Citrix Receiver For Windows

Receiver for Windows
2011 Citrix Systems, Inc. All rights reserved. Terms of Use | Trademarks | Privacy Statement
Contents
Receiver for Windows Receiver for Windows 3.2 Receiver for Windows 3.2 About Receiver for Windows 3.2 System Requirements Get Started Citrix Connection Center Overview Providing Virtual Desktops to Receiver Users Install and Uninstall Installing and Uninstalling Receiver for Windows Manually Upgrading the Desktop Viewer and Desktop Appliance Lock To install the Citrix Desktop Lock User Accounts Used to Install the Citrix Desktop Lock To remove the Citrix Desktop Lock To configure and install the Citrix Receiver for Windows using command-line parameters Delivering Receiver Using Active Directory and Sample Startup Scripts Using the Per-User Sample Startup Scripts Deploying CitrixReceiver.exe from Receiver for Web Deploying the CitrixReceiver.exe from a Web Interface Logon Screen Configure Using the Group Policy Object Template to Customize Receiver Configuring Access to Accounts Manually To customize user preferences for the Receiver (Enterprise) Configuring USB Support for XenDesktop Connections How USB Support Works Mass Storage Devices USB Device Classes Allowed by Default USB Device Classes Denied by Default
21 22 23 24 27 31 33 34 35 37 39 40 41 42 43 48 50 51 52 53 54 56 57 58 59 60 61 63
Updating the List of USB Devices Available for Remoting Configuring Bloomberg Keyboards Configuring User-Driven Desktop Restart To prevent the Desktop Viewer window from dimming To configure the Citrix Desktop Lock To configure settings for multiple users and devices Canadian Keyboard Layouts and Updating from Presentation Server Clients Version 10.200 Auto-Repair Optimize Improving Receiver Performance Reducing Application Launch Time Reconnecting Users Automatically Providing HDX Broadcast Session Reliability Improving Performance over Low-Bandwidth Connections Connecting User Devices and Published Resources Configuring Workspace Control Settings to Provide Continuity for Roaming Users Making Scanning Transparent for Users Mapping User Devices Mapping Client Drives to XenApp Server Drive Letters HDX Plug-n-Play for USB Storage Devices HDX Plug-n-Play USB Device Redirection for XenApp Connections Mapping Client Printers for More Efficiency To map a client COM port to a server COM port Mapping Client Audio to Play Sound on the User Device Associating User Device File Types with Published Applications Using the Window Manager when Connecting to Citrix XenApp for UNIX Terminating and Disconnecting Sessions Using ctxgrab and ctxcapture to Cut and Paste Graphics When Connected to XenApp for UNIX Using the ctxgrab Utility to Cut and Paste Graphics Using the ctxcapture Utility to Cut and Paste Graphics Matching Client Names and Computer Names DNS Name Resolution Using Proxy Servers with XenDesktop Connections User Experience
64 65 66 67 68 70 71 72 73 74 75 78 79 80 82 83 85 86 87 89 90 92 94 95 96 97 98 99 100 101 103 104 105 106
ClearType Font Smoothing in Sessions Client-Side Microphone Input Configuring HDX Plug-n-Play Multi-monitor Support Printing Performance To override the printer settings configured on the server To set keyboard shortcuts Keyboard Input in XenDesktop Sessions Receiver Support for 32-Bit Color Icons Connecting to Virtual Desktops Secure Connections To enable certificate revocation list checking for improved security with Receiver (CitrixReceiver.exe) Smart Card Support for Improved Security To enable pass-through authentication when sites are not in Trusted Sites or Intranet zones Using Security Support Provider Interface/Kerberos Pass-Through Authentication for Improved Security To configure Kerberos with pass-through authentication Secure Communications Support for Microsoft Security Templates Connecting with Access Gateway Enterprise Edition Connecting with Access Gateway 5.0 Connecting with Secure Gateway Connecting the Citrix Receiver through a Proxy Server Connecting with Secure Sockets Layer Relay Connecting with Citrix SSL Relay User Device Requirements To apply a different listening port number for all connections To apply a different listening port number to particular connections only Configuring and Enabling Receivers for SSL and TLS Installing Root Certificates on the User Devices To configure Web Interface to use SSL/TLS for Receiver To configure TLS support To use the Group Policy template on Web Interface to meet FIPS 140 security requirements To configure the Web Interface to use SSL/TLS when communicating with Citrix Receiver To configure Citrix XenApp to use SSL/TLS when communicating with Citrix Receiver
107 108 109 111 113 114 115 117 118 119 120 122 123 124 126 127 128 129 132 137 138 139 140 141 142 143 144 145 146 147 148 149 150
To configure Citrix Receiver to use SSL/TLS when communicating with the server running the Web Interface ICA File Signing - Protection Against Application or Desktop Launches From Untrusted Servers Selecting and Distributing a Digital Signature Certificate Configuring a Web Browser and ICA File to Enable Single Sign-on and Manage Secure Connections to Trusted Servers To set client resource permissions Enabling Smart Card Logon Enforcing Trust Relations Elevation Level and wfcrun32.exe Receiver for Windows 3.1 Receiver for Windows 3.1 About Citrix Receiver for Windows 3.1 System Requirements Get Started Citrix Connection Center Overview Providing Virtual Desktops to Receiver Users Install and Uninstall Installing and Uninstalling Receiver for Windows Manually Upgrading the Desktop Viewer and Desktop Appliance Lock To install the Citrix Desktop Lock User Accounts Used to Install the Citrix Desktop Lock To remove the Citrix Desktop Lock To configure and install the Citrix Receiver for Windows using command-line parameters Delivering Receiver Using Active Directory and Sample Startup Scripts Using the Per-User Sample Startup Scripts Deploying CitrixReceiver.exe from Receiver for Web Deploying the CitrixReceiver.exe from a Web Interface Logon Screen Configure Using the Group Policy Object Template to Customize the Receiver Configuring Access to Accounts Manually To customize user preferences for the Receiver (Enterprise) Configuring USB Support for XenDesktop Connections How USB Support Works Mass Storage Devices USB Device Classes Allowed by Default USB Device Classes Denied by Default
151 152 154 155 157 159 160 162 163 164 165 169 173 175 176 177 179 181 182 183 184 185 190 192 193 194 195 196 198 199 200 201 202 203 205
Updating the List of USB Devices Available for Remoting Configuring Bloomberg Keyboards Configuring User-Driven Desktop Restart To prevent the Desktop Viewer window from dimming To configure the Citrix Desktop Lock To configure settings for multiple users and devices Canadian Keyboard Layouts and Updating from Presentation Server Clients Version 10.200 Auto-Repair Optimize Improving Receiver Performance Reducing Application Launch Time Reconnecting Users Automatically Providing HDX Broadcast Session Reliability Improving Performance over Low-Bandwidth Connections Connecting User Devices and Published Resources Configuring Workspace Control Settings to Provide Continuity for Roaming Users Making Scanning Transparent for Users Mapping User Devices Mapping Client Drives to XenApp Server Drive Letters HDX Plug-n-Play for USB Storage Devices HDX Plug-n-Play USB Device Redirection for XenApp Connections Mapping Client Printers for More Efficiency To map a client COM port to a server COM port Mapping Client Audio to Play Sound on the User Device Associating User Device File Types with Published Applications Using the Window Manager when Connecting to Citrix XenApp for UNIX Terminating and Disconnecting Sessions Using ctxgrab and ctxcapture to Cut and Paste Graphics When Connected to XenApp for UNIX Using the ctxgrab Utility to Cut and Paste Graphics Using the ctxcapture Utility to Cut and Paste Graphics Matching Client Names and Computer Names DNS Name Resolution Using Proxy Servers with XenDesktop Connections User Experience
206 207 208 209 210 212 213 214 215 216 217 220 221 222 224 225 227 228 229 231 232 234 236 237 238 239 240 241 242 243 245 246 247 248
ClearType Font Smoothing in Sessions Client-Side Microphone Input Configuring HDX Plug-n-Play Multi-monitor Support Printing Performance To override the printer settings configured on the server To set keyboard shortcuts Keyboard Input in XenDesktop Sessions Receiver Support for 32-Bit Color Icons Connecting to Virtual Desktops Secure Connections To enable certificate revocation list checking for improved security with Receiver (CitrixReceiver.exe) Smart Card Support for Improved Security To enable pass-through authentication when sites are not in Trusted Sites or Intranet zones Using Security Support Provider Interface/Kerberos Pass-Through Authentication for Improved Security To configure Kerberos with pass-through authentication Secure Communications Support for Microsoft Security Templates Connecting with Access Gateway Enterprise Edition Connecting with Access Gateway 5.0 Connecting with Secure Gateway Connecting the Citrix Receiver through a Proxy Server Connecting with Secure Sockets Layer Relay Connecting with Citrix SSL Relay User Device Requirements To apply a different listening port number for all connections To apply a different listening port number to particular connections only Configuring and Enabling Receivers for SSL and TLS Installing Root Certificates on the User Devices To configure Web Interface to use SSL/TLS for Receiver To configure TLS support To use the Group Policy template on Web Interface to meet FIPS 140 security requirements To configure the Web Interface to use SSL/TLS when communicating with Citrix Receiver To configure Citrix XenApp to use SSL/TLS when communicating with Citrix Receiver
249 250 251 253 255 256 257 259 260 261 262 264 265 266 268 269 270 271 274 279 280 281 282 283 284 285 286 287 288 289 290 291 292
To configure Citrix Receiver to use SSL/TLS when communicating with the server running the Web Interface ICA File Signing - Protection Against Application or Desktop Launches From Untrusted Servers Selecting and Distributing a Digital Signature Certificate Configuring a Web Browser and ICA File to Enable Single Sign-on and Manage Secure Connections to Trusted Servers To set client resource permissions Enabling Smart Card Logon Enforcing Trust Relations Elevation Level and wfcrun32.exe Receiver for Windows 3.0 Citrix Receiver for Windows 3.0 About Receiver for Windows 3.0 System Requirements Get Started Citrix Receiver for Windows Overview Citrix Connection Center Overview Providing Virtual Desktops to Receiver Users Install and Uninstall Installing and Uninstalling Receiver for Windows Manually Upgrading the Desktop Viewer and Desktop Appliance Lock To install the Citrix Desktop Lock User Accounts Used to Install the Citrix Desktop Lock To remove the Citrix Desktop Lock To configure and install the Citrix Receiver for Windows using command-line parameters To extract, install, and remove the individual Receiver (Enterprise) .msi files Delivering Receiver Using Active Directory and Sample Startup Scripts Using the Per-User Sample Startup Scripts Deploying the CitrixReceiver.exe from a Web Interface Logon Screen Configure Using the Group Policy Object Template to Customize the Receiver To customize user preferences for the Receiver (Enterprise) Configuring USB Support for XenDesktop Connections How USB Support Works Mass Storage Devices USB Device Classes Allowed by Default USB Device Classes Denied by Default
293 294 296 297 299 301 302 304 305 306 307 311 314 316 318 319 320 322 324 325 326 327 328 331 333 335 336 337 338 340 341 342 343 344 346
Updating the List of USB Devices Available for Remoting Configuring Bloomberg Keyboards Configuring User-Driven Desktop Restart To prevent the Desktop Viewer window from dimming To configure the Citrix Desktop Lock To configure settings for multiple users and devices Canadian Keyboard Layouts and Updating from Presentation Server Clients Version 10.200 Auto-Repair Optimize Improving Receiver Performance Reducing Application Launch Time Reconnecting Users Automatically Providing HDX Broadcast Session Reliability Improving Performance over Low-Bandwidth Connections Connecting User Devices and Published Resources To enable pass-through authentication when sites are not in Trusted Sites or Intranet zones Configuring Workspace Control Settings to Provide Continuity for Roaming Users Making Scanning Transparent for Users Mapping User Devices Mapping Client Drives to XenApp Server Drive Letters HDX Plug-n-Play for USB Storage Devices HDX Plug-n-Play USB Device Redirection for XenApp Connections Mapping Client Printers for More Efficiency To map a client COM port to a server COM port Mapping Client Audio to Play Sound on the User Device Associating User Device File Types with Published Applications Using the Window Manager when Connecting to Citrix XenApp for UNIX Terminating and Disconnecting Sessions Using ctxgrab and ctxcapture to Cut and Paste Graphics When Connected to XenApp for UNIX Using the ctxgrab Utility to Cut and Paste Graphics Using the ctxcapture Utility to Cut and Paste Graphics Matching Client Names and Computer Names Providing Support for NDS Users
347 348 349 350 351 353 354 355 356 357 358 361 362 363 365 366 367 369 370 371 373 374 376 378 379 380 381 382 383 384 385 387 388
Specifying Windows Credentials with the Novell ClientandPass-ThroughAuthentication DNS Name Resolution Using Proxy Servers with XenDesktop Connections User Experience ClearType Font Smoothing in Sessions Client-Side Microphone Input Configuring HDX Plug-n-Play Multi-monitor Support Printing Performance To override the printer settings configured on the server To set keyboard shortcuts Keyboard Input in XenDesktop Sessions Receiver Support for 32-Bit Color Icons Connecting to Virtual Desktops Secure Connections To enable certificate revocation list checking for improved security with Receiver (CitrixReceiver.exe) Smart Card Support for Improved Security To enable pass-through authentication when sites are not in Trusted Sites or Intranet zones Using Security Support Provider Interface/Kerberos Pass-Through Authentication for Improved Security To configure Kerberos with pass-through authentication Secure Communications Support for Microsoft Security Templates Connecting the Citrix Receiver through a Proxy Server Connecting with the Secure Gateway or Citrix Secure Sockets Layer Relay Connecting with the Secure Gateway Connecting with Citrix SSL Relay User Device Requirements To apply a different listening port number for all connections To apply a different listening port number to particular connections only Configuring and Enabling Receivers for SSL and TLS Installing Root Certificates on the User Devices To configure Citrix Receiver to use SSL/TLS To configure TLS support To use the Group Policy template to meet FIPS 140 security requirements
389 390 391 392 393 394 395 397 399 400 401 403 404 405 406 408 409 410 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426
10
To configure the Web Interface to use SSL/TLS when communicating with Citrix Receiver To configure Citrix XenApp to use SSL/TLS when communicating with Citrix Receiver To configure Citrix Receiver to use SSL/TLS when communicating with the server running the Web Interface ICA File Signing - Protection Against Application or Desktop Launches From Untrusted Servers Selecting and Distributing a Digital Signature Certificate Configuring a Web Browser and ICA File to Enable Single Sign-on and Manage Secure Connections to Trusted Servers To set client resource permissions Enabling Smart Card Logon Enforcing Trust Relations Elevation Level and wfcrun32.exe ICA Settings Reference ICA Settings Reference AcceptURLType Address(2) AECD AllowAudioInput AllowVirtualDriverEx AllowVirtualDriverExLegacy AltProxyAutoConfigURL(2) AltProxyBypassList(2) AltProxyHost(2) AltProxyPassword(2) AltProxyType(2) AlwaysSendPrintScreen AppendUsername AudioBandwidthLimit AudioDevice(2) AudioDuringDetach AudioHWSection AudioInWakeOnInput AudioOutWakeOnOutput AUTHPassword AUTHUserName AutoLogonAllowed BrowserProtocol
427 428 429 430 432 433 435 437 438 439 440 447 454 455 457 458 459 460 461 462 464 465 466 468 469 470 472 473 474 475 476 477 478 479 480
11
BrowserRetry(2) BrowserTimeout(2) BUCC(2) BufferLength BufferLength2 BypassSmartcardDomain BypassSmartcardPassword BypassSmartcardUsername CbChainInterval CDMAllowed CDMReadOnly CFDCD CGPAddress ChannelName ClearPassword ClientAudio ClientName ClipboardAllowed COCD ColorMismatchPrompt_Have16M_Want256 ColorMismatchPrompt_Have16_Want256 ColorMismatchPrompt_Have64k_Want256 COMAllowed(2) Command CommandAckThresh CommPollSize CommPollWaitInc CommPollWaitIncTime CommPollWaitMax CommPollWaitMin CommWakeOnInput ConnectionFriendlyName ContentRedirectionScheme ControlPollTime ConverterSection CPMAllowed CRBrowserAcceptURLtype
481 482 483 484 485 486 487 488 489 490 491 493 494 495 496 497 499 500 501 502 503 504 505 507 508 509 510 511 512 513 514 515 516 517 518 519 520
12
CRBrowserCommand CRBrowserPath CRBrowserPercentS CRBrowserRejectURLtype CREnabled CRPlayerAcceptURLtype CRPlayerCommand CRPlayerPath CRPlayerPercentS CRPlayerRejectURLtype DataAckThresh DataBits DefaultHttpBrowserAddress DeferredUpdateMode DesiredColor(5) DeviceName DisableCtrlAltDel DisableDrives DisableMMMaximizeSupport DisableSound DisableUPDOptimizationFlag Domain DriverNameAlt DriverNameAltWin32 DriverNameWin32(12) DTR DynamicCDM EmulateMiddleMouseButton EmulateMiddleMouseButtonDelay EnableAsyncWrites EnableAudioInput EnableClientSelectiveTrust EnableInputLanguageToggle EnableOSS EnableReadAhead EnableRtpAudio EnableSessionSharing
521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 537 538 539 541 542 543 544 546 547 548 553 554 555 556 557 558 559 561 562 563 564 565
13
EnableSessionSharingClient EnableSessionSharingHost(2) EnableSSOThruICAFile EncryptionLevelSession endIFDCD FONTSMOOTHINGTYPE ForceLVBMode FriendlyName FullScreenBehindLocalTaskbar FullScreenOnly HotKey10Char HotKey10Shift HotKey1Char HotKey1Shift HotKey2Char HotKey2Shift HotKey3Char HotKey3Shift HotKey4Char HotKey4Shift HotKey5Char HotKey5Shift HotKey6Char HotKey6Shift HotKey7Char HotKey7Shift HotKey8Char HotKey8Shift HotKey9Char HotKey9Shift HotKeyJPN%dChar HowManySkipRedrawPerPaletteChange HttpBrowserAddress ICAHttpBrowserAddress ICAKeepAliveEnabled ICAKeepAliveInterval ICAPortNumber
567 568 569 571 572 573 574 575 576 577 578 579 581 583 584 586 588 589 590 592 594 595 597 599 600 602 604 606 608 610 612 613 614 616 617 619 620
14
ICAPrntScrnKey ICASOCKSProtocolVersion(2) ICASOCKSProxyHost(2) ICASOCKSProxyPortNumber(2) InitialProgram InitialProgram(2) InputEncoding InstallColormap IOBase KeyboardLayout KeyboardSendLocale KeyboardTimer(2) KeyboardType Launcher LaunchReference LicenseType LocalIME LocHttpBrowserAddress LockdownProfiles LogAppend LogConfigurationAccess LogConnect LogErrors LogEvidence LogFile LogFileGlobalPath LogFileWin32 LogFlush LogonTicket LogonTicketType LongCommandLine Lpt1 Lpt2 Lpt3 LPWD LvbMode2 MaxDataBufferSize
622 623 625 627 629 631 633 634 635 636 637 638 639 642 643 644 645 646 648 649 650 651 652 653 654 655 656 657 658 659 660 662 663 664 665 666 667
15
MaxMicBufferSize MaxOpenContext MaxPort MaxWindowSize MinimizeOwnedWindows MissedKeepaliveWarningMsg MissedKeepaliveWarningTime MouseTimer MouseWheelMapping MSIEnabled NativeDriveMapping NDS NRUserName NRWD NumCommandBuffers NumDataBuffers OutBufCountClient OutBufCountClient2 OutBufCountHost OutBufCountHost2 OutBufLength PassThroughLogoff Password Path PCSCCodePage PCSCLibraryName PercentS PersistentCacheEnabled PersistentCacheGlobalPath PersistentCacheMinBitmap(2) PersistentCachePath PersistentCachePercent PersistentCacheSize(2) PersistentCacheUsrRelPath PingCount PlaybackDelayThresh PNPDeviceAllowed
668 669 670 671 672 673 674 675 677 678 679 681 682 683 684 685 686 688 690 692 694 696 697 699 700 701 702 703 705 706 708 710 711 713 714 715 716
16
pnStartSCD Port1 Port2 POSDeviceAllowed PrinterFlowControl PrinterResetTime PrinterThreadPriority PrintMaxRetry ProxyAuthenticationBasic(2) ProxyAuthenticationKerberos ProxyAuthenticationNTLM(2) ProxyAuthenticationPrompt(2) ProxyAutoConfigURL(2) ProxyBypassList ProxyFallback(2) ProxyFavorIEConnectionSetting(2) ProxyHost(3) ProxyPassword(2) ProxyPort ProxyTimeout ProxyType ProxyUseDefault ProxyUseFQDN(2) ProxyUsername ReadersStatusPollPeriod RECD(2) RegionIdentification RejectURLType RemoveICAFile ResMngrRunningPollPeriod REWD(2) RtpAudioHighestPort RtpAudioLowestPort ScalingHeight ScalingMode ScalingPercent ScalingWidth
717 718 719 720 722 723 724 725 726 728 729 731 733 735 737 739 741 743 745 746 747 749 750 752 754 756 757 759 760 762 763 764 765 766 767 769 770
17
Schedule ScreenPercent SecureChannelProtocol(2) SecurityTicket SessionReliabilityTTL SessionSharingKey SessionSharingLaunchOnly SFRAllowed SkipRedrawPerPaletteChange SmartCardAllowed SpeedScreenMMA SpeedScreenMMAAudioEnabled SpeedScreenMMAMaxBufferThreshold SpeedScreenMMAMaximumBufferSize SpeedScreenMMAMinBufferThreshold SpeedScreenMMASecondsToBuffer SpeedScreenMMAVideoEnabled SSLCACert SSLCertificateRevocationCheckPolicy(2) SSLCiphers SSLCommonName SSLEnable SSLProxyHost(2) SSOnCredentialType(3) SSOnDetected SSOnUserSetting SSPIEnabled startIFDCD(3) startSCD(2) State SucConnTimeout SwapButtons TransparentKeyPassthrough TransportReconnectDelay TransportReconnectEnabled TransportReconnectRetries TransportSilentDisconnect
771 772 774 777 778 779 780 781 782 783 784 786 787 788 789 790 791 792 793 796 798 800 803 805 807 808 810 812 813 814 815 816 817 819 821 823 825
18
TRWD Tw2CachePower TW2StopwatchMinimum TW2StopwatchScale TwainAllowed TWIEmulateSystray TWIFullScreenMode TWIIgnoreWorkArea TWIMode TWISeamlessFlag TWIShrinkWorkArea TWISuppressZZEcho TWITaskbarGroupingMode UnicodeEnabled UseAlternateAddress(3) UseDefaultEncryption UseLocalUserAndPassword(2) UseMRUBrowserPrefs Username(3) UserOverride UsersShareIniFiles UseSSPIOnly VariantName VirtualChannels VirtualCOMPortEmulation VirtualDriver VirtualDriverEx VSLAllowed(2) Win32FavorRetainedPrinterSettings WindowManagerMoveIgnored WindowManagerMoveTimeout WindowsCache WindowSize WindowSize WindowSize WindowSize2 WindowsPrinter
826 827 828 829 830 831 832 834 836 838 839 840 841 843 844 847 849 851 852 854 855 856 858 859 860 862 864 865 867 869 870 871 872 874 876 878 879
19
WindowsPrinter WorkDirectory WpadHost XmlAddressResolutionType ZLAutoHiLimit ZLAutoLowLimit ZLDiskCacheSize ZLFntMemCacheSize ZLKeyboardMode ZLMouseMode
880 881 882 883 884 885 886 887 888 890
20
Receiver for Windows

Citrix Receiver for Windows delivers a common user interface whether using only Receiver or with any other Citrix Plug-ins and provides secure, simple, high-performance, on-demand access to virtual desktops, enterprise applications, and IT services by enabling:
q
Delivery of business applications to any user on any device Secure access and complete IT control and visibility
Quick Links
q
Receiver for Windows 3.2 About Receiver for Windows 3.2 System Requirements and Compatibility for Receiver for Windows 3.2 Receiver for Windows Overview
21
Receiver for Windows 3.2

Quick Links
About this Release Issues Fixed in Receiver for Windows 3.2 System Requirements and Compatibility Licensing Your Product Overview of Citrix Receiver for Windows Installation Packages To configure and install the Citrix Receiver for Windows using command-line parameters
Using the Receiver with XenDesktop Connections Optimizing the Receiver Environment Improving the Receiver User Experience Securing Your Connections Securing Citrix Receiver Communication
22

Quick Links
About this Release Issues Fixed in Receiver for Windows 3.2 System Requirements and Compatibility Licensing Your Product Overview of Citrix Receiver for Windows Installation Packages To configure and install the Citrix Receiver for Windows using command-line parameters
Using the Receiver with XenDesktop Connections Optimizing the Receiver Environment Improving the Receiver User Experience Securing Your Connections Securing Citrix Receiver Communication
23
About Receiver for Windows 3.2

