Jump to content
Welcome to our new Citrix community!

Restrict Acces to vServer Connection via Policy


Recommended Posts

As Carl mentioned, there are a several ways to do this dependent on requirements and how you want to implement it.


Method 1: no gateway dependency specifically

Configure a CVAD user policy in the CVAD environment for READ-Only clipboard: allows paste into session, but prevents copy out from session to client.

Or restrict it to certain types.  https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/policies/reference/ica-policy-settings.html

1- To apply this setting to remote users only, use the Smart Access filter in the policy and assign either the clipboard off or the read-only clipboard settings to connections with gateway. And the other policy allowing clipboard access to session without gateway (internal only)


method 2:  SmartControl policies on the GAteway (requiring premium as Carl mentioned):

Basically there are a set of policies you configure on the gateway that blocks certain virtual channels without needing to configure the settings on the CVAD environment. Might not be convenient if you have separate gateway vs cvad teams.  Covered in the GAteway admin guide (and Carl's reference above).


Method 3:  For more advanced scenarios, gateway can evaluate additional criteria and pass results through to CVAD and then you can use the smartaccess policies in CVAD for the 'connection with gateway' and 'meeting a gateway condition' (aka epa scan).  This also requires trust xml requests enabled.  But I would do method 1 first and use the regular clipboard restriction for gateway vs. non gateway policy filter. 

Link to comment
Share on other sites

On 2021/9/17 at PM6点32分, Carl Stalhood1709151912 said:

如果您的 ADC 是高级版,那么您可以配置 SmartControl。否则,配置 SmartAccess。 https://www.carlstalhood.com/smartaccess-smartcontrol-citrix-gateway/

Thank you very much for your suggestion. After listening to your plan, you have successfully controlled the copy and paste prohibition function of working from home

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...