Jump to content
Welcome to our new Citrix community!
  • 0

how to restrict one application to a domain group


Tony Wong

Question

16 answers to this question

Recommended Posts

  • 0

Do you mean one instance per application?

 

Have you checked this here?


When you create a delivery group with "desktops and apps," Studio creates one Entitlement Policy Rule and one App Entitlement Policy Rule for the group, meaning each user is entitled to one desktop session and one app session. Studio doesn't expose the user filter on these objects, so both are available to all users of the delivery group.

You can use Get-BrokerEntitlementPolicyRule to find the desktop entitlement for the delivery group. (Note that the name may end in a _1) Then use the Set cmdlet to specify the users, e.g.


Set-BrokerEntitlementPolicyRule - Name "My Delivery Group_1" -AddIncludedUsers "MyDomain\DesktopAccessGroup" -IncludedUserFilterEnabled $true

 

Thanks 

Manoj

 

Link to comment
  • 0

No I mean restrict the application access to only one domain group

 

I am checking 

 

 

get-brokeraccesspolicyrule but its either all users or nothing. 

 

I need to retrict the application lauch or visibility to just one domain group

 

I am not using virtual desktops only virtual apps

 

 

thanks

Link to comment
  • 0

I already have the application published to the right domain group which shows in associatedusernames in 

 

 

when i type in get-brokerapplicationgroup

 

but a user that is not part of that group still is able to see and launch the application

 

Link to comment
  • 0

This is very strange even if the user is not part of the group still see the application. Can you check the Delivery Group permission and also I will advised assign Application Group permission as well. You can control the visibility of an app if you assign to all of the following:

  • Delivery Group
  • Application Group
  • Individual Published Apps in the Application Group

image.thumb.png.b60d2dc6d26612cc8998702f0118ae3c.png

Thanks 

Manoj

 

Link to comment
  • 0

I remember your issue other day. I will have a look you.

 

Try this 

Delivery Group

Get-BrokerAccessPolicyRule  -DesktopGroupName $groupName | Set-BrokerAccessPolicyRule -AddIncludedUsers $userName

 

For application 

Add-BrokerUser "DOMAIN\UserName" -Application "ApplicationName"

 

Thanks 

Manoj

 

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...