What's New in this Release
When used with Citrix Storefront 1.1, this release of Receiver for Windows (standard, CitrixReceiver.exe) supports single authentication to Receiver and the browser for Web and SaaS apps published through AppController 1.1. Receiver users will now authenticate with those apps as they have for published Windows apps. No Receiver-specific administration is needed to use the additional single authentication support. The Receiver Enterprise package did not change for this release. It is required only to support applications that use Smart Card authentication.
Known Issues
This section contains:
q
General issues Known issues - Desktop connections Third-party issues
Caution: Editing the Registry incorrectly can cause serious problems that may require you to reinstall your operating system. Citrix cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. Be sure to back up the registry before you edit it.
General Issues
q
When configured with multiple stores, Receiver might confuse the gateways required to connect to a store causing incorrect apps being available to users. Work around: Configure only one store. [#263165] When Receiver Storefront is configured with multiple external beacon points, Receiver for Windows does not enumerate applications if all of the beacons respond with the same URL. Workaround: Retain the configuration for only one external beacon. Alternatively, keep all beacons and add a beacon that points to a non-existing URL. [#299560] If you use the Receiver with XenApp 5.0 Feature Pack 2 for Windows Server 2003 (32- or 64-bit editions), the Receiver plays audio even when you configure the Turn off speakers policy setting to disable the audio. [#242703] You might receive an error message when trying to launch an application with Web Interface after installing a previous version of the Receiver (Online plug-in) while
24
About Receiver for Windows 3.2 logged in as one user, upgrading with CitrixReceiver.exe as another user, logging off the Receiver, and logging back on with the previous user name. The error message is: Citrix online plug-in Configuration Manager: No value could be found for (ClientHostedApps) that satisfies all lock down requirements. The lockdown requirements in force may be conflicting. [#261877] As a workaround, set the following registry key: HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Control Name: ClientHostedApps Value: FALSE (or set to * / TRUE if you have overridden the defaults in HKEY_LOCAL_MACHINE)
q
If you use Web Interface with Internet Explorer 8 and Windows 7 to upgrade to this version of Citrix Receiver, the upgrade finishes, but the Upgrade in Progress message remains on the screen and the log on screen does not appear. Workaround: Restart the browser [#247858] When you launch applications using the Web Interface, Connection Center does not enumerate the sessions. [#261177] After you launch a published application that is filtered by XenApp for Access Gateway, other published applications do not launch. [#263003] In some environments, content redirection may not work until the published application is launched for the first time. [#252515] Before installing Receiver for Windows on a Windows XP Embedded thin client device, increase the RAM disk limit of the device to 100 MB. [#266384] When versions of Receiver are localized in Traditional Chinese, Korean, or Russian and integrated with Access Gateway Standard Edition, the Receiver log on screen displays in English because of an Access Gateway Standard Edition language limitation. [#263442] After a silent installation of Receiver, the Receiver Preferences > Plug-in status page might not list the plug-ins. [302588] When the offline plug-in is not installed and a streamed application is configured to fallback to ICA and the XenApp server is down, an incorrect error message appears informing you that the correct plug-in is not installed. [#273813] If Certificate Revocation List (CRL) checking is disabled in Internet Options on the user device, this overrides the CertificateRevocationCheck registry setting for Receiver for Windows. This means users may be able to access Web sites that do not have valid certificates. As a workaround, ensure that the Check server revocation option located at Settings > Control Panel > Internet Options > Advanced is enabled. [#32682] Receiver does not support the VPN keyword in Access Gateway ClientChoices mode. [#274828] If the VPN keyword is removed from an application after a user subscribes to it, Receiver continues to attempt an Access Gateway connection for the application. Workaround: Unsubscribe and then re-subscribe to the application to synchronize the
25
About Receiver for Windows 3.2 VPN keyword removal on Receiver. [#298387]
Desktop Connections
q
Loss of video is experienced if files are being played with a published version of Windows Media Player through a virtual desktop session, and the Desktop Viewer window is changed from full-screen to window mode. As a workaround, minimize and restore the Media Player window, and then pause and resume the application (or stop and restart it). [#246230] You cannot log off normally from Windows XP 32-bit virtual desktops if you start (but do not log on to) the Receiver in the desktop session. If the Receiver logon dialog box is not completed, you cannot log off from the desktop. To work around the issue, complete the logon dialog box or close it. This issue is not observed on other virtual desktop operating systems. [#246516] If virtual desktops are installed with the Virtual Desktop Agent supplied with XenDesktop 5.0, Receiver for Windows 3.0 displays an error if the user starts a published application from the desktop. The workaround is to use the Virtual Desktop Agent supplied with XenDesktop 5.5. [#263079] The Citrix Desktop Lock does not redirect Adobe Flash content to domain-joined user devices. The content can be viewed but is rendered on the server, not locally. As a workaround, Adobe Flash redirection can be configured for server-side content fetching to pass the content from the server to the user device. This issue does not occur on non-domain-joined devices or when the content is viewed with the Desktop Viewer. [#263092] The Desktop Viewer Devices menu may not close when the user clicks the Devices icon. It also may remain open after its corresponding dialog box closes. If this occurs, click the Devices icon again. [#262202] Windows Media Player, when displayed in the non-primary monitor of a two-monitor Windows user device, may not work as expected. Due to an issue with the DirectX video mixing renderer filter VMR-9, the screen is black and there is no sound, although the player's progress bar advances. To correct this issue, edit the registry on the user device from which the XenDesktop connection is launched. In the HKEY_CURRENT_USER\Software\Citrix subkey, create the HdxMediaStream key. Name the key DisableVMRSupport. Set the type as REG_DWORD. Give the key the value 3. [#262852]
Third-Party Issues
q
When using Internet Explorer to open a Microsoft Office document in Edit mode from SharePoint, Microsoft Office might display the message, Access denied. Workaround: Go to the SharePoint site and check out the document, edit it, and check the file back in to SharePoint. [#258725]
26
System Requirements and Compatibility for Receiver for Windows

q
Supported Windows Operating Systems:

q
Windows 7, 32-bit and 64-bit editions (including Embedded Edition) Windows XP Professional, 32-bit and 64-bit editions Windows XP Embedded Windows Vista, 32-bit and 64-bit editions Windows Thin PC Windows Server 2008 R1, 32-bit and 64-bit editions (not supported by XenDesktop connections) Windows Server 2008 R2, 64-bit edition (not supported by XenDesktop connections) Windows Server 2003, 32-bit and 64-bit editions (not supported by XenDesktop connections)
Important: For XenDesktop connections, be aware that the Citrix Desktop Lock is only supported on Windows XP Professional, Windows XP Embedded, Windows 7, and Windows Embedded Standard 7. If your deployment includes smart cards, and Windows 7 or Windows Embedded Standard 7, see the additional requirements in this topic. Server support:
q
XenApp (any of the following products):

q
Citrix XenApp 6.5 for Windows Server 2008 R2 Citrix XenApp 6 for Windows Server 2008 R2 Citrix XenApp 5 for Windows Server 2008
Citrix XenApp 5 for Windows Server 2003 XenDesktop (any of the following products):
q q
XenDesktop 5.5 XenDesktop 5
XenDesktop 4 To manage connections to apps and desktops, Citrix Receiver supports Cloud Gateway or Web Interface :
q
27
System Requirements
q
CloudGateway Express, with Receiver Storefront 1.1 or 1.0 and, for optional access to resources from a web page, Receiver for Web CloudGateway Enterprise 1.0, with Receiver Storefront 1.1 or 1.0, for apps hosted on a network, on an Infrastructure as a Service (IaaS) platform, or configured as Software as a Service (SaaS) Web Interface 5.x for Windows with a XenApp Services and XenDesktop Web site
Merchandising Server 2.x
Connectivity Citrix Receiver supports HTTPS and ICA-over-SSL connections through any one of the following configurations.
q
For LAN connections:

q
Receiver Storefront 1.1 or 1.0, using Storefront services or Receiver for Web sites Single sign on to Web and SaaS apps published through AppController requires Receiver Storefront 1.1.
Web Interface 5.x for Windows, using XenApp Services and XenDesktop Web sites (Program Neighborhood Agent sites are also supported for legacy installations) For secure remote or local connections:
q q
Citrix Access Gateway VPX Citrix Access Gateway 5.0 Citrix Access Gateway Enterprise Edition 9.x
Citrix Secure Gateway 3.x You can use Access Gateway with Receiver Storefront or Web Interface. You can use Secure Gateway only with Web Interface.
q q
Authentication Receiver for Windows 3.2, when used with Receiver Storefront 1.1 or 1.0, supports the following authentication methods:
q
Domain Domain pass-through Receiver for Web sites do not support domain pass-through authentication.
Security token Two-factor (domain plus security token)* Client certificate (requires Access Gateway Enterprise Edition; can be used alone or with other authentication methods)
28
System Requirements Receiver for Windows 3.2, when used with Web Interface 5.X, supports the following authentication methods:
q
Domain Security token Two-factor (domain plus security token)* SMS* Smart card (with or without Access Gateway) Requires Receiver (Enterprise)
Client certificate (requires Access Gateway Enterprise Edition; can be used alone or with other authentication methods) * Available only in deployments that include Access Gateway.
q
For more information about authentication, refer to the Access Gateway documentation and the "Manage" topics in the Receiver Storefront documentation in eDocs. For information about other authentication methods supported by Web Interface, refer to "Configuring Authentication for the Web Interface" in the Web Interface documentation in eDocs.
q
Certificates For information about security certificates, refer to topics under Secure Connections and Secure Communications.
Upgrades. Upgrades are supported only for Citrix XenApp Plugin for Hosted Apps 11.0, Desktop Receiver 11.1, and Citrix online plug-in 11.1,11.2, 12.0, and 12.1, and Receiver for Windows 3.0 releases. Availability of the Receiver for Windows 3.2 features. Some of the features and functionality of Receiver are available only when connecting to newer XenApp and XenDesktop versions and might require the latest hotfixes for XenApp, XenDesktop, and Secure Gateway. Previous versions of the Presentation Server Client/Online Plug-in and the current icaclient.adm file. Previous versions of the Presentation Server Client and Online Plug-in are not compatible with the Receiver for Windows 3.2 icaclient.adm file. Supported Browsers:
q
Internet Explorer Version 6.0 through 9.0 Mozilla Firefox Version 1.x through 5.x
Google Chrome Version 10.0 and later .NET Framework Requirements

q q
The Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package is required to ensure that the Receiver icon displays correctly. The package is included with .NET 2.0 Service Pack 1, .NET 3.5, and .NET 3.5 Service Pack 1; it is also available separately.
29
System Requirements
q
For XenDesktop connections: To use the Desktop Viewer, .NET 2.0 Service Pack 1 or later is required. This version is required because, if Internet access is not available, certificate revocation checks slow down connection startup times. The checks can be turned off and startup times improved with this version of the Framework but not with .NET 2.0. Use of the Citrix Desktop Lock does not require the .NET Framework to be installed.
Hardware Requirements:
q
VGA or SVGA video adapter with color monitor Windows-compatible sound card for sound support (optional)
For network connections to the server farm, a network interface card (NIC) and the appropriate network transport software Supported Connection Methods and Network Transports:
q q
TCP/IP+HTTP
SSL/TLS+HTTPS HDX MediaStream Multimedia Acceleration

q
Applications and media formats supported by HDX MediaStream Multimedia Acceleration are:
q
Applications based on Microsofts DirectShow, DirectX Media Objects (DMO), and Media Foundation filter technologies such as Windows Media Player and RealPlayer. Applications like Internet Explorer and Microsoft Encarta are also supported, as they leverage Windows Media Player. Both file-based and streaming (URL-based) media formats: WAV, all variations of MPEG, unprotected Windows Media Video (WMV), and Windows Media Audio (WMA).
Note: HDX MediaStream Multimedia Acceleration does not support media files protected with Digital Rights Management (DRM). Smart Cards and the Citrix Desktop Lock The Citrix Desktop Lock can be used with smart cards connected to domain-joined user devices running Windows XP or Windows XPe but not Windows 7 or Windows Embedded Standard 7. This limitation does not apply to non-domain-joined user devices.
30
Citrix Receiver for Windows Overview

Citrix Receiver for Windows (Citrix Receiver) delivers apps, desktops, and IT services to Windows PCs. Citrix Receiver supports Citrix CloudGateway:
q
CloudGateway Express enables XenApp and XenDesktop customers to deliver Windows apps and desktops by using a unified Storefront with self-service. CloudGateway Enterprise enables enterprises to aggregate, control, and deliver all of their Windows, web and SaaS apps.
Receiver also supports Citrix Web Interface for legacy deployments. Receiver handles the following functions:
q
User authentication. Receiver provides user credentials to CloudGateway or Web Interface when users try to connect and every time they launch published resources. Application and content enumeration. Receiver presents users with their individual set of published resources. Application launching. Receiver is the local engine used to launch published applications. Desktop integration. Receiver integrates a users set of published resources (including virtual desktops) with the users physical desktop. User preferences. Receiver validates and implements local user preferences.
Two Citrix Receiver packages are available.

q
Citrix Receiver (standard, CitrixReceiver.exe) supports Citrix CloudGateway and, for legacy deployments, Web Interface. Standard Receiver features include:
q
Receiver Experience, enabling users to seamlessly transition between devices and connection types Web plug-in Authentication Manager Single sign-on/pass-through authentication Self-service Generic USB (XenDesktop) Desktop Viewer (XenDesktop) HDX Media Stream for Flash
31
Get Started
q
Aero desktop experience (for operating systems that support it)
Citrix Receiver (enterprise, CitrixReceiverEnterprise.exe) is required only for applications that use Smart Card authentication. It supports Web Interface only and includes the same features as the standard package except for Authentication Manager and self-service.
Using the Citrix CloudGateway

CitrixReceiver.exe enables access to Storefront published resources and virtual desktops from anywhere. Configure a provisioning file to provide native self-service access or configure a Receiver for Web site to provide web browser access to Storefront-published resources and virtual desktops.
Using with XenApp

Both Receiver packages support the XenApp feature set. Centrally administer and configure the Receiver in the Receiver Storefront management console (or, if using Web Interface, in the Web Interface Management Console using a Receiver site created in association with a site for the server running the Web Interface). You can use both Receiver packages with the Citrix offline plug-in to provide application streaming to the user desktop. For more information about the streamed application feature, see the Application Streaming documentation in eDocs. The Desktop Viewer is not supported with XenApp connections.
Using with XenDesktop

Receiver includes the Desktop Viewer, the client-side software that supports XenDesktop. Users running the Desktop Viewer on their devices access virtual desktops created with XenDesktop in addition to their local desktop. Users running the Citrix Desktop Lock (which you install in addition to the Desktop Viewer) interact only with the virtual desktop not the local desktop.
32
Citrix Connection Center Overview

The Citrix Connection Center displays all connections established from the Receiver. The ICA Connections window displays a list of active sessions. Each server entry in the list represents a session. For each seamless session, below each server entry, a list of the published resources you are running on that server appears. After you launch a published resource, you can access the Connection Center by right clicking the Receiver icon in your Windows notification area and choose Online Sessions > Connection Center. You can also access the Connection Center from the Preferences > Plug-in Status screen. The Connection Center offers various options to view statistics and control sessions and applications:
q
Disconnect a session from a server but leave the session running on it End a server session Switch from seamless mode to full screen mode
q
Seamless mode. Published applications and desktops are not contained within a session window. Each published application and desktop appears in its own resizable window, as if it is physically installed on your user device. You can switch between published applications and the local desktop.
Full screen mode. Published applications are placed in a full screen-sized desktop. Show connection status details like frames sent and received
q
Terminate an indivual published application Set access permissions
33
Providing Virtual Desktops to Receiver Users

This topic applies to XenDesktop deployments only. Different enterprises have different corporate needs, and your requirements for the way users access virtual desktops may vary from user to user, and as your corporate needs evolve. The user experience of connecting to virtual desktops and the extent of user involvement in configuring the connections depend on how you set up the Citrix Receiver for Windows. You have two options for providing users with access to virtual desktops: using the Desktop Viewer or the Citrix Desktop Lock. Important: Do not attempt to use the Desktop Viewer or the Desktop Lock to connect to desktops published with XenApp.
Desktop Viewer
Use the Desktop Viewer when users need to interact with their local desktop as well as the virtual one. In this access scenario, the Desktop Viewer toolbar functionality allows the user to open a virtual desktop in a window and pan and scale that desktop inside their local desktop. Users can set preferences and work with more than one desktop using multiple XenDesktop connections on the same user device.
Citrix Desktop Lock

Use the Desktop Lock when users do not need to interact with the local desktop. In this access scenario, the Desktop Viewer is not available and the virtual desktop effectively replaces the local one, allowing the user to interact with the virtual desktop as if it is local. This provides the best user experience in a XenDesktop environment. To decide which option best suits your deployment, consider how you want users to access and interact with virtual desktops. To understand the user experience of connecting to desktops created with XenDesktop, consult the planning topics in the XenDesktop documentation.
34
Overview of Citrix Receiver for Windows Installation Packages

This release contains two installation packages and offers several options for installing the Citrix Receiver for Windows. You can install the two Receiver installer packages with almost no user interaction.
q
CitrixReceiver.exe - This Receiver (standard) does not require administrator rights to install unless it will use pass-through authentication. It can be installed:
q
Automatically from Receiver for Web or from Web Interface By the user
Using an Electronic Software Distribution (ESD) tool CitrixReceiverEnterprise.exe - This Receiver (Enterprise) requires administrator rights to install. Although the user can install Receiver (Enterprise), it is usually installed with an ESD tool. Uninstall other Receiver versions before installing Receiver (Enterprise).
q
Important: Upgrades are supported only from Citrix online plug-in 11.2 and 12.x. Remove any earlier versions before installing this version.
Considerations When Upgrading

Because there are two Citrix Receiver installation packages and there were two online plug-in packages (web and full) in previous releases, each having different options, you have to consider the previously installed package when planning your upgrade. Use this table to determine how to proceed with your upgrade.
Currently installed No Online plug-in installed
Upgrade Package CitrixReceiverEnterprise.exe
Result Citrix Receiver (Enterprise) - web access - but manually configurable for PNA Citrix Receiver (standard) - web access Citrix Receiver (Enterprise) configured for PNA or SSO Citrix Receiver (standard) - web access
No Online plug-in installed Online plug-in full configured for PNA or SSO Online plug-in web
CitrixReceiver.exe CitrixReceiverEnterprise.exe
CitrixReceiver.exe
35
Install and Uninstall Online plug-in web CitrixReceiverEnterprise.exe Citrix Receiver (Enterprise) - web access - but manually configurable for PNA
The CitrixReceiver.exe upgrade package cannot be used to upgrade the online plug-in full configured for PNA or Citrix Receiver (Enterprise). In both cases, the installer displays an error message and does not alter the previously installed client.
How Installation Outcomes Differ Based on the Operating System, User Type, and Installation Package
The outcome of CitrixReceiver.exe or CitrixReceiverEnterprise.exe package installations differs based on the combination of the operating system on the user device, user type, whether User Account Control (UAC) is enabled or disabled on Windows Vista, Windows 7, and Windows 2008 computers, and which installation package is used.
Operating system and user type OS: Windows XP, and Windows Server 2003 User: Administrator OS: Windows XP, and Windows Server 2003 User: Standard user OS: Windows Vista, Windows 7, and Windows Server 2008 User: Administrator with or without UAC disabled OS: Windows Vista, Windows 7, and Windows Server 2008 User: Standard user
CitrixReceiver.exe Installation type: per-computer
CitrixReceiverEnterprise.exe Installation type: per-computer
Installation type: per-user
Not supported
Installation type: per-computer
Not supported
36
Installing and Uninstalling Receiver for Windows Manually

Users can install the Receiver from Receiver for Web, the Web Interface, the installation media, a network share, Windows Explorer, or a command line by running the CitrixReceiverEnterprise.exe or CitrixReceiver.exe installer package. Because the installer packages are self-extracting installations that extract to the user's temp directory before launching the setup program, ensure that there is enough free space available in the %temp% directory. When the user runs one of the Receiver installation .exe files, a message box immediately appears displaying the progress of the installation. When you cancel the installation before completion, some components might be installed. In that case, remove the Receiver with the Add/Remove Programs utility from the Control Panel on Windows XP or Windows Server 2003 (Programs and Features utility from the Control Panel on Windows Vista, Windows 7, and Windows Server 2008). Upgrades are supported only from the Citrix XenApp Plugin for Hosted Apps 11.0, Desktop Receiver 11.1, and Citrix online plug-in 11.1, 11.2, and 12.x. Remove any earlier versions before installing this current version. For command line installation parameters, see To configure and install the Citrix Receiver for Windows using command-line parameters. If company policies prohibit you from using an .exe file, refer to How to Manually Extract, Install, and Remove Individual .msi Files from ReceiverEnterprise.exe.
Removing the Receiver

You can also use the Citrix Receiver Updater to install and uninstall Receiver. If Citrix Receiver Updater was not used to install the Receiver, you can uninstall Receiver by running the Add/Remove Programs utility from the Control Panel on Windows XP or Windows Server 2003 (Programs and Features utility from the Control Panel on Windows Vista, Windows 7, and Windows Server 2008). If you delete Receiver related files or registry entries just before uninstalling Receiver with Add/Remove Programs or Programs and Features, uninstall might fail. The Microsoft Windows Installer (MSI) is trying to repair and uninstall at the same time. If this occurs, use the Receiver to start an auto-repair. After the auto-repair completes, you can cleanly uninstall Receiver from Add/Remove Programs or Programs and Features. Auto-repair occurs if there is a problem with Receiver; however, there is no Add/Remove Programs or Programs and Features Repair option. To remove Receiver using the command line
37
Installing and Uninstalling Receiver for Windows Manually You can also uninstall Receiver from a command line by typing the appropriate command. CitrixReceiverEnterprise.exe /uninstall or CitrixReceiver.exe /uninstall Caution: Using Registry Editor incorrectly can cause serious problems that can require you to reinstall the operating system. Citrix cannot guarantee that problems resulting from incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. Make sure you back up the registry before you edit it. After uninstalling the Receiver software from a user device, the custom Receiver-setting registry keys created by icaclient.adm remain in the Software\Policies\Citrix\ICA Client directory under HKEY_LOCAL_MACHINE and HKEY_LOCAL_USER. If you reinstall Receiver, these policies might be enforced, possibly causing unexpected behavior. If you want to remove these customizations, delete them manually.
38
Upgrading the Desktop Viewer and Desktop Appliance Lock

You can upgrade the Desktop Viewer component contained in Citrix online plug-in 12.1 by installing this version of the Citrix Receiver for Windows. To upgrade the Desktop Appliance Lock, remove Citrix online plug-in 12.1 and the Desktop Appliance Lock, and then install this version of the Receiver and the Citrix Desktop Lock.
39
To install the Citrix Desktop Lock

Important: Log on using a local administrator account to carry out this installation procedure. In addition, consult About Citrix Receiver for Windows 3.1 for workarounds to any known issues with the Desktop Lock. This procedure installs the plug-in so that virtual desktops are displayed using the Citrix Desktop Lock. Do not use this procedure if you want the Desktop Viewer to be available to users. 1. On the installation media, navigate to the folder called Citrix Receiver and Plug-ins\Windows\Receiver, and run CitrixReceiverEnterprise.exe from the command line using the following syntax: CitrixReceiverEnterprise.exe ADDLOCAL="ICA_Client,SSON,USB,DesktopViewer, Flash,PN_Agent,Vd3d" SERVER_LOCATION="my.server" ENABLE_SSON="Yes" For information about the properties used in this command, see To configure and install the Citrix Receiver for Windows using command-line parameters 2. Enter the URL of the XenDesktop Services site where your virtual desktops are located. The URL must be in the format http://servername or https://servername. If you are using hardware or software for load balancing or failover, you can enter a load-balanced address. Important: Check that the URL you enter is correct. If the URL is incorrectly typed, or you leave the field empty and the user does not enter a valid URL when prompted after installation, no virtual desktop or local desktop will be available. 3. On the XenDesktop installation media, navigate to the Citrix Receiver and Plug-ins\Windows\Receiver folder and double-click CitrixDesktopLock.msi. The Citrix Desktop Lock wizard appears. 4. On the License Agreement page, read and accept the Citrix license agreement and click Install. The Installation Progress page appears. 5. In the Installation Completed dialog box, click Close. 6. When prompted, restart the user device. If you have been granted access to a desktop and you log on as a domain user, the restarted device is displayed using the Desktop Lock.
40
User Accounts Used to Install the Citrix Desktop Lock

When you install the Citrix Desktop Lock, a replacement shell is used. To allow administration of the user device after you complete the installation, the account used to install CitrixDesktopLock.msi is excluded from the shell replacement. If the account used to install CitrixDesktopLock.msi is later deleted, you will not be able to log on and administer the device. Note that because a replacement shell is used, Citrix does not recommend the use of custom shells with desktops accessed through the Desktop Lock.
41
To remove the Citrix Desktop Lock

If you installed the Citrix Desktop Lock, two separate items are displayed in Add/Remove Programs. You must remove both to complete the removal process. 1. Log on with the same local administrator credentials that were used to install the Desktop Lock. 2. Run the Add/Remove programs utility from the Control Panel. 3. Remove Citrix Desktop Lock. 4. Remove Citrix Receiver or Citrix Receiver (Enterprise).
42
To configure and install the Citrix Receiver for Windows using command-line parameters
You or your users can customize the Receiver installer by specifying command line options. Because the installer packages are self-extracting installations that extract to the user's temp directory before launching the setup program, ensure that there is enough free space available in the %temp% directory. Space Requirements Receiver (standard) - 78.8 Mbytes Receiver (Enterprise) - 93.6 Mbytes This includes program files, user data, and temp directories after launching several applications. 1. On the computer where you want to install the Receiver for Windows package, type the following at a command prompt: CitrixReceiver.exe [Options] or CitrixReceiverEnterprise.exe [Options] 2. Set your options as needed.
q
/? or /help displays usage information. /noreboot suppresses reboot during UI installations. This option is not necessary during silent installs. /silent disables the error and progress dialogs to execute a completely silent installation. /includeSSON enables single sign on for Receiver (standard, CitrixReceiver.exe). This option is not supported for Receiver (enterprise, CitrixReceiverEnterprise.exe), which installs single sign on by default. If you are using ADDLOCAL= to specify features and you want to install single sign on, you must also specify the SSON value. Requires administrator rights. PROPERTY=Value Where PROPERTY is one of the following all-uppercase variables (keys) and Value is the value the user should specify.
43
INSTALLDIR=Installation directory, where Installation directory is the location where the Receiver software is installed. The default value is C:\Program Files\Citrix\ICA Client. If you use this option and specify an Installation directory, you must install the RIInstaller.msi in the Installation directory\Receiver directory and the other .msi files in the Installation directory. CLIENT_NAME=ClientName, where ClientName is the name used to identify the user device to the server farm. The default value is %COMPUTERNAME%. ENABLE_DYNAMIC_CLIENT_NAME={Yes | No} The dynamic client name feature allows the client name to be the same as the computer name. When users change their computer name, the client name changes to match. To enable dynamic client name support during silent installation, the value of the property ENABLE_DYNAMIC_CLIENT_NAME in your installation file must be Yes. To disable dynamic client name support, set this property to No. ADDLOCAL=feature[,...] Install one or more of the specified components. When specifying multiple parameters, separate each parameter with a comma and without spaces. The names are case sensitive. If you do not specify this parameter, all components included in the CitrixReceiverEnterprise.exe or CitrixReceiver.exe are installed by default. Note: ReceiverInside and ICA_Client are prerequisites for all other components and must be installed. ReceiverInside Installs the Receiver experience. (Required) ICA_Client Installs the standard Receiver. (Required) SSON Installs single sign on. Requires administrator rights. AM Installs the Authentication Manager. This value is supported only with CitrixReceiver.exe. SELFSERVICE Installs the Self-Service Plug-in. This value is supported only with CitrixReceiver.exe. The AM value must be specified on the command line and .NET 3.5 Service Pack 1 must be installed. USB Installs USB. DesktopViewer Installs the Desktop Viewer. Flash Installs HDX media stream for flash. PN_Agent Installs Receiver (Enterprise). This value is supported only with CitrixReceiverEnterprise.exe. Vd3d Enables the Windows Aero experience (for operating systems that support it)
ALLOWADDSTORE={N | S | A} The default depends on the following situations:
44
To configure and install the Citrix Receiver for Windows using command-line parameters N if Merchandising Server is used or stores are specified on the installation command line. S if Receiver is installed per machine. A if Receiver is installed per user. Specifies whether or not users can add and remove stores not configured through Merchandising Server deliveries. (Users can enable or disable stores configured through Merchandising Server deliveries, but they cannot remove these stores or change the names or the URLs.) This option is supported only with CitrixReceiver.exe.
q
ALLOWSAVEPWD={N | S | A} The default is the value specified from the PNAgent server at run time. Specifies whether or not users can save credentials for stores locally on their computers and applies only to stores using the PNAgent protocol. Setting this argument to N prevents users from saving their credentials. If the argument is set to S, users can only save credentials for stores accessed through HTTPS connections. Using the value A allows users to save credentials for all their stores. This option is supported only with CitrixReceiver.exe. ENABLE_SSON={Yes | No} The default value is Yes. Note that users must log off and log back onto their devices after an installation with pass-through authentication enabled. Requires administrator rights. Important: If you disable single sign on pass-through authentication, users must reinstall Receiver if you decide to use pass-through authentication at a later time.
ENABLE_KERBEROS={Yes | No} The default value is No. Specifies that Kerberos should be used; applies only when pass-through authentication (SSON) is enabled. DEFAULT_NDSCONTEXT=Context1 [,] Include this parameter to set a default context for Novell Directory Services (NDS). To include more than one context, place the entire value in quotation marks and separate the contexts by a comma. This option is supported only with CitrixReceiverEnterprise.exe. Examples of correct parameters: DEFAULT_NDSCONTEXT="Context1" DEFAULT_NDSCONTEXT=Context1,Context2
LEGACYFTAICONS={False | True} The default value is False. Specifies whether or not application icons are displayed for documents that have file type associations with subscribed applications. When the argument is set to false, Windows generates icons for documents that do not have a specific icon assigned to them. The icons generated by Windows consist of a generic document icon overlaid with a smaller version of the application icon. Citrix recommends enabling this option if you plan on delivering Microsoft Office applications to users running Windows 7. This option is supported only with CitrixReceiver.exe. SERVER_LOCATION=Server_URL The default value is blank. Provide the URL of the server running the Web Interface. The URL must be in the format
45
To configure and install the Citrix Receiver for Windows using command-line parameters http://servername or https://servername. The Receiver appends the default path and file name of the configuration file to the server URL. If you change the default location of the configuration file, enter the entire new path in the SERVER_LOCATION key. This option is supported only with CitrixReceiverEnterprise.exe.
q
STARTMENUDIR=Text string The default is to put applications under Start > All Programs. Specifies the name of the default folder added to users' Start menus to hold the shortcuts to their subscribed applications. Users can change the folder name and/or move the folder at any time. This option is supported only with CitrixReceiver.exe. STOREx="storename;http[s]://servername.domain/IISLocation/resources/v1;[On | Off];[storedescription]"[ STOREy="..."] Specifies up to 10 stores to use with Receiver. Values:
q
x and y Integers 0 through 9. storename Defaults to store. This must match the name configured on the Storefront server. servername.domain The fully qualified domain name of the server hosting the store. IISLocation the path to the store within IIS. The store URL must match the URL in Storefront provisioning files. The store URLs are of the form /Citrix/MyStore/resources/v1 (for Storefront 1.0). To obtain the URL, export a provisioning file from Storefront, open it in notepad and copy the URL from the <Address> element. On | Off The optional Off configuration setting enables you to deliver disabled stores, giving users the choice of whether or not they access them. When the store status is not specified, the default setting is On.
storedescription An optional description of the store, such as Apps on XenApp. If there is a problem with the installation, search in the user's %TEMP% directory for the logs with the prefix CtxInstall- or TrollyExpress- . For example:
q
CtxInstall-ICAWebWrapper.log TrollyExpress-20090807-123456.log
Examples of a Command-Line Installation
CitrixReceiver.exe /includeSSON STORE0="AppStore;https://testserver.net/Citrix/MyStore/resources/v1;on;Apps on XenApp" STORE1="BackUpAppStore;https://testserver.net/Citrix/MyBackupStore/resources/v1;on Store Apps on XenApp" This example:
q
Installs Receiver (standard).
46
q
Installs single sign on. Specifies two application stores.
CitrixReceiverEnterprise.exe /silent ADDLOCAL="ReceiverInside,ICA_Client,PN_Agent" ENABLE_SSON=no INSTALLDIR="c:\test" ENABLE_DYNAMIC_CLIENT_NAME=Yes DEFAULT_NDSCONTEXT="Context1,Context2" SERVER_LOCATION="http://testserver.net" CLIENT_NAME="Modified" This example:
Installs Receiver (Enterprise) without visible progress dialog boxes. Installs only Receiver Inside, the standard Receiver (ICA_Client), and enterprise Receiver (PN_Agent). Disables pass-through authentication. Specifies the location where the software is installed. Enables dynamic client naming. Specifies the default context for NDS. Specifies the URL (http://testserver.net) of the server running the Web Interface, which Receiver will reference. Specifies the name used to identify the user device to the server farm.
47
Delivering Receiver Using Active Directory and Sample Startup Scripts

