Question : Problem: Limit websites user can visit through IE published on Citrix

Hello everyone,

We're looking to pushing a web based employee clock that runs on IE, at the same time i do not want users browsing the web through the server out of security and other concerns.  Is there a way to limit IE connection over Citrix to one or few IPs or DNS names ?

We are running a single presentation server 4.

Thank you all in advance,
Alex

Answer : Problem: Limit websites user can visit through IE published on Citrix

Yes, create an OU to put the Citrix server in.  Move the Citrix server to that OU, then create a Group Policy.  Within the policy, specify Loopback policy processing:

Computer Configuration > Administrative Templates > System > Group Policy > "User Group Policy loopback processing mode".  Set this to enabled.

User Configuration > Windows Settings > Internet Explorer Maintenance > Connection > Proxy settings.  Check "Enable proxy settings", then set all of your proxies to the bogus address and set the exceptions to the pages you would allow them to visit, each address separated by a ;

This will only affect users when they logon to the Citrix server, not anywhere else on the network (as long as you create an OU for the Citrix server, put the server in there, then apply the policy ONLY on the Citrix OU).  If you want to have this configured for everyone but administrators, set the "apply this policy" permission of the GPO to "deny" for administrators.  Do this by clicking the "Security" tab of the GPO you just created and check Deny to the right of "Apply Group Policy".  Authenticated Users (everyone) gets the group policy applied by default, so you may want to remove that and put Domain Users or another group (optional).

Chris