User Desktop Management using the Citrix Content Publishing Feature

This article describes how administrators can provide access to published applications in environments, where published desktops have to be used in order to provide an “enterprise desktop” environment to the users. This is likely to happen when thin clients or legacy PC´s with some sort of “thin client software” are in use.


In environments built on Thin Client devices or legacy PC`s running some “Thin Client Software” there is often a problem that these devices do not properly support all of the features of Citrix Program Neighborhood Agent. Therefore the administrator has no reliable method to provide the application icons on the client device´s desktops in a transparent and easy-to-manage way.

What administrators sometimes do to solve this problem is to provide a kind of “Desktop Server”, which provides only a Published Desktop to the users. Within this desktop session, the administrator has Active Directory Group Policies like “Folder Redirection” and “Remove Icons from the desktop” in place to provide the user with a very restricted version of the server’s desktop. Then the administrator uses Citrix Program Neighborhood (PN) or PNA features from the Published Desktop to place the icons of the published application in the restricted desktop session. These published applications are then provided by other Citrix Presentation Servers running and publishing only these applications in a “Silo” fashion.

The Published Applications are displayed on the “Desktop Server” in pass-through mode, which means, for example, that the application Microsoft Word 2007 published on server farm “Application Farm 1” invoked using the published application`s icon integrated in “Desktop Server 1” desktop. As this desktop is displayed on the “Thin Client 1” monitor, we have a 3 Tier design here.

A user normally automatically logs on to his device, auto-starting a session to the published desktop, which in turn auto-starts the PNA-client to put the published application`s icons on the desktop. Clicking the icon on the published desktop starts a session to one of the application servers in the farm and subsequent clicks on other icons are directed to the same server as long as session sharing is in place and working properly and the server is configured to provide the applications. In case of application “siloing”, there might be other issues regarding user profile management, which will not be dealt with in this document.

There are some modifications of this basic design seen out in the wild, like using a browser to access Citrix Web Interface, which in turn provides the icons of the published application. But many users are used to the desktop paradigm and would require additional training  to switch to a browser based environment, causing additional costs and complaints from the users.

Pro´s and Con`s of this design

There has to be, at minimum, one (preferably two or more for redundancy and load balancing) so called “Desktop Server” which is configured using a very strict and secure configuration of Active Directory Group Policies to avoid users tampering around in the configuration of that “Desktop Server”, removing all the standard desktop application icons, securing the control panel, disabling explorer for local drives, etc.

In addition to that you have to have additional Active Directory Group Policies securing the “Application Servers” for configuring the restrictions within the applications, securing the local drives of these “Application Servers” and everything else required to make these servers secure.

As the desktop servers servers are only hosting the desktop sessions with the application sessions going through, these servers don`t have to be too powerful, but nevertheless they are a cost factor.

Reviewing this design from a support point of view we have higher complexity because an additional point of failure which might cause problems as we have to find out if a failing Citrix session is the one from the client to the “Desktop Server” or the one from the “Desktop Server” to the “Application Server”.

Conclusion on the “Desktop Server” Design

Personally, I would say if you don´t have to, just don´t do it… but, administrators sometimes have to do things even if they know better…

New solution I came across

While working for EDS Information Business GmbH ( in Zurich, Switzerland, I stumbled across a implementation done by a team of EDS engineers, which really looks interesting.

New Design

Generally this design still follows the idea of providing a “Published Desktop” to the user, but there are some modifications which make a big difference in ease of use and ease of administration.

So let`s walk through this architecture from the client to the server side:

We still have the same Thin Clients or legacy PC`s auto-starting a desktop session in a Citrix Presentation Server farm, but this time there are no dedicated “Desktop Servers”, rather, the user logs on directly to the server hosting the Core applications  – the “Desktop” is provided by each and every Core server in the farm. This is the only published application available to the user from his or her local device.

After logging on to the published desktop session, the PNA Client is auto-started, and the application icons which the user has permissions to access are integrated on their desktop or Start Menu.

And here comes the second and most important difference in the design:

These icons are not standard icons from published applications in the farm, rather all of these icons are “published content” pointing to the locally installed application (on the Citrix Server). Thus an application is started from the Citrix Servers on which the user has his desktop session running.

This specific content is published to a group of users allowed to access the “Published Desktop”.

To make the “Published Desktop” more familiar to the user you can place the applications´ icons on the desktop.

In the event that application Silos are required, the Silo applications are published as Seamless Applications which are only available from the Desktop sessions on the Core servers and run as Session-in-Session applications

Advantages of this design

Load balancing of initial desktop sessions is done through all Core servers in the farm.  As long as all users are rather similar in their workload, there will be an adequate overall load balancing within the farm.

There is no need for dedicated “Desktop Servers”, eliminating additional costs.

Providing application Icons to the end user’s Desktop Session Start Menu or Desktop is simple and quick using the Citrix Management Console (or Access Suite).


In a diversified environent where different client devices are supporting different levels of application access technologies like PN, PNlight, PNA, Web Interface, etc… a standardized, yet easy to implement and manage solution, needs to be implemented. This design described above is very basic regarding the requirements on the client side and can be implemented on practically any device capable of doing a Citrix ICA session. The solution works well in small or enterprise environments. All the administrative tasks are done on the server side with a minimal amount of effort and require no programming knowledge, which helps assure that the environments are easy to handle from a centralized management and support group, again saving operation costs. 

Leave a Comment

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top