Published Applications

Last Modified: Sep 16, 2017 @ 10:54 am

Navigation

💡 = Recently Updated

RDSH Application Testing

Installing apps on Remote Desktop Session Host (XenApp) is more complicated than installing apps on a single-user operating system (virtual desktop). Here are some RDSH-specific considerations that must be tested before integrating a new application into RDSH. These considerations usually don’t apply to virtual desktops.

  •  Multi-user Capable – can the application run multiple times on the same machine by different users? Most applications don’t have a problem, but a few do, especially applications that put temporary files or other writable files in global locations. For example, the first user of an app could write temporary files to C:\Temp. The second user writes to the same location, overwriting the temp files needed by the first user. Test the app with multiple users running the app on the same RDSH machine.
  • Lockdown to prevent one user from affecting another – What restrictions are needed to prevent one user from affecting another? For example, if an app’s configuration files are stored in a global location, you don’t want one user to edit the configuration file, and thus affect a different user. Test the app with multiple users running the app on the same RDSH machine.
  • Permission Relaxations – what relaxations (e.g. NTFS) are needed to allow non-administrators and GPO locked-down users to run the application? Test the application as a non-administrator with GPO lock down policies applied.
  • First Time Use – when a user launches an application the first time, the application should be automatically fully configured with default settings (e.g. back-end server connections). Use group policy to apply application settings. Automated FTU also helps with a user whose profile is reset. Test the RDSH app with a user that has a new (clean) profile.
  • Roaming – users could connect to a different RDSH machine every day, and thus user settings need to roam across machines. Test running the app on one RDSH, make changes, then login to a different RDSH machine to ensure the changes are still there.
  • Application Licensing – if an application requires licensing, can licensed and non-licensed users connect to the same machine? Can it be guaranteed that non-licensed users can’t run the application that requires licensing? Adobe Acrobat is an example of a challenging application because of the global .pdf file-type association, and the global PDF printer.
  • Client Devices (USB, printers, COM ports) – the client device mapping capabilities on RDSH are not as extensive as virtual desktops. For example, generic USB wasn’t added until Windows Server 2012 R2. When the application prints, does it show printers from every user, instead of just the user running the app? Does the app need COM port mapping?
  • Shared IP – does the app have any problems with multiple users sharing the same IP address? If so, you might have to configure RDS IP Virtualization.
  • Fair Sharing of Hardware Resources– does the app sometimes consume a disproportionate amount of hardware resources? For example, can the app be used to launch a task that consumes 100% CPU for some time? One option is to put this app on its own Delivery Group. Or you can use Citrix Workspace Environment Manager to ensure fair sharing of hardware resources.
  • Published Application – can the app run as a published application that doesn’t have Explorer running in the background? Does the app (e.g. Internet Explorer web apps) need RunOnce.exe /AlternateShellStartup to fully initialize before it will run correctly as a published application? Some apps work without issue in a published desktop, but don’t work properly as published applications. When testing a published app, test it with a user that has a new (clean) profile. Connecting to the published desktop once will cause Active Setup to run, changing the user’s profile, thus distorting the published app testing results.
  • Integration Testing – when installing a new app on a RDSH server, don’t forget to test the other apps already on the RDSH server, because the new app might have broken the other apps. The more apps you put on an RDSH server, the longer it takes to perform integration testing.

Also see MSDN Remote Desktop Services programming guidelines.

Some of the issues in this list can be overcome by using an application virtualization tool (e.g. Microsoft App-V) that runs apps in isolated bubbles.

Application Groups

Citrix Blog Post Introducing Application Groups in XenApp and XenDesktop 7.9

XenApp 7.9 and newer has an Application Group feature. This feature lets you group published apps together so you can more easily apply properties to every app in the group. Today, you can do the following:

  • Control visibility of every app in the app group (Users page).
  • Publish every app on the same Delivery Groups.
  • Prevent or allow apps in different Application Groups from running in the same session.
  • With one published app icon, test users launch from test Delivery Group, while production users launch from production Delivery Group.