You can use Active Directory Group Policy scripts to pre-deploy Receiver on systems based on your Active Directory organizational structure. Citrix recommends using the scripts rather than extracting the .msi files because the scripts allow for a single point for installation, upgrade, and uninstall, they consolidate the Citrix entries in Programs and Features, and make it easier to detect the version of Receiver that is deployed. Use the Scripts setting in the Group Policy Management Console (GPMC) under Computer Configuration or User Configuration. Microsoft documents the advantages and disadvantages of using scripts at Microsoft Technet - Use Group Policy to assign computer startup scripts. Citrix includes sample per-computer startup scripts to install and uninstall CitrixReceiver.exe and Citrix ReceiverEnterprise.exe. The scripts are located on the XenApp media in the Citrix Receiver and Plug-ins\Windows\Receiver\Startup_Logon_Scripts folder.
q
CheckAndDeployReceiverEnterpriseStartupScript.bat CheckAndDeployReceiverPerMachineStartupScript.bat CheckAndRemoveReceiverEnterpriseStartupScript.bat CheckAndRemoveReceiverPerMachineStartupScript.bat
When the scripts are executed during Startup or Shutdown of an Active Directory Group Policy, custom configuration files might be created in the Default User profile of a system. If not removed, these configuration files can prevent some users from accessing the Receiver logs directory. The Citrix sample scripts include functionality to properly remove these configuration files. To use the startup scripts to deploy Receiver with Active Directory 1. Create the Organizational Unit (OU) for each script. 2. Create a Group Policy Object (GPO) for the newly created OU.
To modify the sample scripts

Modify the scripts by editing these parameters in the header section of each file:
q
Current Version of package. The specified version number is validated and if it is not present, the deployment proceeds. For example, set DesiredVersion= 3.0.0.XXXX to exactly match the version specified. If you specify a partial version, for example 3.0.0, it matches any version with that prefix (3.0.0.1111, 3.0.0.7777, and so forth).
48

q
Package Location/Deployment directory. This specifies the network share containing the packages and is not authenticated by the script. The shared folder must have Read permission for EVERYONE. Script Logging Directory. This specifies the network share where the install logs are copied and is not authenticated by the script. The shared folder must have Read and Write permissions for EVERYONE. Package Installer Command Line Options. These command line options are passed to the installer. For the command line syntax, see To configure and install the Citrix Receiver for Windows using command-line parameters
To add the per-computer startup scripts

1. Open the Group Policy Management Console. 2. Select Computer Configuration > Policies > Windows Settings > Scripts (Startup/Shutdown). 3. In the right-hand pane of the Group Policy Management Console, select Startup. 4. In the Properties menu, click Show Files, copy the appropriate script to the folder displayed, and then close the window. 5. In the Properties menu, click Add and use Browse to find and add the newly created script.
To deploy Receiver per-computer

1. Move the user devices designated to receive this deployment to the OU you created. 2. Reboot the user device and log on as any user. 3. Verify that Program and Features (Add or Remove Programs in previous OS versions) contains the newly installed package.
To remove Receiver per-computer

1. Move the user devices designated for the removal to the OU you created. 2. Reboot the user device and log on as any user. 3. Verify that Program and Features (Add or Remove Programs in previous OS versions) removed the previously installed package.
49
Using the Per-User Sample Startup Scripts

Citrix recommends using per-computer startup scripts but does include two Citrix Receiver per-user scripts on the XenApp media in the Citrix Receiver and Plug-ins\Windows\Receiver\Startup_Logon_Scripts folder for situations where you require Receiver (standard) per-user deployments.
q
CheckAndDeployReceiverPerUserLogonScript.bat CheckAndRemoveReceiverPerUserLogonScript.bat
To set up the per-user startup scripts

1. Open the Group Policy Management Console. 2. Select User Configuration > Policies > Windows Settings > Scripts. 3. In the right-hand pane of the Group Policy Management Console, select Logon 4. In the Logon Properties menu, click Show Files, copy the appropriate script to the folder displayed, and then close the window. 5. In the Logon Properties menu, click Add and use Browse to find and add the newly created script.
To deploy Receiver per-user

1. Move the users designated to receive this deployment to the OU you created. 2. Reboot the user device and log on as the specified user. 3. Verify that Program and Features (Add or Remove Programs in previous OS versions) contains the newly installed package.
To remove Receiver per-user

1. Move the users designated for the removal to the OU you created. 2. Reboot the user device and log on as the specified user. 3. Verify that Program and Features (Add or Remove Programs in previous OS versions) removed the previously installed package.
50
Deploying CitrixReceiver.exe from Receiver for Web

You can deploy CitrixReceiver.exe from Receiver for Web to ensure that users have the Receiver installed before they try to connect to an application from a browser. For details, refer to the Receiver Storefront documentation on Citrix eDocs.
51
Deploying the CitrixReceiver.exe from a Web Interface Logon Screen

You can deploy the CitrixReceiver.exe from a Web page to ensure that users have the Receiver installed before they try to use the Web Interface. Create a home page and run an Internet Explorer script to download the CitrixReceiver.exe package automatically from the Web server and install it for the user. To install the Receiver software using CitrixReceiver.exe, the Windows Installer Service must be installed on the user device. This service is present by default on systems running Windows XP, Windows Vista, Windows 7, Windows Server 2003, or Windows Server 2008. Add the sites from which the CitrixReceiver.exe file is downloaded to the Trusted Sites zone. In the webinterface.conf file for your XenApp websites, edit the ClientIcaWin32= line to specify the CitrixReceiver.exe installation file and remove the comment character (#). For more information, see the Web Interface documentation.
52
Configuring Citrix Receiver for Windows

You can configure Citrix Receiver operations for deployments that use Receiver Storefront or a legacy PNA Services site. For information about configuring deployments using Receiver Storefront, refer to the Storefront documentation on Citrix eDocs. From the Citrix management console for the XenApp server, configure the options and settings for Receiver using the associated Receiver site. Each time users log on to the Receiver, they see the most recent configuration. Changes made while users are connected take effect when the Receiver configuration is refreshed manually or automatically after a designated interval.
53
Using the Group Policy Object Template to Customize Receiver

Citrix recommends using the Group Policy Object icaclient.adm template file to configure rules for securing Receiver connections. The rules include network routing, proxy servers, trusted server configuration, user routing, remote client devices, and the user experience. You can use the icaclient.adm template file with domain policies and local computer policies. For domain policies, import the template file using the Group Policy Management Console. This is especially useful for applying Receiver settings to a number of different user devices throughout the enterprise. To affect a single user device, import the template file using the local Group Policy Editor on the device. For details about Group Policy management, see the Microsoft Group Policy documentation.
To import the icaclient template using the Group Policy Management Console
To affect domain-based group policies, import the icaclient.adm file with the Group Policy Management Console. 1. As an administrator, open the Group Policy Management Console. 2. In the left pane, select a group policy and from the Action menu, choose Edit. 3. In the left pane of the Group Policy Editor, select the Administrative Templates folder. 4. From the Action menu, choose Add/Remove Templates. 5. Choose Add and browse to the Configuration folder for Receiver (usually C:\Program Files\Citrix\ICA Client\Configuration) and select icaclient.adm. 6. Select Open to add the template and then Close to return to the Group Policy Editor.
To import the icaclient template using the local Group Policy Editor
To affect the policies on a local computer, import the icaclient.adm file with the local Group Policy Editor. 1. As an administrator, open the Group Policy Editor by running gpedit.msc from the Start menu.
54
Using the Group Policy Object Template to Customize Receiver 2. In the left pane, select the Administrative Templates folder. 3. From the Action menu, choose Add/Remove Templates. 4. Choose Add and browse to the Configuration folder for Receiver (usually C:\Program Files\Citrix\ICA Client\Configuration) and select icaclient.adm. 5. Select Open to add the template and then Close to return to the Group Policy Editor.
55
Configuring Access to Accounts Manually

When users launch Receiver for the first time, they have the option to set up a new account, unless Receiver was distributed using Merchandising Server, a Receiver for Web configuration file, or a GPO or similar method. To set up a new account, a user enters information about the XenApp farm or XenDesktop site hosting the resources. When a user enters the details for a new account, Receiver attempts to verify the connection. If successful, Receiver prompts the user to log on to the account.
To add a new account

1. Click the gear icon in the Receiver window and choose Edit Accounts. 2. Click Add. 3. Enter the information provided by your organization and click OK.
To remove an account
1. Click the gear icon in the Receiver window and choose Edit Accounts. 2. Select the account from the list and click Remove and Yes.
To edit the details of an account

1. Click the gear icon in the Receiver window and choose Edit Accounts. 2. Select the account that you want to edit from the list and double-click. 3. Edit the details in Name, the Description, and/or the URL fields, as required. 4. Click OK.
56
To customize user preferences for the Receiver (Enterprise)

Users can customize their preferences. For example, they can define window sizes for published applications, choose when to refresh the list of available published resources, and specify where the available published resources appear. 1. In the Windows notification area, right-click the Receiver icon and choose Preferences. 2. Right-click the Online Plug-in entry in the Plug-in Status and choose Options, select a property, and make the desired configuration changes.
If you configure seamless windows and set the task bar to Auto-hide, you cannot access the taskbar when you maximize published applications. To access the taskbar, resize the published application. For more detailed information, see the online help for Receiver.
To change the server URL in the Receiver (Enterprise)

Receiver requires that you specify the location of a configuration file (Config.xml is the default configuration file) on the server running the Web Interface. You can ask your users to change the server URL as you create new configuration files or delete old ones. Note: To prevent users from accidentally changing their server URL, disable the option. 1. In the Windows notification area, right-click the Receiver icon and choose Preferences. 2. Right-click the Online Plug-in entry in the Plug-in Status and choose Change Server. 3. Type or select the server URL in the format http://servername or, to encrypt the configuration data using SSL, https://servername.
57
Configuring USB Support for XenDesktop Connections

USB support enables users to interact with a wide range of USB devices when connected to a virtual desktop. Users can plug USB devices into their computers and the devices are remoted to their virtual desktop. USB devices available for remoting include flash drives, smartphones, PDAs, printers, scanners, MP3 players, security devices, and tablets. Desktop Viewer users can control whether USB devices are available on the virtual desktop using a preference in the toolbar. Isochronous features in USB devices such as webcams, microphones, speakers, and headsets are supported in typical low latency/high speed LAN environments. This allows these devices to interact with packages such as Microsoft Office Communicator and Skype. The following types of device are supported directly in a XenDesktop session, and so do not use USB support:
Keyboards Mice Smart cards
Note: Specialist USB devices (for example, Bloomberg keyboards and 3D mice) can be configured to use USB support. For information on configuring Bloomberg keyboards, see Configuring Bloomberg Keyboards. For information on configuring policy rules for other specialist USB devices, see CTX 119722. By default, certain types of USB devices are not supported for remoting through XenDesktop. For example, a user may have a network interface card attached to the system board by internal USB. Remoting this would not be appropriate. The following types of USB device are not supported by default for use in a XenDesktop session:
q
Bluetooth dongles Integrated network interface cards USB hubs USB graphics adaptors
USB devices connected to a hub can be remoted, but the hub itself cannot be remoted. For instructions on modifying the range of USB devices that are available to users, see Updating the List of USB Devices Available for Remoting. For instructions on automatically redirecting specific USB devices, see CTX123015.
58
How USB Support Works

When a user plugs in a USB device, it is checked against the USB policy, and, if allowed, remoted to the virtual desktop. If the device is denied by the default policy, it is available only to the local desktop. The user experience depends upon the type of desktop to which users are connecting. For desktops accessed through the Citrix Desktop Lock, when a user plugs in a USB device, that device is automatically remoted to the virtual desktop. No user interaction is required. The virtual desktop is responsible for controlling the USB device and displaying it in the user interface. For desktops accessed through the Desktop Viewer, when a user plugs in a USB device, a dialog box appears asking the user if they want that device remoted to the virtual desktop. The user can decide which USB devices are remoted to the virtual desktop by selecting devices from the list each time they connect. Alternatively, the user can configure USB support so that all USB devices plugged in both before and/or during a session are automatically remoted to the virtual desktop that is in focus.
59
Mass Storage Devices

For mass storage devices only, in addition to USB support, remote access is available through client drive mapping, which you configure through the Citrix Mappings rule. When this rule is applied, the drives on the user device are automatically mapped to drive letters on the virtual desktop when users log on. The drives are displayed as shared folders with mapped drive letters. The Citrix Mappings rule is in the Drives subfolder of the Client Devices Resources folder in the Presentation Server Console. The main differences between the two types of remoting policy are:
Feature Enabled by default Read-only access configurable Safe to remove device during a session
Client Drive Mapping Yes Yes No
USB Rule No No
Yes, if the user clicks Safely Remove Hardware in the notification area If both USB support and the Citrix Mappings rule are enabled and a mass storage device is inserted before a session starts, it will be redirected using client drive mapping first, before being considered for redirection through USB support. If it is inserted after a session has started, it will be considered for redirection using USB support before client drive mapping.
60
USB Device Classes Allowed by Default

Different classes of USB device are allowed by the default USB policy rules. Although they are on this list, some classes are only available for remoting in XenDesktop sessions after additional configuration. These are noted below.
q
Audio (Class 01). Includes audio input devices (microphones), audio output devices, and MIDI controllers. Modern audio devices generally use isochronous transfers, which is supported by XenDesktop 4 or later. Note: Some specialty devices (for example, VOIP phones) require additional configuration. For instructions on this, see CTX123015.
Physical Interface Devices(Class 05). These devices are similar to Human Interface Devices (HIDs), but generally provide "real-time" input or feedback and include force feedback joysticks, motion platforms, and force feedback exoskeletons. Still Imaging (Class 06). Includes digital cameras and scanners. Digital cameras often support the still imaging class which uses the Picture Transfer Protocol (PTP) or Media Transfer Protocol (MTP) to transfer images to a computer or other peripheral. Cameras may also appear as mass storage devices and it may be possible to configure a camera to use either class, through setup menus provided by the camera itself. Note that if a camera appears as a mass storage device, client drive mapping is used and USB support is not required.
Printers (Class 07). In general most printers are included in this class, although some use vendor-specific protocols (class ff). Multi-function printers may have an internal hub or be composite devices. In both cases the printing element generally uses the Printers class and the scanning or fax element uses another class; for example, Still Imaging. Printers normally work appropriately without USB support. Note: This class of device (in particular printers with scanning functions) requires additional configuration. For instructions on this, see CTX123015.
Mass Storage (Class 08). The most common mass storage devices are USB flash drives; others include USB-attached hard drives, CD/DVD drives, and SD/MMC card readers. There are a wide variety of devices with internal storage that also present a mass storage interface; these include media players, digital cameras, and mobile phones. Known subclasses include:
q
01 Limited flash devices 02 Typically CD/DVD devices (ATAPI/MMC-2) 03 Typically tape devices (QIC-157) 04 Typically floppy disk drives (UFI)
61

q
05 Typically floppy disk drives (SFF-8070i) 06 Most mass storage devices use this variant of SCSI
Mass storage devices can often be accessed through client drive mapping, and so USB support is not required. Important: Some viruses are known to propagate actively using all types of mass storage. Carefully consider whether or not there is a business need to permit the use of mass storage devices, either through client drive mapping or USB support.
q
Content Security (Class 0d). Content security devices enforce content protection, typically for licensing or digital rights management. This class includes dongles. Video (Class 0e). The video class covers devices that are used to manipulate video or video-related material, such as webcams, digital camcorders, analog video converters, some television tuners, and some digital cameras that support video streaming. Note: Most video streaming devices use isochronous transfers, which is supported by XenDesktop 4 or later. Some video devices (for example webcams with motion detection) require additional configuration. For instructions on this, see CTX123015.
Personal Healthcare (Class 0f). These devices include personal healthcare devices such as blood pressure sensors, heart rate monitors, pedometers, pill monitors, and spirometers. Application and Vendor Specific (Classes fe and ff). Many devices use vendor specific protocols or protocols not standardized by the USB consortium, and these usually appear as vendor-specific (class ff).
62
USB Device Classes Denied by Default

Different classes of USB device are denied by the default USB policy rules.
q
Communications and CDC Control (Classes 02 and 0a). The default USB policy does not allow these devices, because one of them may be providing the connection to the virtual desktop itself. Human Interface Devices (Class 03). Includes a wide variety of both input and output devices. Typical Human Interface Devices (HIDs) are keyboards, mice, pointing devices, graphic tablets, sensors, game controllers, buttons, and control functions. Subclass 01 is known as the "boot interface" class and is used for keyboards and mice. The default USB policy does not allow USB keyboards (class 03, subclass 01, protocol 1), or USB mice (class 03, subclass 01, protocol 2). This is because most keyboards and mice are handled appropriately without USB support and it is normally necessary to use these devices locally as well remotely when connecting to a virtual desktop.
USB Hubs (Class 09). USB hubs allow extra devices to be connected to the local computer. It is not neccessary to access these devices remotely. Smart Card (Class 0b). Smart card readers include contactless and contact smart card readers, and also USB tokens with an embedded smart card-equivalent chip. Smart card readers are accessed using smart card remoting and do not require USB support.
Wireless Controller (Class e0). Some of these devices may be providing critical network access, or connecting critical peripherals such as Bluetooth keyboards or mice. The default USB policy does not allow these devices. However, there may be particular devices it is appropriate to provide access to using USB support.
63
Updating the List of USB Devices Available for Remoting

You can update the range of USB devices available for remoting to desktops by editing the file icaclient_usb.adm. This allows you to make changes to the Receiver using Group Policy. The file is located in the following installed folder: <root drive>:\Program Files\Citrix\ICA Client\Configuration\en Alternatively, you can edit the registry on each user device, adding the following registry key: HKLM\SOFTWARE\Policies\Citrix\ICA Client\GenericUSB Type=String Name="DeviceRules" Value= Caution: Editing the Registry incorrectly can cause serious problems that may require you to reinstall your operating system. Citrix cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. Be sure to back up the registry before you edit it. The product default rules are stored in: HKLM\SOFTWARE\Citrix\ICA Client\GenericUSB Type=MultiSz Name=DeviceRules Value= Do not edit the product default rules. For details of the rules and their syntax, see http://support.citrix.com/article/ctx119722/.
64
Configuring Bloomberg Keyboards

Bloomberg keyboards are supported by XenDestkop sessions (but not other USB keyboards). The required components are installed automatically when the plug-in is installed, but you must enable this feature either during the installation or later by changing a registry key. On any one user device, multiple sessions to Bloomberg keyboards are not recommended. The keyboard only operates correctly in single-session environments. To turn Bloomberg keyboard support on or off Caution: Editing the Registry incorrectly can cause serious problems that may require you to reinstall your operating system. Citrix cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. Be sure to back up the registry before you edit it. 1. Locate the following key in the registry: HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\GenericUSB 2. Do one of the following:
q
To turn on this feature, for the entry with Type DWORD and Name EnableBloombergHID, set Value to 1. To turn off this feature, set the Value to 0.
65
Configuring User-Driven Desktop Restart

You can allow users to restart their desktops themselves. They may need to do this if a desktop fails to connect or becomes unresponsive. This feature is disabled by default. You enable user-driven desktop restart for a desktop group in Desktop Studio. For information on this, see the XenDesktop documentation. The procedures for restarting desktops differ depending on whether users are connecting to desktops through the Desktop Viewer or the Citrix Desktop Lock.
66
To prevent the Desktop Viewer window from dimming

If users have multiple Desktop Viewer windows, by default the desktops that are not active are dimmed. If users need to view multiple desktops simultaneously, this can make the information on them unreadable. You can disable the default behavior and prevent the Desktop Viewer window from dimming by editing the Registry. Caution: Editing the Registry incorrectly can cause serious problems that may require you to reinstall your operating system. Citrix cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. Be sure to back up the registry before you edit it. 1. On the user device, create a REG_DWORD entry called DisableDimming in one of the following keys, depending on whether you want to prevent dimming for the current user of the device or the device itself. An entry already exists if the Desktop Viewer has been used on the device:
q
HKCU\Software\Citrix\XenDesktop\DesktopViewer
q HKLM\Software\Citrix\XenDesktop\DesktopViewer Optionally, instead of controlling dimming with the above user or device settings, you can define a local policy by creating the same REG_WORD entry in one of the following keys:
HKCU\Software\Policies\Citrix\XenDesktop\DesktopViewer
q HKLM\Software\Policies\Citrix\XenDesktop\DesktopViewer The use of these keys is optional because XenDesktop administrators, rather than plug-in administrators or users, typically control policy settings using Group Policy. So, before using these keys, check whether your XenDesktop administrator has set a policy for this feature.
2. Set the entry to any non-zero value such as 1 or true. If no entries are specified or the entry is set to 0, the Desktop Viewer window is dimmed. If multiple entries are specified, the following precedence is used. The first entry that is located in this list, and its value, determine whether the window is dimmed: 1. HKCU\Software\Policies\Citrix\... 2. HKLM\Software\Policies\Citrix\... 3. HKCU\Software\Citrix\... 4. HKLM\Software\Citrix\...
67
To configure the Citrix Desktop Lock

This topic contains instructions for configuring USB preferences, drive mappings, and microphones for a virtual desktop accessed through the Citrix Desktop Lock. In addition, some general advice on configuring the Desktop Lock is also provided. Typically, this is used in non-domain-joined environments such as on a thin client or desktop appliance. In this access scenario, the Desktop Viewer is unavailable, so only administrators (not users) can perform the configuration. Two .adm files are provided that allow you to perform this task using policies:
q
icaclient.adm. For information on obtaining this file, see To configure settings for multiple users and devices. icaclient_usb.adm. The file is located in the following installed folder: <root drive>:\Program Files\Citrix\ICA Client\Configuration\en.
This topic assumes you have loaded both files into Group Policy, where the policies appear in Computer Configuration or User Configuration > Administrative Templates > Classic Administrative Templates (ADM) > Citrix Components.
To configure USB preferences

As a prerequisite, you must turn on USB support in XenDesktop deployments by enabling the USB policy rule. For information on this, see the XenDesktop documentation. In Citrix Receiver > Remoting client devices > Generic USB Remoting, enable and configure as desired the Existing USB Devices, New USB Devices, and USB Devices List In Desktop Viewer policies. You can use the Show All Devices policy to display all connected USB devices, including those using the Generic USB virtual channel (for example, webcams and memory sticks).
To configure drive mapping

In Citrix Receiver > Remoting client devices, enable and configure as desired the Client drive mapping policy.
To configure a microphone
In Citrix Receiver > Remoting client devices, enable and configure as desired the Client microphone policy.
68
General Advice On Configuring the Desktop Lock

Grant access to only one virtual desktop running the Desktop Lock per user. Do not allow users to hibernate virtual desktops. Use Active Directory policies appropriately to prevent this.
69
To configure settings for multiple users and devices

