Jump to content
Welcome to our new Citrix community!
  • 0

Session Manager - Group Policy


Sam Taylor

Question

Hi All,

 

We had a recent incident which broke many of our Virtual Desktops, the below message was being received:

 

image.png.9e6958a9b299062fc0dd042ca0b26732.png

 

Upon contacting Citrix, they asked us to set the below key's value to 0 to remediate:

HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\Ica\GroupPolicy
Name: EnforceUserPolicyEvaluationSuccess
Type: REG_DWORD
Value: 0

 

I've had a look through some of the Citrix documentation which describes setting the key's value to 0:

 

Known issues | Citrix Virtual Apps and Desktops 7 2203 LTSR

Fixed issues | Citrix Virtual Apps and Desktops 7 2203 LTSR

 

One of the above states: 

"Session Manager terminates session launches when the Group Policy evaluation fails. This is to prevent user access to resources that are restricted through Group Policy. The following user-implemented fix provides a registry toggle for administrators to dismiss the enforcement, which helps end users to connect to sessions even if the Group Policy evaluation fails:"

 

Can anyone help us out with understanding what this means in practical terms, what are the security implications of having this disabled? 

Link to comment

1 answer to this question

Recommended Posts

  • 0

That would imply (I would think) that you have an underlying issue if that evaluation cannot apply - In all my years of doing Citrix work, I have never touched that setting, and would be dubious on doing so given that typically policy is there to lockdown/secure/control and environment, and if it cannot be guaranteed/evaluated to say "all is ok" then I wouldn't want people in those sessions

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...