To create an Application Group:

  1. In Citrix Studio, right-click Applications, and click Create Application Group.

    1. In the Getting Started page, click Next.
    2. In the Delivery Groups page, select the delivery groups you want these apps published from.
    3. In the Users page, select the users that can see the apps in this app group.
    4. Note: there are three levels of authorization. An app is only visible to a user if the user is assigned to all of the following:
      • Delivery Group
      • Application Group
      • Individual Published Apps in the Application Group
    5. Click Next.
    6. In the Applications page, publish applications like normal. The Existing option lets you select an app that’s already been published to a different Application Group or Delivery Group. Click Next.
    7. In the Summary page,  give the Application Group a name, and click Finish.
  2. In the Applications node in Studio, there’s a new Application Groups section.
  3. If you highlight your Application Group, on the right is the list of apps in the group. You can edit each of these published apps like normal.
  4. You can drag applications into an Application Group.

  5. However, this more of a copy than a move. To actually move the app exclusively into the Application Group, edit the individual app, and on the Groups page, remove all Delivery Groups (or other Application Groups). The app will instead inherit the Delivery Groups from the app group.
  6. If you edit the Application Group:
  7. The Settings page has an option for session sharing between Application Groups. Clearing this checkbox allows you to force applications in different Application Groups to run in different sessions.
  8. The Delivery Groups tab lets you set Delivery Group priority. If priority is identical, then sessions are load balanced. If priorities are different, then sessions are launched on Delivery Groups in priority order.
  9. The checkbox for Restrict launches to machines with tag lets you restrict the apps to only run on VDAs with the selected tag.
  10. In XenApp/XenDesktop 7.13 and newer, you can use PowerShell to cause an Application Group to launch multiple app instances in separate sessions. Citrix Blog Post XenApp and XenDesktop 7.13: Launching an Application in Multiple Sessions.

Limit Icon Visibility

For Published Applications, there are three levels of application authorization: Delivery Group, Application Groups, and Published App Limit Visibility. A published app icon is only visible if the user is added to all three levels.

  1. Delivery Group (Users page). If the user is not assigned to the Delivery Group, then the user won’t see any application or desktop icon published from that Delivery Group.

  2. Limit Visibility – You can use the published app’s Limit Visibility page to restrict an icon to a subset of Delivery Group users.

  3. In XenApp/XenDesktop 7.9 and newer, you can use Application Groups to restrict access to published icons.

  4. App Icons won’t appear unless users are added to all three of the above locations.

Published Desktops have separate authorization configuration:

  1. XenApp/XenDesktop 7.8 and newer have a Desktops page in Delivery Group properties where you can publish multiple desktops and restrict access to those individual published desktops.

  2. In XenApp/XenDesktop prior to version 7.8, if a desktop is published from the Delivery Group, by default, every user assigned to the Delivery Group can see the icon. You can use the PowerShell command Set-BrokerEntitlementPolicyRule to limit the desktop icon to a subset of the users assigned to the Delivery Group.
    1. Run asnp citrix.*
    2. Run Get-BrokerEntitlementPolicyRule to see the published desktops.
    3. Then run Set-BrokerEntitlementPolicyRule to set the IncludedUsers or ExcludedUsers filters.

Published Content

XenApp 7.11 adds Published Content where you can publish URLs that are opened in the user’s local browser. You can also publish UNC paths, which are opened with local Explorer or local application.

Currently there is no GUI to publish content. Instead, use PowerShell.

The New-BrokerApplication cmdlet requires you to specify a Delivery Group. This Delivery Group must have at least one registered machine in it. However, the published content does not actually launch from the Delivery Group since the URLs and/or UNCs open locally.

First run asnp citrix.*

Then run New-BrokerApplication -ApplicationType PublishedContent. Here is a sample PowerShell command:

New-BrokerApplication -Name "CitrixHomePage" -PublishedName "Citrix Home Page" -ApplicationType PublishedContent -CommandLineExecutable https://www.citrix.com -DesktopGroup RDSH12R2

Instead of publishing to a Delivery Group, you can publish to an Application Group by using the -ApplicationGroup switch. The Application Group must have Delivery Group(s) assigned to it.

