Jeff Riechers

You also can just have MCS create the snapshot for you. It will name it in an appropriate manner and will save you a step in deployments.

Is there a WEM tool that can be run on a clean machine to gather all allowed exe files, and then use that to build the allow list? That way anything that gets loaded can be blocked? Something that we can re-run as part of a non-persistent sealing script to capture new hashes from updated files?

FSLogix's updated ADMX files have an option to store the Office legacy token in the profile. If you don't have the hybrid joined and prt that legacy token will store their settings.

I'm sorry. S1 can be a bit of a headache in Citrix environments. You need to ensure all the necessary Citrix exclusions are in place to keep the overhead from S1 from impacting your sessions.

So the problem is you have to change this setting in the default.ica to something else Hotkey5Char=F2 Hotkey5Shift=Ctrl Instead do this Hotkey5Char=F10 Hotkey5Shift=Ctrl That will free up Ctrl-F2 to not be captured by citrix. And instead will go to your app.

Is Ctrl-F2 used in the application and that isn't passing through? Can you share the .ica file that is generated with all the hotkey listings?

We have wanted this for quite some time. Unfortunately, you will have to manually duplicate your settings.

It depends on the AV agent. Most agents execute in each user space to monitor that particular user's session. If you are using Windows Defender you can offload the definitions to make it lighter per user. https://www.jeffriechers.com/wiki/vdi-defender-offloading/

Do you have any type of IAM in place for users to request access? If so you could publish that interface as an application, users requests control, then when they refresh storefront they see the new app.

Also Citrix is working to get SSO setup with Windows Hello, so check out the new LTSR that just hit yesterday to see if there are more features there.

About Citrix Monitor Service API | Citrix Monitor API Reference latest

You can use oData to pull data from director. So if your monitoring tool can query with that then that would work. Also if you have CPL licensing you can use uberagent to ingress data into Splunk from your farm specifically for Citrix Data.

Yes, if the machines are non-persistent just make a new catalog, swing that into your delivery group. Then put the old machines in maintenance mode and once they are drained, remove the machines from the delivery group, shut them down, and then delete the machine catalog. I just did this yesterday for a customer that had moved machines to new storage and then could no longer update to newer images. If you are using PVS then you can use the Citrix Virtual Desktop creation tool on the farm.