| Bandwidth | All rules defined under this category are related to bandwidth optimization. |
| Session Limits Audio Clipboard COM Ports Drives LPT Ports OEM Virtual Channels Overall Session Printer | By configuring the options under the Session Limits category, you can assign the maximum bandwidth that particular channels in the ICA data stream can consume . All bandwidth caps are assigned a value in kilobits per second (Kb/s). Settings under here are rarely assigned based on a user ID but more often are assigned based on the client device name or IP address because they are location specific more than user specific. |
| SpeedScreen Image Acceleration Using Lossy Compression | SpeedScreen-related settings are managed under this category. Currently, the only setting available under here dictates behavior of the lossy compression for image acceleration. Lossy compression is enabled by default and set to High to maximize the compression used and minimize the bandwidth consumed. You can adjust the default compression as well as set the bandwidth threshold in which lossy compression is automatically enabled. |
| Visual Effects Turn Off Desktop Wallpaper Turn Off Menu Animation Turn Off Window Contents While Dragging | The Visual Effects rules dictate what features are available to increase the visual presentation of the environment at the expense of performance. Enabling these settings reduces bandwidth by eliminating features that are not essential to the running of MetaFrame Presentation Server. |
| Client Devices | The rules under this category are all related to MetaFrame server-to-client device connectivity. |
| Maintenance Turn Off Auto Client Update | Only one rule exists under this category; it controls how client updates are performed. The one option controls whether the Auto Client Update feature is enabled for a particular client. MetaFrame supports automatic updating of a number of client types. The Auto Client Update feature is covered in Chapter 13, "Citrix ICA Sessions and Client Configuration." |
| Resources | The Resources category refers specifically to the availability and configuration of accessible client devices. |
| Resource\Audio Microphones Sound Quality Turn Off Speakers | The Audio category is the place where you can find the rules that deal specifically with the client audio-related settings. For example, you might use the Sound Quality option to specify the maximum allowable client audio quality the client can use. The better the audio quality, the greater the bandwidth consumption, so environments in which bandwidth is limited should have restrictions on audio resources. |
| Resources\Drives Connection Mappings | The Drives category allows you to define whether client drives are connected as well as what specific client drive types are available for use. Disabling floppy or CD-ROM drive access is but one example of how this could be used. |
| Resources\Local Printers Auto Creation Default Drivers Turn Off Client Printer Mapping | The Local Printers category is the place where you can find rules that influence the behavior of local client printer mapping. Auto Creation manages whether client printer mapping is enabled, and if so, what printers are actually mapped. Default controls whether the local default printer is also the MetaFrame session default. The Drivers rule controls what drivers (native, universal printer driver, or both) are used, while client printer mapping can be disabled completely when the last rule in this category is enabled. |
| Resources\Network Printers Print Job Routing | This category contains only a single rule, which dictates whether a job destined for a network client printer is sent via the client or directly through the network. When the print job is sent via the client device, it is compressed before sending, reducing the bandwidth consumed but resulting in a slower printout. Directly sending the print job to the printer consumes more bandwidth but is faster. Direct routing to the printer occurs only when the printer is on the same network as the MetaFrame server. If MetaFrame detects that the client network printer is not on the local network, the job is automatically routed through the client. |
| Resources\Other Turn Off Clipboard Mapping Turn Off OEM Virtual Channels | The Other category contains rules that allow you to turn off clipboard mapping and OEM virtual channels. When clipboard mapping is disabled, you cannot cut and paste between the MetaFrame session and the local client device. Disabling OEM channels does not affect any of the native MetaFrame functionality but prevents third-party applications that utilize ICA virtual channels from functioning properly. |
| Ports Turn Off COM Ports Turn Off LPT Ports | Under the Ports category, you can turn off either COM or LPT port redirection. |
| Security | The Security category itself contains only one category with a single rule. |
