Jump to content
Welcome to our new Citrix community!

Jeff Riechers

Members
 View Profile  See their activity

  • Posts

    740

  • Joined

  • Last visited

  • Days Won

    39

 Content Type 

Everything posted by Jeff Riechers

  1. Jeff Riechers
    You also can just have MCS create the snapshot for you. It will name it in an appropriate manner and will save you a step in deployments.
  2. Jeff Riechers
    Is there a WEM tool that can be run on a clean machine to gather all allowed exe files, and then use that to build the allow list? That way anything that gets loaded can be blocked? Something that we can re-run as part of a non-persistent sealing script to capture new hashes from updated files?
  3. Jeff Riechers
    FSLogix's updated ADMX files have an option to store the Office legacy token in the profile. If you don't have the hybrid joined and prt that legacy token will store their settings.
  4. Jeff Riechers
    I'm sorry. S1 can be a bit of a headache in Citrix environments. You need to ensure all the necessary Citrix exclusions are in place to keep the overhead from S1 from impacting your sessions.
  5. Jeff Riechers

    until

    Looks accessible now. Thanks.
  6. Jeff Riechers
    So the problem is you have to change this setting in the default.ica to something else Hotkey5Char=F2 Hotkey5Shift=Ctrl Instead do this Hotkey5Char=F10 Hotkey5Shift=Ctrl That will free up Ctrl-F2 to not be captured by citrix. And instead will go to your app.
  7. Jeff Riechers
    Is Ctrl-F2 used in the application and that isn't passing through? Can you share the .ica file that is generated with all the hotkey listings?
  8. Jeff Riechers
    We have wanted this for quite some time. Unfortunately, you will have to manually duplicate your settings.
  9. Jeff Riechers
    It depends on the AV agent. Most agents execute in each user space to monitor that particular user's session. If you are using Windows Defender you can offload the definitions to make it lighter per user. https://www.jeffriechers.com/wiki/vdi-defender-offloading/
  10. Jeff Riechers

    until

    I did register, then it says the meeting has ended.
  11. Jeff Riechers
    Do you have any type of IAM in place for users to request access? If so you could publish that interface as an application, users requests control, then when they refresh storefront they see the new app.
  12. Jeff Riechers
    Also Citrix is working to get SSO setup with Windows Hello, so check out the new LTSR that just hit yesterday to see if there are more features there.
  13. Jeff Riechers
    About Citrix Monitor Service API | Citrix Monitor API Reference latest
  14. Jeff Riechers
    You can use oData to pull data from director. So if your monitoring tool can query with that then that would work. Also if you have CPL licensing you can use uberagent to ingress data into Splunk from your farm specifically for Citrix Data.
  15. Jeff Riechers
    Yes, if the machines are non-persistent just make a new catalog, swing that into your delivery group. Then put the old machines in maintenance mode and once they are drained, remove the machines from the delivery group, shut them down, and then delete the machine catalog. I just did this yesterday for a customer that had moved machines to new storage and then could no longer update to newer images. If you are using PVS then you can use the Citrix Virtual Desktop creation tool on the farm.
  16. Jeff Riechers
    If using NetScaler Gateway you can set that to use the same Azure AD connections and it may pass through if it is bringing the token from the initial login. Also check the Enhanced Authentication in updated CVAD and Workspace App. Features in Technical Preview | Citrix Workspace app for Windows
  17. Jeff Riechers
    Are you hitting NetScaler Gateway? Or are you hitting Storefrront directly.
  18. Jeff Riechers

    until

    This is not accessible as on-demand. Could that be setup so we can access it after the fact?
  19. Jeff Riechers
    If you are using an on-premise Citrix Gateway you can block it with responder policies. https://www.jeffriechers.com/wiki/block-non-us-and-canada-sites-from-vservers/ This should also work with Advanced Auth on Gateway Services. For regular gateway service I wonder if Citrix Cloud support could put that restriction in place for you.
  20. Jeff Riechers
    Have you updated to the latest firmware, and done any hardening of the SSL ciphers on the unit? Also isolation of SSH access to dedicated management networks would mitigate this attack as well by restricting that access.
  21. Jeff Riechers
    They do have a new flex licensing model that acts a lot like the pooled licensing. They are currently pretty backed up on quote creation, but try and talk to your Citrix rep about what options you have going forward. If you have a large CVAD deployment along with the Netscalers there is the possiblity of going to CPL, thus getting you near unlimited licensing for NetScalers.
  22. Jeff Riechers
    503 is if the web server is responding, but services within that server are not working. 404 is if the web server is not responding at all, or if the page requested is not there.
  23. Jeff Riechers
    Do you have these machines using hybrid azure join? If they retrieve a PRT correctly it will help with the authentication. However, if you aren't doing hybrid join you would need FSLogix to use legacy token preservation. So make sure you have your admx for fslogix updated to the latest to give you that legacy token option.
  24. Jeff Riechers
    Do you have Recycle Bin disabled on the system? That should change all deletes to permanent deletes.
  25. Jeff Riechers
    Yes, you can do this. I have used powershell to downgrade this in the past. https://support.citrix.com/article/CTX239687/vda-registration-fails-when-a-vda-versions-functional-level-is-lower-than-its-machine-catalogs-minimum-functional-level

© Cloud Software Group, Inc. All rights reserved.

×
×
  • Create New...