By default, Citrix Workspace only does full refreshes of your group membership during authentication. Adding users to a group after they have logged in means that they won’t see that new app until they re-login. No matter how many Selfservice.exe -ipoll or Workspace refreshes you do. So if you have an app rollout coming up, and want to deploy it to users with little to no interaction, this is for you.
It’s a rare scenario, but one that needs to be addressed. After digging around I found the answer. XML SID Enumeration. There isn’t much in the current documentation, but did find this tech article for older software.
We have tested this in current 2203 CU1 and CU2 environments and this function works correctly. What it does is runs a user group membership query on each Workspace refresh. That way if the user is introduced into a group for a published app when Workspace refreshes it appears in their Workspace. No re-login required.
So add the following element to all your Delivery Controllers and then reboot them.
Windows Registry Editor Version 5.00
If this is planned ahead of time you may also want to add shorter refresh intervals to your workstations so that they more frequently check in. Just make sure to take the RefreshMS back to the regular 1 hour setting (3600000) after your application deployment.
Value name InitialRefreshMinMs
Value type REG_SZ
Value data 10000
Value name InitialRefreshMaxMs
Value type REG_SZ
Value data 30000
Value name RefreshMS
Value type REG_SZ
Value data 600000