How to deploy Citrix Receiver Enterprise 3.2 for pass-through authentication using AD GPO

This article describes how to deploy and configure CitrixReceiverEnterprise.exe so that it can be used in Pass-Through authentication mode in a XenDesktop deployment. This article also provides a detailed step-by-step guide about deploying and configuring CitrixReciverEnterprise.exe onto a large number of End User Devices using Active Directory Group Policy Object.

When successfully installed and configured, the users are able to access their XenDesktop resources without the need to enter their credentials again. The credentials from the client machine are passed through automatically to the XenDesktop machine.


  • Citrix Receiver for Windows 3.2 Enterprise Installation Package (CitrixReceiverEnterprise.exe), placed on a suitable network share accessible by the End User Devices.
  • icaclient.adm (located in the %SystemDrive%Program Files (x86)CitrixICA ClientConfiguration folder on any Windows PC on which Citrix Receiver for Windows is currently installed), added to a proper AD GPO that would be applied to the End User Devices.
  • CheckAndDeployCitrixReceiverEnterpriseStartupScript.bat located on the XenApp 6.5 installation DVD (%Install Media%Citrix Receiver and plug-insWindowsReceiverStarup_Logon_Scripts directory), edited to properly reflect the location and the version of CitrixReceiverEnterprise.exe installation package you wish to deploy.

Centralizing Group Policy with Central Store

Hi guys,

This post from Jeremy Moskowitz is great to centralize GPO’s.

Here’s a piece of the article.

You’ve probably heard of the Group Policy Central Store, but didn’t know what it does, or where to start.

Kind of like Dorothy’s ruby slippers, it was right under your nose, the whole time, waiting for you to use it. So, before we get into that, let’s explore first what the Central Store tries to solve and where it was born from.

Microsoft had a format to describe “what’s possible” in Group Policy using a formatted, simple language called ADM files. ADM files were great because they were simple, quite readable plain text files. They described the policy setting, what the general parameters when edited, and what registry setting to control.

Microsoft shipped a handful of these in the box with Windows XP, and added more with utilities like Office and some others.

Group Policy Template and ADM Files

Let’s explore the “physics” of what would happen with Windows XP and ADM files. Let’s assume you created a new GPO from scratch:

You’d fire up the GPMC on Windows XP.”

Read more here.

Recommended Updates for Group Policy in Windows Client and Server Products

Hi guys,

This article summarizes the recommended hotfixes and updates for issues that occur in an Active Directory environment using Windows Group Policies or Windows Group Policy Preferences.

NOTE: The list below is not intended to act as a comprehensive list of all available hotfixes for Group Policy or Group Policy Preferences.
This list is an aggregate of common issues seen with Group Policy or Group Policy Preferences. Do not proactively install the following hotfixes unless needed. If you feel you are experiencing an issue listed below, install the hotfix for that specific issue.

Continue reading “Recommended Updates for Group Policy in Windows Client and Server Products”

Active Directory links

Hi guys,

Here are a few links I use for gettings information about Microsoft’s AD and best practices.

Just wanting to share the links with you.

Have fun with them.

Best Practice guide for securing AD installations
Best practice guide for securing AD installations and day to day ops (part 1)
Best practice guide for securing AD installations and day to day ops (part 2)
Windows Server 2003 Deployment Kit: Designing and deploying Directory and Security Services
Server 2003 Security Guide
Server 2008 Security Guide
Achieving autonomy and isolation with forest, domains and OU’s
AD Security Technical Implementation guide (non MS)

Enable Backup and Restore for Group Policy

Hi guys,

while surfing the net I found this cool blog about enabling backup and resoter for your group policies.

Jeremy Moskowitz wrote it and here’s a little preview of the article. On the end is the link to the complete article.

Continue reading “Enable Backup and Restore for Group Policy”

Query AD for specific groups

Hi guys,

I was busy at work to query our AD for a list of only security groups. Well, after a bit of struggling i found the query i needed:

If you need to query your AD for a list of specific group here’s the query you need. Continue reading “Query AD for specific groups”

Well known SID’s overview

A security identifier (SID) is a unique value of variable length that is used to identify a security principal or security group in Windows operating systems. Well-known SIDs are a group of SIDs that identify generic users or generic groups. Their values remain constant across all operating systems.

This information is useful for troubleshooting issues involving security. It is also useful for potential display problems that may be seen in the ACL editor. A SID may be displayed in the ACL editor instead of the user or group name. Continue reading “Well known SID’s overview”

Recommended exclusions for virusscanner on a Windows Domain Controller with Active Directory or File Replication Service.

The following list is files and folders that do not need to be scanned. These files are not at risk of infection and might cause serious performance issues due to file locking, if included. Where a specific set of files is identified by name, exclude only those files instead of the whole folder. Sometimes the whole folder must be excluded. Do not exclude any of these based on the filename extension. Continue reading “Recommended exclusions for virusscanner on a Windows Domain Controller with Active Directory or File Replication Service.”

Documenting Active Directory and Group Policies

In most organizations is the documentation of an Active Directory not one of the more favorite items to do for admins.

in this post i’ll try to make it as simple as possible to document your AD and group policies.

I’m going to focus on the most common areas: Continue reading “Documenting Active Directory and Group Policies”