How to deploy Citrix Receiver Enterprise 3.2 for pass-through authentication using AD GPO

This article describes how to deploy and configure CitrixReceiverEnterprise.exe so that it can be used in Pass-Through authentication mode in a XenDesktop deployment. This article also provides a detailed step-by-step guide about deploying and configuring CitrixReciverEnterprise.exe onto a large number of End User Devices using Active Directory Group Policy Object.

When successfully installed and configured, the users are able to access their XenDesktop resources without the need to enter their credentials again. The credentials from the client machine are passed through automatically to the XenDesktop machine.


  • Citrix Receiver for Windows 3.2 Enterprise Installation Package (CitrixReceiverEnterprise.exe), placed on a suitable network share accessible by the End User Devices.
  • icaclient.adm (located in the %SystemDrive%Program Files (x86)CitrixICA ClientConfiguration folder on any Windows PC on which Citrix Receiver for Windows is currently installed), added to a proper AD GPO that would be applied to the End User Devices.
  • CheckAndDeployCitrixReceiverEnterpriseStartupScript.bat located on the XenApp 6.5 installation DVD (%Install Media%Citrix Receiver and plug-insWindowsReceiverStarup_Logon_Scripts directory), edited to properly reflect the location and the version of CitrixReceiverEnterprise.exe installation package you wish to deploy.

Install AD on Windows 8 server

Hi guys,

Unfortunately Microsoft has decided that they scratched the “DCPROMO” command from Windows Server 8 tin install and configure Active Directory.

You now need to install and configure AD through the “Server Manager”. I’ve made an installation guide how to install and configure Active Directory on a Windows 8 Server.

1. DCPROMO “error” message. When you type in “DCPROMO” and try and run it you get this message:

Continue reading “Install AD on Windows 8 server”

unattended mode to install and remove ADDS on Windows Server 2008-based DC

The Active Directory Domain Services Installation Wizard (Dcpromo.exe) performs the following tasks:

  • Installs Active Directory Domain Services (AD DS) on Windows Server 2008-based workgroup servers and member servers
  • Removes AD DS from Windows Server 2008-based domain controllers

You can use this wizard together with an answer file to perform these tasks in unattended mode. Continue reading “unattended mode to install and remove ADDS on Windows Server 2008-based DC”

Recommended Updates for Group Policy in Windows Client and Server Products

Hi guys,

This article summarizes the recommended hotfixes and updates for issues that occur in an Active Directory environment using Windows Group Policies or Windows Group Policy Preferences.

NOTE: The list below is not intended to act as a comprehensive list of all available hotfixes for Group Policy or Group Policy Preferences.
This list is an aggregate of common issues seen with Group Policy or Group Policy Preferences. Do not proactively install the following hotfixes unless needed. If you feel you are experiencing an issue listed below, install the hotfix for that specific issue.

Continue reading “Recommended Updates for Group Policy in Windows Client and Server Products”

Active Directory links

Hi guys,

Here are a few links I use for gettings information about Microsoft’s AD and best practices.

Just wanting to share the links with you.

Have fun with them.

Best Practice guide for securing AD installations
Best practice guide for securing AD installations and day to day ops (part 1)
Best practice guide for securing AD installations and day to day ops (part 2)
Windows Server 2003 Deployment Kit: Designing and deploying Directory and Security Services
Server 2003 Security Guide
Server 2008 Security Guide
Achieving autonomy and isolation with forest, domains and OU’s
AD Security Technical Implementation guide (non MS)

Recommended exclusions for virusscanner on a Windows Domain Controller with Active Directory or File Replication Service.

The following list is files and folders that do not need to be scanned. These files are not at risk of infection and might cause serious performance issues due to file locking, if included. Where a specific set of files is identified by name, exclude only those files instead of the whole folder. Sometimes the whole folder must be excluded. Do not exclude any of these based on the filename extension. Continue reading “Recommended exclusions for virusscanner on a Windows Domain Controller with Active Directory or File Replication Service.”

Documenting Active Directory and Group Policies

In most organizations is the documentation of an Active Directory not one of the more favorite items to do for admins.

in this post i’ll try to make it as simple as possible to document your AD and group policies.

I’m going to focus on the most common areas: Continue reading “Documenting Active Directory and Group Policies”

Active Directory Replication Types

I find myself quite often trying to keep straight all the different replication activities that can occur within an Active Directory (AD) domain.

There is:

Active Directory User Last Logon (PS Script)

This script was designed to answer the ever duanting question of: “When did a user last logon?” Since the attribute does not replicate to other domain controllers you are required to get the information from all domain controllers connnected to the domain. It uses command line arguments to pass user name and domain to be searched. Continue reading “Active Directory User Last Logon (PS Script)”