| Encryption SecureICA Encryption | The SecureICA Encryption rule allows you to set the minimum encryption level required by the client to connect to the server. After the level is set, if a user attempts to connect with a lower encryption level, his or her connection is denied . Remember, this setting cannot override a stronger encryption level set directly at the MetaFrame connection configuration. In this case, you can require a stronger encryption, but you cannot reduce the minimum encryption required. The same is not true when you're looking at other policies that may also set this option. Standard priority rules apply. If a higher-level policy sets this encryption level higher or lower, it overrides the same setting in a lower-priority policy. |
| User Workspace | User Workspace rules manage some of the settings for the session in which the user runs his or her applications. |
| Connections Limit Total Concurrent Sessions Zone Preference and Failover | Two rules exist for the Connections category. The first limits the total number of unique client connections that a user can run concurrently in the server farm. This setting prevents a user from logging on simultaneously from multiple different workstations. It does not limit a user from running multiple simultaneous published applications in the farm from the same client device. Zone Preference and Failover allows you to define the preferred and failover zones in which users will attempt to connect to load-balanced applications. Without zone preferences, a user is always directed to the least-loaded server, even if it is located across a WAN. When a zone preference has been defined, the user looks only to the current zone for determining the least-loaded server. If no servers are available within a zone, the failover option will direct users to another zone, ensuring business continuity in the event of network or system issues. Zone Preference and Failover is valid only for the Enterprise Edition of MPS. For you to be able to set this option, there must be more than one zone in the farm. |
| Content Redirection Server to Client | The Content Redirection category contains only one setting, which lets you enable or disable redirection of server content to the client. By default, web URLs are processed using web browsers and multimedia players running on the server, but enabling this option causes the local web browser or multimedia player to process the URL. This option is supported only by the MetaFrame Win32 and Linux clients. Other clients ignore these options. |
| MetaFrame Password Manager Central Credential Store Do Not Use MetaFrame Password Manager | Rules under the MetaFrame Password Manager category allow configuration of settings related to the integration of the Citrix MetaFrame Password Manager application into the MetaFrame Presentation Server environment. These rules can be used to control which users can use Password Manager for server farm authentication. These rules also allow you to more effectively manage which file-based central credential store users are contacting, eliminating unnecessary WAN traffic that can occur when users request credentials from a remote credential store. Zone Preference and Failover settings have no effect on the central credential store that is contacted. If the credential store is located in a failed zone, users who authenticate with the Password Manager cannot log on, even if the zone failover allows them to contact an alternate MetaFrame server. |
| Shadowing Configuration Permissions | Shadowing rules are used to enable and manage permissions to shadow the policy recipients. The Configuration rule either allows or denies access to being shadowed , whereas the Permissions rule is the place where you specify the list of users and/or groups that can perform the shadowing. Remember, this policy dictates whether the policy recipients can be shadowed and who has the ability to shadow them. Users affected by this policy are not directly granted access to shadow other people unless they are included in the list of users in the Permissions rule. Make sure users clearly understand this policy because many people get it mixed up and think you enable it to grant recipients shadowing capabilities. These policies have no effect if shadowing support was explicitly disabled during the installation of MetaFrame. |
| Time Zones Do Not Estimate Local Time for Legacy Clients Do Not Use Clients' Local Time | The final set of user policy options manage the time zone settings. The first option allows you to turn off the MetaFrame server's default behavior of attempting to estimate the local time zone for those ICA clients that do not provide time zone information to the server. When the farm is configured to accept local time information from the client, if the client does not support passing such information, by default the server will attempt to estimate the client's local time. In many instances, this information is not accurate and can lead to strange time settings for the user's session. This is usually noticed when the client runs an email program such as Outlook. If users are receiving inaccurate time information, this is likely the cause; either this policy should be enabled or the MetaFrame client upgraded. If client time estimating is disabled, these clients use the current time information of the server. The last option controls whether the client provides time zone information, or the local time of the MetaFrame server is used instead. These settings override the same options that can be defined for the entire server farm. |
