Configuring and Managing User and Group Accounts
Both Windows NT and WinFrame utilize the domain organization for managing users and accounts. The domain organization creates a pool of resources that are available to a defined group of users across workstations, servers, and network devices. Users can reach all the domain’s resources with a single username and password. User administration is centralized on one machine—the domain controller. Centralization of user accounts is ideal for a thin-client/server multiuser system such as WinFrame. Because Citrix took advantage of the features already built into Windows NT Server, system administrators will find it easier to leverage their knowledge to get a thin-client/server multiuser system up and running.
Centralization of user accounts is key to a thin-client/server multiuser system.
The User Configuration Manager configures and manages users on Windows NT Server and on WinFrame. Because the WinFrame server can join an existing Windows NT domain, the administrator doesn’t need to add usernames to the user database on the WinFrame server. Likewise, the Migration Tool for NetWare allows the administrator to transfer user and group accounts from a Net-Ware server to WinFrame. The Migration Tool automatically trans-fers the accounts to the server’s domain controller. At the end of the transfer process, accounts are replicated automatically to the backup domain controllers.
WinFrame takes advantage of the Windows NT domain structure.
Citrix integrated its user management tools into the User Manager for Domains. Leveraging this centralized use of profiles was key to lowering the cost of ownership when deploying information services and applications across the enterprise. Citrix added the Config button at the bottom of the User Properties dialog box in the User Manager for Domains utility (shown in Figure 3-1on page 52) to access the WinFrame User Configuration dialog box (shown in Figure 3-2, also on page 52).
The User Configuration Manager adds specific WinFrame functionality to your system.
Citrix added the User Configuration dialog box to manage the characteristics unique to deploying a mission-critical application in a thin-client/server multiuser environment. These characteristic features address security when the user logs on to an application, fault tolerance through system recovery, and ease of use and customization when accessing an application by bypassing the Windows Program Manager. The user configuration enhancements Citrix made are listed on pages 53–54.
FIGURE 3-1
The Config button in the User Manager for Domains, which accesses the WinFrame User Configuration dialog box
FIGURE 3-2
The WinFrame User Configuration dialog box
-
Restrict user logon to WinFrame WinStations Remote control of ICA clients’ WinStations allows a remote system administrator to provide access to users across a multiuser system. An individual user can be configured for a network logon to use the Windows NT services for disk and printer access that ship with the WinFrame Enterprise. Limiting access via Windows-based terminals provides an added level of security to the applications on the server.
-
Recover a session WinFrame, by default, preserves a user’s session if the physical connection between the client and the server is broken. This feature is especially useful during client-site power outages or when a remote connection is severed due to a disconnection or other interruption of carrier services. The feature can be disabled or limited to a specific duration (in which case, a session will be available for a specified number of minutes and then discontinued).
-
Bypass Program Manager and automatically launch a program By default, all users launch the familiar Windows NT Program Manager after successfully logging on to WinFrame or Windows NT. WinFrame allows you to launch a different program for specific users, such as Microsoft Word, Microsoft Excel, or a custom application. When the user exits this “initial program,” he or she is logged off the system. This customization feature is particularly useful for limiting a user’s access to a line-of-business application.
-
Access client workstation printers and disk drives This feature leverages the user’s comfort with his or her own computing device, making the integration between local printers and drives and the printers and drives on the thin-client/server hardware seamless. The ICA client allows users to access their local printers (those attached to the remote workstation) or local drives (the CD-ROM, disk, and diskette drives on the client PC or notebook computer). This feature can be disabled through the User Configuration Manager utility.
-
Monitor a user session with “shadowing” Shadowing allows one user to view the video, keystrokes, and mouse movements of another user’s session. System administrators, support professionals, and trainers find this feature extremely valuable. Specifically, ICA clients that are attached to a WinFrame server and that have administrator rights or specifically assigned rights can view a user’s video and keyboard on the WinFrame server. When setting up the configuration, administrators can specify whether individual user sessions can be shadowed and whether the shadowed user is to be notified when being shadowed.
-
Synchronize NetWare password with the Windows NT logon domain This feature provides seamless integration with NetWare logon. The system administrator can configure a user so that his or her password is verified against the specified NetWare server before it is checked on the logon domain. If the password on the logon domain is different from the user’s NetWare password, the user’s logon domain password is updated to match the NetWare password.