Once the Published Content is created, you can see it in Studio. You can also edit it from Studio, including Limit Visibility and Groups (to move it to an Application Group).

Published Content can be placed in Application Groups. You can then use the Application Group properties to restrict access to the shortcut.

It does not appear to be possible to set the icon from Studio, but you can do it using PowerShell. See Citrix Blog Post @XDtipster – Changing Delivery Group Icons Revisited (XD7) for instructions to convert an icon to a base64 string, and import to XenApp using New-BrokerIcon -EnCodedIconData "Base64 String".  Then you can link the icon to the Published Content using Set-BrokerApplication "App Name" -IconUid.

In StoreFront 3.7, you can click the icon and URLs will open in a new browser tab.

HTTP/HTTPS Published Content should open in Receiver. Other URLs (e.g. file:// or UNC path) will probably show an error message.

You can override this restriction by enabling the group policy setting Allow/Prevent users to publish unsafe content at Computer Configuration | Policies | Administrative Templates | Citrix Components | Citrix Receiver | SelfService. This assumes you’ve installed the Receiver .admx files. (h/t David Prows at CUGC forums).

Application Usage Limits

In XenApp/XenDesktop 7.7 or newer, if you edit an application’s Properties, on the Delivery page, you can restrict the number of concurrent instances of the application. You can also Limit to one instance per user.

Keywords for StoreFront

In a published application’s Properties, on the Identification page, in the Description and keywords field, you can enter KEYWORDS to control how the app behaves when displayed by StoreFront.

  • Enter KEYWORDS:Mandatory or KEYWORDS:Auto to cause the application to automatically be subscribed or favorited in Citrix Receiver.
    • In StoreFront 3.0 and newer, the user can go to the Apps tab, click an App’s Details button, and mark the app as a Favorite. 
    • In the older StoreFront interface, users subscribe to applications by clicking the plus icon to add the application to the middle of the screen. 
    • Mandatory means the app can’t be removed from Favorites or unsubscribed.
    • Auto means the app is automatically favorited or subscribed, and can be un-favorited or unsubscribed by the user.
  • Enter KEYWORDS:Featured to make the application show up in the Featured list.
  • You can separate multiple keywords with a space. KEYWORDS:Mandatory Featured.
  • See the StoreFront 3.7 Keywords documentation at Citrix Docs for more information.

Users will have a better experience with StoreFront if applications are published into folders. The folder name is specified in the Delivery page in the Category field. Note: Add shortcut to user’s desktop works in newer versions of Receiver assuming the app is marked as a Favorite.

Secure Browser

Citrix has a deployment guide for publishing a browser from XenApp. Here’s an overview of the configuration:

  • Install Chrome on an RDSH VDA.
  • In Studio, publish IE and/or Chrome in Kiosk Mode to anonymous users.
    • Create a different published app for each website.
  • In StoreFront, create a Store for Unauthenticated Users.
  • In StoreFront, enable Receiver for HTML5.
  • In StoreFront, enable web links so you can link to the published browser from a different website.

When a user launches the published browser, the HTML5 client opens the published app in a local browser tab. The published browser runs in kiosk mode so that the published browser’s user interface is hidden. It looks like the website is running on the local browser but actually it’s running from a published browser.

There’s a special XenApp Secure Browser Edition that is only licensed for publishing browsers from RDSH. See the press release Citrix Radically Simplifies the Secure Delivery of Browser-based Apps.

App-V

App-V Client Hotfix

The latest App-V 5.1 hotfix is June 2017 servicing release for Microsoft Desktop Optimization Pack. Note: Windows 10 1607 and Windows 2016 get App-V updates through Windows Update.

The latest App-V 5.0 hotfix is Hotfix Package 3 for Microsoft Application Virtualization 5.0 SP3.

There is a special version of App-V client for RDS (Remote Desktop Session Host). The normal App-V client in MDOP won’t work. Get the RDS version from the Microsoft Volume Licensing website.

App-V GPO ADMX templates

The latest GPO ADMX templates for App-V can be downloaded from Microsoft Desktop Optimization Pack Group Policy Administrative Templates.

