How To Enable Enhanced Desktop Experience in Citrix XenApp 6.5
I am finding that a lot of my customers are starting to realize that they can deliver a more cost effective desktop to users by leveraging Terminal Services with Citrix XenApp, but in most cases they want to be able to provide the same look and feel that Windows 7 delivers rather than a server operating system like Windows Server 2008. For that matter, Citrix XenApp 6.5 includes an Enhanced Desktop Experience feature that can offer that Windows 7 look and feel.
The process of enabling Enhanced Desktop Experience is fairly straightforward, but I have found that many are finding it confusing. So, here's a short how-to that I hope makes it much clearer.
First things, first: If you don't have a general XenApp group policy with Loopback setting configured, this would be a good time to create one and apply it to the XenApp servers OU in Active Directory. Next, you'll want to open Windows PowerShell from the Administrative Tools menu and type this command:
This cmdlet allows you to specify which PowerShell scripts are allowed to run. In this case, we are appending the command with AllSigned, which means that you are allowing all scripts signed by a trusted publisher to run on this server.
Next, you'll want to run the script and to do that you'll switch to the following directory:
C:\Program Files (x86)\Citrix\App Delivery Setup Tools\
and run the following script:
This will create four new GPOs in your Active Directory:
- CtxStartMenuTaskbarUser: Enables the Windows 7 look and feel for published desktops
- CtxPersonalizableUser: Configures Windows GPOs to limit control panel applets; also restricts users from scheduling tasks, installing programs, etc.
- CtxRestrictedUser: Restricts users from changing wallpaper settings, customizing start menu or taskbar.
- CtxRestrictedComputer: Restricts access to Windows Update and removable server drives.
Typically, you would apply the first two policies in addition to the general XenApp GPO I mentioned earlier to the XenApp OU. If you want more restrictive access then you can add the other GPOs or create one. Of course, after adding these GPOs you'll want to refresh the GPO or allow for the proper time to lapse to have it applied automatically.
One thing I have noticed is that if you have previously logged on to the XenApp server and you have a cached user profile locally, you will want to delete that user profile before launching the published desktop after you have enabled the Enhanced Desktop Experience.
Posted by Elias Khnaser on 06/06/2012 at 12:49 PM