Assignments 编辑
Use assignments to make actions available to your users. This lets you replace a portion of your users’ logon scripts.
Assignment targets
The Assignment Targets page lets you add users and groups (targets) so that you can assign actions and security rules to them. Select a target to manage its assignments.
Note:
Converting SIDs to target names can take some time. If the conversion is incorrect or fails, verify that the Cloud Connectors are working properly by viewing their health status. If the issue persists, contact Citrix Technical Support.
There are two built-in targets:
Everyone. A built-in group that contains all users, including anonymous users and guests. Membership is controlled by the operating system.
Administrators. A built-in group that includes all members of the administrators group. After the initial installation of the operating system, the only member of the group is the administrator account. When a computer joins a domain, the Domain Admins group is added to the administrators group. When a server becomes a domain controller, the Enterprise Admins group is added to the administrators group.
Options available to you include:
Filter. Lets you filter the list.
Add an assignment target. Lets you add a target.
Refresh. Updates the list of targets.
View. Lets you view details for built-in targets.
Edit. Lets you edit a target. You can change its description, priority, and enablement status. When configuring the priority, consider the following: The priority determines the order in which the actions you assign are processed. The greater the value, the higher the priority. Type an integer. If there is a conflict, the target with the higher priority prevails.
Enable. Lets you enable or disable the object (target).
Delete. Lets you delete a target. Note: Built-in targets will not be deleted.
Tip:
You can quickly enable or disable a target by using the toggle in the State column.
Add an assignment target
To add an assignment, perform the following steps:
On the Assignment Targets page, click Add assignment target.
Select the identity provider. For Active Directory and Azure Active Directory, you can choose whether to narrow your search to users or security groups.
Select a domain where the targets you want to add exist.
In the Search box, enter the name of the target you want to add. As you enter the name, matches appear in the menu.
Note:
The search returns only the top 50 results. Refine your search if necessary.
Click the plus icon to add the target. (Targets you already added appear with a green check mark icon.)
Tip:
If you want to add targets from a different identity provider, switch to a different identity type to continue.
After you have finished, click Add to add the targets and to exit the Add assignment target wizard.
Clone an assignment target
To clone an assignment target, perform the following steps:
- On the Assignment Targets page, select the target. If needed, use the search box to quickly find the target.
- In the action bar, select Clone. The Clone assignment target window appears.
- Select the configuration set to clone the target to.
- Click Clone.
Note:
- You cannot clone built-in targets.
- You can clone up to 10 targets at a time.
- If a target already exists in the destination, it is skipped.
- Descriptions of cloned targets are empty. Their assignments are not cloned, their priority is set to a default value (100), and their state defaults to enabled (check mark icon).
Filters
Note:
- This feature is available as a preview.
- Filters are for use with assignments and scripted tasks.
The Filters page lets you add filters for controlling when to assign actions to your users. A filter can comprise multiple conditions.
There is a built-in filter:
- Always true. If selected, the related actions are always assigned to target users. You cannot edit or delete this built-in filter.
Options available to you include:
Add filter. Lets you add a filter so it is available for use when you assign actions.
Manage conditions. Lets you add, delete, and edit conditions.
Refresh. Updates the list of filters. Using this option also refreshes the list of conditions in Manage conditions.
Edit. Lets you edit a filter. If you edit a filter that is bound to actions assigned to users, the change will impact those users immediately.
Delete. Lets you delete a filter.
State. Lets you enable or disable a filter.
Add a filter
To add a filter, perform the following steps:
On the Filters page, click Add filter.
In Basic information, configure the following and then click Next.
- Filter name. Enter a name for the filter.
- Description. Enter a description for the filter to help you identify it from your other filters. This field is optional.
- Enable this filter. Select Yes to enable or No to disable the filter.
In Conditions, build your filter by adding conditions. Click the operator to toggle between Match all (AND operator) or Match any (OR operator). You can use both operators to combine two or more conditions into a compound condition.
- Add condition. Select conditions from the list or create new ones.
- Add condition group. Add a condition group to group a series of conditions using the same logical operator - AND or OR. You can add condition groups within condition groups. You can nest condition groups up to three levels.
Note:
- Conditions you create here are available for use with other filters.
- Use the Summary section for a deeper understanding of the criteria of compound conditions.
- Filters containing OR operators are evaluated only on agents whose version is 2210.2.0.1 or later.
- Certain types of conditions apply only to user settings. If you apply them to machine settings (for example, scripted tasks and GPOs), the agent skips them when evaluating the filter. For a complete list of filter conditions that do not apply to machine settings, see Conditions not applicable to machine settings.
Click Done when finished.
Create a condition
You can create conditions when you add a filter or manage conditions. In the Create condition wizard that appears, perform the following steps:
Enter a condition name.
Select Yes to enable or No to disable the condition.
Select a condition type from the list and then configure settings accordingly.