App-V and Logon Times

Links:

XenApp 7.8 and newer App-V

XenApp 7.8 no longer requires App-V management infrastructure and can instead pull the App-V packages directly from an SMB share as detailed at App-V at Citrix Docs. The computer accounts for Delivery Controllers and VDAs must have read access to the share. An easy method is to add Domain Computers. See CTX221296 Citrix App-V Integration Minimum Permission Requirements.

XenApp 7.11 adds an Isolation Groups tab.

Once App-V packages are added to Citrix Studio, you can publish an app, and select App-V from the drop-down.

The App-V apps show up as AppLibrary App-V, and support the same options as other published applications.

Make sure the App-V Components are installed on your VDA. It’s not checked by default in 7.12 and newer.

On your VDA Windows 10/2016 or newer, in PowerShell, run Enable-Appv. For older OS, install the App-V client.

There appears to be some limitations to the package share method as detailed by Joe Robinson at Citrix Discussions:

Joe Robinson provided a script to force the App-V client to sync before launching the user’s App-V application.

Launch App Inside App-V Bubble

From Citrix Blog Post Process Launching in an App-V V5 Virtual Environment:

  • On any executable, add the /appvve:<PackageID>_<VersionID> of the package in which one would like the executable to run
  • If the App-V process is already running then use the /appvpid:<ProcessId> to inject into a running App-V virtual environment
  • If you want something more permanent, you can set the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppV\Client\RunVirtual\<YourApplicationName> with a default REG_SZ key that has the executable name in it.

Also see Microsoft Knowledgebase article How to launch processes inside the App-V 5.0 virtualized environment.

AppDisks

See http://www.carlstalhood.com/appdisks/

Change Published Desktop Icon

Citrix Blog Post Changing Delivery Group Icons Revisited (XD7) has instructions on how to use PowerShell to import a Base-64 icon and then link it to the published desktop.

StoreFront 3.0 and newer overrides custom desktop icons. Run the following PowerShell command (from discussions.citrix.com) to restore custom desktop icons:

& 'C:\Program Files\Citrix\Receiver StoreFront\Scripts\ImportModules.ps1'

Disable-DSStoreSubstituteDesktopImage -SiteId 1 -VirtualPath /Citrix/Store

Other Published App Tips

CTX209199 Published 64 bit Aps Can’t Be Started With %ProgramFiles% in Command Line If It’s Not the first Application to Start: You can try the following methods to address this issue:

  1. Use the absolute path to publish the application.
    2. Use %ProgramW6432% for 64-bit applications instead of %ProgramFiles%.

Google Chrome

Links detailing installation, configuration, roaming profiles, and publishing.

CTX132057 Google Chrome Becomes Unresponsive when Started as Published Application: add the parameters --allow-no-sandbox-job --disable-gpu in the published app command line. According to Dennis Span, this is no longer needed in Chrome 58 and newer.

CTX205876 Non-published Google Chrome browser on XenApp server, called and launched from any published app, is seen in black/grey screen: The command line parameter has to be added to registry shell open command for the Chrome browser:

  1. In Regedit, navigate to HKEY_CLASSES_ROOT\http\shell\open\command
  2. Edit the Default value as follows:
    "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --allow-no-sandbox-job --disable-gpu -- "%1"

Disable Application and Hide It

  1. In Studio, you can disable a published application by right-clicking it, and clicking Disable.
  2. In older versions of XenApp/XenDesktop, when you disable the application, it leaves the application visible but it is grayed out thus preventing users from launching it. In 7.8, the disabled app is automatically hidden (no longer shown in the apps list).
  3. If desired, you can hide or unhide the disabled application icon by running a PowerShell command:
    asnp citrix.*
    Set-BrokerApplication MyApp -Visibile $false
    

  4. When you re-enable the application, Visibility is automatically set back to true.

Bidirectional Content Redirection

Receiver 4.7 and newer, combined with and VDA 7.13 and newer, support redirecting URLs from client to VDA (published Internet Explorer), or from VDA to client. See Bidirectional content redirection policy settings at Citrix Docs for requirements and limitations.

