How To Lock Down Access To Your Citrix Web Interface 5.4 By Security Group

Hi All,
You will find everything you need from the this website.
  
I followed the instructions and it worked perfectly.

Below are the steps I performed.

1. Made a backup of c:\inetpub\wwwroot\Citrix\<SiteCode>\app_data\serverscripts\include.aspxf

2. Placed the following code in include.aspxf directly under Global Variable.

/****************************************************************************************
 * By CTX Experientia S.L.
 *    Modified for WI5.01 by Justin Bousquet
 * Gets a list of the user's groups.
 *
 * Returns a list of all groups of an user. 
 * If your LDAP directory needs authentification (like AD) to retrieve the info, you must define
 * the AdminUSER and AdminPWD fields on DirectoryEntry.
 *
 * If you can't use an administrator credentials to retrieve info, please
 * follow these instructions to create a guest user with read right over LDAP.
 *
 *    1. Create a user. During creation mark "Password never expires" and "User cannot change password" checkboxes
 *       and clear "User must change password at first logon" one.
 *    2. After a user is created go to the account properties and add it to the "Domain Guests" group. Mark this 
 *       group as Primary. Remove the account from the "Domain users" group.
 *    3. Right-click the domain root and select "Delegate control" task. Select the account you've created. 
 *       On the next step select "Create a custop task to delegate" item.
 *    4. On the next step check "Only the following objects in the folder" and mark the item "Group objects"
 *       in the list below
 *    5. On the next step check the "General" checkbox only and mark the "Read all properties" item in the list below.
 *    6. Finish the wizard and specify the user's credentials in the app_data/serverscripts/include.aspxf script.
 *
 *
 * @return A list of groups sepparated by a bar (|)
 */

string GetADUserGroups(string userName) {


string strLDAP = LDAP://<DC_Server_Name>/DC=<Domain>,DC=<Domain>;
DirectoryEntry entryDomain = new DirectoryEntry(strLDAP,"Username","Password");

    DirectorySearcher search = new DirectorySearcher(entryDomain);
    
    search.Filter = String.Format("(sAMAccountName={0})", userName);
    search.PropertiesToLoad.Add("memberOf");
    StringBuilder groupsList = new StringBuilder();
        
    SearchResult result = search.FindOne();
    if (result != null)
    {
        int groupCount = result.Properties["memberOf"].Count;
                        
        for(int counter = 0; counter < groupCount; counter++)
        {
            groupsList.Append((string)result.Properties["memberOf"][counter]);
            groupsList.Append("|");
        }
    }

    if (groupsList.Length >0 )
    {    
        groupsList.Length -= 1; //remove the last '|' symbol
    }
    return groupsList.ToString();
}

/****************************************************************************************
3. Created a user on my domain following the instructions above within include.aspf

4. Changed the following sections of include.aspxf to repesent my domain, username and password

string strLDAP = "LDAP://<DC_Server_Name/DC=<Domain>,DC=<Domain>";
DirectoryEntry entryDomain = new DirectoryEntry(strLDAP,"UserName","password");

5. Made a backup of c:\inetpub\wwwroot\Citrix\XenApp\<SiteCode>\default.aspx and copied the new one over

6. Copied the wimods folder under app_data to c:\inetpub\wwwroot\Citrix\<SiteCode>\app_data\

7. Edited the file groups.aspx located in c$\inetpub\wwwroot\Citrix\<SiteCode>\app_data\wimods\grpaccess. Replacing the string groups_permited = "all"; with string groups_permited = "My Security Group";

The result is

How to Deploy the Citrix Web and Java Plugin for Web Interface 5.4

Hi all,

Please follow the below instructions to deploy the Citrix Web Plugin from your Web Interface. I have chosen to use version 12.1 and I find it to be the most stable.

Citrix Web Client Plugin

1. Copy CitrixOnlinePluginWeb.exe to C:\Program Files (x86)\Citrix\Web Interface\5.4.0\Clients\Windows

2. Setup your web interface to deploy the client. You can refer to the images below under the section for deploying the java client.


3. Edit the file c:\inetpub\wwwroot\<SiteName>\XenApp\conf\WebInterface.conf. Uncomment the line about clientIcawin32 as below

1. Copy the Java client to C:\Program Files (x86)\Citrix\Web Interface\5.4.0\Clients\Java. You can get the files from the Citrix Receiver and Plug-ins\Java of the XenApp 6.5 DVD.

