unable to hide Published desktop for specific  client device/domain groups  via BrokerAccessPolicy

Limit visibility in a delivery group for specific user/client

The above mentioned sample code is provided to you as is with no representations, warranties or conditions of any kind. You may use, modify and distribute it at your own risk. CITRIX DISCLAIMS ALL WARRANTIES WHATSOEVER, EXPRESS, IMPLIED, WRITTEN, ORAL OR STATUTORY, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NONINFRINGEMENT. Without limiting the generality of the foregoing, you acknowledge and agree that (a) the sample code may exhibit errors, design flaws or other problems, possibly resulting in loss of data or damage to property; (b) it may not be possible to make the sample code fully functional; and (c) Citrix may, without notice or liability to you, cease to make available the current version and/or any future versions of the sample code. In no event should the code be used to support ultra-hazardous activities, including but not limited to life support or blasting activities. NEITHER CITRIX NOR ITS AFFILIATES OR AGENTS WILL BE LIABLE, UNDER BREACH OF CONTRACT OR ANY OTHER THEORY OF LIABILITY, FOR ANY DAMAGES WHATSOEVER ARISING FROM USE OF THE SAMPLE CODE, INCLUDING WITHOUT LIMITATION DIRECT, SPECIAL, INCIDENTAL, PUNITIVE, CONSEQUENTIAL OR OTHER DAMAGES, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Although the copyright in the code belongs to Citrix, any distribution of the sample code should include only your own standard copyright attribution, and not that of Citrix. You agree to indemnify and defend Citrix against any and all claims arising from your use, modification or distribution of the sample code.

Get the output of Get-BrokerSession

you will see two properties:

ClientName and ReceiverName, and  ReceiverName that's the one used for filtering

to hide Published desktop for specific  client device:

Create a new-brokeraccesspolicyrule for the existing Delivery group

New-BrokerAccessPolicyRule -Name "test_AG" -AllowedConnections ViaAG -ExcludedClientNameFilterEnabled $true  -ExcludedClientNames "ReceiverName " -IncludedSmartAccessFilterEnabled  $true

New-BrokerAccessPolicyRule -Name "test_Direct" -AllowedConnections NotViaAG -ExcludedClientNameFilterEnabled $true  -ExcludedClientNames "ReceiverName " -IncludedSmartAccessFilterEnabled  $true

The broker access policy  created for an existing Delivery group and client was added in ExcludedclientNames filter.

 

to hide Published desktop for specific  domain groups  via BrokerAccessPolicy:

New-BrokerAccessPolicyRule -Name "test_AG" -AllowedConnections anyViaAG -IncludedUsers "domain\Domain users"-IncludedUserFilterEnabled $true  -ExcludedUsers "Domain\testGroupuser" -ExcludedUserFilterEnabled $true  -IncludedSmartAccessFilterEnabled  $true

New-BrokerAccessPolicyRule -Name "test_Direct" -AllowedConnections anyNotViaAG -IncludedUsers "Domain\Domain Users" -IncludedUserFilterEnabled $true  -IncludedSmartAccessFilterEnabled  $true

To remove the policy rule:

Remove -BrokerAccessPolicyRule -Name "test_AG"

Remove -BrokerAccessPolicyRule -Name "test_Direct"

This will delete the policy and existing filters added to the Delivery group.

 

Note:  if  you made changes  via POSH it  will protect to make change setting via GUI 

 

---

Problem Cause

Need to create a new policy or edit an existing policy if exists 

Limit visibility in a delivery group for specific user/client

Developer docs : https://developer-docs.citrix.com/projects/delivery-controller-sdk/en/latest/Broker/New-BrokerAccessPolicyRule/
https://developer-docs.citrix.com/projects/citrix-virtual-apps-desktops-sdk/en/1808/Broker/Set-BrokerAccessPolicyRule/