Product Documentation

Working with Citrix Policies

Apr 07, 2010

To control user access or session environments, configure a Citrix policy. Citrix policies are the most efficient method of controlling connection, security, and bandwidth settings.

You can create policies for specific groups of users, devices, or connection types. Each policy can contain multiple settings. For example, you can configure settings to:
  • Configure farm settings such as Virtual IP, Health Monitoring and Recovery, and multimedia acceleration
  • Control sound quality for client devices
  • Allow users to access the Documents folder on their local client device
  • Allow or prevent remote users from being able to save to their hard drives from a session
  • Allow or prevent users from accessing the Windows clipboard
  • Set a required encryption level for Citrix plug-ins
  • Set the session importance level, which, along with the application importance level, determines resource allotment for Preferential Load Balancing

You can work with policies through the Group Policy Editor in Windows or the Delivery Services Console in XenApp. The console or tool you use to do this depends on whether or not your network environment includes Microsoft Active Directory and whether or not you have the appropriate permissions to manage Group Policy Objects (GPOs).

Using the Group Policy Editor

If your network environment includes Active Directory and you have the appropriate permissions to manage Group Policy, use the Group Policy Editor to create policies for your farm. The settings you configure affect the GPOs you specify through the Group Policy Management console.

Using the Delivery Services Console

If your environment includes a different directory service (such as Novell Directory Services for Windows) or you are a Citrix administrator without permission to manage Group Policy, use the Delivery Services Console to create policies for your farm. The settings you configure are stored in a farm GPO in the data store.
Note: In Active Directory environments, the farm GPO takes precedence over the local GPO on the server in the event policy settings conflict. However, Active Directory GPOs take precedence over the farm GPO.

Tips for Working with Policies

If you create more than one policy in your environment, make sure that you prioritize the policies so that it is clear which policy should take precedence in the event of a conflict.

The process for configuring policies is:

  1. Create and name the policy.
  2. Configure policy settings.
  3. Apply the policy to connections by adding filters.
  4. Prioritize the policy.

In general, Citrix policies override similar settings configured for the entire server farm, for specific servers, or on the client. However, the highest encryption setting and the most restrictive shadowing setting always override other settings.