When we publish out a shared desktop in Citrix we restrict the control panel items via Group Policy (seen below) that way non admins using the desktop do not have access to system management items. So we need to make exceptions and the Mail icon is included with this.

The items listed above are the items that we have exceptions for. For some of the items I was able to I was able to simply write the “visual name” of the item in the control panel and then the icon would show up. However the ticket was delayed as I needed to figure out what the magic bullet was. I tried Mail or Mail (32-bit) but the icon would not show up. So this morning I tried putting the actual application cpl name and “voila”, it shows up.

Streaming different java versions to Internet Explorer in a shared XenApp desktop or XenDesktop can be confusing from the user perspective due to the fact the user can’t always tell which Internet Explorer contains which version of Java? The user isn’t really expected to know nor are users generally computer savvy enough to know the difference. For example in the screen cap below you would not notice in a side by side comparison which Internet Explorer has Java 1.5 and which one is using 1.7:

The user could easily lose track of which browser has which version of Java. So what we want to do is make a distinction between the streamed version and the local version. This can easily be done by adding a registry entry to the profiled Java application simply open your Profiled Java and modify the properties. Go to Advanced install….

Edit the registry….

Launch the registry….

Create the following registry keys

Save the profile and republish. Once complete launch the application again and you should see

You can see the IE browser on the right now has no address bar or tabs. This way the user will use the browser with the address bar with the locally installed Java without issue. The one with the streamed java and no address bar will only be used for the application intended.

Another example where GPO preferences are awesome – Citrix AppCenter Administrative delegation

I granted the helpdesk access to AppCenter via group membership <domain>\citrix_desktop director. However when users launch the application they would get this message:
 

What this indicates is that the MMC policy snap-in restrictions was happening that are locked down on the XenAppp server. Not everyone has MMC access due to it being a shared desktop and non admins should not have access to certain .msc snap-ins such as Diskmgmt.msc or eventvwr.msc to name a couple.
What we need to do is allow the snap-in features to work for managing XenApp to a certain group of users which we do this via group policy. After some research I found the snap-ip ID’s for Citrix XenApp AppCenter as well as the related snap-ins. They are:

AppCenter Snapin : {00000009-E873-47a9-B9C9-10B2A50327CB}

XenApp Extension : {46BADCE7-337E-4834-9800-3244567688FC}

Citrix Hotfix Inventory Extension : {8E917BCC-05C5-4aeb-8EF7-0842397BB0ED}

Single Sign-On Console : {E93B8960-45DB-4418-84CA-B4364FB9676A}

I open GPO management and now add entries for all ID’s above under:
HKU\ Software\Policies\Microsoft\MMC\{00000009-E873-47a9-B9C9-10B2A50327CB}

In the end it looks like this  as here is are the preferences configured in the GPO
 
 

I also only target certain groups as I don’t want everyone to have this in their profile

Once the user logged back on and the preferences applied they were able to launch the MMC but there were still underlying permissions within XenApp:
 
 
 

The permissions within XenApp did not allow them to discover items in the farm. So I granted permission in the Farm for access. This group will need Admin access to administer the farm but one can limit what is managed per group or user.