  1. Make sure Local App Access is not enabled on the VDAs.
  2. Make sure Internet Explorer is published. Internet Explorer is not in the Start Menu, so you have to publish it Manually. Only Internet Explorer is supported for bidirectional.

  3. Edit a GPO that applies to VDA users.
  4. Go to User Config | Policies | Citrix Policies, and edit a Citrix Policy.
  5. Find the setting Allow Bidirectional Content Redirection, and enable it (Allowed).

  6. Also configure the Allowed URLs policy settings to indicate which URLs should be redirected in either location.
  7. Copy the receiver.admx file from Receiver 4.7 or newer to PolicyDefinitions (SYSVOL or C:\Windows\PolicyDefinitions).
  8. Edit a GPO that applies to client devices (endpoints).
  9. Go to User Configuration | Policies | Administrative Templates | Citrix Receiver | User experience.
  10. Double-click the setting Bidirectional Content Redirection.
  11. Enable the setting.
  12. In the Published Application field, enter the name of the Internet Explorer published application.
  13. In the Allowed URLs fields, configure the URLs you want to redirect in either direction.
  14. On the VDA, run the following command to register the Internet Explorer add-on.
    "C:\Program Files (x86)\Citrix\System32\VDARedirector.exe" /regIE

  15. On the client device, run the following command to register the Internet Explorer add-on.
    "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /regIE

  16. When you run Internet Explorer on the VDA or client device, you’ll be prompted to enable the add-on. You can configure a GPO to enable this add-on automatically. Redirection won’t work unless the add-on is enabled.

Local App Access

Some applications are not suitable for centralization and instead should run on endpoint devices. These applications include: phone software, applications needing peripherals, etc. Citrix Local App Access lets you access these endpoint-installed applications from inside a published desktop. This is sometimes called Reverse Seamless.

Local App Access has three modes of functionality:

  • User-managed local applications. Any shortcuts in the endpoint’s local Start Menu and local Desktop are made available from inside the published desktop.
  • Administrator-managed local applications. Use Studio to publish a local application, which is created as a shortcut inside the published desktop. When the shortcut is launched, it is actually running from the endpoint device (reverse seamless) instead of the centralized desktop. If you enable administrator-managed local applications then user-managed local applications are disabled.
  • URL Redirection. Administrators define some URLs that should be opened in a local endpoint browser instead of a VDA browser, and then display the local browser inside the published desktop (reverse seamless).

Local App Access requires Platinum Licensing.

Do the following to configure Local App Access:

  1. In a Citrix Policy that applies to the VDAs, enable the Allow local app access policy setting. It’s in the Computer Half.
  2. The URL redirection black list setting lets you define a list of URLs that should be opened on the endpoint’s browser instead of the VDA browser. Alternatively, you can instead configure Bidirectional Content Redirection.
  3. On the Endpoints, install Receiver using the ALLOW_CLIENTHOSTEDAPPSURL=1 switch. Feel to add /includeSSON too. Run the installer from an elevated (Administrator) command prompt. This switch automatically enables both Local App Access and URL Redirection. Note: the URL Redirection code does not install on VDAs so URL Redirection might not work if your endpoint has VDA software for Remote PC.
  4. After installation of Receiver, launch Internet Explorer. You should see a prompt to enable the Citrix URL-Redirection Helper add-on.
  5. You can also go to Tools > Manage Add-ons to verify the Browser Helper Object.
  6. By default, Local App Access redirects the endpoint’s Start Menu and Desktop. You can control which folders are redirected by editing the endpoint’s registry at HKCU\Software\Citrix\ICA Client\CHS. You might have to create the CHS key. Create the Multi-String Values named ProgramsFolders and DesktopFolders, and point them to folders containing shortcuts that you want to make available from inside the published desktop. Andrew Morgan has a GUI tool for editing these registry values.

