Limit users to XD/XA resources in Web Interface 5.4

Let’s take a look at how we can limit access to multiple Farms via Citrix Web Interface 5.4

In the example below… I will be configuring a Web Interface Services Site (PNAgent) in preparation to allow mobile users access to XenApp/XenDesktop via mobile devices such as the iPad, iPhone and Android (yuck). For details on how to configure a Service Site go to the following link.

As you probably know, there are several ways of limiting access via the NetScaler AGEE, however the new CAG Standard edition (5.0.x) has a limitation when utilizing basic logon points.


  • Create your AD groups such as CitrixXenAppUsers and CitrixXenDeskUsers
  • Create a new Web Interface Service Site (PNAgent) such as PrivateCloudPNA
  • Configure your new site with access to your Farms, in this case XenApp6.5 and a XenDesktop 5.6
  • Configure your site to utilize your CAG, with Gateway access
  • Configure your Access Gateway basic logon point to forward to your new site “PrivateCloudPNA
  • Ensure you can launch published Apps and Desktops
  • Edit your WI site by opening the WebInterface.conf file located under C:\inetpub\wwwroot\Citrix\NameOfYourSite\conf\
  • Search for Farm1Groups and remove the “#”
  • Set Farm1Groups=nameofyourdomain\CitrixXenAppUsers
  • Since we have a XenDesktop farm in this example, we also need to set access to it by entering Farm2Groups=nameofyourdomain\CitrixXenDeskUsers
Now lets get fancy… go to the Citrix Mobile Receiver URL Generator and create a link that you can email the mobile users.  This will automatically configure the Citrix Receiver (after installing it of course) to your newly created site.

About CyberRuiz
Highly motivated with over 12 years experience on Citrix/VMWare/Microsoft/technologies. Exceptional communication skills and team player. CCIA – Citrix Certified Integration Architect. CCEA – Citrix Certified Enterprise Administrator. VCP – VMWare Certified Professional in ESX 2.x, VI3, VI4 MCSE – Microsoft Certified Systems Engineer

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: