Policies 编辑
Policies are a collection of settings that define how sessions, bandwidth, and security are managed for a group of users, devices, or connection types.
You can apply policy settings to physical and virtual machines or to users. You can apply settings to individual users at the local level or in security groups in Active Directory. The configurations define specific criteria and rules. If you don’t specifically assign the policies, the settings are applied to all connections.
You can apply policies on different levels of the network. Policy settings placed at the Organizational Unit GPO level take the highest precedence on the network. Policies at the Domain GPO level override policies on the Site Group Policy Object level, which override any conflicting policies on both the Microsoft and Citrix Local Policies levels.
All Citrix Local Policies are created and managed in the Citrix Studio console and stored in the Site Database. Group Policies are created and managed by using the Microsoft Group Policy Management Console (GPMC) and stored in Active Directory. Microsoft Local Policies are created in the Windows Operating System and are stored in the registry.
Studio uses a Modeling Wizard to help administrators compare configuration settings within templates and policies to help eliminate conflicting and redundant settings. Administrators can set GPOs using the GPMC to configure settings and apply them to a target set of users at different levels of the network.
These GPOs are saved in Active Directory, and access to the management of these settings is restricted for most of IT for security.
Settings are merged according to priority and their condition. Any disabled setting overrides a lower-ranked enabled setting. Unconfigured policy settings are ignored and do not override lower-ranked settings.
Local policies can also have conflicts with group policies in the Active Directory, which might override each other depending on the situation.
All policies are processed in the following order:
- The end user logs on to a machine using domain credentials.
- Credentials are sent to the domain controller.
- Active Directory applies all policies (end user, endpoint, organizational unit, and domain).
- The end user logs on to Citrix Workspace app and accesses an application or desktop.
- Citrix and Microsoft policies are processed for the end user and machine hosting the resource.
- Active Directory determines precedence for policy settings. It then applies them to the registries of the endpoint device and to the machine hosting the resource.
- The end user logs off from the resource. Citrix policies for the end user and endpoint device are no longer active.
- The end user logs off the user device, which releases the GPO user policies.
- The end user turns off the device, which releases the GPO machine policies.
When creating policies for groups of users, devices, and machines, some members might have different requirements and would need exceptions to some policy settings. Exceptions are made by way of filters in Studio and the GPMC that determine who or what the policy affects.
Note: We do not support mixing Windows and Citrix policies in the same GPO.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论