  7. When you connect to a published desktop, by default, there will be a Local Programs folder in the Start Menu containing shortcuts to programs on the endpoint’s Start Menu. These are user-managed shortcuts. Note: Windows 8 and newer only supports one level of Start Menu folders. This means that all local shortcuts are placed into the single Local Programs folder without any subfolders.
  8. On the VDA Desktop there will be a Local Desktop folder containing shortcuts from the endpoint’s desktop. These are user-managed shortcuts.
  9. Note: the following doesn’t seem to work in LTSR 7.15. The VDA seems to overwrite these registry values.
    1. The Local Desktop and Local Programs folders on the VDA can be renamed by editing the VDA’s registry at HKCU\Software\Citrix\Local Access Apps. You might have to create the Local App Access registry key. Create String values ProgramsCHSFolderName and DesktopCHSFolderName as detailed at Citrix Docs. Andrew Morgan has a GUI tool to modify these registry values.

  10. To enable administrator-managed local applications, login to a machine that has Citrix Studio installed, and edit the registry. Go to HKLM\Software\Wow6432Node\Citrix\DesktopStudio, and create the DWORD value named ClientHostedAppsEnabled, and set it to 1.
  11. When you open Studio, and right-click the Applications node, there is a new entry Add Local App Access Application.

    1. In the Getting Started with Local Access Applications page, click Next.
    2. In the Groups page, select the Delivery Group or Application Group whose published desktop will receive the shortcut, and click Next.
    3. In the Location page, enter the path to the executable. This is the path on the endpoint. Also enter a Working Directory. You can get this information from the properties of the shortcut on the endpoint device. Click Next.
    4. In the Identification page, enter a name for the shortcut, and click Next.
    5. In the Delivery page, these options work as expected. Click Next.
    6. In the Summary page, click Finish.
    7. If you open the Properties of the Local App, there’s a Limit Visibility page.
  12. When you login to the desktop, you’ll see the administrator-managed local application. If any administrator-managed Client Hosted Applications are delivered to the user, then the default Local Programs and Local Desktop folders no longer appear.
  13. To enable URL Redirection, login to the VDA, and run "C:\Program Files (x86)\Citrix\System32\VDARedirector.exe" /regall. This registers the browser helpers.

  14. In Internet Explorer, if you go to Tools > Manage Add-ons, you’ll see the Citrix VDA-URL-Redirection Helper add-on.
  15. From inside the published desktop, if you go to a website on the blacklist, the VDA browser will close and a local browser will open in Reverse Seamless mode. If you then go to a website that is not on the blacklist, the local browser will close and the VDA browser will open again.

Andrew Morgan Citrix reverse seamless application deep dive presentation contains details on the inner workings of Local App Access. The same webpage also contains the GUI configuration tools mentioned above.

Citrix TV – Local App Access in XenDesktop 7

Anonymous Apps

XenApp 7.6 and newer supports publishing apps to anonymous users. Edit the Delivery Group, and on the Users page, check the box next to Give access to unauthenticated (anonymous) users.

Anonymous Users are managed differently than regular Domain Users. See VDA Anon instructions for adding anon accounts, configuring session timeouts, and configuring local group policy.

Anonymous published apps should show up for all authenticated users. However, you can also create a StoreFront store that does not require any authentication.

Export/Import Published Applications

Dominik Britz Export And Import Citrix XenDesktop Published Apps – two PowerShell scripts, one to export all published apps to json files and one to import apps with the information of the exported json files. Get the scripts from the Blog Post.

Related Topics

146 thoughts on “Published Applications”

  1. I have configured some Local Apps to be accessible in VDA. This is working fine, but I am not able to edit them. I have some “Delivery Group” selected then when creating it, but now I need to added some more.
     
    While trying to edit, all Delivery groups are grayed out. However when creating a new “Local App” entirely, I am able to select same groups which are being grayed-out when trying editing.
     
    This is not permission problem as I am performing both actions with same account.
     
    I am using “administrator-managed local applications” options.

  2. In using “Local App Access (Reverse Seamless)” we opted for “administrator-managed local applications” configuration. I observed however that the “Local Desktop and Local Programs” are still available but empty.

    Is there a way to render them invisible since they would not be use in any way.

