Citrix Desktop Lock installation and configuration

hi this is Dale from Vika reisender

credit UK and today I thought I'd show

you device lock and that's the citrix

product that basically turns a Windows

PC into a thing clients very easily

there are a number of prereqs you needs

in able to use citrix device lock

they are c2 receiver storefront server

with that domain pass-through and

pastoral indication configured on Citrix

Receiver I'll go through each of those

steps and I show you a quick and the

rough little thing I've set up on my

domain controller so if we first

navigate to my domain controller there's

a couple of policies set up here again

fairly straightforward in the Citrix

policy which basically has a small

number of settings within the within the

policy so the first setting is the

storefront address that I've created

I'll show you that storefront server

fairly shortly although it's fairly

uninteresting it's that kind of standard

and there's only one of them in my

environment cuz it's just a test

environment the second one is the user

policy where you enable pass-through

authentication and then also allow

pass-through of authentication on all IC

accusations okay with my storefront

server so receiver likes to have HTTPS

enabled by default you can change it to

http but it's messy regards registry

acts and generally doesn't work very

well in the end so I've just requested a

new certificate bound to is storefront

service using and it's basically just

here the desktop lock not the horizon

dot local that's not my main domain but

that's what I've created in order to

differentiate that from this test from

my general lab environment so

store from here basically as you say as

usual so we've got one store created

which is the one we were utilizing and

we got authentication added without

configured trusted domains for username

password and which is fine and I've also

added domain pass-through setting and

receiver for web again obviously you

choose your authentication methods you

like to use so for this

I chosen username/password domain past

three so that's all set up on that

environment so now if you flip to my

Windows PC I've got a fusion VM here

running Windows okay so we're in here

you see house it loads you'll see if

there's no Citrix Receiver or any empty

house and still the only thing I have

installed is one of the prereqs which is

dotnet 4.51 that is required as part of

device lock and you'll get an error

message about no store being a being


if you don't have dotnet when you're

installing device lock

so device lock also requires Citrix

Receiver to be installed first so you

can see it and then it was centered up

so what basically happens is if you're

an administrator you log in you get a

standard window shell and it says it's

elevated the elevator that the desktop

so you can see r4 if you use your

account you've got a domain user account

or something less than an administrator

account you get nothing except a mock

kind of web interface view and I'll show

you that's in me

it old-school unfortunately it does look

a bit like web interface which is a bit

disappointing I don't even change that

all the try and see what happens so I've

copied across the file time I need

already so we've got Citrix in here and

we've got a number of files in here

basically I've created an installation

script which does nothing more runny

than just automate the installation the

two the two components so I've written

down X we don't need to install that

secrecy the only thing that really does

is include single sign-on and then we

just do the install the MSI of receive a

device lock you don't really need to say


receiver you can you know you can add

stores and things within receiver but

you don't need to do that here because

that's all pulled down from the group

policy when it's rebooted so for a good

test I just show you that there's

nothing nothing untoward here so if I go

into my test user account

all right would you start one with that

super secure password okay and we're in

cool so that Aramis is just just because

I've just turned off sharing on my

virtual machine from VMware fusion so

it's a standard desktop nothing unusual

there you know it's bog-standard windows

didn't ec installation so nobody switch

back into the administrator account you

know obviously all the things you

wouldn't do in the live environment this

is just a lab smells good okay so again

same batch file with just installing two

things and that's it so we just run it I

was there think I got my switch wrong

there but that's fine we just received

installing obviously not very

interesting their device lock takes very

little time to land then it will

automatically reboot machine which is

doing now so I'm just gonna ship and

pause the video once that's reboot and

I'll see you on the other side okay so

hit me are back at our login screen for

the windows box so I'm going to log in

as an administrator we'll just check

that everything works as it should we

should be able to single sign-on to the

receiver on the administrator account

and we won't get the device box settings

but you know receiver will test them

that's actually working correctly and

there's a couple of other prereqs I

forgot to mention so optional mention

those as we go through so here's the


so it's just telling it's gonna give you

a full desktop rather than a minimized

one so again nothing too different there

I think sorry thing so don't receiver

brilliant so we've got our min straight

account and single signed on and showing

us a couple of desktops that I'd

provisioned out so the settings that I

Eve forgot to mention previously is in

here basically you've got to add the a

storefront address into the local

internet zones which I've done here

again that can be done my good policy

just to easier use the burden click on

custom level and scroll down to security

and don't enter user authentication if

we change this to automatic login

current username and password and click

OK to that and we are done

excellent okay so that's the

prerequisites map so we've got single

sign-on to Citrix Receiver now that's

working correctly so in theory if we log

in out of a Mac settings the logout spur

here and log into our staff account

again the only permission this has got

is a domain user permission and that's

it there's nothing else ok so we go

that's you log in and you get presented

with this at this screen there's nothing

really can do click around nothing will

really happen then anyway just give you

your desktop you can either choose to

log off to restart the the log office

needs logs off the windows session the

restart restarts the local machine

you're working from not the virtual

machine in the background obviously with

group policies as they are and logon

times think this may take a little bit

of time but shouldn't take too long here

we go it's found us and we are logging

in shortly you get here's our success

tough of the hot keys at the top here

reduced as you can see so we have got a

few things we can do there and it's

basically a standard Citrix desktop this

is provisioned out by XenDesktop 7.6 ok

so there we have it so if I log off of

the citrix session

not just any what happens eventually

there we go

ok so it's come back to this logging off

there's not much more we can do about it

than that so it's long as you straight

out the windows account

so it's very secure so use cases

basically again has just mentioned

security if you'd like the flexibility

of managing Windows devices but you

don't want your users interacting with

the local Windows devices plugging in

the USB thing is all that kind of stuff

then great another great use case is

desktops laptops coming to the end of

their life slightly maybe you know four

or five years old something like that

with a slightly aging Hardware on a full

that Windows installation with all the

applications and all the business apps

and little cranky things that go with it

you just throw it away and still thin OS

on it and then device lock and you have

yourself a nice speedy if somewhat

ancient and there's a thin client so

yeah it's really good good solution not

thought of that very often so I suggest

you know have a play with it so what you

think if you want to use it and great

yeah it's good fun little thing well

thanks for watching this again my name

is dale and from the horizon dovecote at

UK feel free to pop in to the site leave

comments underneath the YouTube or my

own blog and I'll as in the next video

thank you