Citrix Provisioning Services – Roles and Audit

Auditing for Citrix PVS

There are four different roles exist within a Provisioning Services Farm.  Below descriptions are taken directly from Citrix Product Documentation.

  • Farm Administrator – Farm administrators can view and manage all objects within a farm. Farm administrators can also create new sites and manage role memberships throughout the entire farm.
  • Site Administrator – Site administrators have full management access to the all objects within a site. For example, a site administrator can manage Provisioning Servers, site properties, target devices, device collections, vDisks, vDisk pools, and local vDisk stores. A site administrator can also manage device administrator and device operator memberships.
  • Device Administrator – Device administrators can perform all device-collection management tasks on collections to which they have privileges, including view vDisk properties (read-only), assign or remove vDisks from a device, boot or shut down target devices, edit device properties, and send messages to target devices within a device collection to which they have privileges.
  • Device Operator – Device operators can view target device properties (read-only), boot or shut down target devices, and send messages to target devices within a device collection to which they have privileges.

To assign the role, we must first add the security groups to our farm.  Go to Citrix Provisioning Console and right click on our Farm to go to properties.

If we want to make use of all the roles, we can create different security groups in our AD accordingly and add them all here.  At this Farm Level is the Farm Administrator.  Any group assign here will have administrative access to the entire farm as well as the permission to create new site.

If we go down one level to our Site properties, we can assign security permission to the Site Administrator.  This group will have administrative permission to all the devices/collection within this site.

Lastly, we can go to the individual collection to assign either the “Device Administrator” role or the “Device Operator” role.

To enable auditing, go back to our Farm’s properties and go to Options. 

With auditing enabled, right click on the farm, and select Audit Trail.  If there is any activity after we enabled auditing, it will now show in the Audit Trail.

We may also archive the audit trail and save it to a location as a XML file.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s