These GPOs will only contain user settings. Modify the Details page of both of these GPOs, and set GPO Status to Computer configuration settings disabled.One of the GPOs is called Citrix VDA All Users (including admins), and the other is called Citrix VDA Non-Admin Users (lockdown).Create and link two new Citrix-specific GPOs (in addition to the Citrix VDA Computer Settings GPO).This GPO will only contain computer settings. Change the GPO Status drop-down to User configuration settings disabled.On the right, switch to the Details tab.On the left, click the new VDA Computer Settings GPO to highlight it.Or you can link it to Delivery Group-specific sub-OUs. This particular GPO usually applies to all Delivery Groups, and thus should be linked to the parent OU. Within Group Policy Management Console ( gpmc.msc), create a Group Policy Object (GPO) called Citrix VDA Computer Settings, and link it to one of the Citrix OUs.Move the VDAs from the Computers container to one of the Delivery Group OUs.This avoids timing issues when non-persistent machines reboot and GPO settings haven’t applied yet. Master images should be placed in the VDA OUs so the VDA GPO Computer Settings can be burned into the master image.Grant Citrix Admins the permission to link GPOs to the VDA OUs.Grant Citrix Admins the permission to add computer objects to the VDA OUs.Separate VDA sub-OUs for each Delivery Group lets you apply different GPO settings to each Delivery Group.The computer objects for the Citrix brokering infrastructure machines (Controllers, StoreFront, Director, etc.) should go in normal server OUs, and not in the VDA OUs.There’s no need to put any user accounts in these VDA OUs since Group Policy Loopback Processing mode will handle user settings.The only objects that belong in these VDA OUs are the VDA computer accounts.The VDA computer objects for each Delivery Group should be placed in these sub-OUs. Then create sub-OUs, one for each Delivery Group.Within Active Directory Users and Computers ( dsa.msc), create a parent Organizational Unit (OU) to hold all VDA computer objects.
0 Comments
Leave a Reply. |