We are running Citrix 4.0 in house for about 3600 users on our WAN. Some users also need access from home and have access via our CAG 4.5, which sits in our DMZ.
To accomplish this we basically have 2 web sites, one for internal and one for external, which are completely separate. Users with external access log in to the local web site when in house and are directed to the public web site when away. (The public site is not available in house.) We do some HTML Magic to hide CAG icons from users when they are in house and vice versa....it's complicated.
Now, we have a timecard application that all users must use when inside our WAN, but only some users should have access to when hitting the system from outside. There are some users at locations that are entirely outside our WAN, they have to run all applications via the CAG.
Now here is the problem: We want some users to access this Timecard app ONLY when in the external office, and not when they are at home. (We don't want the possibility of them falsifying their time cards.) BUT there are other users that NEED to be able to access the same system from home. (Some Managers need to get into the Timecard system to approve others timecards from home on the weekend, etc.)
I was thinking about having a policy on the CAG that looks for a watermark file on the users workstation. If it does not find it, it does not allow just that applicaiton to run. But it appears that a watermark policy would affect all the users coming through the CAG from what I see.
Can I create such a policy and apply it to a user group omn the CAG, so that it checks for the watermark file whenever they try to run an application? If so, how do I associate the user group on the CAG with the user group in AD. just use the same name?
If I am able to just apply the policy on the user group that has access to the application, then this might work, we can distribute batch files to the users that need the watermark file at home. I have been playing around with this a bit but have had little success. Are there any good sources out there for writing CAG policies? The manual does not help a whole lot.
If anyone has any ideas on how to solve this issue any help would be appreciated. My policy idea was just a stab in the dark. I am not married to it if someone sees a better way to accomplish this goal.
Not sure if this is anything to see with you issue, but CTX119075 (I think, and later R04) changed the app naming convention to add a random component to stop people guessing the names of published apps. Therfore adding some StO..
--Emil