In addition to the configuration options offered by the Receiver user interface, you can use the Group Policy Editor and the icaclient.adm template file to configure settings. Using the Group Policy Editor, you can:
Extend the icaclient template to cover any Receiver setting by editing the icaclient.adm file. See the Microsoft Group Policy documentation for more information about editing .adm files and about applying settings to a particular computer. Make changes that apply only to either specific users or all users of a client device. Configure settings for multiple user devices
Citrix recommends using Group Policy to configure user devices remotely; however you can use any method, including the Registry Editor, which updates the relevant registry entries. 1. As an administrator, open the Group Policy Editor by either running gpedit.msc locally from the Start menu when applying policies to a single computer or by using the Group Policy Management Console when applying domain policies. Note: If you already imported the icaclient template into the Group Policy Editor, you can omit Steps 2 to 5. 2. In the left pane of the Group Policy Editor, select the Administrative Templates folder. 3. From the Action menu, choose Add/Remove Templates. 4. Choose Add and browse to the Configuration folder for Receiver (usually C:\Program Files\Citrix\ICA Client\Configuration) and select icaclient.adm. 5. Select Open to add the template and then Close to return to the Group Policy Editor. 6. Under the User Configuration node or the Computer Configuration node, edit the relevant settings as required.
70
Canadian Keyboard Layouts and Updating from Presentation Server Clients Version 10.200
The Canadian keyboard layouts are aligned with those supported by Microsoft. If users install Receivers without uninstalling the Presentation Server Clients Version 10.200 first, they must manually edit the module.ini file (usually in C:\Program Files\Citrix\ICA Client) to upgrade the keyboard layout settings: Replace: Canadian English (Multilingual)=0x00001009 Canadian French=0x00000C0C Canadian French (Multilingual)=0x00010C0C With: Canadian French=0x00001009 Canadian French (Legacy)=0x00000C0C Canadian Multilingual Standard=0x00011009
71
Auto-Repair File Locations

Auto-repair occurs if there is a problem with Receiver; however, there is no Add/Remove Programs or Programs and Features Repair option. If the Receiver repair option prompts for the location of the .msi file, browse to one of these locations to find the file:
q
For CitrixReceiverEnterprise.exe
q
Operating system: Windows XP and Windows 2003 C:\Documents and Settings\All Users\application data\Citrix\Citrix Receiver (Enterprise)\
Operating system: Windows Vista and Windows 7
C:\ProgramData\Citrix\Citrix Receiver (Enterprise)\ For CitrixReceiver.exe installed per computer

q
Operating system: Windows XP and Windows 2003 C:\Documents and Settings\All Users\Application Data\Citrix\Citrix Receiver\
C:\ProgramData\Citrix\Citrix Receiver\ For CitrixReceiver.exe installed per user

q
Operating system: Windows XP and Windows 2003 %USERPROFILE%\Local Settings\Application Data\Citrix\Citrix Receiver\
Operating system: Windows Vista and Windows 7 %USERPROFILE%\Appdata\local\Citrix\Citrix Receiver\
72
Optimizing the Receiver Environment

The ways you can optimize the environment in which your Receiver operates for your users include:
q
Improving performance Improving performance over low bandwidth Facilitating the connection of numerous types of client devices to published resources Providing support for NDS users Using connections to Citrix XenApp for UNIX Supporting naming conventions Supporting DNS naming resolution
73
Improving Receiver Performance

You can improve the performance of your Receiver software by:
q
Reducing Application Launch Time Reconnecting Users Automatically Providing session reliability Improving Performance over Low-Bandwidth Connections
74
Reducing Application Launch Time

Use the session pre-launch feature to reduce application launch time during normal or high traffic periods; thus, giving the user a better experience. The pre-launch feature allows a pre-launch session to be created when a user logs on to Receiver, or at a scheduled time if the user is already logged on. This pre-launch session reduces the launch time of the first application. The default application ctxprelaunch.exe is running in the session, but it is not visible to the user. There are two types of pre-launch:
q
Just-in-time pre-launch. Pre-Launch starts immediately after the user's credentials are authenticated whether or not it is a high-traffic period. Scheduled pre-launch. Pre-launch starts at a scheduled time. Scheduled pre-launch starts only when the user device is already running and authenticated. If those two conditions are not met when the scheduled pre-launch time arrives, a session does not launch. To spread network and server load, the session launches within a window of when it is scheduled. For example, if the scheduled pre-launch is scheduled for 1:45 p.m., the session actually launches between 1:15 p.m. and 1:45 p.m.
Typically, you can use just-in-time pre-launch for normal traffic periods and scheduled pre-launch for known high-traffic periods. An example of a high-traffic period - if your environment includes a large number of users who launch applications during peak periods such as when users start work or return from lunch, the rapid succession of logon requests might overwhelm servers and slow down application launch for all users. Configuring pre-launch on the XenApp server consists of creating, modifying, or deleting pre-launch applications, as well as updating user policy settings that control the pre-launch application. See To pre-launch applications to user devices for information about configuring session pre-launch on the XenApp server. Caution: Editing the Registry incorrectly can cause serious problems that may require you to reinstall your operating system. Citrix cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. Be sure to back up the registry before you edit it. Customizing the pre-launch feature using the icaclient.adm file is not supported. However, you can change the pre-launch configuration by modifying registry values during or after Receiver installation. Registry value for Windows 7, 64-bit The value for Windows 7, 64-bit, is: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Citrix\ICA Client\Prelaunch. HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Citrix\ICA Client\Prelaunch - Enables different users on the same user device to have different settings. It also allows a user to change the configuration without administrative permission. You can provide your users with scripts to accomplish this. 75
Reducing Application Launch Time Name: State Values: 0 - Disable pre-launch. 1 - Enable just-in-time pre-launch. (Pre-Launch starts after the user's credentials are authenticated.) 2 - Enable scheduled pre-launch. (Pre-launch starts at the time scheduled in Schedule.) Name: Schedule Value: The time (24 hour format) and days of week for scheduled pre-launch entered in the following format: HH:MM|M:T:W:TH:F:S:SU where HH and MM are hours and minutes. M:T:W:TH:F:S:SU are the days of the week. For example, to enable scheduled pre-launch on Monday, Wednesday, and Friday at 1:45 p.m., set Schedule as Schedule=13:45|1:0:1:0:1:0:0 . The session actually launches between 1:15 p.m. and 1:45 p.m. Registry values for other Windows systems The values for all other supported Windows operating systems are: HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Prelaunch and HKEY_CURRENT_USER\Software\Citrix\ICA Client\Prelaunch. HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Prelaunch - Written at installation, with default values. Name: UserOverride Values: 0 - Use the HKEY_LOCAL_MACHINE values even if HKEY_CURRENT_USER values are also present. 1 - Use HKEY_CURRENT_USER values if they exist; otherwise, use the HKEY_LOCAL_MACHINE values. Name: State Values: 0 - Disable pre-launch. 1 - Enable just-in-time pre-launch. (Pre-Launch starts after the user's credentials are authenticated.) 2 - Enable scheduled pre-launch. (Pre-launch starts at the time scheduled in Schedule.) Name: Schedule Value: 76
Reducing Application Launch Time The time (24 hour format) and days of week for scheduled pre-launch entered in the following format: HH:MM|M:T:W:TH:F:S:SU where HH and MM are hours and minutes. M:T:W:TH:F:S:SU are the days of the week. For example to enable scheduled pre-launch on Monday, Wednesday, and Friday at 1:45 p.m., set Schedule as Schedule=13:45|1:0:1:0:1:0:0 . The session actually launches between 1:15 p.m. and 1:45 p.m. HKEY_CURRENT_USER\SOFTWARE\Citrix\ICA Client\Prelaunch - Enables different users on the same user device to have different settings. It also allows a user to change the configuration without administrative permission. You can provide your users with scripts to accomplish this. Name: State Values: 0 - Disable pre-launch. 1 - Enable just-in-time pre-launch. (Pre-Launch starts after the user's credentials are authenticated.) 2 - Enable scheduled pre-launch. (Pre-launch starts at the time scheduled in Schedule.) Name: Schedule Value: The time (24 hour format) and days of week for scheduled pre-launch entered in the following format: HH:MM|M:T:W:TH:F:S:SU where HH and MM are hours and minutes. M:T:W:TH:F:S:SU are the days of the week. For example, to enable scheduled pre-launch on Monday, Wednesday, and Friday at 1:45 p.m., set Schedule as Schedule=13:45|1:0:1:0:1:0:0 . The session actually launches between 1:15 p.m. and 1:45 p.m.
77
Reconnecting Users Automatically

Users can be disconnected from their sessions because of unreliable networks, highly variable network latency, or range limitations of wireless devices. With the HDX Broadcast auto-client reconnection feature, Receiver can detect unintended disconnections of ICA sessions and reconnect users to the affected sessions automatically. When this feature is enabled on the server, users do not have to reconnect manually to continue working. The Receiver attempts to reconnect to the session until there is a successful reconnection or the user cancels the reconnection attempts. If user authentication is required, a dialog box requesting credentials appears to a user during automatic reconnection. Automatic reconnection does not occur if users exit applications without logging off. Users can reconnect only to disconnected sessions. To disable HDX Broadcast auto-client reconnect for a particular user 1. As an administrator, open the Group Policy Editor by either running gpedit.msc locally from the Start menu when applying policies to a single computer or by using the Group Policy Management Console when applying domain policies. Note: If you already imported the icaclient template into the Group Policy Editor, you can omit Steps 2 to 5. 2. In the left pane of the Group Policy Editor, select the Administrative Templates folder. 3. From the Action menu, choose Add/Remove Templates. 4. Choose Add and browse to the Receiver Configuration folder (usually C:\Program Files\Citrix\ICA Client\Configuration) and select icaclient.adm. 5. Select Open to add the template and then Close to return to the Group Policy Editor. 6. From the Group Policy Editor, expand Administrative Templates and navigate through Citrix Components > Citrix Receiver > Network Routing > Session reliability and automatic reconnection. In Windows 7 and Windows Server 2008, expand Administrative Templates and navigate through Classic Administrative Templates (ADM) > Citrix Components to the desired configuration option. 7. From the Action menu, choose Properties and select Disabled.
78
Providing HDX Broadcast Session Reliability

With the HDX Broadcast Session Reliability feature, users continue to see a published applications window if the connection to the application experiences an interruption. For example, wireless users entering a tunnel may lose their connection when they enter the tunnel and regain it when they emerge on the other side. During such interruptions, the session reliability feature enables the session window to remain displayed while the connection is being restored. You can configure your system to display a warning dialog box to users when the connection is unavailable. You set HDX Broadcast Session Reliability with policy settings on the server. Receiver users cannot override the server settings for HDX Broadcast Session Reliability. Important: If HDX Broadcast Session Reliability is enabled, the default port used for session communication switches from 1494 to 2598.
79
Improving Performance over Low-Bandwidth Connections

Citrix recommends that you use the latest version of XenApp or XenDesktop on the server. Citrix continually enhances and improves performance with each release. Many performance features require the latest Receiver and server software to function. If you are using a low-bandwidth connection, you can make a number of changes to your Receiver configuration and the way you use the Receiver to improve performance.
Changing Your Receiver Configuration

On devices with limited processing power or in circumstances where only limited bandwidth is available, there is a trade-off between performance and functionality. Receiver provides both user and administrator with the ability to choose an acceptable mixture of rich functionality and interactive performance. Making one or more of these changes on the server or user device can reduce the bandwidth your connection requires and improve performance:
Enable SpeedScreen Latency Reduction. SpeedScreen Latency Reduction improves performance over high latency connections by providing instant feedback to the user in response to typed data or mouse clicks. User's side: icaclient.adm file. Server side: SpeedScreen Latency Reduction Manager.
Reduce the window size. Change the window size to the minimum size you can comfortably use. User side: icaclient.adm file or use the Receiver icon in the notification area and choose Preferences and right-click the Online Plug-in entry in the Plug-in Status and choose Options > Session Options. Server side: XenApp services site > Session Options.
Reduce the number of colors. Reduce the number of colors to 256. User side: icaclient.adm file or use the Receiver icon in the notification area and choose Preferences and right-click the Online Plug-in entry in the Plug-in Status and choose Options > Session Options. Server side: XenApp services site > Session Options.
Reduce sound quality. If Receiver audio mapping is enabled, reduce the sound quality to the minimum setting.
80
Improving Performance over Low-Bandwidth Connections User's side: icaclient.adm file. Server side: Citrix Audio quality policy setting.
Changing Receiver Use

ICA technology is highly optimized and typically does not have high CPU and bandwidth requirements. However, if you are using a very low-bandwidth connection, the following tasks can impact performance:
Accessing large files using client drive mapping. When you access a large file with client drive mapping, the file is transferred over the ICA connection. On slow connections, this may take a long time. Playing multimedia content. Playing multimedia content uses a lot of bandwidth and can cause reduced performance.
81
Connecting User Devices and Published Resources

You can facilitate sessions and optimize the connection of your user devices to resources published in the server farm by:
q
Configuring workspace control settings to provide continuity for roaming users Making scanning transparent for users Mapping client devices Associating user device file types with published applications
82
Configuring Workspace Control Settings to Provide Continuity for Roaming Users

The workspace control feature provides users with the ability to disconnect quickly from all running applications, reconnect to applications, or log off from all running applications. You can move among user devices and gain access to all of your applications when you log on. For example, health care workers in a hospital can move quickly among workstations and access the same set of applications each time they log on to XenApp. These users can disconnect from multiple applications at one user device and open all the same applications when they reconnect at a different user device. Workspace control is available only to users connecting to published resources with Citrix XenApp or through Storefront, Receiver for Web, or the Web Interface. Policies and client drive mappings change appropriately when you move to a new user device. Policies and mappings are applied according to the user device where you are currently logged on to the session. For example, if a health care worker logs off from a user device in the emergency room of a hospital and then logs on to a workstation in the hospitals X-ray laboratory, the policies, printer mappings, and client drive mappings appropriate for the session in the X-ray laboratory go into effect for the session as soon as the user logs on to the user device in the X-ray laboratory. Important: Workspace control is not available for Online Plug-in versions earlier than 11.x; it works only with sessions connected to computers running Citrix Presentation Server Version 3.0, 4.0, or 4.5 or Citrix XenApp 5.0, 6.0, or 6.5. If workspace control configuration settings allow users to override the server settings, users can configure workspace control on the Receiver Reconnect Options page:
Enable automatic reconnection at logon allows users to reconnect to only disconnected applications or to both disconnected and active applications Enable reconnection from the menu allows users to reconnect to only disconnected applications or to both disconnected and active sessions
To configure workspace control settings through Storefront or Receiver for Web For information about configuring Receiver Storefront and Receiver for Web for workspace control and user roaming, refer to the "Manage" topics in the Receiver Storefront documentation in Citrix eDocs. To configure workspace control settings through Web Interface For users launching applications through the Web Interface, these options are in Settings:
q
Enable automatic reconnection at logon allows users to reconnect to only disconnected applications or both disconnected and active applications
83

q
Enable automatic reconnection from Reconnect menu allows users to reconnect to only disconnected applications or both disconnected and active sessions Customize Log Off button allows users to configure whether or not the log off command will include logging them off from applications that are running in the session
If users log on with smart cards or smart cards with pass-through authentication, set up a trust relationship between the server running the Web Interface and any other server in the farm that the Web Interface accesses for published applications. For more information about workspace control requirements, see the Citrix XenApp and Web Interface Administrator documentation.
84
Making Scanning Transparent for Users

If you enable HDX Plug-n-Play TWAIN image scanning device support, users can control client-attached TWAIN imaging devices transparently with applications that reside on the server farm. To use this feature, a TWAIN device must be attached to the user device and the associated 32-bit TWAIN driver must also be installed on the user device. To enable or disable this feature, configure the Citrix policy Client TWAIN device redirection setting. The following policy settings allow you to specify the maximum amount of bandwidth (in kilobits per second or as a percentage) and the compression level of images from client to server used for TWAIN redirection:
q
TWAIN device redirection bandwidth limit TWAIN device redirection bandwidth limit percent TWAIN compression level
85
Mapping User Devices

The Receiver supports mapping devices on user devices so they are available from within a session. Users can:
q
Transparently access local drives, printers, and COM ports Cut and paste between the session and the local Windows clipboard Hear audio (system sounds and .wav files) played from the session
During logon, Receiver informs the XenApp server of the available client drives, COM ports, and LPT ports. By default, client drives are mapped to server drive letters and server print queues are created for client printers so they appear to be directly connected to the XenApp server. These mappings are available only for the current user during the current session. They are deleted when the user logs off and recreated the next time the user logs on. You can use the the Citrix policy redirection settings on the XenApp server to map user devices not automatically mapped at logon. For more information, see the XenApp administration documentation.
Turning off User Device Mappings

You can configure user device mapping including options for drives, printers, and ports, using the Windows Server Manager tool. For more information about the available options, see your Remote Desktop Services documentation.
86
Mapping Client Drives to XenApp Server Drive Letters

Client drive mapping allows drive letters on the XenApp server to be redirected to drives that exist on the client device. For example, drive H in a Citrix user session can be mapped to drive C of the local device running the plug-in. Client drive mapping is built into the standard Citrix device redirection facilities transparently. To File Manager, Windows Explorer, and your applications, these mappings appear like any other network mappings. Note that Client drive mapping is not supported when connecting to MetaFrame Server 1.0 for UNIX operating systems. The XenApp server can be configured during installation to map client drives automatically to a given set of drive letters. The default installation mapping maps drive letters assigned to client drives starting with V and works backward, assigning a drive letter to each fixed drive and CD-ROM drive. (Floppy drives are assigned their existing drive letters.) This method yields the following drive mappings in a session:
Client drive letter A B C
Is accessed by the XenApp server as: A B V
D U The XenApp server can be configured so that the server drive letters do not conflict with the client drive letters; in this case the server drive letters are changed to higher drive letters. For example, changing server drives C to M and D to N allows client devices to access their C and D drives directly. This method yields the following drive mappings in a session:
Is accessed by the XenApp server as: A B C
D D The drive letter used to replace the server drive C is defined during Setup. All other fixed drive and CD-ROM drive letters are replaced with sequential drive letters (for example; C > M, D > N, E > O). These drive letters must not conflict with any existing network drive mappings. If a network drive is mapped to the same drive letter as a server drive letter, the network drive mapping is not valid.
87
Mapping Client Drives to XenApp Server Drive Letters When a client device connects to a XenApp server, client mappings are reestablished unless automatic client device mapping is disabled. You can use the Terminal Services Configuration tool to configure automatic client device mapping for ICA connections and users. You can also use policies to give you more control over how client device mapping is applied. For more information about policies, see the Citrix XenApp Administrator's documentation at Citrix eDocs.
88
HDX Plug-n-Play for USB Storage Devices

HDX Plug-n-Play for USB storage devices enables users to interact with USB mass storage devices connected to their user devices when connected to XenApp sessions. When HDX Plug-n-Play for USB storage devices is enabled, users can connect or disconnect a USB device from a session at anytime, regardless of whether the session was started before or after the drive connection. HDX Plug-n-Play for USB storage devices is enabled by default and can be disabled or enabled by editing the ICA\File Redirection - Client removable drives policy setting. For more information, see the XenApp documentation.
Supported Mass Storage Devices with XenApp

Mass storage devices, including USB thumbdrives, USB-attached hard drives, CD-DVD drives, and SD card readers are supported. Not supported:
U3 smart drives and devices with similar autorun behavior Explorer.exe published as a seamless application
89
HDX Plug-n-Play USB Device Redirection for XenApp Connections

HDX Plug-n-Play USB Device Redirection on computers running Vista and Windows 7 enables dynamic redirection of media devices, including cameras, scanners, media players, and point of sale (POS) devices to the server. You or the user can restrict redirection of all or some of the devices. Edit policies on the server or apply group policies on the user device to configure the redirection settings. Three methods can enforce HDX Plug-n-Play USB device redirection policies:
Server side. The administrator can enable or disable all device redirections for a specific user or user group using the Active Directory policies available in XenApp. The policy controls redirection of all devices and is not specific to a device. For more information, see the XenApp administration documentation. Plug-in side. The administrator can enable or disable all device redirection for a specific user or computer by using the group policy editor. There are two policy settings - the USB Plug-n-Play Devices policy setting controls redirection of all devices and the USB Point of Sale Devices policy setting controls POS devices only. If USB Plug-n-Play Devices allows devices to be redirected, you can use the USB Point of Sale Devices, which is a subset of USB Plug-n-Play Devices, to control only POS devices. Plug-in side. The user can allow or reject device redirection. When a device is going to be redirected, the permission set by the user in the Connection Center is applied (the setting applies to the current session). If the permission is set to Full Access, devices are always redirected. If the permission is set to No Access, devices are not redirected. If the permission is set to Ask Permission, a dialog box appears before redirection occurs requiring the user to make a selection. Depending on the answer, the device is redirected or not. If the user is prompted with any of the device security dialog boxes (for example, file security or audio security) and instructs the system to remember the decision, applications launched in subsequent ICA sessions load and use these settings. This setting affects only devices plugged in after the user changes the setting. Devices that are already plugged in when the user changes the setting are unaffected by the new setting. Important: If you prohibit Plug-n-Play USB device redirection in a server policy, the user cannot override that policy setting with the plug-in side policy.
Plug-in Group Policies

Access the plug-in policies using the Group Policy Editor available through gpedit.msc from the Start menu's Run dialog box. You can apply the policies to both users and computers. Two policies are available:
90

q
USB Plug-n-Play Devices is the main policy that turns HDX Plug-n-Play USB device redirection on or off. Enabling redirection allows any Media Transfer Protocol (MTP), Picture Transfer Protocol (PTP), and Point of Sale (POS) device connected to the user device to be redirected in the session. The policy has three values: Not Configured, Enabled, and Disabled. The default is Not Configured, which allows redirection. USB Point of Sale Devices controls the redirection of POS devices and USB Plug-n-Play Devices must be Enabled to enable this policy. The policy can have three values: Not Configured, Enabled, and Disabled. The default is Not Configured, which allows redirection of POS devices.
91
Mapping Client Printers for More Efficiency

The Receiver support printing to network printers and printers that are attached locally to user devices. By default, unless you create policies to change this, XenApp lets users:
q
Print to all printing devices accessible from the user device Add printers (but it does not retain settings configured for these printers or save them for the next session)
However, these settings might not be the optimum in all environments. For example, the default setting that allows users to print to all printers accessible from the user device is the easiest to administer initially, but might create slower logon times in some environments. Likewise, your organizations security policies might require that you prevent users from mapping local printing ports. To do so, configure the Citrix policy Auto connect client COM ports setting to Disabled. To change default printing settings, configure policy settings on the server. For more information, see the XenApp administration topics.
To view mapped client printers

While connected to the XenApp server, from the Start menu, choose Printers in the Control Panel. The Printers window displays the local printers mapped to the session. When connecting to servers running Citrix Presentation Server 4.0 or 4.5 or Citrix XenApp, by default the name of the printer takes the form: printername (from clientname) in session x where:
printername is the name of the printer on the user device. clientname is the unique name given to the user device or the Web Interface. x is the SessionID of the users session on the server.
For example, printer01 (from computer01) in session 7 When connecting to servers running Presentation Server 3.0 or earlier, or when the Legacy printer name option from the Citrix policy Client printer names setting is enabled on the
92
Mapping Client Printers for More Efficiency server, a different naming convention is used. The name of the printer takes the form: Client/clientname#/printername where:
clientname is the unique name given to the user device during client setup. printername is the Windows printer name. Because the Windows printer name is used and not the port name, multiple printers can share a printer port without conflict.
For more information about printing, and about managing printing using policies, see the Citrix XenApp Administrator's documentation.
93
To map a client COM port to a server COM port

Client COM port mapping allows devices attached to the COM ports of the user device to be used during sessions on a XenApp server. These mappings can be used like any other network mappings. Important: Client COM port mapping is not supported when connecting to MetaFrame Server 1.0 and 1.1 for UNIX Operating Systems. You can map client COM ports at the command prompt. You can also control client COM port mapping from the Terminal Services Configuration tool or using policies. See the Citrix XenApp Administrators documentation for more information about policies. 1. Start Receiver and log on to the XenApp server. 2. At a command prompt, type: net use comx: \\client\comz: where x is the number of the COM port on the server (ports 1 through 9 are available for mapping) and z is the number of the client COM port you want to map. 3. To confirm the operation, type: net use at a command prompt. The list that appears contains mapped drives, LPT ports, and mapped COM ports. To use this COM port in a session on a XenApp server, install your device to the mapped name. For example, if you map COM1 on the client to COM5 on the server, install your COM port device on COM5 during the session on the server. Use this mapped COM port as you would a COM port on the user device. Important: COM port mapping is not TAPI-compatible. TAPI devices cannot be mapped to client COM ports.
94
Mapping Client Audio to Play Sound on the User Device

Client audio mapping enables applications executing on the XenApp server to play sounds through Windows-compatible sound devices installed on the user device. You can set audio quality on a per-connection basis on the XenApp server and users can set it on their device. If the user device and server audio quality settings are different, the lower setting is used. Client audio mapping can cause excessive load on servers and the network. The higher the audio quality, the more bandwidth is required to transfer the audio data. Higher quality audio also uses more server CPU to process. Important: Client sound support mapping is not supported when connecting to Citrix XenApp for UNIX.
95
Associating User Device File Types with Published Applications

Receiver supports HDX Plug-n-Play content redirection. Functionally equivalent to extended parameter passing, content redirection allows you to enforce all underlying file type associations from the server, eliminating the need to configure extended parameter passing on individual user devices. To associate file types on the user device with applications published on the server, configure Plug-n-Play content redirection on the server. For more information, see the XenApp adminstration topics.
96
Using the Window Manager when Connecting to Citrix XenApp for UNIX
This topic does not apply to XenDesktop connections. You can use the window manager to change the session display when connecting to published resources on XenApp servers for UNIX. With the window manager, users can minimize, resize, position, and close windows, as well as access full screen mode.
About Seamless Windows

In seamless window mode, published applications and desktops are not contained within a session window. Each published application and desktop appears in its own resizable window, as if it is physically installed on the user device. Users can switch between published applications and the local desktop. You can also display seamless windows in full screen mode, which places the published application in a full screen-sized desktop. This mode lets you access the ctxwm menu system. To switch between seamless and full screen modes Press SHIFT+F2 to switch between seamless and full screen modes.
Minimizing, Resizing, Positioning, and Closing Windows

When users connect to published resources, window manager provides buttons to minimize, resize, position, and close windows. Windows are minimized as buttons on the taskbar. When the user closes the last application in a session, the session is logged off automatically after twenty seconds.
97
Terminating and Disconnecting Sessions

This topic does not apply to XenDesktop connections. In remote desktop and seamless full screen windows, you can use the ctxwm menu system to log off, disconnect, and exit from published applications and connection sessions.
To access the ctxwm menu system

1. On a blank area of the remote desktop window, click and hold down the left mouse button. The ctxwm menu appears. 2. Drag the mouse pointer over Shutdown to display the shutdown options.
To choose an option from the ctxwm menu

Drag the pointer over the required option to select it. Release the mouse button to select the option.
To Terminate the connection and all running applications Disconnect the session but leave the application running Disconnect the session and terminate the application
Choose Logoff Disconnect Exit
Note: The server can be configured to terminate any applications that are running if a session is disconnected.
98
Using ctxgrab and ctxcapture to Cut and Paste Graphics When Connected to XenApp for UNIX
If you are connected to an application published on a XenApp server for UNIX, use ctxgrab or ctxcapture to cut and paste graphics between the session and the local desktop. These utilities are configured and deployed from the server. Important: You might need to deploy UNIX applications that are designed for use with a 3button mouse. Use ctx3bmouse on the XenApp for UNIX server to configure 3-button mouse emulation. For more information, see the XenApp for UNIX administration documentation.
q
ctxgrab ctxcapture
99
Using the ctxgrab Utility to Cut and Paste Graphics