2. Enabe the setting on your web interface under client deployment and your done.

How To Customise The Citrix Web Interface 5.4

Hi all,

This is how I changed the Citrix Web Interface from this

To this

Files that you will be changing are located in:

C:\inetpub\wwwroot\Citrix\<SiteName>\app_data\
C:\inetpub\wwwroot\Citrix\<SiteName>\media\

The following codes are for the colour I used:

RGB: 149,177,199
HTML: #95B1C7

You can use jcpicker to get the colour codes if you don't already know them

1. To change the colour of the bottom half change the following section in FullStyle.inc

.horizonPage {
 background: #566169 url("../media/HorizonBgBottom.png") repeat-x left 325px;
 }

To

.horizonPage {
 background: #95B1C7;
}

2. To change the colour of the top half change the following section in FullStyle.inc

#horizonTop {
 width: 100%;
 height: 325px;
 background: #FDFDFD url("../media/HorizonBgTop.png") no-repeat top left;
 text-align: center;
 }

To

#horizonTop {
 width: 100%;
 height: 325px;
 background: #95B1C7;
 text-align: center;
 }

3. To remove the Citrix and HDX Logo from the bottom of the web interface screen add Display: None into the following section of FullStyle.inc

#footer img
{
    padding: 0 8px;
    vertical-align: middle;
    Display: None;
}
#footer
{
    text-align: center;
    padding-bottom: 10px;
    Display: None;
} 

4. To hide the message about on demand apps from the bottom of the screen add Display: None into the following section of FullStyle.inc

#horizonTagline {
color: #F2F2F2;
font-size: 180%;
font-weight: normal;
margin: 50px 0 0 0; padding-bottom: 10px;
text-align: center;
Display: None;
}

5. To hide or change the Citrix XenApp from the top of the web interface either add Display: None into the following section of FullStyle.inc or change the image CitrixXenApp.png.

#horizonTop img {
    padding-top: 75px;
    Display: None
}

6. To change the main pane or remove the devices, change the following section in FullStyle.inc

.horizonPage .mainPane {
 position: relative;
 top: -120px;
 background: url(<%=ClientInfoUtilities.getImageName(wiContext.getClientInfo(), "../media/Devices.png")%>) no-repeat center 30px;
 color: white;
 padding: 0;
 overflow: auto;
 } 

To

.horizonPage .mainPane {
 position: relative;
 top: -120px;
 background: #FFFFFF;
 color: white;
 padding: 0;
 overflow: auto;
 } 

7. To change the colour of the login box change the following section in FullStyle.inc

td.glowBoxMid
{
 background: #73808C;
 padding: 7px 30px;
 }

To

td.glowBoxMid {
 background: #95B1C7;
 padding: 7px 30px;
 } 

8. To change the colour of the boarders of the login box you will need to edit the following images

• LoginPaneCenterLeftBorderGlow.png
• LoginPaneCenterRightBorderGlow.png
• LoginPaneFooterLeftBorderGlow.png
• LoginPaneFooterMidBorderGlow.png
• LoginPaneFooterRightBorderGlow.png
• LoginPaneTopLeftBorderGlow.png
• LoginPaneTopLeftGradient.png
• LoginPaneTopMidBorderGlow.png
• LoginPaneTopRightBorderGlow.png
• LoginPaneTopRightGradient.png

9. Change the site to redirect log off back to the login back by editing C:\inetpub\wwwroot\Citrix\<sitename>\auth\Loggedout.aspx and adding the following line immediately before the last line:

Response.Redirect("login.aspx?CTX_FromLoggedoutPage=1");

10. Customise the Web Site and change the background colour

11. Edit C:\inetpub\wwwroot\Citrix\<SiteName>\Loading.htm at the following sections:

Replace the following

#horizonTop {
  height: 325px;
  background: #FDFDFD url("media/HorizonBgTop.png") no-repeat top left;
}

With

#horizonTop {
    width: 100%;
    height: 325px;
    background: #95B1C7;
    text-align: center;
}

Replace the following

#mainPane {
  position: relative;
  top: -120px;
  background: url("media/Devices.png") no-repeat center 30px;
  color: white;
}

With

#mainPane {
  position: relative;
 top: -120px;
 background: #FFFFFF;
 color: white;
 padding: 0;
 overflow: auto;
}

Replace the following

body {
  font-family: Segoe UI, Tahoma,Verdana, Helvetica, Arial, sans-serif;
  font-size: 70%;
  text-align: center;
  background: #566169 url("media/HorizonBgBottom.png") repeat-x left 325px;
  margin: 0;
}

With

body {
  font-family: Segoe UI, Tahoma,Verdana, Helvetica, Arial, sans-serif;
  font-size: 70%;
  text-align: center;
  background: #95B1C7;
  margin: 0;
}

Replace the following

td.glowBoxMid {
  background: #73808C;
  padding: 7px 30px;
}

With

td.glowBoxMid {
  background: #95B1C7;
  padding: 7px 30px;
}

13. Do the same for C:\inetpub\wwwroot\Citrix\<siteName>\app_data\include\SilentdetectionStyle.inc

Mounting SAN Volumes As Read Only

Hi everyone,

I currently have an IBM V7000 and unfortunately you cannot present volumes to hosts as read only

This creates a huge issue for me because my support team have access to my backup server. Image if they accidentally formatted one of my VMFS datastores. I would lose everything and have a heart attack.

Use the following commands from DiskPart to ensure that any volume you present to your Windows backup server are read only. Also ensure that you turn auto mount and scrub off. Information can be found here. Be sure to check the register to ensure auto mount is disabled  

AutoMount disable
Automount scrub

Next present your volume to your backup server and you should see them in disk management

Within diskpart use the following commands:

select disk 1
attributes disk set readonly
Disk details

As you can see it is now read only. If your using multiple fibre cards the disk will display twice so be sure to do both.