Jump to content
Welcome to our new Citrix community!
  • 0

Limit Published desktop to Thin Client

John Litster


using Citrix Virtual Apps 7 1909.1

I have a published desktop that I want everybody that logs into specific thin clients to be able to access.

I have a similar setup with published apps, I was able to just use KEYWORDS:  and then create a new store on Storefront and using the same keyword in the Advance settings in 'configure store settings'

The purpose is to have a base system in our conference rooms. and when a person logs in, they only get the apps that is pre-installed.

I would have the thin clients auto launch the desktop, so that parts isn't the big deal.........this issue is, when somebody logs into the Storefront page from the regular desktop system, I don't want them to even see the conference room system as an option.

I can't limit the Delivery Group by users or Windows Security groups, as anybody that goes into a conference room will need access  (they still will auth via Windows AD)


Any ideas?





Link to comment

4 answers to this question

Recommended Posts

  • 0

Another item that I see that might be an issue with the solution you provided......it looks as if, I can only assign 1 IP Address, or netbios name, or DNS name.....

as I have multiple conference rooms, there will be multiple assignments to the same published desktop   (which is Server 2016 [i forgot to mention that earlier])

Link to comment
  • 0

AHHHHHH, finally figured it out (at least i think so)

  1. Create New Machine Catalog as 'single session OS'
  2. machine catalog will use: machines that are powered managed and deployed using MCS
  3. I want users to connect to the same static desktop and discard all changes and clear virtual desktops
  4. Finish the rest of the wizard as normal
  5. THen make the Delivery group
  6. give all access
  7. no NOT assign it to anybody, the wizard will confirm you don't want to assign them to anybody,
  8. in powershell
    1. Get-BrokerDesktopGroup <Delivery group name>   get the UID of the delivery group
    2. Get-BrokerAccessPolicyRule –DesktopGroupUid <uid> | Set-BrokerAccessPolicyRule –AllowedUsers AnyAuthenticated
    3. Get-BrokerAssignmentPolicyRule –DesktopGroupUid <uid> | Set-BrokerAssignmentPolicyRule –Enabled $false
    4. Set-BrokerPrivateDesktop <domain>\<machine name> -AssignedIPAddress xxx.xxx.xxx.xxx



Thank you Carl for pointing me in the right direction.

now to get GPO settings that kill ie first start, kill teams autostart......(gpo is set, applied.....but being ignored)

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...