What Group Policy Template are you using to set this? Your own custom or one of the canned ones off the net? It sounds like a template issue to me (not setting the correct reg key). Pat Coughlin On Wed, Dec 3, 2008 at 5:59 PM, Stratton, Doug ISMC:EX < Doug.M.Stratton@xxxxxxxxx> wrote: > I am having a problem with using Shadow Taskbar on a test CPS 4.5 farm > (w2ke) we have. > > We have a group policy Set client connection encryption level set to Client > compatible. > > This results in getting an error "you do not have the proper encryption > level to access this session". Also get another popup same time, " To log > on to this computer, you must have terminal server User access Permissions…… > > So I have been working on this and this is all the stuff I have tried (what > works what does not) > > 1st - Turned off all encryption stuff and it worked > - registry hklm\system\currentcontrolset\control\terminal > server\Winstations\ica-tcp\MinEncryptionLevel 1 > - Published application no level specified as requirement > - Citrix ICA encryption Policy, disabled > - gp removed setting for encryption Computer\Windows > components\Terminal Server\Encryption and Security\Set client connection > Encryption level > > > 2nd - Turned on Citrix application encryption 128bit min required - WORKED > with shadow bar > 2.2 - Set Wiindows gp (Set Client Connection encryption level to Client > compatible) - FAILED (just encryption note) > REBOOTED - failed > Turn off Policy and Gpupdate /force works again > 3rd - Enabled Citrix encryption policy - FAILED > Get encryption error AND Not in TS group so no access.??? > Turn off policy works again > 4th - Set registry hklm\system\currentcontrolset\control\terminal > server\Winstations\ica-tcp\MinEncryptionLevel 28 - WORKED (no gp or citrix > policy) > > 5th - Turned on Citrix Encryption policy now - WORKS, guess needs above > 6th - turned gp encryption back on to client compatible - FAILED > Set to high - FAILED > > So at this point I can't get the Windows GP setting to work. We currently > have it in production and I know Security is going to baulk at wanting to > remove it when we upgrade. > > Any suggestions? And thanks again > > Regards, > *Doug Stratton*, Shared Service BC > Service Desk Email:* 77000@xxxxxxxxx* > Service Desk Tel:* (250)387-7000* > >