Symptoms or Error
We are unable to edit the ‘Users’ tab in ‘Edit Delivery Group’ wizard
Error : The users configuration has been manually modified and cannot be changed by studio
Solution: There are two causes for this problem, but the official Citrix website describes only one of them and offers only one solution for it.
Problem Cause 1 Solution by Citrix
You can just Use the Scriptblock below to Check if there are Differences between the ” *DesktopGroupName* _Direct” (Storefront) and the “*DesktopGroupName*_AG” (Netscaler).
You only have to adjust the first two variables (lines 3 & 4), it’s easier than the description of Citrix article. If there are differences, you can clean them up, unless these differences are deliberately set that way. Then you have to configure this via Powershell and you can’t customize it in the Studio console.
#by J.Kühnis 30.10.2019
$DeliveryGroup = "DeliveryGroupName"
$BrokerServer = "BrokerName.f.q.d.n"
Compare-Object (Get-BrokerAccessPolicyRule -AdminAddress $BrokerServer -DesktopGroupName $DeliveryGroup).ExcludedUsers -DifferenceObject (Get-BrokerAccessPolicyRule -AdminAddress $BrokerServer -DesktopGroupName $DeliveryGroup).ExcludedUsers
Problem Cause 2
The second reason for this Issue has no solution except to configure the access only with Powershell, but it’s still nice to know why the Probleme is caused.
I was able to test the problem in two Citrix environments (version 1811 aka Citrix 7.20) and reported it to Citrix. Let’s see if anything is done about it, as already said, the workaround is Powershell.
Cause: The problem occurs when the ExcludeFilterEnabled attribute is set (the value equals ‘True’). The attribute can only be set trough Powershell and the error described above (according to the print screen) is displayed.
The filter is automatically set to True if you have a user or group in the ‘ExcludedUsers’ property. So the rule is, if you make exclude Filter, you control the BrokerAccessPolicy in Powershell.
By the way, you can get the Policy in Powershell:
Get-BrokerAccessPolicyRule -DesktopGroupName DG11