UPDATE: Added new WHERE statement to select just iOS devices (see below).
Today’s workplace no longer follows a strict standard in terms of endpoint devices. Despite the efforts of your infrastructure, network, and security teams users are connecting non-approved devices to your network and your Citrix farm. A lot has been said about the “Consumerization of IT” and it is a reality for any Citrix administrator/engineer. In this blog post we will explore how to find these types of devices using EdgeSight.
We will use the
VW_ES_USERGROUP_ICA_USERS view for this query. Here are the columns in this view:
Here is a sample of data in this view (customer specific information hidden):
The following query will select mobile devices that connected to your farm in the last 30 days.
SELECT CONVERT(VARCHAR,dtlast,111) AS 'Date', account_name, client_buildnum, client_productid, client_disp_horiz, client_disp_vert FROM vw_es_usergroup_ica_users WHERE client_name = 'mobile' and account_name <> 'UNKNOWN' and CONVERT(VARCHAR,dtlast,111) >= getdate() - 30 ORDER BY 'Date' DESC
UPDATE: While working on a similar query for work, I found that you may also select iOS devices by using the following in your WHERE statement
WHERE client_name like 'iOS%'
Here’s a sample of the output:
The new Citrix Receiver sets the client name to ‘mobile’. On a PC this is typically the environment variable
%COMPUTERNAME%. To find the devices that are connecting, you can use the horizontal (client_disp_horiz) and vertical (client_disp_vert) resolutions and compare them to current resolutions of mobile devices. I found a nice reference list here. This can get you half-way there. The only other way that I’ve been able to distinguish the client that is connecting are the ‘client_buildnum’ and ‘client_productid’ fields. Unfortunately, finding an updated list of ICA/Receiver build numbers is not easy. Stephane Thirion at Archy.net provides a recently updated list.
We can also use
VW_ES_USERGROUP_ICA_USERS to report on thin client devices. It is unlikely that thin clients will be an unapproved device on your network, but we can get some useful data on them from this view. The following query will select thin client devices that connected to your farm in the last 30 days.
SELECT CONVERT(VARCHAR,dtlast,111) AS 'Date', account_name, client_directory, client_version, client_buildnum, client_productid, client_disp_horiz, client_disp_vert FROM vw_es_usergroup_ica_users WHERE client_directory like '\%' and account_name <> 'UNKNOWN' and CONVERT(VARCHAR,dtlast,111) >= getdate() - 30 ORDER BY 'Date' DESC
Here’s a sample of the output:
If the thin client is windows-based, chances are the client_version field will give you the currently installed ICA client on the device. You can use this information to pester the person in charge of thin client’s to update them or replace them (just kidding - but really you need to get them updated). For this example, we examined the ‘client_directory’ column and determined that if it started with a ‘\’, it was a thin client. You may have to experiment with this field depending on which thin clients you have in your environment.
I hope this post has shown you how to track down non-pc devices connecting to your Citrix farm. Once you have determined the ICA/Java client versions connecting to your farm (see the ICA Client Version report in EdgeSight!) you can modify these queries to find Java client users and Macintosh users.
As always I welcome all comments and questions.
Value for Value
If you received any value from reading this post, please help by becoming a supporter.
Thanks for reading,