This may seem straight forward but it's taken some time to get this to work like a charm.
Scenario:
XenApp (XA) 6.x farm with multiple servers. You have settings that need to be applied to the servers as well as settings for Users.
This is how I configured it. I came to this conclusion because Group Policy wasn't applying the correct Intranet Zone sites in Internet Explorer (although the same settings worked flawlessly on their desktop)
1. Create and move all servers to an OU containing XA Servers only.
XenApp Computer object location
my.company.com
|
__ Computer Accounts
|
_ XenApp
|
|- XENAPP01
|- XENAPP02
|- XENAPP03
Therefore: OU=XenApp,OU=Computer Accounts,dc=my,dc=company,dc=com
User Accounts object location
Create or use an existing group containing your users.
my.company.com
|
__ User Accounts
|
_ Location
|
|- USER1
|- USER2
|- USER3
2. Create and AD group eg. 'All XenApp Servers' containing all your XA servers . This is important to allow the computer configuration settings to apply to the servers.
3. Three group policies required.
A. Name: Policy XenApp Loopback
Purpose: This invokes Loopback processing
Settings: Computer Configuration > Policies > Administrative Templates > System /
Group Policy
Policy: User Group Policy loopback processing mode
Mode: Replace
GPO Status: User Configuration settings disabled
Link Order: 3 (Apply this first)
        
B. Name: Policy XenApp Server Configuration
Purpose: Contains computer configuration settings which will apply to all your XA servers
Settings: Computer configuration > As required.
GPO Status: User Configuration settings disabled
Links: OU=XenApp,OU=Computer Accounts,dc=my,dc=company,dc=com
Security Filtering: All XenApp Servers
Link Order: 2 (Apply second)
C. Name: Policy XenApp User Configuration
Purpose: Contains users configuration settings which will apply to all your XA users
Settings: User Configuration > As required.
GPO Status: Computer Configuration settings disabled
Links: OU=XenApp,OU=Computer Accounts,dc=my,dc=company,dc=com
Security Filtering: 'All XenApp Users' or Authenticated Users
Link Order: 1 (Apply last)
That's it.
:)
JJ
              
Scenario:
XenApp (XA) 6.x farm with multiple servers. You have settings that need to be applied to the servers as well as settings for Users.
This is how I configured it. I came to this conclusion because Group Policy wasn't applying the correct Intranet Zone sites in Internet Explorer (although the same settings worked flawlessly on their desktop)
1. Create and move all servers to an OU containing XA Servers only.
XenApp Computer object location
my.company.com
|
__ Computer Accounts
|
_ XenApp
|
|- XENAPP01
|- XENAPP02
|- XENAPP03
Therefore: OU=XenApp,OU=Computer Accounts,dc=my,dc=company,dc=com
User Accounts object location
Create or use an existing group containing your users.
my.company.com
|
__ User Accounts
|
_ Location
|
|- USER1
|- USER2
|- USER3
2. Create and AD group eg. 'All XenApp Servers' containing all your XA servers . This is important to allow the computer configuration settings to apply to the servers.
3. Three group policies required.
A. Name: Policy XenApp Loopback
Purpose: This invokes Loopback processing
Settings: Computer Configuration > Policies > Administrative Templates > System /
Group Policy
Policy: User Group Policy loopback processing mode
Mode: Replace
GPO Status: User Configuration settings disabled
Link Order: 3 (Apply this first)
B. Name: Policy XenApp Server Configuration
Purpose: Contains computer configuration settings which will apply to all your XA servers
Settings: Computer configuration > As required.
GPO Status: User Configuration settings disabled
Links: OU=XenApp,OU=Computer Accounts,dc=my,dc=company,dc=com
Security Filtering: All XenApp Servers
Link Order: 2 (Apply second)
C. Name: Policy XenApp User Configuration
Purpose: Contains users configuration settings which will apply to all your XA users
Settings: User Configuration > As required.
GPO Status: Computer Configuration settings disabled
Links: OU=XenApp,OU=Computer Accounts,dc=my,dc=company,dc=com
Security Filtering: 'All XenApp Users' or Authenticated Users
Link Order: 1 (Apply last)
That's it.
:)
JJ
 
No comments:
Post a Comment