Assignments 编辑

Use assignments to make actions available to your users. This lets you replace a portion of your users’ logon scripts.


Assignment targets

The Assignment Targets page lets you add users and groups (targets) so that you can assign actions and security rules to them. Select a target to manage its assignments.

Note:

Converting SIDs to target names can take some time. If the conversion is incorrect or fails, verify that the Cloud Connectors are working properly by viewing their health status. If the issue persists, contact Citrix Technical Support.

There are two built-in targets:

  • Everyone. A built-in group that contains all users, including anonymous users and guests. Membership is controlled by the operating system.

  • Administrators. A built-in group that includes all members of the administrators group. After the initial installation of the operating system, the only member of the group is the administrator account. When a computer joins a domain, the Domain Admins group is added to the administrators group. When a server becomes a domain controller, the Enterprise Admins group is added to the administrators group.

Options available to you include:

  • Filter. Lets you filter the list.

  • Add an assignment target. Lets you add a target.

  • Refresh. Updates the list of targets.

  • View. Lets you view details for built-in targets.

  • Edit. Lets you edit a target. You can change its description, priority, and enablement status. When configuring the priority, consider the following: The priority determines the order in which the actions you assign are processed. The greater the value, the higher the priority. Type an integer. If there is a conflict, the target with the higher priority prevails.

  • Enable. Lets you enable or disable the object (target).

  • Delete. Lets you delete a target. Note: Built-in targets will not be deleted.

Tip:

You can quickly enable or disable a target by using the toggle in the State column.

Add an assignment target

To add an assignment, perform the following steps:

  1. On the Assignment Targets page, click Add assignment target.

  2. Select the identity provider. For Active Directory and Azure Active Directory, you can choose whether to narrow your search to users or security groups.

  3. Select a domain where the targets you want to add exist.

  4. In the Search box, enter the name of the target you want to add. As you enter the name, matches appear in the menu.

    Note:

    The search returns only the top 50 results. Refine your search if necessary.

  5. Click the plus icon to add the target. (Targets you already added appear with a green check mark icon.)

    Tip:

    If you want to add targets from a different identity provider, switch to a different identity type to continue.

  6. After you have finished, click Add to add the targets and to exit the Add assignment target wizard.

Clone an assignment target

To clone an assignment target, perform the following steps:

  1. On the Assignment Targets page, select the target. If needed, use the search box to quickly find the target.
  2. In the action bar, select Clone. The Clone assignment target window appears.
  3. Select the configuration set to clone the target to.
  4. Click Clone.

Note:

  • You cannot clone built-in targets.
  • You can clone up to 10 targets at a time.
  • If a target already exists in the destination, it is skipped.
  • Descriptions of cloned targets are empty. Their assignments are not cloned, their priority is set to a default value (100), and their state defaults to enabled (check mark icon).

Filters

Note:

  • This feature is available as a preview.
  • Filters are for use with assignments and scripted tasks.

The Filters page lets you add filters for controlling when to assign actions to your users. A filter can comprise multiple conditions.

There is a built-in filter:

  • Always true. If selected, the related actions are always assigned to target users. You cannot edit or delete this built-in filter.

Options available to you include:

  • Add filter. Lets you add a filter so it is available for use when you assign actions.

  • Manage conditions. Lets you add, delete, and edit conditions.

  • Refresh. Updates the list of filters. Using this option also refreshes the list of conditions in Manage conditions.

  • Edit. Lets you edit a filter. If you edit a filter that is bound to actions assigned to users, the change will impact those users immediately.

  • Delete. Lets you delete a filter.

  • State. Lets you enable or disable a filter.

Add a filter

To add a filter, perform the following steps:

  1. On the Filters page, click Add filter.

  2. In Basic information, configure the following and then click Next.

    • Filter name. Enter a name for the filter.
    • Description. Enter a description for the filter to help you identify it from your other filters. This field is optional.
    • Enable this filter. Select Yes to enable or No to disable the filter.
  3. In Conditions, build your filter by adding conditions. Click the operator to toggle between Match all (AND operator) or Match any (OR operator). You can use both operators to combine two or more conditions into a compound condition.

    • Add condition. Select conditions from the list or create new ones.
    • Add condition group. Add a condition group to group a series of conditions using the same logical operator - AND or OR. You can add condition groups within condition groups. You can nest condition groups up to three levels.

    Note:

    • Conditions you create here are available for use with other filters.
    • Use the Summary section for a deeper understanding of the criteria of compound conditions.
    • Filters containing OR operators are evaluated only on agents whose version is 2210.2.0.1 or later.
    • Certain types of conditions apply only to user settings. If you apply them to machine settings (for example, scripted tasks and GPOs), the agent skips them when evaluating the filter. For a complete list of filter conditions that do not apply to machine settings, see Conditions not applicable to machine settings.
  4. Click Done when finished.

