This article describes how policies are applied when an ICA session is being established to a Citrix XenApp 6.0 server.

Instructions

Complete the following procedure:

1. Logon to XenApp server.

2. Microsoft Client Side Extension (CSE) and a new Citrix Client-side extension begin processing policies for the user and machine.

3. Microsoft CSE’s gather settings that are stored in the directory system volume.

4. Citrix CSE gathers directory-level settings stored as GPF/X files from the SysVol of the Active Directory as well as from the Local server (Local server settings are automatically propagated by IMA periodically and the Citrix CSE assumes they are current).
   Active Directory:
   

   
   
   Local XenApp server:
   C:\ProgramData\Citrix\GroupPolicy

5. Once Microsoft and Citrix CSE’s are processed and precedence is determined by Microsoft Active Directory, a resultant policy is created and applied to the server and user registry.

In the following example, Auto client reconnect for the Citrix Computer Policy and Auto connect client COM ports for the Citrix User Policy were set using the Discovery console and the other two policies were set by editing the Active Directory GPO (Local Group Policy versus the IMA Policy showing the Globally Unique Identifier [GUID]).

The Citrix CSE is inserted into the process because it is a registered DLL in the XenApp server machine’s registry.
Whether policies are configured through Active Directory’s Sysvol folder or through IMA using the data store: both are blended together to the resultant set of policies. This blending allows you to have a mixed configuration of both IMA and Active Directory integrated policies.
After editing the Citrix Computer Policy from the Discovery Services Console, removing Auto client reconnect, running gpupdate /force and redoing the Resultant Set of Policy (RSoP) for the user and computer, notice Auto client reconnect has been removed.
Note: When verifying Citrix User Policy changes, ensure an ICA session is initiated as that user before running RSoP for the user.

Citrix Documentation - Working with Citrix Policies
Citrix Documentation - Policy Settings Reference
CTX125152 – Citrix Group Policy Engine Facts in XenApp Version 6.x
CTX126864 – How to Integrate XenApp 6.x Policies into Active Directory
CTX125141 – FAQ: Citrix Policies in XenApp 6.0 or later Cannot be Configured Using ADM Templates
CTX127531 – XenApp 6 Policies Configured within the Delivery Services Console are Not Applied or Applied Inconsistently
CTX127611 – How Citrix IMA Policies for XenApp 6.0 Fit in to Microsoft's GPO Processing and Precedence Model
CTX128413 – How to Enable Group Policy Packet Tracing in XenApp 6 and XenDesktop 5
When working a particular issue, it was observed that if a new GPO object was created, the Citrix Computer and User Active Directory policies would appear in the preceding results.
The existing GPO appeared to have corrupted data (Reg.pol) within the existing ADM templates used for normal Active Directory Group Policy Object’s. This corruption was preventing the Citrix Active Directory GPO’s from appearing and being applied.
Other local XenApp server .gpf file locations:

• C:\WINDOWS\system32\GroupPolicy\User\Citrix\GroupPolicy
• C:\WINDOWS\system32\GroupPolicy\Machine\Citrix\GroupPolicy
• C:\users\%username%\Citrix|GroupPolicy
• C:\Windows\Temp\Citrix CSECache