Jump to content

James Kindon

Moderators
 View Profile  See their activity

  • Posts

    1,351

  • Joined

  • Last visited

  • Days Won

    66

 Content Type 

Posts posted by James Kindon

    Authentication and design question for multiple domains

    in General Questions

    Posted

    You absolutely can do this with Citrix Cloud, it’s very easy 

     

    You put cloud connectors in each domain where you need machines to register against. So if you have machines in domain A and domain B, you will need cloud connectors in both 

     

    For user lookups, if you have domains that “just” have users, then you can use a cloud connector appliance to retrieve users from that domain, but if you have machines, then you will need the full cloud connector (windows)

     

    Citrix Cloud enumerates all domains and users from all domains can login with their domain creds via workspace. You can do more funky stuff with storefront and netscaler if you need 

     

    For Azure AD things can get a little hairy in multi domain environments, you will need to look at FAS architecture to provide SSO if you decide to go that path (also doable) 

    • Like 1

    WEM UPM Exclusions

    in WEM (Workspace Environment Management)

    Posted

    4 minutes ago, Barry Whitehouse said:

    Is there any reason for not using WEM for UPM ?

    Mostly due to historical consistency to be honest. Never ever had a problem with Studio policies, WEM and profile management has had some challenges. They are likely gone these days so do what works for you, but for me, Profile Management lives in Studio Policies for DaaS, and if multi-site deployments on premises, then Citrix Policies nested in GPO for simplicity

    Problem with Start Menu after update VDA from 2206 to 2212

    in Desktop Server - General

    Posted

    Can you try this within a broken profile? https://github.com/JonathanPitre/Scripts/blob/master/StartMenu/Reset-StartMenu.ps1

     

    Let's make sure 100% there is no narky folder redirection in the mix (I have asked Citrix to fix that article above to make it clear start menu redirection, along with appdata, is a definite no no)

     

    Looking to understand whether the script:

    • Fixes it
    • Breaks again on your next logon if it does fix it. This would indicate something broken in your profile configuration 


    Are you using autoconfig or manual config for your UPM setup? the Sync/Mirror bits can be crazy temperamental with Start Menu roaming

    Also, there is no other "Hide Common Programs" settings coming in from anywhere is there? GPO, WEM, BIS-F etc?

    Handling multiple Applications when users belong to conflicting AD groups

    in WEM (Workspace Environment Management)

    Posted

    Good start, but it's a touch more simple than you think:

    • Add a Filter Condition called "Not In Group AppB". Use the condition type "No Active Directory Group Match" and specify DOMAIN\AppB
    • Create a Filter Rule that contains Condition "Not In Group AppB"
    • Assign the Application A application to the Win10 Users group and apply the No Active Directory Group Match Filter Rule. Set Create Desktop to True
    • Assign the Application B application to the AppB group. Set Create Desktop to True. You can use always true here for the filter rule 
    • Under Advanced Settings -> Advanced Options -> Unassigned Actions Revert Processing -> Revert Unassigned Applications: Enabled

    The behavior should now be:

    • If the user is in the Win10 Users Group and NOT in the AppB group, they will get application A with a shortcut on their desktop
    • If the user is added to the AppB group, WEM will put a shortcut to application B on their desktop
    • If the user WAS in Win10 Users Group, and is now in the AppB group, WEM will remove the shortcut it created for Application A

    The Create Desktop shortcut setting dumps a shortcut on the user desktop. If WEM does this, it tracks it. Thus, if you enable the revert unassigned applications setting and then change the group assignments, WEM will effectively "unassign" the application, which will trigger a removal, and a replacement with the other

     

    Clear as mud?

    • Like 2

    WEM Folder Redirection - Windows 2019

    in WEM (Workspace Environment Management)

    Posted

    9 hours ago, Konstantinos Efthymiadi said:

    What is your though on the below screenshot? (If you don't redirect AppData, roaming Teams folder will keep increase uncontrollably with the end result of VM disruption)

    If you have a look at the articles above, it will show you what you need to include/exclude in your profiles to keep them nice and lean. A lot of it is log crud so you can streamline it. You will find it's the same as anything else you bring into the environment, just need to tweak it as you go

     

    You can also support teams without the need for containers. Containers come with their own considerations and impacts so you don't have to run towards them unless you have a firm need. Here is a bit of a read from a while back https://jkindon.com/the-user-environment-management-puzzle/

     

    You can track changes to UPM capabilities here, both file and container based https://jkindon.com/the-evolution-of-citrix-profile-management/

    • Like 1

    WEM Folder Redirection - Windows 2019

    in WEM (Workspace Environment Management)

    Posted

    3 hours ago, Konstantinos Efthymiadi said:

    If AppData are NOT checked in WEM, Downloads folder is been redirected correctly and AppData folder is stored locally C:/user/%username% (the rest of the folders are redirected correctly)

    Sounds perfect. Again, AppData should not be redirected.

