How to Limit Printer Access in Citrix Access Essentials

Summary

This article describes the steps needed to disable client printer autocreation for Citrix Access Essentials.

Background

The default behavior of Access Essentials is to replicate on the server, all printers defined on a user’s client device. This allows a user to print to their client printers from published applications and is known as printer auto-creation.

An administrator may want to disable this functionality for all users or a subset of users. To do this, an administrator creates a policy to disable printer auto-creation using the Presentation Server Console and applies the policy to users.

Procedure

Launch the Presentation Server Console and create a new policy:

Open the Quick Start tool.
Click Presentation Server Console under Citrix tools.
Select Enable pass-through authentication if asked and click OK. The Presentation Server Console opens.
Select the Policies node.
Right-click Policies and select Create Policy.
Type a meaningful policy name, such as “Disable Printer Auto-creation,” and click OK. A new blank policy is created, but has not yet been defined or applied to any users.

Define the properties of the new policy:

Right-click the policy created in the previous steps and select Properties.
Expand the Printing > Client Printers node and select Auto-creation.
Select Enabled to activate the policy.

This enables the policy itself; it does not enable printer auto-creation. The next step is to select the action of the policy.

Select Do not auto-create client printers from the When connecting drop-down list. Click OK to continue. The policy has been defined but has not yet been applied to any users.

Apply the policy to users by creating a filter:

Right-click the policy created in the previous steps and select Apply this policy to.
Select Users in the left pane and select Filter based on users.
Select Apply to all explicit (non-anonymous) users to have the policy apply to all Access Essentials users, or add users and user groups using the Look in list or Add List of Names button.

An administrator can create exceptions to the configured accounts list by selecting Deny for users and user groups to whom the policy will not apply. For example, an administrator can select Apply to all explicit (non-anonymous) users to apply the policy to all users and then add user groups named Administrators and Executives. By selecting Deny for these two groups, the policy will not apply to these users and they will be able to print to any of their printers.

Click OK to apply the policy to the specified users.

More Information

Policies allow an administrator to customize the behavior of Access Essentials. A single policy can have more than one rule and each policy can be applied to different user groups. The relative priority of policies can be modified to create complex scenarios. Administrators that implement multiple policies may find it best to name policies after the user groups to which they apply to avoid confusion.

Note: Access Essentials comes configured with a special policy called the Citrix default policy. Do not modify this policy or Access Essentials may not perform as expected.