Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Citrix secure gateway enable/disable users

Status
Not open for further replies.
pinkpanther56

pinkpanther56

Technical User
Jun 15, 2005
807
GB
We are a school and have a Citrix secure gateway server to allow staff to work from home. Students have found the URL (I suspect they were told by a member of staff) and are logging in from home, at the moment we don't want them to be able to do this especially during the day as it uses up licences.

Is there a way to prevent certain users accessing a Citrix secure gateway server? I can't ban them from the Citrix system altogether as then they can't logon from the thin client devices in school.

I'd appreciate any thoughts.

We're using Citrix PS (Xenapp) 4.5 with FP1

Thanks.
 
Sort by date Sort by votes
If you look at the Citrix Access Management console, I think you would see that all users coming in from the CSG have a client name starting with "WI". You can create a policy in Citrix to deny access to users with a client name starting with "WI". I do this to restrict my external users to a single session - they were double-clicking on the published app icons and automatically getting two sessions going.
 
Upvote 0 Downvote
I don't think that will work here as our web interface server is set to not generate a name but to collect the clientname of the device. We use this so we know the location of the thin client device for mapping printers and so on.
I suppose we could have more than one web interface server one for local users and one for remote users to get around this.

Thanks.
 
Upvote 0 Downvote
I haven't thought this through completely, but could you create 2 sets of published apps, one for students and one for staff and only show the staff apps on the WI?
 
Upvote 0 Downvote
As far as I know when I give a user permissions to an app it just appears on the web interface page. I'll have a look to see if there's a way to stop apps appearing on the web interface page. I don't know much about it yet.

Thanks.
 
Upvote 0 Downvote
1 make a database on an SQL express server
2. paste the next part in C:\Inetpub\ after the private PageAction loginAuthenticateExplicit(ExplicitAuth expAuth) Function

i'm not sure but i think i have the code from
//***** START MODIFIED PART
// --------------------------------------------------------------------------------

string strConnString = "Data Source=<sqlsever>;Initial Catalog=CitrixSG;Persist Security Info=True;User ID=<sqlaccount>;Password=<password>";

System.Data.SqlClient.SqlConnection conn = new System.Data.SqlClient.SqlConnection();
conn.ConnectionString = strConnString;

bool boolAllowed = false;
string strUsername = String.Empty;
string clientIP = String.Empty;


// Retrieve the username of the current logged in user
strUsername = user;

// Work around to get real client IP address (if (!(Request.ServerVariables["HTTP_X_FORWARDED_FOR"] == null) && (Request.ServerVariables["REMOTE_ADDR"] == "127.0.0.1"))
{
clientIP = Request.ServerVariables["HTTP_X_FORWARDED_FOR"];
}
else
{
clientIP = Request.ServerVariables["REMOTE_ADDR"];
}


try
{
conn.Open();
string strSQL = string.Format("SELECT COUNT(username) FROM WI_Include WHERE username='{0}'", strUsername);
System.Data.SqlClient.SqlCommand sqlCmd = new System.Data.SqlClient.SqlCommand(strSQL, conn);

int numRows = (int)sqlCmd.ExecuteScalar();

// If the user is not allowed to log in, log the access attempt in the database
if(numRows < 1)
{
boolAllowed = false;
string strSQLDenied = string.Format("INSERT INTO WI_AccessLog (username, logintime, remote_addr, success) VALUES ('{0}', '{1}', '{2}', '{3}')", strUsername, DateTime.Now.ToString(), clientIP, "no");
System.Data.SqlClient.SqlCommand sqlCmdDenied = new System.Data.SqlClient.SqlCommand(strSQLDenied, conn);
sqlCmdDenied.ExecuteNonQuery();
}
else
{
boolAllowed = true;
string strSQLAllowed = string.Format("INSERT INTO WI_AccessLog (username, logintime, remote_addr, success) VALUES ('{0}', '{1}', '{2}', '{3}')", strUsername, DateTime.Now.ToString(), clientIP, "yes");
System.Data.SqlClient.SqlCommand sqlCmdAllowed = new System.Data.SqlClient.SqlCommand(strSQLAllowed, conn);
sqlCmdAllowed.ExecuteNonQuery();
}
}

catch
{
}


finally
{
conn.Close();
}


if(!boolAllowed)
{
Server.Transfer("../auth/errorPage.html");
}




// --------------------------------------------------------------------------------
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

mattmontalto
  • Locked
  • Question Question
MS Threat Management Gateway Alternative
Replies
0
Views
486
mattmontalto
mattmontalto
damienenglish
  • Locked
  • Question Question
Citrix Replication Fault Detection
Replies
0
Views
480
damienenglish
damienenglish
DreemaGurl
  • Locked
  • Question Question
Can't log on to Citrix through emote access portal
Replies
1
Views
862
ntinlin
ntinlin
SpenceWaller
  • Locked
  • Question Question
Citrix CSG - Allow users to change password
Replies
0
Views
313
SpenceWaller
SpenceWaller
Hfnet
  • Locked
  • Question Question
Office 2010 KMS stoppped working on PVS Citrix
Replies
0
Views
447
Hfnet
Hfnet

Part and Inventory Search

Sponsor

Back
Top