That has been set to 128 bit also. (2nd, see updates in original) We checked our templates and from what I can tell they are from w2k3. Not sure which one it was but if it was system.adm (think that was it) it was dated 2007-02-17. So we tried checking these settings from a vista box with the latest GPMC on it. There were way more choices for other things but this area still looked the same. We set it with this anyways and same problem. I do have another related question also. We have tried disabling any GP/Citrix Policy... That we can find but still can't get the TSCC ICA-TCP Encryiption level to UN-grey so we can try to change it there. I have looked at a few servers and they all are the same way. Is this normal? Regards, Doug Stratton, Shared Service BC Service Desk Email: 77000@xxxxxxxxx Service Desk Tel: (250)387-7000 ________________________________ From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Joe Shonk Sent: December 4, 2008 6:16 AM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: Shadow taskbar encryption errors Check the encryption level set at the published application level. Joe From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Stratton, Doug ISMC:EX Sent: Wednesday, December 03, 2008 3:59 PM To: thin@xxxxxxxxxxxxx Subject: [THIN] Shadow taskbar encryption errors I am having a problem with using Shadow Taskbar on a test CPS 4.5 farm (w2k3 ) we have. We have a group policy Set client connection encryption level set to Client compatible. This results in getting an error "you do not have the proper encryption level to access this session". Also get another popup same time, " To log on to this computer, you must have terminal server User access Permissions...... So I have been working on this and this is all the stuff I have tried (what works what does not) 1st - Turned off all encryption stuff and it worked - registry hklm\system\currentcontrolset\control\terminal server\Winstations\ica-tcp\MinEncryptionLevel 1 - Published application no level specified as requirement - Citrix ICA encryption Policy, disabled - gp removed setting for encryption Computer\Windows components\Terminal Server\Encryption and Security\Set client connection Encryption level 2nd - Turned on Citrix Published Desktop encryption 128bit min required - WORKED with shadow bar 2.2 - Set Wiindows gp (Set Client Connection encryption level to Client compatible) - FAILED (just encryption note) REBOOTED - failed Turn off Policy and Gpupdate /force works again 3rd - Enabled Citrix encryption policy - FAILED Get encryption error AND Not in TS group so no access.??? Turn off policy works again 4th - Set registry hklm\system\currentcontrolset\control\terminal server\Winstations\ica-tcp\MinEncryptionLevel 28 - WORKED (no gp or citrix policy) 5th - Turned on Citrix Encryption policy now - WORKS, guess needs above 6th - turned gp encryption back on to client compatible - FAILED Set to high - FAILED 7th - tried setting with latest GPMC on vista box - FAILED (it did set the RDP connections but the Citrix connection still said None and is greyed out and shadow still not working.) So at this point I can't get the Windows GP setting to work. We currently have it in production and I know Security is going to baulk at wanting to remove it when we upgrade. Any suggestions? And thanks again Regards, Doug Stratton, Shared Service BC Service Desk Email: 77000@xxxxxxxxx Service Desk Tel: (250)387-7000