This topic does not apply to XenDesktop connections. The ctxgrab utility is a simple tool you use to cut and paste graphics from published applications to applications running on the local user device. This utility is available from a command prompt or, if you are using a published application, from the ctxwm window manager. Important: Use ctx3bmouse on the XenApp for UNIX server to configure 3-button mouse emulation. For more information, see the XenApp for UNIX administration documentation.
To access the ctxgrab utility from the window manager

q
In seamless mode, right-click the ctxgrab button in the top, left-hand corner of the screen to display a menu and choose the grab option In full screen mode, left-click to display the ctxwm menu and choose the grab option
To copy from an application in a plug-in window to a local application

1. From the ctxgrab dialog box, click From screen. 2. To select a window, move the cursor over the window you want to copy and click the middle mouse button. To select a region, hold down the left mouse button and drag the cursor to select the area you want to copy. To cancel the selection, click the right mouse button. While dragging, click the right mouse button before releasing the left button. 3. Use the appropriate command in the local application to paste the object.
100
Using the ctxcapture Utility to Cut and Paste Graphics

This topic does not apply to XenDesktop connections. The ctxcapture utility is a more fully-featured utility for cutting and pasting graphics between published applications and applications running on the local user device. With ctxcapture you can:
Grab dialog boxes or screen areas and copy them between an application in a Receiver window and an application running on the local user device, including non-ICCCM-compliant applications Copy graphics between the Receiver and the X graphics manipulation utility xvf
If you are connected to a published desktop, ctxcapture is available from a command prompt. If you are connected to a published application and the administrator makes it available, you can access ctxcapture through the ctxwm window manager. Important: Use ctx3bmouse on the XenApp for UNIX server to configure 3-button mouse emulation. For more information, see the XenApp for UNIX administration documentation.
To access the ctxcapture utility from the window manager

Left-click to display the ctxwm menu and choose the screengrab option.
101
To copy from a local application to an application in a Receiver window

1. From the ctxcapture dialog box, click From screen. 2. To select a window, move the cursor over the window you want to copy and click the middle mouse button. To select a region, hold down the left mouse button and drag the cursor to select the area you want to copy. To cancel the selection: click the right mouse button. While dragging, click the right mouse button before releasing the left button. 3. From the ctxcapture dialog box, click To ICA. The xcapture button changes color to indicate that it is processing the information. 4. When the transfer is complete, use the appropriate command in the published application window to paste the information.
To copy from an application in a Receiver window to a local application

1. From the application in the Receiver window, copy the graphic. 2. From the ctxcapture dialog box, click From ICA. 3. When the transfer is complete, use the appropriate command in the local application to paste the information.
To copy from xv to an application in a Receiver window or local application

1. From xv, copy the graphic. 2. From the ctxcapture dialog box, click From xv and To ICA. 3. When the transfer is complete, use the appropriate command in the Receiver window to paste the information.
To copy from an application in a Receiver window to xv

1. From the application in the Receiver window, copy the graphic. 2. From the ctxcapture dialog box, click From ICA and To xv. 3. When the transfer is complete, use the paste command in xv.
102
Matching Client Names and Computer Names

The dynamic client name feature allows the client name to be the same as the computer name. When users change their computer name, the client name changes to match. This allows you to name computers to suit your naming scheme and find connections more easily when managing your server farm. If the client name is not set to match the computer name during installation, the client name does not change when the computer name is changed. Users enable dynamic client name support by selecting Enable Dynamic Client Name during Receiver installation. To enable dynamic client name support during silent command line installation, the value of the property ENABLE_DYNAMIC_CLIENT_NAME must be Yes. Set the property to No to disable dynamic client name support.
103
DNS Name Resolution

You can configure Receivers that use the Citrix XML Service to request a Domain Name Service (DNS) name for a server instead of an IP address. Important: Unless your DNS environment is configured specifically to use this feature, Citrix recommends that you do not enable DNS name resolution in the server farm. Receivers connecting to published applications through the Web Interface also use the Citrix XML Service. For Receivers connecting through the Web Interface, the Web server resolves the DNS name on behalf of the Receiver. DNS name resolution is disabled by default in the server farm and enabled by default on the Receiver. When DNS name resolution is disabled in the farm, any Receiver request for a DNS name returns an IP address. There is no need to disable DNS name resolution on Receiver.
To disable DNS name resolution for specific client devices

If you are using DNS name resolution in the server farm and are having problems with specific user devices, you can disable DNS name resolution for those devices. Caution: Using Registry Editor incorrectly can cause serious problems that can require you to reinstall the operating system. Citrix cannot guarantee that problems resulting from incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. Make sure you back up the registry before you edit it. 1. Add a string registry key xmlAddressResolutionType to HKEY_LOCAL_MACHINE\Software\Wow6432Node\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Application Browsing. 2. Set the value to IPv4-Port. 3. Repeat for each user of the user devices.
104
Using Proxy Servers with XenDesktop Connections

If you do not use proxy servers in your environment, correct the Internet Explorer proxy settings on any user devices running Internet Explorer 7.0 on Windows XP. By default, this configuration automatically detects proxy settings. If proxy servers are not used, users will experience unnecessary delays during the detection process. For instructions on changing the proxy settings, consult your Internet Explorer documentation. Alternatively, you can change proxy settings using the Web Interface. For more information, consult the Web Interface documentation.
105
Improving the Receiver User Experience

You can improve your users experiences with the following supported features:
q
ClearType font smoothing Client-side microphone input for digital dictation Multiple monitor support Printing performance enhancements To set keyboard shortcuts 32-bit color icons
Topics that support users with the Desktop Viewer and the Desktop Lock are available at http://support.citrix.com/help/receiver/en/receiverHelpWin.htm.
106
ClearType Font Smoothing in Sessions

This topic does not apply to XenDesktop connections. XenApp server supports ClearType font smoothing with Receiver for users on computers running Windows XP, Windows 7, and Windows Vista. ClearType font smoothing is set by default in Windows 7 and Windows Vista, but Standard font smoothing is set by default in Windows XP. If you enable ClearType font smoothing on Receiver, you are not forcing the user devices to use ClearType font smoothing. You are enabling the server to support ClearType font smoothing on user devices that have it set and are using Receiver. By disabling it for sessions, you are specifying that sessions launched from that Receiver do not remote the font smoothing setting. Receiver automatically detects the user devices font smoothing setting and sends it to the server. The session connects using this setting. When the session is disconnected or terminated, the user's profile setting on the server is set to original setting unless the user specifically changed it in the control panel in the session; then the server uses the new setting. Older Receivers (plug-ins) connect using the font smoothing setting configured in that users profile on the server. When ClearType font smoothing is enabled, three times more data is sent across the virtual channel, which might cause a decrease in performance. Font smoothing must be enabled on users operating systems, the Receiver, the Web Interface site, and the server farm.
To enable or disable ClearType font smoothing for sessions

In Web Interface environments, use the Session Preferences task in the Citrix Web Interface Management console to enable or disable font smoothing for XenApp Web sites and the Session Options task for XenApp Services sites.
107
Client-Side Microphone Input

Receiver supports multiple client-side microphone input. Locally installed microphones can be used for:
q
Real-time activities, such as softphone calls and Web conferences. Hosted recording applications, such as dictation programs. Video and audio recordings.
Digital dictation support is available with Receiver. For information about configuring this feature, see the administrator's documentation for Citrix XenApp or Citrix XenDesktop. Receiver (Enterprise) users can disable their microphones by selecting No Access in the Microphones/Webcams menu choice available from the Citrix Connection Center, or from the Receivers system menu (for non-seamless connections). Receiver (standard) users are presented with the same dialog box automatically at the beginning of their sessions. XenDesktop users can also use the XenDesktop Viewer Preferences to disable their microphones. Note: Selecting No Access also disables any attached Webcams. On the user device, users control audio input and output in a single stepby selecting an audio quality level from the Options dialog box.
108
Configuring HDX Plug-n-Play Multi-monitor Support

Multiple monitors are fully supported by Receiver. As many as eight monitors are supported. Each monitor in a multiple monitor configuration has its own resolution designed by its manufacturer. Monitors can have different resolutions and orientations during sessions. Sessions can span multiple monitors in two ways:
q
Full screen mode, with multiple monitors shown inside the session; applications snap to monitors as they would locally. XenDesktop: If users access a desktop through the Citrix Desktop Lock, the desktop is displayed across all monitors. The primary monitor on the device becomes the primary monitor in the XenDesktop session. You can display the Desktop Viewer toolbar across any rectangular subset of monitors by resizing the window across any part of those monitors and pressing the Maximize button.
Windowed mode, with one single monitor image for the session; applications do not snap to individual monitors.
XenDesktop: When any desktop in the same assignment (formerly "desktop group") is launched subsequently, the window setting is preserved and the toolbar is displayed across the same monitors. Multiple virtual desktops can be displayed on one device provided the monitor arrangement is rectangular. If the primary monitor on the device is used by the XenDesktop session, it becomes the primary monitor in the session. Otherwise, the numerically lowest monitor in the session becomes the primary monitor. To enable multi-monitor support, ensure the following:
q
The user device must have a single video board that can support connections to more than one monitor or multiple video boards compatible with the Receiver on the appropriate platform. The user device operating system must be able to detect each of the monitors. On Windows platforms, to verify that this detection occurs, on the user device, view the Settings tab in the Display Settings dialog box and confirm that each monitor appears separately. After your monitors are detected:
q
XenDesktop: Configure the graphics memory limit using the Citrix Machine Policy setting Display memory limit. XenApp: Depending on the version of the XenApp server you have installed:
q
Configure the graphics memory limit using the Citrix Computer Policy setting Display memory limit.
109

q
From the Citrix management console for the XenApp server, select the farm and in the task pane, select Modify Server Properties > Modify all properties > Server Default > HDX Broadcast > Display (or Modify Server Properties > Modify all properties > Server Default > ICA > Display) and set the Maximum memory to use for each sessions graphics.
Ensure the setting is large enough (in kilobytes) to provide sufficient graphic memory. If this setting is not high enough, the published resource is restricted to the subset of the monitors that fits within the size specified. For information about calculating the session's graphic memory requirements for XenApp and XenDesktop, see ctx115637.
110
Printing Performance
Printing performance can play a vital role in your users experiences. The printing configuration you create affects these aspects of the users experience:
q
User ease and comfort level Logon times Ability to print to a nearby printer when traveling or when moving between client devices in a building
You configure printer policy settings on the server.
User Ease and Comfort Level

In environments with novice users, consider changing the following potentially confusing default printing behaviors:
Printer names change at the start of each session. When, by default, client printers are auto-created, the printer name is appended with the name of the user device and session. For example, auto-created client printers appear in the Print dialog box with a name like HP LaserJet 1018 (from clientname) in session 35. To resolve this problem, you can either reduce the number of printers auto-created or provision printers using another method. To control printer auto-creation, configure the Citrix policy setting Auto-create client printers and select one of the following options:
q
Do not auto-create client printers. Client printers are not auto-created. Auto-create the clients default printer only. Only the clients default printer attached to or mapped from the client preconfigured in the Control Panel is auto-created in the session. Auto-create local (non-network) client printers only. Any non-network printers attached to the client device preconfigured in the Control Panel are auto-created in the session.
Auto-create all client printers. All network printers and any printers attached to or mapped from the user device preconfigured in the Control Panel are auto-created in the session. If many printers are installed by default on user devices, your users might be confused by the large number of available printers. You can limit the printers that appear to them in sessions.
q
HDX Plug-n-Play Universal Printer uses a nonstandard printing dialog box. If your users have trouble learning new features on their own, you might not want to use the
111
Printing Performance the Universal Printer as the default printer in a session. The user interface for this printer is slightly different from the standard Windows print dialog box.
Logon Times
The printing configuration you select can impact how long it takes users to start a session. When Receiver is configured to provision printers by creating them automatically at the beginning of each session, it increases the amount of time to build the session environment. In this case, Receiver has to rebuild every printer found on the user device. You can decrease logon time by specifying any of the following on the XenApp server:
Auto-create only the the Universal Printer. This is done automatically when you configure the the Universal Printer. Auto-create only the default printer for the client device by using the Auto-create client printers policy setting. Do not auto-create any client printers through the Auto-create client printers policy setting and route print jobs to network printers by configuring the Session printers policy setting
Configuring Printers for Mobile Workers

If you have users who move among workstations in the same building (for example, in a hospital setting) or move among different offices, you might want to configure Proximity Printing. The Proximity Printing solution ensures that the closest printer is presented to the users in their sessions, even when they change user devices during a session.
112
To override the printer settings configured on the server

To improve printing performance, you can configure various printing policy settings on the server:
q
Universal printing optimization defaults Universal printing EMF processing mode Universal printing image compression limit Universal printing print quality limit Printer driver mapping and compatibility Session printers
If you enabled Allow non-admins to modify these settings in the Universal printing optional defaults policy setting on the server, users on their user devices can override the Image Compression and Image and Font Caching options specified in that policy setting. To override the printer settings on the user device 1. From the Print menu available from an application on the user device, choose Properties. 2. On the Client Settings tab, click Advanced Optimizations and make changes to the Image Compression and Image and Font Caching options.
113
To set keyboard shortcuts

You can configure combinations of keys that Receiver interprets as having special functionality. When the keyboard shortcuts policy is enabled, you can specify Citrix Hotkey mappings, behavior of Windows hotkeys, and keyboard layout for sessions. 1. As an administrator, open the Group Policy Editor by either running gpedit.msc locally from the Start menu when applying policies to a single computer or by using the Group Policy Management Console when applying domain policies. Note: If you already imported the icaclient template into the Group Policy Editor, you can omit Steps 2 to 5. 2. In the left pane of the Group Policy Editor, select the Administrative Templates folder. 3. From the Action menu, choose Add/Remove Templates. 4. Choose Add and browse to the Receiver Configuration folder (usually C:\Program Files\Citrix\ICA Client\Configuration) and select icaclient.adm. 5. Select Open to add the template and then Close to return to the Group Policy Editor. 6. From the Group Policy Editor, expand Administrative Templates and navigate through Citrix Components > Citrix Receiver > User Experience > Keyboard shortcuts. In Windows 7 and Windows Server 2008, expand Administrative Templates and navigate through Classic Administrative Templates (ADM) > Citrix Components to the desired configuration option. 7. From the Action menu, choose Properties, select Enabled, and choose the desired options.
114
Keyboard Input in XenDesktop Sessions

Note the following about how keyboard combinations are processed in XenDesktop sessions:
q
Windows logo key+L is directed to the local computer. CTRL+ALT+DELETE is directed to the local computer except in some cases if you use the Citrix Desktop Lock. Key presses that activate StickyKeys, FilterKeys, and ToggleKeys (Microsoft accessibility features) are normally directed to the local computer. As an accessibility feature of the Desktop Viewer, pressing CTRL+ALT+BREAK displays the Desktop Viewer toolbar buttons in a pop-up window. Windows key combinations (for example, CTRL+ESC and ALT+TAB) are directed according to the settings that your helpdesk has selected. For more information, see the table below. Note: By default, if the Desktop Viewer is maximized, ALT+TAB switches focus between windows inside the session. If the Desktop Viewer is displayed in a window, ALT+TAB switches focus between windows outside the session.
Hotkey sequences are key combinations designed by Citrix. For example, the CTRL+F1 sequence reproduces CTRL+ALT+DELETE, and SHIFT+F2 switches applications between full-screen and windowed mode. You cannot use hotkey sequences with virtual desktops displayed in the Desktop Viewer (that is, with XenDesktop sessions), but you can use them with published applications (that is, with XenApp sessions). The table shows the remoting behavior of other Windows key combinations. The behavior depends on whether a Desktop Viewer or a Desktop Lock session is used, and is controlled by the Local resources setting, avaliable from the Session Options task on the XenDesktop site. XenApp settings are also shown for reference. For more information on configuring this setting, see the Web Interface documentation. With Local resources set to Desktop Viewer sessions have this behavior Key combinations are sent to the remote, virtual desktop only if the Desktop Viewer window has focus and is maximized (full-screen). Desktop Lock sessions have this behavior Key combinations are always sent to the remote, virtual desktop. XenApp (or disabled Desktop Viewer) sessions have this behavior Key combinations are sent to the remote XenApp server if the session is maximized (full-screen).
Full screen desktops only
115
Keyboard Input in XenDesktop Sessions Remote desktop Key combinations are sent to the remote, virtual desktop only if the Desktop Viewer window has focus. Key combinations are always kept on the local user device. Key combinations are always sent to the remote, virtual desktop. Key combinations are sent to the remote XenApp server if the session or application has focus. Key combinations are always kept on the local user device.
Local desktop
Key combinations are always kept on the local user device. Citrix does not recommend setting Local resources to Local desktop if the Desktop Lock is used.
116
Receiver Support for 32-Bit Color Icons

Receiver supports high color icons (32x32 bit) and automatically selects the color depth for applications visible in the Citrix Connection Center dialog box, the Start menu, and task bar to provide for seamless applications. Caution: Editing the Registry incorrectly can cause serious problems that may require you to reinstall your operating system. Citrix cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. Be sure to back up the registry before you edit it. To set a preferred depth, you can add a string registry key named TWIDesiredIconColor to HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Preferences and set it to the desired value. The possible color depths for icons are 4, 8, 16, 24, and 32 bits-per-pixel. The user can select a lower color depth for icons if the network connection is slow.
117
Connecting to Virtual Desktops

From within a desktop session, users cannot connect to the same virtual desktop. Attempting to do so will disconnect the existing desktop session. Therefore, Citrix recommends:
q
Administrators should not configure the clients on a desktop to point to a site that publishes the same desktop Users should not browse to a site that hosts the same desktop if the site is configured to automatically reconnect users to existing sessions Users should not browse to a site that hosts the same desktop and try to launch it
Be aware that a user who logs on locally to a computer that is acting as a virtual desktop blocks connections to that desktop. If your users connect to virtual applications (published with XenApp) from within a virtual desktop and your organization has a separate XenApp administrator, Citrix recommends working with them to define device mapping such that desktop devices are mapped consistently within desktop and application sessions. Because local drives are displayed as network drives in desktop sessions, the XenApp administrator needs to change the drive mapping policy to include network drives.
118
Securing Your Connections

To maximize the security of your environment, the connections between Receiver and the resources you publish must be secured. You can configure various types of authentication for your Receiver software, including enabling certificate revocation list checking, enabling smart card support, and using Security Support Provider Interface/Kerberos Pass-Through Authentication.
Windows NT Challenge/Response (NTLM) Support for Improved Security

Windows NT Challenge/Response (NTLM) authentication is supported by default on computers running Windows NT, Windows 2000, Windows XP, Windows 7, Windows Vista, Windows Server 2003, and Windows Server 2008.
119
To enable certificate revocation list checking for improved security with Receiver (CitrixReceiver.exe)
When certificate revocation list (CRL) checking is enabled, Receiver checks whether or not the servers certificate is revoked. By forcing Receiver to check this, you can improve the cryptographic authentication of the server and the overall security of the SSL/TLS connections between a user device and a server. You can enable several levels of CRL checking. For example, you can configure Receiver to check only its local certificate list or to check the local and network certificate lists. In addition, you can configure certificate checking to allow users to log on only if all CRLs are verified. Important: This option is available only with the standard Receiver (CitrixReceiver.exe) and not Receiver (Enterprise). If you are making this change on a local computer, exit Receiver if it is running. Make sure all Receiver components, including the Connection Center, are closed. 1. As an administrator, open the Group Policy Editor by either running gpedit.msc locally from the Start menu when applying policies to a single computer or by using the Group Policy Management Console when applying domain policies. Note: If you already imported the icaclient template into the Group Policy Editor, you can omit Steps 2 to 5. 2. In the left pane of the Group Policy Editor, select the Administrative Templates folder. 3. From the Action menu, choose Add/Remove Templates. 4. Choose Add and browse to the Configuration folder for the Receiver (usually C:\Program Files\Citrix\ICA Client\Configuration) and select icaclient.adm. 5. Select Open to add the template and then Close to return to the Group Policy Editor. 6. From the Group Policy Editor, expand Administrative Templates and navigate through Citrix Components > Citrix Receiver > Network routing > TLS/SSL data encryption and server identification. In Windows 7 and Windows Server 2008, expand Administrative Templates and navigate through Classic Administrative Templates (ADM) > Citrix Components to the desired configuration option. 7. From the Action menu, choose Properties and select Enabled. 8. From the CRL verification drop-down menu, select one of the options.
q
Disabled. No certificate revocation list checking is performed.
120
q
Only check locally stored CRLs. CRLs that were installed or downloaded previously are used in certificate validation. Connection fails if the certificate is revoked. Require CRLs for connection. CRLs locally and from relevant certificate issuers on the network are checked. Connection fails if the certificate is revoked or not found. Retrieve CRLs from network. CRLs from the relevant certificate issuers are checked. Connection fails if the certificate is revoked.
If you do not set CRL verification, it defaults to Only check locally stored CRLs.
121
Smart Card Support for Improved Security

You must use Receiver (Enterprise) for Smart Card support. Receiver smart card support is based on Microsoft Personal Computer/Smart Card (PC/SC) standard specifications. Receiver supports only smart cards and smart card devices that are, themselves, supported by the underlying Windows operating system. A discussion of security issues related to PC/SC standards compliance is beyond the scope of this document. Enabling smart card support for Receiver is done through the Web Interface. For more information, see the Web Interface documentation. Note: Microsoft strongly recommends that only smart card readers tested and approved by the Microsoft Windows Hardware Quality Lab (WHQL) be used on computers running qualifying Windows operating systems. See http://www.microsoft.com for additional information about hardware PC/SC compliance. Receiver does not control smart card PIN management. PIN management is controlled by the cryptographic service provider for your cards.
122
To enable pass-through authentication when sites are not in Trusted Sites or Intranet zones
Your users might require pass-through authentication to the server using their user logon credentials but cannot add sites to the Trusted Sites or Intranet zones. Enable this setting to allow pass-through authentication on all but Restricted sites. 1. As an administrator, open the Group Policy Editor by either running gpedit.msc locally from the Start menu when applying policies to a single computer or by using the Group Policy Management Console when applying domain policies. Note: If you already imported the icaclient template into the Group Policy Editor, you can omit Steps 2 to 5. 2. In the left pane of the Group Policy Editor, select the Administrative Templates folder. 3. From the Action menu, choose Add/Remove Templates. 4. Choose Add and browse to the Configuration folder for Receiver (usually C:\Program Files\Citrix\ICA Client\Configuration) and select icaclient.adm. 5. Select Open to add the template and then Close to return to the Group Policy Editor. 6. From the Group Policy Editor, expand Administrative Templates and navigate through Citrix Components > Citrix Receiver > User authentication > Local user name and password. In Windows 7 and Windows Server 2008, expand Administrative Templates and navigate through Classic Administrative Templates (ADM) > Citrix Components to the desired configuration option. 7. From the Local user name and password Properties menu, select Enabled, and then select the Enable pass-through authentication and Allow pass-through authentication for all ICA connections check boxes.
123
Using Security Support Provider Interface/Kerberos Pass-Through Authentication for Improved Security
This topic does not apply to XenDesktop connections. Rather than sending user passwords over the network, Kerberos pass-through authentication leverages Kerberos authentication in combination with Security Support Provider Interface (SSPI) security exchange mechanisms. Kerberos is an industry-standard network authentication protocol built into Microsoft Windows operating systems. Kerberos logon offers security-minded users or administrators the convenience of pass-through authentication combined with secret-key cryptography and data integrity provided by industry-standard network security solutions. With Kerberos logon, the Receiver does not need to handle the password and thus prevents Trojan horse-style attacks on the user device to gain access to users passwords. Users can log on to the user device with any authentication method; for example, a biometric authenticator such as a fingerprint reader, and still access published resources without further authentication. System requirements. Kerberos logon requires Citrix Presentation Server 3.0, 4.0, or 4.5, Citrix XenApp 5.0, 6.x and Citrix Presentation Server Clients for Windows 8.x, 9.x, 10.x, XenApp Hosted Plug-in 11.x, online plug-in 12.0, 12.1, or Receiver 3.x. Kerberos works only between Client/plug-ins/Receiver and servers that belong to the same or to trusted Windows 2000, Windows Server 2003, or Windows Server 2008 domains. Servers must also be trusted for delegation, an option you configure through the Active Directory Users and Computers management tool. Kerberos logon is not available in the following circumstances:
q
Connections configured with any of the following options in Remote Desktop Services (formerly known as Terminal Services) Configuration:
q
On the General tab, the Use standard Windows authentication option
On the Logon Settings tab, the Always use the following logon information option or the Always prompt for password option Connections you route through the Secure Gateway
q
If the server requires smart card logon If the authenticated user account requires a smart card for interactive logon
Important: SSPI requires XML Service DNS address resolution to be enabled for the server farm, or reverse DNS resolution to be enabled for the Active Directory domain. For more information, see the Citrix XenApp administrator documentation.
124
Configuring Kerberos Authentication

Receiver, by default, is not configured to use Kerberos authentication when logging on to the server. You can set the Receiver configuration to use Kerberos with pass-through authentication or Kerberos with smart card pass-through authentication. To use Kerberos authentication for your connections, you can either specify Kerberos using a command line installation or configure Receiver using the Group Policy Editor. See the Microsoft Group Policy documentation for more information about editing .adm files
125
To configure Kerberos with pass-through authentication

This topic does not apply to XenDesktop connections. Use Kerberos with pass-through authentication if you want to use Kerberos with Receiver. When Receiver configurations are set to use Kerberos with pass-through authentication, Receiver uses Kerberos authentication first and uses pass-through authentication if Kerberos fails. The user cannot disable this Receiver configuration from the user interface. 1. As an administrator, open the Group Policy Editor by either running gpedit.msc locally from the Start menu when applying policies to a single computer or by using the Group Policy Management Console when applying domain policies. Note: If you already imported the icaclient template into the Group Policy Editor, you can omit Steps 2 to 5. 2. In the left pane of the Group Policy Editor, select the Administrative Templates folder. 3. From the Action menu, choose Add/Remove Templates. 4. Choose Add and browse to the Receiver Configuration folder (usually C:\Program Files\Citrix\ICA Client\Configuration) and select icaclient.adm. 5. Select Open to add the template and then Close to return to the Group Policy Editor. 6. From the Group Policy Editor, expand Administrative Templates, navigate through Citrix Components > Citrix Receiver > User authentication, double click Kerberos authentication and select Enabled. In Windows 7 and Windows Server 2008, expand Administrative Templates and navigate through Classic Administrative Templates (ADM) > Citrix Components to the desired configuration option. 7. From the Group Policy Editor, expand Administrative Templates and navigate through Citrix Components > Citrix Receiver > User authentication > Local user name and password. In Windows 7 and Windows Server 2008, expand Administrative Templates and navigate through Classic Administrative Templates (ADM) > Citrix Components to the desired configuration option. 8. From the Action menu, choose Properties and select Enabled > Enable pass-through authentication. To apply the setting, close and restart Receiver on the user device.
126
Securing Citrix Receiver Communication

