Product Documentation

Manage Citrix policies

Feb 27, 2014

Configure a Citrix policy to control user access or session environments. Citrix policies are the most efficient method of controlling connection, security, and bandwidth settings.

You can create policies for specific groups of users, devices, or connection types. Each policy can contain multiple settings.

You work with policies through Studio or the Group Policy Management Console in Windows. The console or tool you use to do this depends on whether your network environment includes Microsoft Active Directory and whether you have the appropriate permissions to manage Group Policy Objects (GPOs).

Use Studio

If you are a Citrix administrator without permission to manage group policy, use Studio to create policies for your site. Policies created using Studio are stored in the site database and updates are pushed to the virtual desktop either when that virtual desktop registers with the broker or when a user connects to that virtual desktop.

Use Group Policy Editor

If your network environment includes Active Directory and you have the appropriate permissions to manage group policy, you may want to use the Group Policy Editor to create policies for your site. The settings you configure affect the GPOs you specify through the Group Policy Management Console.

Important: You must use the Group Policy Editor to configure some policy settings, including:
  • Policy settings related to registering virtual desktops with a controller
  • Policy settings related to Microsoft Application Virtualization (App-V) servers

Policy processing and precedence

Group policy settings are processed in the following order:
  1. Local GPO
  2. XenApp or XenDesktop site GPO (stored in the site database)
  3. Site-level GPOs
  4. Domain-level GPOs
  5. Organizational Units
However, in the event of a conflict, policy settings that are processed last can overwrite those that are processed earlier. This means that policy settings take precedence in the following order:
  1. Organizational Units
  2. Domain-level GPOs
  3. Site-level GPOs
  4. XenApp or XenDesktop site GPO (stored in the site database)
  5. Local GPO

For example, a Citrix administrator creates a policy (Policy A) through Studio that enables client file redirection for the company's sales employees. Meanwhile, another administrator creates a policy (Policy B) through the Group Policy Editor that disables client file redirection for the sales employees. When the sales employees log on to the virtual desktops, Policy B is applied and Policy A is ignored. This happens because Policy B was processed at the domain level and Policy A was processed at the XenApp or XenDesktop site GPO level.

Note, however, that when a user launches an ICA or Remote Desktop Protocol (RDP) session, Citrix session settings override the same settings configured in an Active Directory policy or using Remote Desktop Session Host Configuration. This includes settings that are related to typical RDP client connection settings such as Desktop wallpaper, Menu animation, and View window contents while dragging.

Workflow for Citrix policies

The process for configuring policies is as follows:

  1. Create the policy.
  2. Configure policy settings.
  3. Assign the policy to machine and user objects.
  4. Prioritize the policy.
  5. Verify the effective policy by running the Citrix Group Policy Modeling wizard.