In the case of the “folder redirection” GPO, we have to configure the GPO in the “user” section, since there is no corresponding setting in the “computer” section. In this case the Citrix integrator needs to be able to “lock-down” the Citrix SERVER Organizational Unit, so that already-existing users with conflicting user settings can come in without threatening the stability of the Citrix implementation. If we are building the AD from scratch along with the Citrix implementation, we might as well create the “Citrix Users” OU but we might more likely be bringing Citrix into an AD implementation that already exists, for completely different designs than “terminal services”, and the users already may have GPO’s controlling things like folder redirection and hiding server drives, in ways that conflict with what we need them to do. But there are a few different scenarios to look at with the users. As the Citrix integrator, we need to be able to control the type of access the users are getting when logged on to the Presentation Servers, and we use GPO’s, on an OU, to accomplish this.Īs far as the users, they also don’t belong in a folder, but in an Organizational Unit. The “loopback merge” or “loopback replace” setting in group policy can be a critical component to getting the control over user access that a Citrix implementation requires:įirst of all, the users don’t go in the users container, and the Citrix servers don’t go in the computers container, because they can’t be controlled with group policies instead, separate containers, “OU’s”, are created by the AD administrator.Īt the minimum, we require a single OU for the Citrix server we are implementing.
GPO LOOPBACK PROCESSING WINDOWS
There is an Excel spreadsheet called PolicySettings.xls that is searchable, and contains detailed explanations of each setting in the default Windows 2003 SP1 templates.īut there are a few key settings among all the registry keys that are critical to the success of a Citrix implementation. Windows 2003 Group Policies can do a lot of things it’s such a big list of things that you can do in a Group policy, with the default templates, that it can be difficult to find a setting among the hundreds of fields and sub-fields in the Group Policy tool in Active Directory.