     

    3 hours ago, Konstantinos Efthymiadi said:

    Duplication of the folder does not satisfy our customer since Teams application is store in it.

    One the key application examples of why AppData should not be redirected. Teams slams AppData in not just capacity, but in writes. Which is why it should live locally in the profile and controlled appropriately by either container, or file-based profiles (like anything else that writes that heavily into AppData):

    3 hours ago, Konstantinos Efthymiadi said:

    If we redirect AppData folder through Citrix Studio Policies, AppData are redirected correctly but there is a duplication of the folders to it

    If you are determined to run forward, then I would suggest looking at permissions. Smells a little like both WEM and the Citrix policy engine is struggling with permissions. That would be my guess, but I've spent almost 10 years turning that crud off in badly performing customer environments (hell I even wrote a script to do it https://github.com/JamesKindon/Citrix/blob/master/SetShellFolderDefaults.ps1), so it could well be something else in the mix - fact that documents and desktop working is good.

    WEM Folder Redirection - Windows 2019

    in WEM (Workspace Environment Management)

    Posted

    14 hours ago, constantinos efthymiades said:

    Thanks James for your prompt reply. If there is a "Redirection Option" in WEM, it shouldn't make us "a favor" since its given (talking about AppData).

    Microsoft have a policy, Citrix have a policy, WEM has the same setting -> doesn't mean it should be used. Microsoft also has policies for roaming profiles, UPD etc. All sorts of legacy tech and config items. Just because they are there, doesn't mean they should be used in modern deployments.

    Folder redirection for AppData is a relic and should never be used in modern environments. Half of the other things don't even come into play in a modern world (Links, Favorites, Contacts etc). Searches should never be redirected (not even relevant for a modern OS). I'd suggest you don't take what you did in 2012 R2 and just carry it over to 2019, so much has changed.

     

    But getting back to your issue of things not working...

     

    14 hours ago, constantinos efthymiades said:

    o your though of "what WEM is being asked to do" simple when I open user`s wem.log file, it show an exception with no further detail

    I am asking what you have configured your paths as for desktop and document redirection in WEM? What variables/hashtags are you using? And does the user have access to the appropriate paths? (WEM Actions in the user context)

     

    Can you share any logs?

    WEM Folder Redirection - Windows 2019

    in WEM (Workspace Environment Management)

    Posted

    Firstly, WEM is probably doing you a favor by not redirecting that amount of folders - noone should be redirecting things like AppData etc anymore, that's asking for problems. So if we focus on desktop and documents and pretend the rest isn't happening... ? 

     

    What path are you using for the redirection, we will need to understand what WEM is being asked to do

     

    Additionally, is anything else in the environment doing folder redirection, or has it done so previously?

     

    What do your shell folder keys show you in the registry as it relates to folder redirection?

    CVAD 1912 LTSR and UPM 2305

    in Profile Management - General

    Posted

    Technically you can upgrade the UPM component to CR, but you will lose your LTSR status, and you will need to drive UPM configuration via either WEM or GPO as studio won't have the policy set -> up to you on how important that status is, if you have a real issue with something and you need support, you can always downgrade UPM on a test box and if the issue is still there (whatever it might be), just point Citrix support at that box ?

     

    There is a rising amount of feedback being given to Citrix around this exact scenario, I will pass this post along for reference

    Teams AutoStart=Enable

    in XenApp 7.x

    Posted

    That's a business decision. If you auto start, your sessions will get spanked on startup (as Jeff mentioned above). Depends how the business wants Teams to interact/behave. If you can stop it auto-starting, you will have a better performance experience

    • Like 1

© Cloud Software Group, Inc. All rights reserved.

×
×
  • Create New...