Just in time administration through published Citrix Apps
Setup Procedcure
- Add your Desktop Delivery Controller to the Cleanup.ps1
- Add your Desktop Delivery Controller to the UserNotification.ps1
- Select an admin account that has permission to add/remove users from AD groups, and has permission to shutdown Citrix Sessions.
- Take the admin account password and use the SecurePassword.ps1 to generate a secure cred.txt file.
- Copy the contents of cred.txt and paste it into the appropriate section in AddGroup.ps1.
- Enter the username for the admin account into the appropriate section in AddGroup.ps1.
- Enter the path to the PowerShell files in AddGroup.ps1
- Import the ProcessGroupRequests.xml scheduled task on the machine that will process Requests.
- Modify the times.var file to put in the minutes options end-users will need.
- Modify the resources.var to identify your groups and published applications.
- Install the Active Directory module for Windows PowerShell on the machine executing the AddGroup.ps1.
Recommended Citrix Virtual Apps Configuration.
- Create a dedicated 2022 server for hosting your consoles.
- Use mandatory profiles on this 2022 server.
- Create an Application Group that uses this dedicated 2022 Delivery Group.
- Modify the Application Group to disable Session Sharing on the admin connections. ie. Set-BrokerApplicationGroup -Name "Admin Apps" -SessionSharingEnabled $false -SingleAppPerSession $true
- If publishing Edge Browser, consider disabling all the Edge Sign-in settings in GPO.
- Create necessary Active Directory Groups for each application.
- Publish Applications and Limit Visibiltiy to those groups you just created in 6.
- Publish RequestApps.ps1 as a published application for an Admin User's Group.
- If you are placing your Published Applications into a subfolder under Delivery->Application Category, modify Cleanup.ps1 and UserNotification.ps1 to include that in the ApplicationsInUse -eq "$using:PublishedApp" section. ie. ApplicationsInUse -eq "Admin Apps$using:PublishedApp"