Create a condition

You can create conditions when you add a filter or manage conditions. In the Create condition wizard that appears, perform the following steps:

  1. Enter a condition name.

  2. Select Yes to enable or No to disable the condition.

  3. Select a condition type from the list and then configure settings accordingly.

Different condition types might have different settings. The following condition types are available:

Condition typeDescription
Always trueThe condition always holds true.
Active Directory attributeTrue or false depending on whether the attribute name matches the specified values. Enter attribute values, separated by semicolons (;). Note: If you want the condition to hold true regardless of the attribute value, enter a question mark (?).
Active Directory groupTrue or false depending on whether the group name matches the specified values. Enter group names, separated by semicolons (;).
Active Directory pathTrue or false depending on whether the path matches the specified values. Enter paths, separated by semicolons (;). Note: You can use the asterisk (*) as a wildcard.
Active Directory siteTrue or false depending on whether the site name matches the specified values. Enter site names, separated by semicolons (;).
Citrix Provisioning image modeTrue or false depending on whether the image mode is Shared or Private.
Citrix Virtual Apps farm nameTrue or false depending on whether the farm name matches the specified value.
Citrix Virtual Apps versionTrue or false depending on whether the version matches the specified value.
Citrix Virtual Apps zone nameTrue or false depending on whether the zone name matches the specified value.
Citrix Virtual Desktops desktop group nameTrue or false depending on whether the desktop group name matches the specified value.
Citrix Virtual Desktops farm nameTrue or false depending on whether the farm name matches the specified value.
Client IP addressTrue or false depending on whether the IP address matches the specified value.
Client nameTrue or false depending on whether the client name matches the specified values. Enter client names, separated by semicolons (;). You can use the asterisk (*) as a wildcard. You can also use dynamic tokens.
Client OSTrue or false depending on whether the client OS matches the specified value.
Client remote OSTrue or false depending on whether the client remote OS matches the specified value.
Computer nameTrue or false depending on whether the computer name matches the specified values. Enter computer names, separated by semicolons (;). You can use the asterisk (*) as a wildcard.
Connection stateTrue or false depending on whether the connection state is Online or Offline.
Date and timeTrue or false depending on whether the date and time matches the specified values. Enter dates or date ranges, separated by semicolons (;). Enter dates in the format, mm/dd/yyyy. Enter date ranges in the format (time optional), mm/dd/yyyy HH:mm - mm/dd/yyyy HH:mm.
Day of weekTrue or false depending on whether the day matches the specified values.
Dynamic valueTrue or false depending on whether the dynamic value matches the specified values. Enter values the dynamic expression resolves to, separated by semicolons (;). Note: If you want the condition to hold true regardless of the value of the dynamic expression, enter a question mark (?).
Environment variableTrue or false depending on whether the environment variable matches the specified values. Enter values of the environment variable, separated by semicolons (;). Note: If you want the condition to hold true regardless of the value of the environment variable, enter a question mark (?).
File versionTrue or false depending on whether the file version matches the specified values. Enter file versions, separated by semicolons (;).
File/folder exists or notTrue or false depending on whether the path matches the specified value. Enter a full path of the file or the folder. You can use dynamic tokens.
IP addressTrue or false depending on whether the IP address matches the specified value. Enter IP addresses or IP address ranges, separated by semicolons (;). Note: You can use the asterisk (*) as a wildcard.
Name is in list or notTrue or false depending on whether the name is in the specified list. In the Name field, enter a name to look for in the list. In the File path of XML list field, enter a full file path of the XML list.
Name/value is in list or notTrue or false depending on whether the name or value is in the specified list. In the Name field, enter a name or value to look for in the list. In the File path of XML list field, enter a full file path of the XML list.
Network connection stateTrue or false depending on whether the network connection state is Available or Not available.
OS platform typeTrue or false depending on whether the OS platform type is x86 or x64.
Published resource nameTrue or false depending on whether the name matches the specified values. Enter published resource names, separated by semicolons (;).
Registry valueTrue or false depending on whether the registry value matches the specified values. In the Registry path and name field, enter a full path that includes the registry value name. In the Registry value field, enter registry values, separated by semicolons (;). Note: If you want the condition to hold true regardless of the value of the registry entry, enter a question mark (?).
Transformer mode stateTrue or false depending on whether the state is Disabled or Enabled.
Regional formatTrue or false depending on whether the format matches the specified value. Use the Add values not in the list option to enter ISO language codes, separated by semicolons (;), if necessary.
User SBC resource typeTrue or false depending on whether the type is Desktop or Published application.
User UI languageTrue or false depending on whether the language matches the specified values.
WMI queryTrue or false depending on whether the specified query has a result. The Windows Management Instrumentation (WMI) query operation can run queries on the agent machine. You can define this condition based on results returned from the query. For more information, see the Microsoft documentation: https://docs.microsoft.com/en-us/windows/win32/wmisdk/querying-with-wql.

When using “client” and “computer” related condition, be aware of the following two scenarios:

  • If the agent is installed on a single-session or multi-session OS:
    • “Client” refers to a client device connecting to the agent host.
    • “Computer” and “Client Remote” refer to the agent host.
  • If the agent is installed on a physical endpoint, conditions that contain “client” in the condition names are not applicable.

More information

Conditions not applicable to machine settings

There are two types of settings:

  • Machine settings. Those settings apply only to machines regardless of who logs on to them. Examples: Group Policy settings and scripted tasks.
  • User settings. Those settings apply only to users regardless of which machine they log on to. Example: User’s language settings.

The following conditions do not apply to machine settings. If a filter contains any of them, the agent skips them when evaluating the filter.

Filter nameApplicable to machine settings
ClientName MatchNo
Client IP Address MatchNo
Registry Value MatchIf you configure a registry value starting with HKCU, the Registry Value Match filter does not work if applied to machine settings.
User Country MatchNo
User UI Language MatchNo
User SBC Resource TypeNo
Active Directory Path MatchNo
Active Directory Attribute MatchNo
No ClientName MatchNo
No Client IP Address MatchNo
No Registry Value MatchNo
No User Country MatchNo
No User UI Language MatchNo
No Active Directory Path MatchNo
No Active Directory Attribute MatchNo
Client Remote OS MatchNo
No Client Remote OS MatchNo
Active Directory Group MatchNo
No Active Directory Group MatchNo
Published Resource NameNo

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。
列表为空,暂无数据

词条统计

浏览:8 次

字数:21090

最后编辑:7 年前

编辑次数:0 次

    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文