You can restrict access to global entitlements to specific client computers. To restrict access, you add the names of the client computers that are allowed to access a global entitlement in an Active Directory security group and then add this group to the global entitlement's users and groups.
The client restrictions features has certain requirements and limitations.
- You must enable the client restrictions policy when you create or modify the global entitlement. By default, the client restrictions policy is disabled. You can enable this policy only for floating desktop entitlements and global application entitlements.
- The global entitlement client restrictions policy setting overrides the pool-level client restrictions policy setting. As a best practice, if you enable the client restrictions policy on a global entitlement, do not enable the client restrictions policy on the pools that the global entitlement contains.
- You must add the Active Directory security group that contains the names of the client computers that are allowed to access the global entitlement when you create or modify the global entitlement.
- The client restrictions feature allows only specific client computers to access global entitlements. It does not give users access to global entitlements. For example, if a user is not included in a global entitlement (either as a user or as a member of a user group), the user cannot access the global entitlement, even if the user's client computer is allowed to access the global entitlement.
- The client restrictions feature is supported only with Windows client computers in this release.
- When the client restrictions policy is enabled for a global entitlement, non-Windows clients and HTML Access clients cannot launch the global entitlement.