Configuring Windows components
Before installing XenApp 6.5, he had two components that depend on the environment that he probably wants to configure:
- Windows Firewall
- IE ESC (Enhanced Security Configuration)
In previous versions of XenApp, he needed to install Remote Desktop Services (formerly known as Terminal Server) before the XenApp setup. In XenApp 6.5 (and 6.0), the setup process will install Remote Desktop Services automatically.
Configuring Windows Firewall
He had multiple options to configure Windows Firewall:
- Configure Windows Firewall using Active Directory Group Policies (GPO).
Open Group Policy Management Editor and expand Computer Configuration | Policies | Administrative templates | Network | Network Connections | Windows Firewall | Domain Profile. Modify appropriate settings.
- Disable Windows Firewall.
Open command prompt and type:
Netsh advfirewall set allprofiles state offAlso, he can disable Windows Firewall from Windows interface. Open Control Panel and choose Windows Firewall.
Select Turn Windows Firewall on or off option and then select Turn off Windows Firewall (not recommended) for all profiles.
- Configure Windows Firewall for XenApp:
In order to keep Windows Firewall running after installation of XenApp 6.5, he needs to configure XenApp ports. Open Control Panel and select Windows Firewall. In the Windows Firewall main page, click on Allow a program or feature through Windows Firewall option and verify that Citrix ports checkboxes for all profiles are enabled.
Configure IE ESC (Enhanced Security Configuration)
Microsoft recommends as a best security practice, administrators must have limited access to the Internet to avoid the possibility of an attack on the server by malicious websites. This is a good practice for critical servers like domain controllers or databases servers, but impractical for Terminal Servers and XenApp servers.
To disable IE ESC, open Server Manager (Start button | All Programs | Administrative Tools | Server Manager) and click on Configure IE ESC.
Select Off for both Administrators and Users, and click on the OK button.
