Jump to content
Welcome to our new Citrix community!
  • 0

Multiple assignments for a single AD group


Evgeny Rzhavin

Question

Hi.

 

I have decided to move our printers assignment from GPO to WEM. In our environment printers assignment is based on AD group membership. I've added all the necessary rules and assignments in WEM and now members of CONTOSO\Printer1-Users get the default Printer1.

For some printers and users we use one more AD group - CONTOSO\NoDefaultPrinter.

Members of both CONTOSO\Printer1-Users and CONTOSO\NoDefaultPrinter should get non-default Printer1.

The final scheme:

You are the member of just CONTOSO\Printer1-Users -> you get default Printer1.

You are the member of CONTOSO\Printer1-Users and CONTOSO\NoDefaultPrinter -> you get non-default Printer1.

In GPO we use Item-level targeting. Is it possible to create multiple assignmens for a single AD group? WEM console won't allow me to add CONTOSO\Printer1-Users more than once.

 

P.S. It's not just about printers. I can imagine several similar cases.

 

Link to comment

2 answers to this question

Recommended Posts

  • 1

Bit late (almost a necro :) ) but if you look at Filters/Conditions, specifically "Active Directory Group Match", you could create individual conditions to test for a group membership. Then you create Rules with one or more condition in. Then when you assign printers you can change the default "Always True" to your new rule.

 

I've not tested this, but using your example above, you should even be able to just create a single rule/condition filter for CONTOSO\NoDefaultPrinter, and then in Assignments, choose CONTOSO\Printer1-Users, then under Printers assign the non-default Printer1, but set the filter to your new filter, so that the user has to be a member of both groups. That should work.

 

You can mix/match conditions to build up complex filters if you like. Currently I'm only using simple ones to include/exclude apps from certain server names (eg create a Start Menu shortcut for an app for an AD group, but only if it's not the Admin servers for example) or to only assign an action when on a published desktop (eg run once script to pin Start Menu icons) . 

 

See attached screens if they're any use.

 

Nick

 

01.PNG

02.PNG

03.PNG

04.PNG

  • Like 1
Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...