We have a Citrix XenApp 6.5 Farm running on Windows 2008 R2 systems. We have found through an audit there have been certain printers that when installed via the Auto-Client printer installation allow "Open command window here" if you go to this printer which is Microsoft Print to PDF (for instance) will then bring up the file locations which is ok, but the issue is the fact it is allowing "Open command window here".
I'm looking to see where in Citrix policies or Windows GPO's I can remove this option. I can't remove command prompt access from the system all together as some of our published applications execute/launch via command prompt/batch script.
So, thinking as a workaround to this issue, we could exclude the auto-generated printers that we know this is a problem for such as Microsoft Print to PDF. Issue - see that this is using the Citrix Universal Printer. So though I am now using the Printer driver mapping and compatibility policy within XenApp, it appears that the Universal driver will cancel this out.
Checked our Universal driver settings and it is set to use Universal Drivers only if a driver is not found.
So my thought - to locate (which I am searching for - though not having much luck) the print driver for Microsoft Print to PDF itself, install so then the policy should apply as it would have the driver and not use the universal. And I suppose I'll have to do that for the problematic ones we discover.
Or is there a better way of managing this?
We have to rectify this by end of Feb 2019 due to audit findings and resolution date, so any thoughts are appreciated.
Question
Pearson VUE ATS
We have a Citrix XenApp 6.5 Farm running on Windows 2008 R2 systems. We have found through an audit there have been certain printers that when installed via the Auto-Client printer installation allow "Open command window here" if you go to this printer which is Microsoft Print to PDF (for instance) will then bring up the file locations which is ok, but the issue is the fact it is allowing "Open command window here".
I'm looking to see where in Citrix policies or Windows GPO's I can remove this option. I can't remove command prompt access from the system all together as some of our published applications execute/launch via command prompt/batch script.
So, thinking as a workaround to this issue, we could exclude the auto-generated printers that we know this is a problem for such as Microsoft Print to PDF. Issue - see that this is using the Citrix Universal Printer. So though I am now using the Printer driver mapping and compatibility policy within XenApp, it appears that the Universal driver will cancel this out.
Checked our Universal driver settings and it is set to use Universal Drivers only if a driver is not found.
So my thought - to locate (which I am searching for - though not having much luck) the print driver for Microsoft Print to PDF itself, install so then the policy should apply as it would have the driver and not use the universal. And I suppose I'll have to do that for the problematic ones we discover.
Or is there a better way of managing this?
We have to rectify this by end of Feb 2019 due to audit findings and resolution date, so any thoughts are appreciated.
Thanks in advance.
Link to comment
1 answer to this question
Recommended Posts
Archived
This topic is now archived and is closed to further replies.