To secure the communication between your server farm and Receiver, you can integrate your Receiver connections to the server farm with a range of security technologies, including:
q
Citrix Access Gateway. For information about configuring Access Gateway with Receiver Storefront, refer to the "Manage" topics in the Receiver Storefront documentation in eDocs. For information about configuring Access Gateway or Secure Gateway with Web Interface, refer to topics in this section. A SOCKS proxy server or secure proxy server (also known as security proxy server, HTTPS proxy server, or SSL tunneling proxy server). You can use proxy servers to limit access to and from your network and to handle connections between Receiver and servers. Receiver supports SOCKS and secure proxy protocols. SSL Relay solutions with Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols. A firewall. Network firewalls can allow or block packets based on the destination address and port. If you are using Receiver through a network firewall that maps the server's internal network IP address to an external Internet address (that is, network address translation, or NAT), configure the external address. Trusted server configuration.
Note: For information about increasing security in application streaming for desktops, see the Citrix Knowledge Base article Enhancing Security in Application Streaming for Desktops. Receiver is compatible with and functions in environments where the Microsoft Specialized Security - Limited Functionality (SSLF) desktop security templates are used. These templates are supported on the Microsoft Windows XP, Windows Vista, and Windows 7 platforms. Refer to the Windows XP, Windows Vista, and Windows 7 security guides available at http://technet.microsoft.com for more information about the templates and related settings.
127
Support for Microsoft Security Templates

Receiver is compatible with and functions in environments where the Microsoft Specialized Security - Limited Functionality (SSLF) desktop security templates are used. These templates are supported on the Microsoft Windows XP, Windows Vista, and Windows 7 platforms. Refer to the Windows XP, Windows Vista, and Windows 7 security guides available at http://technet.microsoft.com for more information about the templates and related settings.
128
Connecting with Access Gateway Enterprise Edition

This topic applies only to deployments using the Web Interface. Configure the XenApp Services site for the Receiver to support connections from an Access Gateway connection. 1. In the XenApp Services site, select Manage secure client access > Edit secure client access settings. 2. Change the Access Method to Gateway Direct. 3. Enter the FQDN of the Access Gateway appliance. 4. Enter the Secure Ticket Authority (STA) information.
129
To configure the Access Gateway appliance

1. Configure authentication policies to authenticate users connecting to the Access Gateway by using the Access Gateway Plug-in. Bind each authentication policy to a virtual server.
q
If double-source authentication is required (such as RSA SecurID and Active Directory), RSA SecurID authentication must be the primary authentication type. Active Directory authentication must be the secondary authentication type. RSA SecurID uses a RADIUS server to enable token authentication.
q Active Directory authentication can use either LDAP or RADIUS. Test a connection from a user device to verify that the Access Gateway is configured correctly in terms of networking and certificate allocation.
2. Create a session policy on the Access Gateway to allow incoming XenApp connections from the Receiver, and specify the location of your newly created XenApp Services site.
q
Create a new session policy to identify that the connection is from the Receiver. As you create the session policy, configure the following expression and select Match All Expressions as the operator for the expression: REQ.HTTP.HEADER User-Agent CONTAINS CitrixReceiver
130

q
In the associated profile configuration for the session policy, on the Security tab, set Default Authorization to Allow. On the Published Applications tab, if this is not a global setting (you selected the Override Global check box), ensure the ICA Proxy field is set to ON. In the Web Interface Address field, enter the URL including the config.xml for the XenApp Services site that the device users use, such as http://XenAppServerName/Citrix/PNAgent/config.xml or http://XenAppServerName/CustomPath/config.xml.
Bind the session policy to a virtual server. Create authentication policies for RADIUS and Active Directory. Bind the authentication policies to the virtual server.
Important: If the server certificate used on the Access Gateway is part of a certificate chain (with an intermediate certificate), make sure that the intermediate certificates are also installed correctly on the Access Gateway. For information about installing certificates, see the Access Gateway documentation.
131
Connecting with Access Gateway 5.0

This topic applies only to deployments using the Web Interface. Access Gateway setup requires that you configure a basic or a SmartAccess logon point on Access Gateway and use the Web address for the XenApp Services site. Before you configure a logon point, install the Web Interface and verify that it is communicating with the network. When you configure a logon point, you must also configure at least one Secure Ticket Authority (STA) server and ICA Access Control in Access Gateway. For more information, expand Access Gateway 5.0 in eDocs, and locate the topic To configure Access Gateway to use the Secure Ticket Authority.
132
To configure the Access Gateway 5.0 appliance

1. Configure Authentication profiles to authenticate users connecting to the Access Gateway using the Receiver.
q
If double source authentication is required (such as Active Directory and RSA SecurID), Active Directory authentication must be the primary authentication type. RSA SecurID authentication must be the secondary authentication type. RSA SecurID can use either RADIUS or an sdconf.rec file to enable token authentication.
You can configure Active Directory authentication on Access Controller. You can use Active Directory on the Access Gateway appliance by using either an LDAP or RADIUS authentication profile. Test a connection from a user device to verify that the Access Gateway is configured correctly in terms of networking and certificate allocation.
q
2. To establish communication with XenApp servers and the Web Interface, configure the Access Gateway with STA servers and the ICA Access Control list on Access Gateway. For more information, see the Access Gateway section of eDocs. 3. Configure logon points on the Access Gateway. Configure the Access Gateway to allow incoming XenApp connections from the Receiver, and specify the location of your Web Interface site. a. In the Access Gateway Management Console, click Management. b. Under Access Control, click Logon Points > New. c. In the Logon Points Properties dialog box, in Name, type a unique name for the logon point. d. Select the Type:
q
For a Basic logon point, in the Web Interface field, type the fully qualified domain name (FQDN) of the Web Interface, such as http://xenapp.domain.com/citrix/apps. You cannot configure a SmartGroup with a basic logon point. Select the authentication type, or click Authenticate with the Web Interface. If you select Authenticate with the Web Interface, when users type the URL to Access Gateway and enter credentials, the credentials are passed to the Web Interface for authentication.
For a SmartGroup to use the settings in a SmartAccess logon point, you must select the logon point within the SmartGroup. Select the authentication profiles. If you configure a SmartAccess logon point, Access Gateway authenticates users. You cannot configure authentication by using the Web Interface. If you select Single Sign-on to Web Interface, users do not have to log on to the Web Interface after logging on to the Access Gateway. If not selected, users must log on to both the Access Gateway and Web Interface.
133
Connecting with Access Gateway 5.0 e. Under Applications and Desktops, click Secure Ticket Authority and add the STA details. Make sure the STA information is the same as the Web Interface site. f. Finally, under Applications and Desktops, click XenApp or XenDesktop to add the ICA control list (required for Access Gateway 5.0). For more information, expand Access Gateway 5.0 in eDocs, and locate To configure ICA Access Control. Important: If the server certificate used on the Access Gateway is part of a certificate chain (with an intermediate certificate), make sure that the intermediate certificates are also installed correctly on the Access Gateway. For information about installing certificates, see the Access Gateway section on Configuring Intermediate Certificates.
134
To configure Access Controller

q
q
2. To establish communication with XenApp servers and the Web Interface, configure Access Controller to recognize the servers. Configure Access Controller to allow incoming XenApp connections from the Receiver and specify the location of your Web Interface site. a. In the Deliver Services Console, expand Citrix Resources > Access Gateway, and then click the Access Controller on which you want to create the Web resource. b. Expand Resources, click Web Resources, and then under Common tasks, click Create Web resource. In the wizard, enter a unique name. On the New Web Address page, enter the Web address URL of the XenApp Web site. c. In Application type, select Citrix Web Interface and click the Enable Single Sign-on check box. d. After you click OK, click Publish for users in their list of resources , and then in Home page, enter the URL of the XenApp Web Site, such as http://xenapp.domain.com/citrix/apps, and finish the wizard. e. In the navigation pane, click Logon Points, click Create logon point, and in the wizard, enter a unique name, and select the type:
q
For a Basic logon point, in the Web Interface field, type the fully qualified domain name (FQDN) of the Web Interface, such as http://xenapp.domain.com/citrix/apps. Select the Home page, and then select the authentication profile. Leave the remaining options as default values, and click Enable this logon point check box at the end of the wizard. For a SmartAccess logon point, on Select Home Page, select the Display the Web resource with the highest priority. Click Set Display Order, and move the Web Interface Web resource to the top.
Select the Authentication Profiles for both authentication and group extraction. Leave the remaining options as default values, and click Enable this logon point check box at the end of the wizard. f. In the navigation pane, under Policies > Access Policies, select Create access policy and on the Select Resources page, expand Web Resources to select the 135
Connecting with Access Gateway 5.0 Web Interface web resource. g. In Configure Policy Settings, select the settings, click Enable this policy to control this setting, and select Extended access, unless denied by another policy. Add the users allowed to access this resource and finish the wizard. h. In the navigation pane, under Access Gateway appliances, select Edit Access Gateway appliance properties, click Secure Ticket Authority and add the STA details. Make sure the STA information is the same as the Web Interface site. i. Finally, click ICA Access Control to add the ICA control list (required for Access Gateway 5.0). For more information, expand Access Gateway 5.0 in eDocs, and locate To configure ICA Access Control in the Access Controller documentation. Important: If the server certificate used on the Access Gateway is part of a certificate chain (with an intermediate certificate), make sure that the intermediate certificates are also installed correctly on the Access Gateway. For information about installing certificates, see the Access Gateway section on Configuring Intermediate Certificates.
136
Connecting with Secure Gateway

This topic applies only to deployments using the Web Interface. You can use the Secure Gateway in either Normal mode or Relay mode to provide a secure channel for communication between Receiver and the server. No Receiver configuration is required if you are using the Secure Gateway in Normal mode and users are connecting through the Web Interface. Receiver uses settings that are configured remotely on the server running the Web Interface to connect to servers running the Secure Gateway. See the topics for the Web Interface for information about configuring proxy server settings for Receiver. If the Secure Gateway Proxy is installed on a server in the secure network, you can use the Secure Gateway Proxy in Relay mode. See the topics for the Secure Gateway for more information about Relay mode. If you are using Relay mode, the Secure Gateway server functions as a proxy and you must configure Receiver to use:
q
The fully qualified domain name (FQDN) of the Secure Gateway server. The port number of the Secure Gateway server. Note that Relay mode is not supported by Secure Gateway Version 2.0.
The FQDN must list, in sequence, the following three components:

q
Host name Intermediate domain Top-level domain
For example: my_computer.my_company.com is an FQDN, because it lists, in sequence, a host name (my_computer), an intermediate domain (my_company), and a top-level domain (com). The combination of intermediate and top-level domain (my_company.com) is generally referred to as the domain name.
137
Connecting the Citrix Receiver through a Proxy Server

Proxy servers are used to limit access to and from your network, and to handle connections between Receivers and servers. Receiver supports SOCKS and secure proxy protocols. When communicating with the server farm, Receiver uses proxy server settings that are configured remotely on the server running Receiver for Web or the Web Interface. For information about proxy server configuration, refer to Receiver Storefront or Web Interface documentation. In communicating with the Web server, Receiver uses the proxy server settings that are configured through the Internet settings of the default Web browser on the user device. You must configure the Internet settings of the default Web browser on the user device accordingly.
138
Connecting with Secure Sockets Layer Relay

You can integrate Receiver with the Secure Sockets Layer (SSL) Relay service. Receiver supports both SSL and TLS protocols.
q
SSL provides strong encryption to increase the privacy of your ICA connections and certificate-based server authentication to ensure the server you are connecting to is a genuine server. TLS (Transport Layer Security) is the latest, standardized version of the SSL protocol. The Internet Engineering Taskforce (IETF) renamed it TLS when it took over responsibility for the development of SSL as an open standard. TLS secures data communications by providing server authentication, encryption of the data stream, and message integrity checks. Because there are only minor technical differences between SSL Version 3.0 and TLS Version 1.0, the certificates you use for SSL in your software installation will also work with TLS. Some organizations, including U.S. government organizations, require the use of TLS to secure data communications. These organizations may also require the use of validated cryptography, such as FIPS 140 (Federal Information Processing Standard). FIPS 140 is a standard for cryptography.
139
Connecting with Citrix SSL Relay

By default, Citrix SSL Relay uses TCP port 443 on the XenApp server for SSL/TLS-secured communication. When the SSL Relay receives an SSL/TLS connection, it decrypts the data before redirecting it to the server, or, if the user selects SSL/TLS+HTTPS browsing, to the Citrix XML Service. If you configure SSL Relay to listen on a port other than 443, you must specify the nonstandard listening port number to the plug-in. You can use Citrix SSL Relay to secure communications:
q
Between an SSL/TLS-enabled client and a server. Connections using SSL/TLS encryption are marked with a padlock icon in the Citrix Connection Center. With a server running the Web Interface, between the XenApp server and the Web server.
For information about configuring and using SSL Relay to secure your installation, see the Citrix XenApp administrators documentation. For information about configuring the server running the Web Interface to use SSL/TLS encryption, see the Web Interface administrators documentation.
140
User Device Requirements

In addition to the System Requirements, you also must ensure that:
q
The user device supports 128-bit encryption The user device has a root certificate installed that can verify the signature of the Certificate Authority on the server certificate Receiver is aware of the TCP listening port number used by the SSL Relay service in the server farm Any service packs or upgrades that Microsoft recommends are applied
If you are using Internet Explorer and you are not certain about the encryption level of your system, visit the Microsoft Web site at http://www.microsoft.com to install a service pack that provides 128-bit encryption. Important: Receiver supports certificate key lengths of up to 4096 bits. Ensure that the bit lengths of your Certificate Authority root and intermediate certificates, and those of your server certificates, do not exceed the bit length your Receiver supports or connection might fail.
141
To apply a different listening port number for all connections

If you are changing this on a local computer, close all Receiver components, including the Connection Center. 1. As an administrator, open the Group Policy Editor by either running gpedit.msc locally from the Start menu when applying policies to a single computer or by using the Group Policy Management Console when applying domain policies. Note: If you already imported the icaclient template into the Group Policy Editor, you can omit Steps 2 to 5. 2. In the left pane of the Group Policy Editor, select the Administrative Templates folder. 3. From the Action menu, choose Add/Remove Templates. 4. Choose Add and browse to the plug-in Configuration folder (usually C:\Program Files\Citrix\ICA Client\Configuration) and select icaclient.adm. 5. Select Open to add the template and then Close to return to the Group Policy Editor. 6. From the Group Policy Editor, expand Administrative Templates and navigate through Citrix Components > Citrix Receiver > Network routing > TLS/SSL data encryption and server identification. In Windows 7 and Windows Server 2008, expand Administrative Templates and navigate through Classic Administrative Templates (ADM) > Citrix Components to the desired configuration option. 7. From the Action menu, choose Properties, select Enabled, and type a new port number in the Allowed SSL servers text box in the following format: server:SSL relay port number where SSL relay port number is the number of the listening port. You can use a wildcard to specify multiple servers. For example, *.Test.com:SSL relay port number matches all connections to Test.com through the specified port.
142
To apply a different listening port number to particular connections only

If you are changing this on a local computer, close all Receiver components, including the Connection Center. 1. As an administrator, open the Group Policy Editor by either running gpedit.msc locally from the Start menu when applying policies to a single computer or by using the Group Policy Management Console when applying domain policies. Note: If you already added the icaclient template to the Group Policy Editor, you can omit Steps 2 to 5. 2. In the left pane of the Group Policy Editor, select the Administrative Templates folder. 3. From the Action menu, choose Add/Remove Templates. 4. Choose Add and browse to the Receiver Configuration folder (usually C:\Program Files\Citrix\ICA Client\Configuration) and select icaclient.adm. 5. Select Open to add the template and then Close to return to the Group Policy Editor. 6. From the Group Policy Editor, expand Administrative Templates and navigate through Citrix Components > Citrix Receiver > Network routing > TLS/SSL data encryption and server identification. In Windows 7 and Windows Server 2008, expand Administrative Templates and navigate through Classic Administrative Templates (ADM) > Citrix Components to the desired configuration option. 7. From the Action menu, choose Properties, select Enabled, and type a comma-separated list of trusted servers and the new port number in the Allowed SSL servers text box in the following format: servername:SSL relay port number,servername:SSL relay port number where SSL relay port number is the number of the listening port. You can specify a comma-separated list of specific trusted SSL servers similar to this example:
csghq.Test.com:443,fred.Test.com:443,csghq.Test.com:444 which translates into the following in an example appsrv.ini file: [Word] SSLProxyHost=csghq.Test.com:443 [Excel] SSLProxyHost=csghq.Test.com:444 [Notepad] SSLProxyHost=fred.Test.com:443
143
Configuring and Enabling Receivers for SSL and TLS

SSL and TLS are configured in the same way, use the same certificates, and are enabled simultaneously. When SSL and TLS are enabled, each time you initiate a connection, Receiver tries to use TLS first and then tries SSL. If it cannot connect with SSL, the connection fails and an error message appears. To force Receiver to connect with TLS, you must specify TLS on the Secure Gateway server or SSL Relay service. See the topics for the Secure Gateway or your SSL Relay service documentation for more information. In addition, make sure the user device meets all system requirements. To use SSL/TLS encryption for all Receiver communications, configure the user device, Receiver, and, if using Web Interface, the server running the Web Interface. For information about securing Receiver Storefront communications, refer to topics under "Secure" in the Receiver Storefront documentation in eDocs.
144
Installing Root Certificates on the User Devices

To use SSL/TLS to secure communications between a SSL/TLS-enabled Receiver and the server farm, you need a root certificate on the user device that can verify the signature of the Certificate Authority on the server certificate. Receiver supports the Certificate Authorities that are supported by the Windows operating system. The root certificates for these Certificate Authorities are installed with Windows and managed using Windows utilities. They are the same root certificates that are used by Microsoft Internet Explorer. If you use your own Certificate Authority, you must obtain a root certificate from that Certificate Authority and install it on each user device. This root certificate is then used and trusted by both Microsoft Internet Explorer and Receiver. You might be able to install the root certificate using other administration or deployment methods, such as:
q
Using the Microsoft Internet Explorer Administration Kit (IEAK) Configuration Wizard and Profile Manager Using third-party deployment tools
Make sure that the certificates installed by your Windows operating system meet the security requirements for your organization or use the certificates issued by your organizations Certificate Authority.
145
To configure Web Interface to use SSL/TLS for Receiver

1. To use SSL/TLS to encrypt application enumeration and launch data passed between Receiver and the server running the Web Interface, configure the appropriate settings using the Web Interface. You must include the computer name of the XenApp server that is hosting the SSL certificate. 2. To use secure HTTP (HTTPS) to encrypt the configuration information passed between Receiver and the server running the Web Interface, enter the server URL in the format https://servername. In the Windows notification area, right-click the Receiver icon and choose Preferences. 3. Right-click the Online Plug-in entry in the Plug-in Status and choose Change Server.
146
To configure TLS support

If you are changing this on a local computer, close all Receiver components, including the Connection Center. 1. As an administrator, open the Group Policy Editor by running gpedit.msc locally from the Start menu when applying this to a single computer or by using the Group Policy Management Console when using Active Directory. Note: If you already imported the icaclient template into the Group Policy Editor, you can omit Steps 2 to 5 2. In the left pane of the Group Policy Editor, select the Administrative Templates folder. 3. From the Action menu, choose Add/Remove Templates. 4. Choose Add and browse to the Receiver Configuration folder (usually C:\Program Files\Citrix\ICA Client\Configuration) and select icaclient.adm. 5. Select Open to add the template and then Close to return to the Group Policy Editor. 6. From the Group Policy Editor, expand Administrative Templates and navigate through Citrix Components > Citrix Receiver > Network routing > TLS/SSL data encryption and server identification. 7. From the Action menu, choose Properties, select Enabled, and from the drop-down menus, select the TLS settings.
q
Set SSL/TLS Version to TLS or Detect all to enable TLS. If Detect all is selected, Receiver connects using TLS encryption. If a connection using TLS fails, Receiver connects using SSL. Set SSL ciphersuite to Detect version to have Receiver negotiate a suitable ciphersuite from the Government and Commercial ciphersuits. You can restrict the ciphersuites to either Government or Commercial. Set CRL verification to Require CRLs for connection requiring Receiver to try to retrieve Certificate Revocation Lists (CRLs) from the relevant certificate issuers.
147
To use the Group Policy template on Web Interface to meet FIPS 140 security requirements
If you are changing this on a local computer, close all Receiver components, including the Connection Center.
To meet FIPS 140 security requirements, use the Group Policy template to configure the parameters or include the parameters in the Default.ica file on the server running the Web Interface. See the information about Web Interface for additional information about the Default.ica file. 1. As an administrator, open the Group Policy Editor by either running gpedit.msc locally from the Start menu when applying policies to a single computer or by using the Group Policy Management Console when applying domain policies. Note: If you already imported the icaclient template into the Group Policy Editor, you can omit Steps 3 to 5. 2. In the left pane of the Group Policy Editor, select the Administrative Templates folder. 3. From the Action menu, choose Add/Remove Templates. 4. Choose Add and browse to the Receiver Configuration folder (usually C:\Program Files\Citrix\ICA Client\Configuration) and select icaclient.adm. 5. Select Open to add the template and then Close to return to the Group Policy Editor. 6. From the Group Policy Editor, expand Administrative Templates and navigate through Citrix Components > Citrix Receiver > Network routing > TLS/SSL data encryption and server identification. 7. From the Action menu, choose Properties, select Enabled, and from the drop-down menus, select the correct settings.
q
q q
Set SSL/TLS Version to TLS or Detect all to enable TLS. If Detect all is selected, Receiver tries to connect using TLS encryption. If a connection using TLS fails, Receiver tries to connect using SSL. Set SSL ciphersuite to Government. Set CRL verification to Require CRLs for connection.
148
To configure the Web Interface to use SSL/TLS when communicating with Citrix Receiver
When using the Web Interface, specify the computer name of the server hosting the SSL certificate. See the information about Web Interface for more details about using SSL/TLS to secure communications between Receiver and the Web server. 1. From the Configuration settings menu, select Server Settings. 2. Select Use SSL/TLS for communications between clients and the Web server. 3. Save your changes. Selecting SSL/TLS changes all URLs to use HTTPS protocol.
149
To configure Citrix XenApp to use SSL/TLS when communicating with Citrix Receiver
You can configure the XenApp server to use SSL/TLS to secure the communications between Receiver and the server. 1. From the Citrix management console for the XenApp server, open the Properties dialog box for the application you want to secure. 2. Select Advanced > Client options and ensure that you select Enable SSL and TLS protocols. 3. Repeat these steps for each application you want to secure. When using the Web Interface, specify the computer name of the server hosting the SSL certificate. See the information about Web Interface for more details about using SSL/TLS to secure communications between Receiver and the Web server.
150
To configure Citrix Receiver to use SSL/TLS when communicating with the server running the Web Interface
You can configure Receiver to use SSL/TLS to secure the communications between Receiver and the server running the Web Interface. Ensure that a valid root certificate is installed on the user device. For more information, see Installing Root Certificates on the User Devices. 1. In the Windows notification area, right-click the Receiver icon and choose Preferences. 2. Right-click the Online Plug-in entry in the Plug-in Status and choose Change Server. 3. The Change Server screen displays the currently configured URL. Enter the server URL in the text box in the format https://servername to encrypt the configuration data using SSL/TLS. 4. Click Update to apply the change. 5. Enable SSL/TLS in the client device browser. For more information about enabling SSL/TLS in the browser, see the online Help for the browser.
151
ICA File Signing - Protection Against Application or Desktop Launches From Untrusted Servers
The ICA File Signing feature helps protect users from unauthorized application or desktop launches.Citrix Receiver verifies that a trusted source generated the application or desktop launch based on administrative policy and protects against launches from untrusted servers. You can configure this Receiver security policy for application or desktop launch signature verification using Group Policy Objects, Receiver Storefront, or Citrix Merchandising Server. ICA file signing is not enabled by default. For information about enabling ICA file signing for Receiver Storefront, refer to the Receiver Storefront documentation. For Web Interface deployments, the Web Interface enables and configures application or desktop launches to include a signature during the launch process using the Citrix ICA File Signing Service. The service can sign ICA files using a certificate from the computer's personal certificate store. The Citrix Merchandising Server with Receiver enables and configures launch signature verification using the Citrix Merchandising Server Adminstrator Console > Deliveries wizard to add trusted certificate thumbprints. To use Group Policy Objects to enable and configure application or desktop launch signature verification, follow this procedure: 1. As an administrator, open the Group Policy Editor by either running gpedit.msc locally from the Start menu when applying policies to a single computer or by using the Group Policy Management Console when applying domain policies. Note: If you already imported the ica-file-signing.adm template into the Group Policy Editor, you can omit Steps 2 to 5. 2. In the left pane of the Group Policy Editor, select the Administrative Templates folder. 3. From the Action menu, choose Add/Remove Templates. 4. Choose Add and browse to the Receiver Configuration folder (usually C:\Program Files\Citrix\ICA Client\Configuration) and select ica-file-signing.adm. 5. Select Open to add the template and then Close to return to the Group Policy Editor. 6. From the Group Policy Editor, expand Administrative Templates and navigate through Citrix Components > Enable ICA File Signing. In Windows 7 and Windows Server 2008, expand Administrative Templates and navigate through Classic Administrative Templates (ADM) > Citrix Components to the desired configuration option. 7. If you choose Enabled, you can add signing certificate thumbprints to the white list of trusted certificate thumbprints or remove signing certificate thumbprints from the
152
ICA File Signing - Protection Against Application or Desktop Launches From Untrusted Servers white list by clicking Show and using the Show Contents screen. You can copy and paste the signing certificate thumbprints from the signing certificate properties. Use the Policy drop-down menu to select Only allow signed launches (more secure) or Prompt user on unsigned launches (less secure). Option Only allow signed launches (more secure) Description Allows only properly signed application or desktop launches from a trusted server. The user sees a Security Warning message in Receiver if an application or desktop launch has an invalid signature. The user cannot continue and the unauthorized launch is blocked. Prompts the user every time an unsigned or invalidly signed application or desktop attempts to launch. The user can either continue the application launch or abort the launch (default).
Prompt user on unsigned launches (less secure)
153
Selecting and Distributing a Digital Signature Certificate

When selecting a digital signature certificate, Citrix recommends you choose from this prioritized list: 1. Buy a code-signing certificate or SSL signing certificate from a public Certificate Authority (CA). 2. If your enterprise has a private CA, create a code-signing certificate or SSL signing certificate using the private CA. 3. Use an existing SSL certificate, such as the Web Interface or Self-service Plug-in server certificate. 4. Create a new root CA certificate and distribute it to user devices using GPO or manual installation.
154
Configuring a Web Browser and ICA File to Enable Single Sign-on and Manage Secure Connections to Trusted Servers
To use Single sign-on (SSO) and to manage secure connections to trusted servers, add the Citrix server's site address to the Local intranet or Trusted sites zones in Internet Explorer under Tools > Internet Options > Security on the user device. The address can include the wildcard (*) formats supported by the Internet Security Manager (ISM) or be as specific as protocoll://URL[:port]. The same format must be used in both the ICA file and the sites entries. For example, if you use a fully qualified domain name (FQDN) in the ICA file, you must use an FQDN in the sites zone entry. XenDesktop connections use only a desktop group name format.
Supported Formats (Including Wildcards)

http[s]://10.2.3.4 http[s]://10.2.3.* http[s]://hostname http[s]://fqdn.example.com http[s]://*.example.com http[s]://cname.*.example.com http[s]://*.example.co.uk desktop://group-20name ica[s]://xaserver1 ica[s]://xaserver1.example.com
Launching SSO or Using Secure Connections with a web site

