If you have endpoint analysis configured on NetScaler Gateway, users who pass an endpoint scan can access all the resources that you configure on NetScaler Gateway. You can put users who fail an endpoint scan in a quarantine group. These users can access published applications from XenApp only. Success or failure of the endpoint analysis scan determines the access method available to users.
For example, you create an endpoint analysis scan to check whether or not Notepad is running on the user device when users log on. If Notepad is running, users can log on using the NetScaler Gateway Plug-in. If Notepad is not running, users receive only the list of published applications.
To configure restricted user access, create a quarantine group on NetScaler Gateway. You create the quarantine group within a session profile and then add the profile to a session policy.