This message was deleted.
# citrix-app-layerings
Slackbot
01/10/2024, 2:56 PMThis message was deleted.
n
Nick Panaccio
01/10/2024, 2:57 PMYou can definitely install multiple apps into a single app layer. I would do that for digital communication layers - BlueJeans and Webex in the same layer, for instance.
Nick Panaccio
01/10/2024, 2:58 PMWe use elastic layering here because of the sheer amount of applications that we have, so we assign specific apps to specific groups for attachment at logon.
Nick Panaccio
01/10/2024, 3:00 PMActually, for elastic, it's moreso the fact that not all users are allowed to have access to certain apps, so we limit it that way. Keeps the base images smaller as opposed to a massive image where we use something like AppMasking to limit access.
c
c4rm0
01/10/2024, 3:00 PMSo you have the Core apps that everyone uses in your layered image eg OS/Platform/Core app layers then use the Elastic layering for the App layers that should not be used for all users and need to be restricted to a subset of users via AD group
n
Nick Panaccio
01/10/2024, 3:01 PMYep, that's exactly what we're doing.
👍 1
r
Rob Zylowski
01/10/2024, 3:04 PMyou might find this useful https://www.citrix.com/blogs/2021/02/22/how-to-approach-designing-your-app-layering-strategy/
c
c4rm0
01/10/2024, 3:06 PMThanks @Rob Zylowski will give it a read
b
Bill Pennie
01/10/2024, 7:21 PMWe do the same as Nick. One suggestion I would make that has made life much easier for me and my team: put your security apps (AV, Crowdstrike, etc) in a separate layer. That way you can easily publish an image without them for troubleshooting.
n
Nick Panaccio
01/10/2024, 7:26 PMI second that. I ran Trend Micro Apex One in its own App layer. The only exception to this is Windows Defender, which you should absolutely run in your OS layer. Also, uninstall CrowdStrike.
c
c4rm0
01/10/2024, 7:35 PMWe have Crowdstrike windows falcon sensor which layer you got that in ? You also using the VDI=1 switch during install and removing the tenant CID details via registry?
b
Bill Pennie
01/10/2024, 7:37 PMYes, that's exactly what we are using, along with Trellix in a separate layer.
I believe that is all that is require for sealing, Let me dig my script out...
n
Nick Panaccio
01/10/2024, 7:37 PMI don't do AL at this new place, so I really don't know. I assume they build it in an app layer, and are using the VDI switch.
👍 1
b
Bill Pennie
01/10/2024, 7:48 PMYou got it. Just looked at our install/seal scripts.
Install with VDI=1
Our seal script removes the following reg keys:
HKLM:\SYSTEM\CrowdStrike\{9b03c1d9-3138-44ed-9fae-d9f4c034b88d}\{16e0423f-7058-48c9-a204-725362b67639}\Default\AG
HKLM:\SYSTEM\CurrentControlSet\services\CSAgent\Sim\AG
c
c4rm0
01/10/2024, 7:52 PMCheers @Bill Pennie got it installed in App or platform layer?
r
Rob Zylowski
01/10/2024, 7:56 PMalways use an App Layer. Very few things need to go in a platform alyer and those need to be recreated alot so much better not to use them
👍 1
c
c4rm0
01/10/2024, 8:00 PMFrom memory Platform layer will just be domain join , move to target OU, VDA, CWA, Wem agent , PVS target device software, GPP for group membership correct ? It's been a while since I last used app layering so may of missed something
n
Nick Panaccio
01/10/2024, 8:01 PMPersonally, I never apply any policies in my master images. Tattooing always seems to come back to bite you eventually.
Nick Panaccio
01/10/2024, 8:02 PMAdd Citrix Optimizer to your Platform layer, too, IMO
Nick Panaccio
01/10/2024, 8:03 PMIt's either there or the compiled image. I always preferred the former.
b
Bill Pennie
01/10/2024, 8:05 PMWe have a separate App Layer for all security products, including Crowdstrike
6 Views