Add the exact address of the Receiver for Web or the Web Interface site in the sites zone. Example Web Site Addresses https://my.company.com 155
Configuring a Web Browser and ICA File to Enable Single Sign-on and Manage Secure Connections to Trusted Servers http://10.20.30.40 http://server-hostname:8080 https://SSL-relay:444
XenDesktop Connections with Desktop Viewer

Add the address in the form desktop://Desktop Group Name. If the desktop group name contains spaces, replace each space with -20.
Custom ICA Entry Formats

Use one of the following formats in the ICA file for the Citrix server site address. Use the same format to add it to the Local intranet or Trusted sites zones in Internet Explorer under Tools > Internet Options > Security on the user device: Example of ICA File HttpBrowserAddress Entry HttpBrowserAddress=XMLBroker.XenappServer.example.com:8080 Examples of ICA File XenApp Server Address Entry If the ICA file contains only the XenApp server Address field, use one of the following entry formats: icas://10.20.30.40:1494 icas://my.xenapp-server.company.com ica://10.20.30.40
156
To set client resource permissions

You can set client resource permissions using trusted and restricted site regions by:
q
Adding the Receiver for Web or the Web Interface site to the Trusted Site list Making changes to new registry settings
Note: Due to enhancements to Receiver, the .ini procedure available in earlier versions of the plug-in/Receiver is replaced with these procedures. Caution: Editing the Registry incorrectly can cause serious problems that may require you to reinstall your operating system. Citrix cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. Be sure to back up the registry before you edit it.
To add the web site to the trusted site list

1. From the Internet Explorer Tools menu, choose Internet Options > Security. 2. Select the Trusted sites icon and click the Sites button. 3. In the Add this website to the zone text field, type the URL to your Receiver for Web or Web Interface site and click Add. 4. Download the registry settings from http://support.citrix.com/article/CTX124871.html and make any registry changes. Use SsonRegUpx86.reg for Win32 user devices and SsonRegUpx64.reg for Win64 user devices. 5. Log off and then log on to the user device.
157
To change client resource permissions in the registry

1. Download the registry settings from http://support.citrix.com/article/CTX124871.html and import the settings on each user device. Use SsonRegUpx86.reg for Win32 user devices and SsonRegUpx64.reg for Win64 user devices. 2. In the registry editor, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Client Selective Trust and in the appropriate regions, change the default value to the required access values for any of the following resources: Resource key FileSecurityPermission MicrophoneAndWebcamSecurityPermission PdaSecurityPermission ScannerAndDigitalCameraSecurityPermission Value 0 1 2 3 Description No Access Read-only access Full access Prompt user for access Resource description Client drives Microphones and webcams PDA devices USB and other devices
158
Enabling Smart Card Logon

You must use Receiver (Enterprise) for smart card support. Enabling smart card logon allows users to use smart cards instead of passwords to authenticate to XenApp servers. You can use smart card logon either with or without pass-through authentication. You must enable smart card support on the server and set up and configure the user device properly with third-party smart card hardware and software. Refer to the documentation that came with your smart card equipment for instructions about deploying smart cards within your network. The smart card removal policy set on XenApp determines what happens if you remove the smart card from the reader during an ICA session. The smart card removal policy is configured through and handled by the Windows operating system.
q
Kerberos pass-through authentication requires a smart card inserted in the smart card reader at logon time only. With this logon mode selected, the plug-in prompts the user for a smart card PIN (Personal Identification Number) when it starts up. Kerberos pass-through authentication then caches the PIN and passes it to the server every time the user requests a published resource. The user does not have to subsequently reenter a PIN to access published resources or have the smart card continuously inserted. If authentication based on the cached PIN fails or if a published resource itself requires user authentication, the user continues to be prompted for a PIN. Disabling pass-through authentication requires a smart card to be present in the smart card reader whenever the user accesses a server. With pass-through disabled, the plug-in prompts the user for a smart card PIN when it starts up and every time the user requests a published resource.
159
Enforcing Trust Relations

Trusted server configuration is designed to identify and enforce trust relations involved in Receiver connections. This trust relationship increases the confidence of Receiver administrators and users in the integrity of data on user devices and prevents the malicious use of Receiver connections. When this feature is enabled, Receivers can specify the requirements for trust and determine whether or not they trust a connection to the server. For example, a Receiver connecting to a certain address (such as https://*.citrix.com) with a specific connection type (such as SSL) is directed to a trusted zone on the server. When trusted server configuration is enabled, XenApp servers or the Access Gateway must reside in a Windows Trusted Sites zone. (For step-by-step instructions about adding servers to the Windows Trusted Sites zone, see the Internet Explorer online help.) If you connect using SSL, add the server name in the format https://CN, where CN is the Common Name shown on the SSL certificate. Otherwise, use the format that Receiver uses to connect; for example if Receiver connects using an IP address, add the servers IP address. To enable trusted server configuration If you are changing this on a local computer, close all Receiver components, including the Connection Center. 1. As an administrator, open the Group Policy Editor by either running gpedit.msc locally from the Start menu when applying policies to a single computer or by using the Group Policy Management Console when applying domain policies. Note: If you already imported the icaclient template into the Group Policy Editor, you can omit Steps 2 to 5. 2. In the left pane of the Group Policy Editor, select the Administrative Templates folder. 3. From the Action menu, choose Add/Remove Templates. 4. Choose Add and browse to the Receiver Configuration folder (usually C:\Program Files\Citrix\ICA Client\Configuration) and select icaclient.adm. 5. Select Open to add the template and then Close to return to the Group Policy Editor. 6. Expand the Administrative Templates folder under the User Configuration node. 7. From the Group Policy Editor, expand Administrative Templates and navigate through Citrix Components > Citrix Receiver > Network Routing > Configure trusted server configuration. In Windows 7 and Windows Server 2008, expand Administrative Templates and navigate through Classic Administrative Templates (ADM) > Citrix Components to the desired configuration option. 8. From the Action menu, choose Properties and select Enabled. 160
161
Elevation Level and wfcrun32.exe

When User Access Control (UAC) is enabled on devices running Windows Vista or Windows 7, only processes at the same elevation/integrity level as wfcrun32.exe can launch published applications. Example 1: When wfcrun32.exe is running as a normal user (un-elevated), other processes such as Receiver must be running as a normal user to launch applications through wfcrun32. Example 2: When wfcrun32.exe is running in elevated mode, other processes such as Connection Center, Receiver, and third party applications using the ICA Client Object that are running in non-elevated mode cannot communicate with wfcrun32.exe.
162

Quick Links About this Release System Requirements and Compatibility for Receiver for Windows 3.1 Licensing Your Product Overview of Citrix Receiver for Windows Installation Packages To configure and install the Citrix Receiver for Windows using command-line parameters Using the Receiver with XenDesktop Connections Optimizing the Receiver Environment Improving the Receiver User Experience Securing Your Connections Securing Citrix Receiver Communication
163

Quick Links About this Release System Requirements and Compatibility for Receiver for Windows 3.1 Licensing Your Product Overview of Citrix Receiver for Windows Installation Packages To configure and install the Citrix Receiver for Windows using command-line parameters Using the Receiver with XenDesktop Connections Optimizing the Receiver Environment Improving the Receiver User Experience Securing Your Connections Securing Citrix Receiver Communication
164
About Citrix Receiver for Windows 3.1

What's New in the Citrix Receiver Standard Package
Citrix Receiver (CitrixReceiver.exe) has been enhanced for on-demand access to Windows, Web, and Software as a Service (SaaS) applications. You can now configure it for use with Citrix CloudGateway.
q
CloudGateway Express Interoperability - Enables existing XenApp and XenDesktop customers to deliver all their Windows apps and desktops to any device using a unified StoreFront with self-service. CloudGateway Enterprise Interoperability - Enables enterprises to aggregate, control, and deliver all of their Windows, web and SaaS apps to any user on any device. Flexible installation methods - You can install CitrixReceiver.exe from Receiver for Web and Web Interface with or without administrator rights or you can use electronic software distribution (ESD) tools like Active Directory Group Policy Objects (GPO) or SCCM. Administrator rights are required to install CitrixReceiver.exe if it will use pass-through authentication. (Receiver for Web sites do not support domain pass-through authentication.) Self-service - Citrix Receiver displays all the resources that you make available to users. Users can browse the list or search for the resources they require and subscribe with a single click. Enabled using one-click configuration and CloudGateway. One-click configuration - Opening a configuration file after installing Citrix Receiver activates self-service access to CloudGateway-published resources. You can publish the configuration file on a web site or email it to multiple users. Secure, remote access through Access Gateway - Integration with Access Gateway provides users with secure access to all enterprise applications, virtual desktops, and data. Domain pass-through authentication - Users already logged on to their domain account do not need to authenticate to access applications. Enable this functionality using a command line switch.
Auto-provisioned applications - Receiver automatically adds administrator-designated applications when users first authenticate. Requires CloudGateway StoreFront. CloudGateway internal URL redirection - When a URL is redirected, Receiver checks a keyword to determine if the URL requires an Access Gateway VPN connection for access. If the VPN client is installed, it starts the VPN client and opens the page. Receiver for all devices - User experience is consistent across Receiver platforms and devices. Follow-me subscriptions - Users selected applications follow them across devices. Requires CloudGateway StoreFront.
165
About Citrix Receiver for Windows 3.1

q
Work space control improvements - Active sessions follow users as they roam from one device to another. Previously, the Self-Service Plug-in disabled workspace control. Multiple account support - Users can access applications and desktops from multiple data centers using different security provisions. Expanded browser support - Chrome versions 10.0 and later are supported. Pre-installation of Firefox is no longer required.
Citrix Receiver supports Web Interface for legacy deployments.
What's New in the Citrix Receiver Enterprise Package

The Citrix Receiver Enterprise package does not contain any new features. With the upgrade in features in the standard Receiver, the Receiver Enterprise package is required only to support applications that use Smart Card authentication.
Known Issues
q
General Issues
q
When configured with multiple stores, Receiver might confuse the gateways required to connect to a store causing incorrect apps being available to users. Work around: Configure only one store. [#0263165] If you use the Receiver with XenApp 5.0 Feature Pack 2 for Windows Server 2003 (32- or 64-bit editions), the Receiver plays audio even when you configure the Turn off speakers policy setting to disable the audio. [#242703] You might receive an error message when trying to launch an application with Web Interface after installing a previous version of the Receiver (Online plug-in) while logged in as one user, upgrading with CitrixReceiver.exe as another user, logging off the Receiver, and logging back on with the previous user name. The error message is: Citrix online plug-in Configuration Manager: No value could be found for (ClientHostedApps) that satisfies all lock down requirements. The lockdown requirements in force may be conflicting. [#261877]
166
About Citrix Receiver for Windows 3.1 As a workaround, set the following registry key: HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Control Name: ClientHostedApps Value: FALSE (or set to * / TRUE if you have overridden the defaults in HKEY_LOCAL_MACHINE)
q
If you use Web Interface with Internet Explorer 8 and Windows 7 to upgrade to this version of Citrix Receiver, the upgrade finishes, but the Upgrade in Progress message remains on the screen and the log on screen does not appear. Workaround: Restart the browser [#247858] When you launch applications using the Web Interface, Connection Center does not enumerate the sessions. [#261177] After you launch a published application that is filtered by XenApp for Access Gateway, other published applications do not launch. [#263003] In some environments, content redirection may not work until the published application is launched for the first time. [#0252515] When versions of Receiver are localized in Traditional Chinese, Korean, or Russian and integrated with Access Gateway Standard Edition, the Receiver log on screen displays in English because of an Access Gateway Standard Edition language limitation. [#0263442] When the offline plug-in is not installed and a streamed application is configured to fallback to ICA and the XenApp server is down, an incorrect error message appears informing you that the correct plug-in is not installed. [#0273813] If Certificate Revocation List (CRL) checking is disabled in Internet Options on the user device, this overrides the CertificateRevocationCheck registry setting for Receiver for Windows. This means users may be able to access Web sites that do not have valid certificates. As a workaround, ensure that the Check server revocation option located at Settings > Control Panel > Internet Options > Advanced is enabled. [#0032682] Receiver does not support the VPN keyword in Access Gateway ClientChoices mode. [#0274828]
Desktop Connections
q
Loss of video is experienced if files are being played with a published version of Windows Media Player through a virtual desktop session, and the Desktop Viewer window is changed from full-screen to window mode. As a workaround, minimize and restore the Media Player window, and then pause and resume the application (or stop and restart it). [#246230] You cannot log off gracefully from Windows XP 32-bit virtual desktops if you start (but do not log on to) the Receiver in the desktop session. If the Receiver logon dialog box is not completed, you cannot log off from the desktop. To work around the issue, complete the logon dialog box or close it. This issue is not observed on other virtual
167
About Citrix Receiver for Windows 3.1 desktop operating systems. [#246516]
q
If virtual desktops are installed with the Virtual Desktop Agent supplied with XenDesktop 5.0, Receiver for Windows 3.0 displays an error if the user starts a published application from the desktop. The workaround is to use the Virtual Desktop Agent supplied with XenDesktop 5.5. [#263079] The Citrix Desktop Lock does not redirect Adobe Flash content to domain-joined user devices. The content can be viewed but is rendered on the server, not locally. As a workaround, Adobe Flash redirection can be configured for server-side content fetching to pass the content from the server to the user device. This issue does not occur on non-domain-joined devices or when the content is viewed with the Desktop Viewer. [#263092] The Desktop Viewer Devices menu may not close when the user clicks the Devices icon. It also may remain open after its corresponding dialog box closes. If this occurs, click the Devices icon again. [#262202] Windows Media Player, when displayed in the non-primary monitor of a two-monitor Windows user device, may not work as expected. Due to an issue with the DirectX video mixing renderer filter VMR-9, the screen is black and there is no sound, although the player's progress bar advances. To correct this issue, edit the registry on the user device from which the XenDesktop connection is launched. In the HKEY_CURRENT_USER\Software\Citrix subkey, create the HdxMediaStream key. Name the key DisableVMRSupport. Set the type as REG_DWORD. Give the key the value 3. [#262852]
Third-Party Issues
168
System Requirements and Compatibility for the Citrix Receiver for Windows
q

q
q
XenApp (any of the following products):

q
q q
XenDesktop 4 To manage connections to apps and desktops, Citrix Receiver supports Cloud Gateway or Web Interface :
q
169
System Requirements
q
CloudGateway Express, with Receiver Storefront 1.0 and, for optional access to resources from a web page, Receiver for Web 1.0 CloudGateway Enterprise 1.0, for apps hosted on a network, on an Infrastructure as a Service (IaaS) platform, or configured as Software as a Service (SaaS) Web Interface 5.x for Windows with a XenApp Services and XenDesktop Web site
Connectivity Citrix Receiver supports HTTPS and ICA-over-SSL connections through any one of the following configurations.
q
For LAN connections:

q
Receiver StoreFront 1.0, using StoreFront services or Receiver for Web sites
Web Interface 5.x for Windows, using XenApp Services and XenDesktop Web sites (Program Neighborhood Agent sites are also supported for legacy installations) For secure remote or local connections:
q q
Citrix Access Gateway VPX Citrix Access Gateway 5.0 Citrix Access Gateway Enterprise Edition 9.x
Citrix Secure Gateway 3.x You can use Access Gateway with Receiver StoreFront or Web Interface. You can use Secure Gateway only with Web Interface.
q q
Authentication Receiver for Windows 3.1, when used with Receiver StoreFront 1.0, supports the following authentication methods:
q
Domain Domain pass-through** Security token
Two-factor (domain plus security token)* Receiver for Windows 3.1, when used with Web Interface 5.X, supports the following authentication methods:
q q
Domain Security token Two-factor (domain plus security token)*
170
System Requirements
q
SMS* Smart card (with or without Access Gateway)
* These authentication methods are available only in deployments that include Access Gateway. ** Receiver for Web sites do not support domain pass-through authentication. For more information about authentication, including certificate requirements, refer to the "Manage" topics in the Receiver StoreFront documentation. If your site requires Smart Card authentication for connections to applications, use Receiver (Enterprise) with Web Interface. For information about other authentication methods supported by Web Interface, refer to "Configuring Authentication for the Web Interface" in the Web Interface documentation.
q
Certificates For information about security certificates, refer to topics under Secure Connections and Secure Communications.
Upgrades. Upgrades are supported only for Citrix XenApp Plugin for Hosted Apps 11.0, Desktop Receiver 11.1, and Citrix online plug-in 11.1,11.2, 12.0, and 12.1, and Receiver for Windows 3.0 releases. Availability of the Receiver for Windows 3.1 features. Some of the features and functionality of Receiver are available only when connecting to newer XenApp and XenDesktop versions and might require the latest hotfixes for XenApp, XenDesktop, and Secure Gateway. Previous versions of the Presentation Server Client/Online Plug-in and the current icaclient.adm file. Previous versions of the Presentation Server Client and Online Plug-in are not compatible with the Receiver for Windows 3.1 icaclient.adm file. Supported Browsers:
q
Internet Explorer Version 6.0 through 9.0 Mozilla Firefox Version 1.x through 5.x
Google Chrome Version 10.0 and later .NET Framework Requirements (XenDesktop Connections Only)
q
To use the Desktop Viewer, .NET 2.0 Service Pack 1 or later is required. This version is required because, if Internet access is not available, certificate revocation checks slow down connection startup times. The checks can be turned off and startup times improved with this version of the Framework but not with .NET 2.0. Use of the Citrix Desktop Lock does not require the .NET Framework to be installed.
q
q
171
System Requirements
q
For network connections to the server farm, a network interface card (NIC) and the appropriate network transport software
Supported Connection Methods and Network Transports:

q
TCP/IP+HTTP
SSL/TLS+HTTPS HDX MediaStream Multimedia Acceleration

q
Applications and media formats supported by HDX MediaStream Multimedia Acceleration are:
q
Applications based on Microsofts DirectShow, DirectX Media Objects (DMO), and Media Foundation filter technologies such as Windows Media Player and RealPlayer. Applications like Internet Explorer and Microsoft Encarta are also supported, as they leverage Windows Media Player. Both file-based and streaming (URL-based) media formats: WAV, all variations of MPEG, unprotected Windows Media Video (WMV), and Windows Media Audio (WMA).
Note: HDX MediaStream Multimedia Acceleration does not support media files protected with Digital Rights Management (DRM).
q
Smart Cards and the Citrix Desktop Lock The Citrix Desktop Lock can be used with smart cards connected to domain-joined user devices running Windows XP or Windows XPe but not Windows 7 or Windows Embedded Standard 7. This limitation does not apply to non-domain-joined user devices.
172

Citrix Receiver for Windows (Citrix Receiver) delivers apps, desktops, and IT services to Windows PCs. Citrix Receiver supports Citrix CloudGateway:
q
CloudGateway Express enables XenApp and XenDesktop customers to deliver Windows apps and desktops by using a unified StoreFront with self-service. CloudGateway Enterprise enables enterprises to aggregate, control, and deliver all of their Windows, web and SaaS apps.
Receiver also supports Citrix Web Interface for legacy deployments. Receiver handles the following functions:
q
User authentication. Receiver provides user credentials to CloudGateway or Web Interface when users try to connect and every time they launch published resources. Application and content enumeration. Receiver presents users with their individual set of published resources. Application launching. Receiver is the local engine used to launch published applications. Desktop integration. Receiver integrates a users set of published resources (including virtual desktops) with the users physical desktop. User preferences. Receiver validates and implements local user preferences.
Two Citrix Receiver packages are available.

q
Citrix Receiver (standard, CitrixReceiver.exe) supports Citrix CloudGateway and, for legacy deployments, Web Interface. Standard Receiver features include:
q
Receiver Experience, enabling users to seamlessly transition between devices and connection types Web plug-in Authentication Manager Single sign-on/pass-through authentication Self-service Generic USB (XenDesktop) Desktop Viewer (XenDesktop) HDX Media Stream for Flash
173
Get Started
q
Aero desktop experience (for operating systems that support it)
Citrix Receiver (enterprise, CitrixReceiverEnterprise.exe) is required only for applications that use Smart Card authentication. It supports Web Interface only and includes the same features as the standard package except for Authentication Manager and self-service.
Using the Citrix CloudGateway

CitrixReceiver.exe enables access to StoreFront published resources and virtual desktops from anywhere. Configure a provisioning file to provide native self-service access or configure a Receiver for Web site to provide web browser access to StoreFront-published resources and virtual desktops.
Using with XenApp

Both Receiver packages support the XenApp feature set. Centrally administer and configure the Receiver in the Receiver Storefront management console (or, if using Web Interface, in the Web Interface Management Console using a Receiver site created in association with a site for the server running the Web Interface). You can use both Receiver packages with the Citrix offline plug-in to provide application streaming to the user desktop. For more information about the streamed application feature, see the Application Streaming documentation in eDocs. The Desktop Viewer is not supported with XenApp connections.
Using with XenDesktop

Receiver includes the Desktop Viewer, the client-side software that supports XenDesktop. Users running the Desktop Viewer on their devices access virtual desktops created with XenDesktop in addition to their local desktop. Users running the Citrix Desktop Lock (which you install in addition to the Desktop Viewer) interact only with the virtual desktop not the local desktop.
174

q
q
q
175

Desktop Viewer
Citrix Desktop Lock

176

q
CitrixReceiver.exe - This Receiver (standard) does not require administrator rights to install unless it will use pass-through authentication. It can be installed:
q
Automatically from Receiver for Web or from Web Interface By the user
Using an Electronic Software Distribution (ESD) tool CitrixReceiverEnterprise.exe - This Receiver (Enterprise) requires administrator rights to install. Although the user can install Receiver (Enterprise), it is usually installed with an ESD tool. Uninstall other Receiver versions before installing Receiver (Enterprise).
q
Important: Upgrades are supported only from Citrix online plug-in 11.2 and 12.x. Remove any earlier versions before installing this version.

Because there are two Citrix Receiver installation packages and there were two online plug-in packages (web and full) in previous releases, each having different options, you have to consider the previously installed package when planning your upgrade. Use this table to determine how to proceed with your upgrade.
Currently installed No Online plug-in installed
Upgrade Package CitrixReceiverEnterprise.exe
Result Citrix Receiver (Enterprise) - web access - but manually configurable for PNA Citrix Receiver (standard) - web access Citrix Receiver (Enterprise) configured for PNA or SSO Citrix Receiver (standard) - web access
CitrixReceiver.exe
177
The CitrixReceiver.exe upgrade package cannot be used to upgrade the online plug-in full configured for PNA or Citrix Receiver (Enterprise). In both cases, the installer displays an error message and does not alter the previously installed client.
Not supported
Not supported
178

Users can install the Receiver from Receiver for Web, the Web Interface, the installation media, a network share, Windows Explorer, or a command line by running the CitrixReceiverEnterprise.exe or CitrixReceiver.exe installer package. Because the installer packages are self-extracting installations that extract to the user's temp directory before launching the setup program, ensure that there is enough free space available in the %temp% directory. When the user runs one of the Receiver installation .exe files, a message box immediately appears displaying the progress of the installation. When you cancel the installation before completion, some components might be installed. In that case, remove the Receiver with the Add/Remove Programs utility from the Control Panel on Windows XP or Windows Server 2003 (Programs and Features utility from the Control Panel on Windows Vista, Windows 7, and Windows Server 2008). Upgrades are supported only from the Citrix XenApp Plugin for Hosted Apps 11.0, Desktop Receiver 11.1, and Citrix online plug-in 11.1, 11.2, and 12.x. Remove any earlier versions before installing this current version. For command line installation parameters, see To configure and install the Citrix Receiver for Windows using command-line parameters. If company policies prohibit you from using an .exe file, refer to How to Manually Extract, Install, and Remove Individual .msi Files from ReceiverEnterprise.exe.