Different condition types might have different settings. The following condition types are available:
Condition type | Description |
---|---|
Always true | The condition always holds true. |
Active Directory attribute | True or false depending on whether the attribute name matches the specified values. Enter attribute values, separated by semicolons (;). Note: If you want the condition to hold true regardless of the attribute value, enter a question mark (?). |
Active Directory group | True or false depending on whether the group name matches the specified values. Enter group names, separated by semicolons (;). |
Active Directory path | True or false depending on whether the path matches the specified values. Enter paths, separated by semicolons (;). Note: You can use the asterisk (*) as a wildcard. |
Active Directory site | True or false depending on whether the site name matches the specified values. Enter site names, separated by semicolons (;). |
Citrix Provisioning image mode | True or false depending on whether the image mode is Shared or Private. |
Citrix Virtual Apps farm name | True or false depending on whether the farm name matches the specified value. |
Citrix Virtual Apps version | True or false depending on whether the version matches the specified value. |
Citrix Virtual Apps zone name | True or false depending on whether the zone name matches the specified value. |
Citrix Virtual Desktops desktop group name | True or false depending on whether the desktop group name matches the specified value. |
Citrix Virtual Desktops farm name | True or false depending on whether the farm name matches the specified value. |
Client IP address | True or false depending on whether the IP address matches the specified value. |
Client name | True or false depending on whether the client name matches the specified values. Enter client names, separated by semicolons (;). You can use the asterisk (*) as a wildcard. You can also use dynamic tokens. |
Client OS | True or false depending on whether the client OS matches the specified value. |
Client remote OS | True or false depending on whether the client remote OS matches the specified value. |
Computer name | True or false depending on whether the computer name matches the specified values. Enter computer names, separated by semicolons (;). You can use the asterisk (*) as a wildcard. |
Connection state | True or false depending on whether the connection state is Online or Offline. |
Date and time | True or false depending on whether the date and time matches the specified values. Enter dates or date ranges, separated by semicolons (;). Enter dates in the format, mm/dd/yyyy . Enter date ranges in the format (time optional), mm/dd/yyyy HH:mm - mm/dd/yyyy HH:mm . |
Day of week | True or false depending on whether the day matches the specified values. |
Dynamic value | True or false depending on whether the dynamic value matches the specified values. Enter values the dynamic expression resolves to, separated by semicolons (;). Note: If you want the condition to hold true regardless of the value of the dynamic expression, enter a question mark (?). |
Environment variable | True or false depending on whether the environment variable matches the specified values. Enter values of the environment variable, separated by semicolons (;). Note: If you want the condition to hold true regardless of the value of the environment variable, enter a question mark (?). |
File version | True or false depending on whether the file version matches the specified values. Enter file versions, separated by semicolons (;). |
File/folder exists or not | True or false depending on whether the path matches the specified value. Enter a full path of the file or the folder. You can use dynamic tokens. |
IP address | True or false depending on whether the IP address matches the specified value. Enter IP addresses or IP address ranges, separated by semicolons (;). Note: You can use the asterisk (*) as a wildcard. |
Name is in list or not | True or false depending on whether the name is in the specified list. In the Name field, enter a name to look for in the list. In the File path of XML list field, enter a full file path of the XML list. |
Name/value is in list or not | True or false depending on whether the name or value is in the specified list. In the Name field, enter a name or value to look for in the list. In the File path of XML list field, enter a full file path of the XML list. |
Network connection state | True or false depending on whether the network connection state is Available or Not available. |
OS platform type | True or false depending on whether the OS platform type is x86 or x64. |
Published resource name | True or false depending on whether the name matches the specified values. Enter published resource names, separated by semicolons (;). |
Registry value | True or false depending on whether the registry value matches the specified values. In the Registry path and name field, enter a full path that includes the registry value name. In the Registry value field, enter registry values, separated by semicolons (;). Note: If you want the condition to hold true regardless of the value of the registry entry, enter a question mark (?). |
Transformer mode state | True or false depending on whether the state is Disabled or Enabled. |
Regional format | True or false depending on whether the format matches the specified value. Use the Add values not in the list option to enter ISO language codes, separated by semicolons (;), if necessary. |
User SBC resource type | True or false depending on whether the type is Desktop or Published application. |
User UI language | True or false depending on whether the language matches the specified values. |
WMI query | True or false depending on whether the specified query has a result. The Windows Management Instrumentation (WMI) query operation can run queries on the agent machine. You can define this condition based on results returned from the query. For more information, see the Microsoft documentation: https://docs.microsoft.com/en-us/windows/win32/wmisdk/querying-with-wql. |
When using “client” and “computer” related condition, be aware of the following two scenarios:
- If the agent is installed on a single-session or multi-session OS:
- “Client” refers to a client device connecting to the agent host.
- “Computer” and “Client Remote” refer to the agent host.
- If the agent is installed on a physical endpoint, conditions that contain “client” in the condition names are not applicable.
More information
Conditions not applicable to machine settings
There are two types of settings:
- Machine settings. Those settings apply only to machines regardless of who logs on to them. Examples: Group Policy settings and scripted tasks.
- User settings. Those settings apply only to users regardless of which machine they log on to. Example: User’s language settings.
The following conditions do not apply to machine settings. If a filter contains any of them, the agent skips them when evaluating the filter.
Filter name | Applicable to machine settings |
---|---|
ClientName Match | No |
Client IP Address Match | No |
Registry Value Match | If you configure a registry value starting with HKCU, the Registry Value Match filter does not work if applied to machine settings. |
User Country Match | No |
User UI Language Match | No |
User SBC Resource Type | No |
Active Directory Path Match | No |
Active Directory Attribute Match | No |
No ClientName Match | No |
No Client IP Address Match | No |
No Registry Value Match | No |
No User Country Match | No |
No User UI Language Match | No |
No Active Directory Path Match | No |
No Active Directory Attribute Match | No |
Client Remote OS Match | No |
No Client Remote OS Match | No |
Active Directory Group Match | No |
No Active Directory Group Match | No |
Published Resource Name | No |
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论