    Thanks

  3. how to publish .bat files in 7.6 which used to run with .exe, in xa6.5 we configure it like this;- “C:\program files\apps\axis\local.bat” tool.exe

    how could I make this syntax in 7.6?

  4. Hi Carl

    I want to publish a server content in Google Chrome like “http://servername/lexica” and let startup the locally installed Chrome browser if installed.

    So I publish chrome.exe and keyword:prefer=”Google Chrome”. the command line parameter contains the “http://servername/lexica”.

    The browser opens locally but not with the URL mentioned in the parameter line. I couldn’t find anything. I tried with the old %1 or %* in the published line but * is not allowed.

    Any help is highly appreciated.

    Thanks
    Udo

  5. Does XenApp 7.12 offers offline access? I need to deploy some apps where users will stay disconnected but still need access to the application and once connected, app will synchronize. I remember in the past there was something called Streamed Apps.

    Thx Carl

          1. Not in Citrix, no. They figured that App-V already does it so no point in Citrix doing it.

            Citrix also has a DesktopPlayer product that can run desktops offline.

  6. We are running XAXD712, After application installation on a 2012 RDSH VDA , all the application published from that server like note pad, calc gets access denied error ” the domain\user ” does not have acces

    1. Is the server locked down using GPO or similar? If so, you’ll have to look in Event Viewer > Windows Logs > Security to see what user right is missing. Or maybe procmon for access denied messages. Users also must be in Remote Desktop Users group.

  7. Good Morning Carl,

    I am aware that I can add another desktop for the same Environment, but it would have to be named differently and would be very confusing to our users who are not very sophisticated. Are you aware of any way to get v7.12 (or 7.13 – I have no issues upgrading) to get one icon to deliver multiple desktops to a single user. Seems like Citrix deprecated a very valuable function for some users and I cannot get Citrix support to provide a firm answer on this. Is this by design or just overlooked? If the function is never coming back, I would like to know so we can figure out how to move forward.

    Thanks for your input.

    Mike Altman

    1. Didn’t they show up with a :1, :2, etc? Maybe you can simulate something similar with the multiple published desktops.

  8. Hi Carl,

    Sorry I did not clarify. These are desktops. Apparently multiple sessions are not an issue for applications in 7.12. However, most everything we do are with desktops. To clarify further our Citrix support guy tells us that this function is by design and should not have worked in 7.6. However, it is clear form the posts around 7.6 – we are not the only users to get multiple sessions to work in 7.6. It’s just not clear why it would stop working.

    Thanks,

    Mike Altman

  9. Hi Carl,

    Thanks for all your efforts to clarify Citrix. I could not do my job without them. I have an issue I am struggling with for some time. We have installed Citrix 7.12 in a Test ENV. We have been unable to open multiple sessions for a single user in this ENV. We did not have this issue with v7.6 provided we used -sessionreconnection – Disconnectedonly (which I got from your post). However this no longer works. Is there any info on this.

    Thanks in advance!!

  10. For large enterprise clients with perhaps hundreds of App V applications would you recommend creating the APP V infrastructure i.e. management console etc. or just use studio? I found publishing APP V apps in 7.9 a little “flaky” and resorted to the 3rd party app V launcher utility community version.

    1. Are you asking the PowerShell command to create a LAA? In Studio, after you create something, click the top left node, and then click the PowerShell tab. I see the following:

      New-BrokerApplication -ApplicationType “InstalledOnClient”

      1. Hello Carl,

        I need to publish a network share to 3rd party users using file explorer as a published app in XD 7.6.
        Ideally I need to lock down the network discovery of domain machines when the user hits network option. I did manage to hide the network icon using ADM template, however if the user hits back to the UNC path, he can reach the network location where he can see all the domain machines.(3rd party user has domain user access which brings him all the domain machine to be visible). Is there any way that I can disable address bar or loack down the file explorer to let them see only the folders?

        Thanks
        Sahul

        1. Citrix doesn’t offer anything to do this. I think AppSense does. Or you can put some VDAs in a firewalled security zone and only allow them to access certain other machines.

Leave a Reply