivery group Win10Desktop there are two broker access policies, Win10Desktop_AG and Win10Desktop_Direct. Make a note of the Desktop Group UID of the Win10Desktop.
Create a Broker access policy rule for Win10Desktop to filter connections from users in the Active Directory group xd.local\sales.
```
New-BrokerAccessPolicyRule -Name Win10Desktop_AG_Sales_Group -DesktopGroupUid <Uid_of_desktopGroup> -AllowedConnections ViaAG -AllowedProtocols HDX, RDP -AllowedUsers Filtered -AllowRestart $true -Enabled $true

```
Uid_of_desktopGroup is the DesktopGroupUID of the delivery group got by running the GetBrokerAccessPolicy Rule in step 1.

Use the following command to disable App Protection policies for the Windows 10 Desktop users, part of the AD group xd.local\sales:

Set-BrokerAccessPolicyRule Win10Desktop_AG_Sales_Group -AllowedUsers Filtered -IncludedUsers xd.local\sales -IncludedUserFilterEnabled $true -AppProtectionScreenCaptureRequired $false -AppProtectionKeyLoggingRequired $false
<!--NeedCopy-->

Use the following command to enable App Protection policies for the rest of the gateway connections except for the users from xd.local\sales:

Set-BrokerAccessPolicyRule Win10Desktop_AG -AllowedUsers Anyauthenticated -ExcludedUserFilterEnabled $true -ExcludedUsers xd.local\sales -AppProtectionScreenCaptureRequired $true -AppProtectionKeyLoggingRequired $true
<!--NeedCopy-->

Verification

Sign out of the Citrix Workspace app, if already open. Sign in to the Citrix Workspace app as a user in the xd.local\sales Active Directory group. Launch the protected resource and you see that App Protection is disabled.

Sign out of the Citrix Workspace app and sign in again as a user who is not part of xd.local\sales. Launch the protected resource and you see that App Protection is enabled.

The official version of this content is in English. Some of the Cloud Software Group documentation content is machine translated for your convenience only. Cloud Software Group has no control over machine-translated content, which may contain errors, inaccuracies or unsuitable language. No warranty of any kind, either expressed or implied, is made as to the accuracy, reliability, suitability, or correctness of any translations made from the English original into any other language, or that your Cloud Software Group product or service conforms to any machine translated content, and any warranty provided under the applicable end user license agreement or terms of service, or any other agreement with Cloud Software Group, that the product or service conforms with any documentation shall not apply to the extent that such documentation has been machine translated. Cloud Software Group will not be held responsible for any damage or issues that may arise from using machine-translated content.

Was this helpful

Scenario 3

February 28, 2024

Contributed by:

February 28, 2024

Contributed by:

Scenario 3

In this article