179
180

181

Important: Log on using a local administrator account to carry out this installation procedure. In addition, consult About Citrix Receiver for Windows 3.1 for workarounds to any known issues with the Desktop Lock. This procedure installs the plug-in so that virtual desktops are displayed using the Citrix Desktop Lock. Do not use this procedure if you want the Desktop Viewer to be available to users. 1. On the installation media, navigate to the folder called Citrix Receiver and Plug-ins\Windows\Receiver, and run CitrixReceiverEnterprise.exe from the command line using the following syntax: CitrixReceiverEnterprise.exe ADDLOCAL="ICA_Client,SSON,USB,DesktopViewer, Flash,PN_Agent,Vd3d" SERVER_LOCATION="my.server" ENABLE_SSON="Yes" For information about the properties used in this command, see To configure and install the Citrix Receiver for Windows using command-line parameters 2. Enter the URL of the XenDesktop Services site where your virtual desktops are located. The URL must be in the format http://servername or https://servername. If you are using hardware or software for load balancing or failover, you can enter a load-balanced address. Important: Check that the URL you enter is correct. If the URL is incorrectly typed, or you leave the field empty and the user does not enter a valid URL when prompted after installation, no virtual desktop or local desktop will be available. 3. On the XenDesktop installation media, navigate to the Citrix Receiver and Plug-ins\Windows\Receiver folder and double-click CitrixDesktopLock.msi. The Citrix Desktop Lock wizard appears. 4. On the License Agreement page, read and accept the Citrix license agreement and click Install. The Installation Progress page appears. 5. In the Installation Completed dialog box, click Close. 6. When prompted, restart the user device. If you have been granted access to a desktop and you log on as a domain user, the restarted device is displayed using the Desktop Lock.
182

183

184
You or your users can customize the Receiver installer by specifying command line options. Because the installer packages are self-extracting installations that extract to the user's temp directory before launching the setup program, ensure that there is enough free space available in the %temp% directory. Space Requirements Receiver (standard) - 78.8 Mbytes Receiver (Enterprise) - 93.6 Mbytes This includes program files, user data, and temp directories after launching several applications. 1. On the computer where you want to install the Receiver for Windows package, type the following at a command prompt: CitrixReceiver.exe [Options] or CitrixReceiverEnterprise.exe [Options] 2. Set your options as needed.
q
/? or /help displays usage information. /noreboot suppresses reboot during UI installations. This option is not necessary during silent installs. /silent disables the error and progress dialogs to execute a completely silent installation. /includeSSON enables single sign on for Receiver (standard, CitrixReceiver.exe). This option is not supported for Receiver (enterprise, CitrixReceiverEnterprise.exe), which installs single sign on by default. If you are using ADDLOCAL= to specify features and you want to install single sign on, you must also specify the SSON value. Requires administrator rights. PROPERTY=Value Where PROPERTY is one of the following all-uppercase variables (keys) and Value is the value the user should specify.
185
INSTALLDIR=Installation directory, where Installation directory is the location where the Receiver software is installed. The default value is C:\Program Files\Citrix\ICA Client. If you use this option and specify an Installation directory, you must install the RIInstaller.msi in the Installation directory\Receiver directory and the other .msi files in the Installation directory. CLIENT_NAME=ClientName, where ClientName is the name used to identify the user device to the server farm. The default value is %COMPUTERNAME%. ENABLE_DYNAMIC_CLIENT_NAME={Yes | No} The dynamic client name feature allows the client name to be the same as the computer name. When users change their computer name, the client name changes to match. To enable dynamic client name support during silent installation, the value of the property ENABLE_DYNAMIC_CLIENT_NAME in your installation file must be Yes. To disable dynamic client name support, set this property to No. ADDLOCAL=feature[,...] Install one or more of the specified components. When specifying multiple parameters, separate each parameter with a comma and without spaces. The names are case sensitive. If you do not specify this parameter, all components included in the CitrixReceiverEnterprise.exe or CitrixReceiver.exe are installed by default. Note: ReceiverInside and ICA_Client are prerequisites for all other components and must be installed. ReceiverInside Installs the Receiver experience. (Required) ICA_Client Installs the standard Receiver. (Required) SSON Installs single sign on. Requires administrator rights. AM Installs the Authentication Manager. This value is supported only with CitrixReceiver.exe. SELFSERVICE Installs the Self-Service Plug-in. This value is supported only with CitrixReceiver.exe. The AM value must be specified on the command line and .NET 3.5 Service Pack 1 must be installed. USB Installs USB. DesktopViewer Installs the Desktop Viewer. Flash Installs HDX media stream for flash. PN_Agent Installs Receiver (Enterprise). This value is supported only with CitrixReceiverEnterprise.exe. Vd3d Enables the Windows Aero experience (for operating systems that support it)
ALLOWADDSTORE={N | S | A} The default depends on the following situations:
186
To configure and install the Citrix Receiver for Windows using command-line parameters N if Merchandising Server is used or stores are specified on the installation command line. S if Receiver is installed per machine. A if Receiver is installed per user. Specifies whether or not users can add and remove stores not configured through Merchandising Server deliveries. (Users can enable or disable stores configured through Merchandising Server deliveries, but they cannot remove these stores or change the names or the URLs.) This option is supported only with CitrixReceiver.exe.
q
ALLOWSAVEPWD={N | S | A} The default is the value specified from the PNAgent server at run time. Specifies whether or not users can save credentials for stores locally on their computers and applies only to stores using the PNAgent protocol. Setting this argument to N prevents users from saving their credentials. If the argument is set to S, users can only save credentials for stores accessed through HTTPS connections. Using the value A allows users to save credentials for all their stores. This option is supported only with CitrixReceiver.exe. ENABLE_SSON={Yes | No} The default value is Yes. Note that users must log off and log back onto their devices after an installation with pass-through authentication enabled. Requires administrator rights. Important: If you disable single sign on pass-through authentication, users must reinstall Receiver if you decide to use pass-through authentication at a later time.
ENABLE_KERBEROS={Yes | No} The default value is No. Specifies that Kerberos should be used; applies only when pass-through authentication (SSON) is enabled. DEFAULT_NDSCONTEXT=Context1 [,] Include this parameter to set a default context for Novell Directory Services (NDS). To include more than one context, place the entire value in quotation marks and separate the contexts by a comma. This option is supported only with CitrixReceiverEnterprise.exe. Examples of correct parameters: DEFAULT_NDSCONTEXT="Context1" DEFAULT_NDSCONTEXT=Context1,Context2
LEGACYFTAICONS={False | True} The default value is False. Specifies whether or not application icons are displayed for documents that have file type associations with subscribed applications. When the argument is set to false, Windows generates icons for documents that do not have a specific icon assigned to them. The icons generated by Windows consist of a generic document icon overlaid with a smaller version of the application icon. Citrix recommends enabling this option if you plan on delivering Microsoft Office applications to users running Windows 7. This option is supported only with CitrixReceiver.exe. SERVER_LOCATION=Server_URL The default value is blank. Provide the URL of the server running the Web Interface. The URL must be in the format
187
To configure and install the Citrix Receiver for Windows using command-line parameters http://servername or https://servername. The Receiver appends the default path and file name of the configuration file to the server URL. If you change the default location of the configuration file, enter the entire new path in the SERVER_LOCATION key. This option is supported only with CitrixReceiverEnterprise.exe.
q
STARTMENUDIR=Text string The default is to put applications under Start > All Programs. Specifies the name of the default folder added to users' Start menus to hold the shortcuts to their subscribed applications. Users can change the folder name and/or move the folder at any time. This option is supported only with CitrixReceiver.exe. STOREx="storename;http[s]://servername.domain/IISLocation/resources/v1;[On | Off];[storedescription]"[ STOREy="..."] Specifies up to 10 stores to use with Receiver. Values:
q
x and y Integers 0 through 9. storename Defaults to store. This must match the name configured on the StoreFront server. servername.domain The fully qualified domain name of the server hosting the store. IISLocation the path to the store within IIS. The store URL must match the URL in StoreFront provisioning files. The store URLs are of the form /Citrix/MyStore/resources/v1 (for StoreFront 1.0). To obtain the URL, export a provisioning file from StoreFront, open it in notepad and copy the URL from the <Address> element. On | Off The optional Off configuration setting enables you to deliver disabled stores, giving users the choice of whether or not they access them. When the store status is not specified, the default setting is On.
storedescription An optional description of the store, such as Apps on XenApp. If there is a problem with the installation, search in the user's %TEMP% directory for the logs with the prefix CtxInstall- or TrollyExpress- . For example:
q
CtxInstall-ICAWebWrapper.log TrollyExpress-20090807-123456.log
Examples of a Command-Line Installation
CitrixReceiver.exe /includeSSON STORE0="AppStore;https://testserver.net/Citrix/MyStore/resources/v1;on;Apps on XenApp" STORE1="BackUpAppStore;https://testserver.net/Citrix/MyBackupStore/resources/v1;on Store Apps on XenApp" This example:
q
Installs Receiver (standard).
188
q
Installs single sign on. Specifies two application stores.
CitrixReceiverEnterprise.exe /silent ADDLOCAL="ReceiverInside,ICA_Client,PN_Agent" ENABLE_SSON=no INSTALLDIR="c:\test" ENABLE_DYNAMIC_CLIENT_NAME=Yes DEFAULT_NDSCONTEXT="Context1,Context2" SERVER_LOCATION="http://testserver.net" CLIENT_NAME="Modified" This example:
Installs Receiver (Enterprise) without visible progress dialog boxes. Installs only Receiver Inside, the standard Receiver (ICA_Client), and enterprise Receiver (PN_Agent). Disables pass-through authentication. Specifies the location where the software is installed. Enables dynamic client naming. Specifies the default context for NDS. Specifies the URL (http://testserver.net) of the server running the Web Interface, which Receiver will reference. Specifies the name used to identify the user device to the server farm.
189

q

q
190

q



191

q



192
Deploying CitrixReceiver.exe from Receiver for Web

You can deploy CitrixReceiver.exe from Receiver for Web to ensure that users have the Receiver installed before they try to connect to an application from a browser. For details, refer to the Receiver StoreFront documentation on Citrix eDocs.
193

194
Configuring Citrix Receiver for Windows

You can configure Citrix Receiver operations for deployments that use Receiver StoreFront or a legacy PNA Services site. From the Citrix management console for the XenApp server, configure the options and settings for Receiver using the associated Receiver site. Each time users log on to the Receiver, they see the most recent configuration. Changes made while users are connected take effect when the Receiver configuration is refreshed manually or automatically after a designated interval.
195
Using the Group Policy Object Template to Customize the Receiver

Citrix recommends using the Group Policy Object icaclient.adm template file to configure the Receiver options and settings. You can use the icaclient.adm template file with domain policies and local computer policies. For domain policies, import the template file using the Group Policy Management Console. This is especially useful for applying Receiver settings to a number of different user devices throughout the enterprise. To affect a single user device, import the template file using the local Group Policy Editor on the device. For details about Group Policy management, see the Microsoft Group Policy documentation.
To affect the policies on a local computer, import the icaclient.adm file with the local Group Policy Editor. 1. As an administrator, open the Group Policy Editor by running gpedit.msc from the Start menu. 2. In the left pane, select the Administrative Templates folder. 196
Using the Group Policy Object Template to Customize the Receiver 3. From the Action menu, choose Add/Remove Templates. 4. Choose Add and browse to the Configuration folder for Receiver (usually C:\Program Files\Citrix\ICA Client\Configuration) and select icaclient.adm. 5. Select Open to add the template and then Close to return to the Group Policy Editor.
197
Configuring Access to Accounts Manually

When users launch Receiver for the first time, they have the option to set up a new account. To do this, they must enter information about the XenApp farm or XenDesktop site hosting the resources they want to access. When a user enters the details for a new account, Receiver attempts to verify the connection. If successful, Receiver prompts the user to log on to the account.
To add a new account

1. Click the gear icon in the Receiver window and choose Edit Accounts. 2. Click Add. 3. Enter the information provided by your organization and click OK.
To remove an account
1. Click the gear icon in the Receiver window and choose Edit Accounts. 2. Select the account from the list and click Remove and Yes.
To edit the details of an account

1. Click the gear icon in the Receiver window and choose Edit Accounts. 2. Select the account that you want to edit from the list and double-click. 3. Edit the details in Name, the Description, and/or the URL fields, as required. 4. Click OK.
198


199

q
200

201

USB Rule No No
202

q
q
203

q
q
204

q
205

206

q
207

208

q
209

q


210

211

212
213

q
q

q

q
214

q
215

q
216

q
219

220

221


222

223

q
224

The workspace control feature provides users with the ability to disconnect quickly from all running applications, reconnect to applications, or log off from all running applications. You can move among user devices and gain access to all of your applications when you log on. For example, health care workers in a hospital can move quickly among workstations and access the same set of applications each time they log on to XenApp. These users can disconnect from multiple applications at one user device and open all the same applications when they reconnect at a different user device. Workspace control is available only to users connecting to published resources with Citrix XenApp or through StoreFront, Receiver for Web, or the Web Interface. Policies and client drive mappings change appropriately when you move to a new user device. Policies and mappings are applied according to the user device where you are currently logged on to the session. For example, if a health care worker logs off from a user device in the emergency room of a hospital and then logs on to a workstation in the hospitals X-ray laboratory, the policies, printer mappings, and client drive mappings appropriate for the session in the X-ray laboratory go into effect for the session as soon as the user logs on to the user device in the X-ray laboratory. Important: Workspace control can be used only with Version 11.x and later of the client/plug-in/Receiver, and works only with sessions connected to computers running Citrix Presentation Server Version 3.0, 4.0, or 4.5 or Citrix XenApp 5.0, 6.0, or 6.5. If workspace control configuration settings allow users to override the server settings, users can configure workspace control on the Receiver Reconnect Options page:
Enable automatic reconnection at logon allows users to reconnect to only disconnected applications or to both disconnected and active applications Enable reconnection from the menu allows users to reconnect to only disconnected applications or to both disconnected and active sessions
To configure workspace control settings through StoreFront or Receiver for Web For information about configuring Receiver StoreFront and Receiver for Web for workspace control and user roaming, refer to the "Manage" topics in the Receiver StoreFront documentation in Citrix eDocs. To configure workspace control settings through Web Interface For users launching applications through the Web Interface, these options are in Settings:
q
225

q
226

q
227

q

228

229
230


231


232

q
233

q

For example, printer01 (from computer01) in session 7 When connecting to servers running Presentation Server 3.0 or earlier, or when the Legacy printer name option from the Citrix policy Client printer names setting is enabled on the
234
Mapping Client Printers for More Efficiency server, a different naming convention is used. The name of the printer takes the form: Client/clientname#/printername where:
235

236

237

238


239



240
q
ctxgrab ctxcapture
241


q

242


243




244

245
DNS Name Resolution


246

247

q
248

This topic does not apply to XenDesktop connections. XenApp server supports ClearType font smoothing with Receiver for users on computers running Windows XP, Windows 7, and Windows Vista. ClearType font smoothing is set by default in Windows 7 and Windows Vista, but Standard font smoothing is set by default in Windows XP. If you enable ClearType font smoothing on Receiver, you are not forcing the user devices to use ClearType font smoothing. You are enabling the server to support ClearType font smoothing on user devices that have it set and are using Receiver. By disabling it for sessions, you are specifying that sessions launched from that Receiver do not remote the font smoothing setting. Receiver automatically detects the user devices font smoothing setting and sends it to the server. The session connects using this setting. When the session is disconnected or terminated, the user's profile setting on the server is set to original setting unless the user specifically changed it in the control panel in the session; then the server uses the new setting. Older Receivers (plug-ins) connect using the font smoothing setting configured in that users profile on the server. When ClearType font smoothing is enabled, three times more data is sent across the virtual channel, which might cause a decrease in performance. Font smoothing must be enabled on users operating systems, the Receiver, the Web Interface site, and the server farm.

In Web Interface environments, use the Session Preferences task in the Citrix Web Interface Management console to enable or disable font smoothing for XenApp Web sites and the Session Options task for XenApp Services sites.
249

q
250

q
q
q
q
251

q
252
q

q
q
253
Logon Times

254

q
255

256

q
257
Local desktop
258

259

q
260


261
q
262
q
263

You must use Receiver (Enterprise) for Smart Card support. Receiver smart card support is based on Microsoft Personal Computer/Smart Card (PC/SC) standard specifications. Receiver supports only smart cards and smart card devices that are, themselves, supported by the underlying Windows operating system. A discussion of security issues related to PC/SC standards compliance is beyond the scope of this document. Enabling smart card support for Receiver is done through the Web Interface. For more information, see the Web Interface documentation. Note: Microsoft strongly recommends that only smart card readers tested and approved by the Microsoft Windows Hardware Quality Lab (WHQL) be used on computers running qualifying Windows operating systems. See http://www.microsoft.com for additional information about hardware PC/SC compliance. Receiver does not control smart card PIN management. PIN management is controlled by the cryptographic service provider for your cards.
264
265
This topic does not apply to XenDesktop connections. Rather than sending user passwords over the network, Kerberos pass-through authentication leverages Kerberos authentication in combination with Security Support Provider Interface (SSPI) security exchange mechanisms. Kerberos is an industry-standard network authentication protocol built into Microsoft Windows operating systems. Kerberos logon offers security-minded users or administrators the convenience of pass-through authentication combined with secret-key cryptography and data integrity provided by industry-standard network security solutions. With Kerberos logon, the Receiver does not need to handle the password and thus prevents Trojan horse-style attacks on the user device to gain access to users passwords. Users can log on to the user device with any authentication method; for example, a biometric authenticator such as a fingerprint reader, and still access published resources without further authentication. System requirements. Kerberos logon requires Citrix Presentation Server 3.0, 4.0, or 4.5, Citrix XenApp 5.0, 6.x and Citrix Presentation Server Clients for Windows 8.x, 9.x, 10.x, XenApp Hosted Plug-in 11.x, online plug-in 12.0, 12.1, or Receiver 3.x. Kerberos works only between Client/plug-ins/Receiver and servers that belong to the same or to trusted Windows 2000, Windows Server 2003, or Windows Server 2008 domains. Servers must also be trusted for delegation, an option you configure through the Active Directory Users and Computers management tool. Kerberos logon is not available in the following circumstances:
q
q
q
266

267

268

q
Citrix Access Gateway. For information about configuring Access Gateway with Receiver StoreFront, refer to the "Manage" topics in the Receiver StoreFront documentation in eDocs. For information about configuring Access Gateway or Secure Gateway with Web Interface, refer to topics in this section. A SOCKS proxy server or secure proxy server (also known as security proxy server, HTTPS proxy server, or SSL tunneling proxy server). You can use proxy servers to limit access to and from your network and to handle connections between Receiver and servers. Receiver supports SOCKS and secure proxy protocols. SSL Relay solutions with Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols. A firewall. Network firewalls can allow or block packets based on the destination address and port. If you are using Receiver through a network firewall that maps the server's internal network IP address to an external Internet address (that is, network address translation, or NAT), configure the external address. Trusted server configuration.
269

270

This topic applies only to deployments using the Web Interface. Configure the XenApp Services site for the Receiver to support connections from an Access Gateway connection. 1. In the XenApp Services site, select Manage secure client access > Edit secure client access settings. 2. Change the Access Method to Gateway Direct. 3. Enter the FQDN of the Access Gateway appliance. 4. Enter the Secure Ticket Authority (STA) information.
271
To configure the Access Gateway appliance

1. Configure authentication policies to authenticate users connecting to the Access Gateway by using the Access Gateway Plug-in. Bind each authentication policy to a virtual server.
q
If double-source authentication is required (such as RSA SecurID and Active Directory), RSA SecurID authentication must be the primary authentication type. Active Directory authentication must be the secondary authentication type. RSA SecurID uses a RADIUS server to enable token authentication.
q Active Directory authentication can use either LDAP or RADIUS. Test a connection from a user device to verify that the Access Gateway is configured correctly in terms of networking and certificate allocation.
2. Create a session policy on the Access Gateway to allow incoming XenApp connections from the Receiver, and specify the location of your newly created XenApp Services site.
q
Create a new session policy to identify that the connection is from the Receiver. As you create the session policy, configure the following expression and select Match All Expressions as the operator for the expression: REQ.HTTP.HEADER User-Agent CONTAINS CitrixReceiver
272

q
In the associated profile configuration for the session policy, on the Security tab, set Default Authorization to Allow. On the Published Applications tab, if this is not a global setting (you selected the Override Global check box), ensure the ICA Proxy field is set to ON. In the Web Interface Address field, enter the URL including the config.xml for the XenApp Services site that the device users use, such as http://XenAppServerName/Citrix/PNAgent/config.xml or http://XenAppServerName/CustomPath/config.xml.
Bind the session policy to a virtual server. Create authentication policies for RADIUS and Active Directory. Bind the authentication policies to the virtual server.
Important: If the server certificate used on the Access Gateway is part of a certificate chain (with an intermediate certificate), make sure that the intermediate certificates are also installed correctly on the Access Gateway. For information about installing certificates, see the Access Gateway documentation.
273

This topic applies only to deployments using the Web Interface. Access Gateway setup requires that you configure a basic or a SmartAccess logon point on Access Gateway and use the Web address for the XenApp Services site. Before you configure a logon point, install the Web Interface and verify that it is communicating with the network. When you configure a logon point, you must also configure at least one Secure Ticket Authority (STA) server and ICA Access Control in Access Gateway. For more information, expand Access Gateway 5.0 in eDocs, and locate the topic To configure Access Gateway to use the Secure Ticket Authority.
274
To configure the Access Gateway 5.0 appliance

q
q
2. To establish communication with XenApp servers and the Web Interface, configure the Access Gateway with STA servers and the ICA Access Control list on Access Gateway. For more information, see the Access Gateway section of eDocs. 3. Configure logon points on the Access Gateway. Configure the Access Gateway to allow incoming XenApp connections from the Receiver, and specify the location of your Web Interface site. a. In the Access Gateway Management Console, click Management. b. Under Access Control, click Logon Points > New. c. In the Logon Points Properties dialog box, in Name, type a unique name for the logon point. d. Select the Type:
q
For a Basic logon point, in the Web Interface field, type the fully qualified domain name (FQDN) of the Web Interface, such as http://xenapp.domain.com/citrix/apps. You cannot configure a SmartGroup with a basic logon point. Select the authentication type, or click Authenticate with the Web Interface. If you select Authenticate with the Web Interface, when users type the URL to Access Gateway and enter credentials, the credentials are passed to the Web Interface for authentication.
For a SmartGroup to use the settings in a SmartAccess logon point, you must select the logon point within the SmartGroup. Select the authentication profiles. If you configure a SmartAccess logon point, Access Gateway authenticates users. You cannot configure authentication by using the Web Interface. If you select Single Sign-on to Web Interface, users do not have to log on to the Web Interface after logging on to the Access Gateway. If not selected, users must log on to both the Access Gateway and Web Interface.
275
Connecting with Access Gateway 5.0 e. Under Applications and Desktops, click Secure Ticket Authority and add the STA details. Make sure the STA information is the same as the Web Interface site. f. Finally, under Applications and Desktops, click XenApp or XenDesktop to add the ICA control list (required for Access Gateway 5.0). For more information, expand Access Gateway 5.0 in eDocs, and locate To configure ICA Access Control. Important: If the server certificate used on the Access Gateway is part of a certificate chain (with an intermediate certificate), make sure that the intermediate certificates are also installed correctly on the Access Gateway. For information about installing certificates, see the Access Gateway section on Configuring Intermediate Certificates.
276
To configure Access Controller

q
q
2. To establish communication with XenApp servers and the Web Interface, configure Access Controller to recognize the servers. Configure Access Controller to allow incoming XenApp connections from the Receiver and specify the location of your Web Interface site. a. In the Deliver Services Console, expand Citrix Resources > Access Gateway, and then click the Access Controller on which you want to create the Web resource. b. Expand Resources, click Web Resources, and then under Common tasks, click Create Web resource. In the wizard, enter a unique name. On the New Web Address page, enter the Web address URL of the XenApp Web site. c. In Application type, select Citrix Web Interface and click the Enable Single Sign-on check box. d. After you click OK, click Publish for users in their list of resources , and then in Home page, enter the URL of the XenApp Web Site, such as http://xenapp.domain.com/citrix/apps, and finish the wizard. e. In the navigation pane, click Logon Points, click Create logon point, and in the wizard, enter a unique name, and select the type:
q
For a Basic logon point, in the Web Interface field, type the fully qualified domain name (FQDN) of the Web Interface, such as http://xenapp.domain.com/citrix/apps. Select the Home page, and then select the authentication profile. Leave the remaining options as default values, and click Enable this logon point check box at the end of the wizard. For a SmartAccess logon point, on Select Home Page, select the Display the Web resource with the highest priority. Click Set Display Order, and move the Web Interface Web resource to the top.
Select the Authentication Profiles for both authentication and group extraction. Leave the remaining options as default values, and click Enable this logon point check box at the end of the wizard. f. In the navigation pane, under Policies > Access Policies, select Create access policy and on the Select Resources page, expand Web Resources to select the 277
Connecting with Access Gateway 5.0 Web Interface web resource. g. In Configure Policy Settings, select the settings, click Enable this policy to control this setting, and select Extended access, unless denied by another policy. Add the users allowed to access this resource and finish the wizard. h. In the navigation pane, under Access Gateway appliances, select Edit Access Gateway appliance properties, click Secure Ticket Authority and add the STA details. Make sure the STA information is the same as the Web Interface site. i. Finally, click ICA Access Control to add the ICA control list (required for Access Gateway 5.0). For more information, expand Access Gateway 5.0 in eDocs, and locate To configure ICA Access Control in the Access Controller documentation. Important: If the server certificate used on the Access Gateway is part of a certificate chain (with an intermediate certificate), make sure that the intermediate certificates are also installed correctly on the Access Gateway. For information about installing certificates, see the Access Gateway section on Configuring Intermediate Certificates.
278
Connecting with Secure Gateway

This topic applies only to deployments using the Web Interface. You can use the Secure Gateway in either Normal mode or Relay mode to provide a secure channel for communication between Receiver and the server. No Receiver configuration is required if you are using the Secure Gateway in Normal mode and users are connecting through the Web Interface. Receiver uses settings that are configured remotely on the server running the Web Interface to connect to servers running the Secure Gateway. See the topics for the Web Interface for information about configuring proxy server settings for Receiver. If the Secure Gateway Proxy is installed on a server in the secure network, you can use the Secure Gateway Proxy in Relay mode. See the topics for the Secure Gateway for more information about Relay mode. If you are using Relay mode, the Secure Gateway server functions as a proxy and you must configure Receiver to use:
q

q
279

Proxy servers are used to limit access to and from your network, and to handle connections between Receivers and servers. Receiver supports SOCKS and secure proxy protocols. When communicating with the server farm, Receiver uses proxy server settings that are configured remotely on the server running Receiver for Web or the Web Interface. For information about proxy server configuration, refer to Receiver StoreFront or Web Interface documentation. In communicating with the Web server, Receiver uses the proxy server settings that are configured through the Internet settings of the default Web browser on the user device. You must configure the Internet settings of the default Web browser on the user device accordingly.
280
Connecting with Secure Sockets Layer Relay

You can integrate Receiver with the Secure Sockets Layer (SSL) Relay service. Receiver supports both SSL and TLS protocols.
q
281

q
282

In addition to the System Requirements, you also must ensure that:
q
283

284

285

SSL and TLS are configured in the same way, use the same certificates, and are enabled simultaneously. When SSL and TLS are enabled, each time you initiate a connection, Receiver tries to use TLS first and then tries SSL. If it cannot connect with SSL, the connection fails and an error message appears. To force Receiver to connect with TLS, you must specify TLS on the Secure Gateway server or SSL Relay service. See the topics for the Secure Gateway or your SSL Relay service documentation for more information. In addition, make sure the user device meets all system requirements. To use SSL/TLS encryption for all Receiver communications, configure the user device, Receiver, and, if using Web Interface, the server running the Web Interface. For information about securing Receiver Storefront communications, refer to topics under "Secure" in the Receiver StoreFront documentation in eDocs.
286

q
287
To configure Web Interface to use SSL/TLS for Receiver

288

q
289
To use the Group Policy template on Web Interface to meet FIPS 140 security requirements
q
q q
290
291
292
293
The ICA File Signing feature helps protect users from unauthorized application or desktop launches.Citrix Receiver verifies that a trusted source generated the application or desktop launch based on administrative policy and protects against launches from untrusted servers. You can configure this Receiver security policy for application or desktop launch signature verification using Group Policy Objects, Receiver StoreFront, or Citrix Merchandising Server. ICA file signing is not enabled by default. For information about enabling ICA file signing for Receiver StoreFront, refer to the Receiver StoreFront documentation. For Web Interface deployments, the Web Interface enables and configures application or desktop launches to include a signature during the launch process using the Citrix ICA File Signing Service. The service can sign ICA files using a certificate from the computer's personal certificate store. The Citrix Merchandising Server with Receiver enables and configures launch signature verification using the Citrix Merchandising Server Adminstrator Console > Deliveries wizard to add trusted certificate thumbprints. To use Group Policy Objects to enable and configure application or desktop launch signature verification, follow this procedure: 1. As an administrator, open the Group Policy Editor by either running gpedit.msc locally from the Start menu when applying policies to a single computer or by using the Group Policy Management Console when applying domain policies. Note: If you already imported the ica-file-signing.adm template into the Group Policy Editor, you can omit Steps 2 to 5. 2. In the left pane of the Group Policy Editor, select the Administrative Templates folder. 3. From the Action menu, choose Add/Remove Templates. 4. Choose Add and browse to the Receiver Configuration folder (usually C:\Program Files\Citrix\ICA Client\Configuration) and select ica-file-signing.adm. 5. Select Open to add the template and then Close to return to the Group Policy Editor. 6. From the Group Policy Editor, expand Administrative Templates and navigate through Citrix Components > Enable ICA File Signing. In Windows 7 and Windows Server 2008, expand Administrative Templates and navigate through Classic Administrative Templates (ADM) > Citrix Components to the desired configuration option. 7. If you choose Enabled, you can add signing certificate thumbprints to the white list of trusted certificate thumbprints or remove signing certificate thumbprints from the
294
ICA File Signing - Protection Against Application or Desktop Launches From Untrusted Servers white list by clicking Show and using the Show Contents screen. You can copy and paste the signing certificate thumbprints from the signing certificate properties. Use the Policy drop-down menu to select Only allow signed launches (more secure) or Prompt user on unsigned launches (less secure). Option Only allow signed launches (more secure) Description Allows only properly signed application or desktop launches from a trusted server. The user sees a Security Warning message in Receiver if an application or desktop launch has an invalid signature. The user cannot continue and the unauthorized launch is blocked. Prompts the user every time an unsigned or invalidly signed application or desktop attempts to launch. The user can either continue the application launch or abort the launch (default).
295

296

Launching SSO or Using Secure Connections with a web site

Add the exact address of the Receiver for Web or the Web Interface site in the sites zone. Example Web Site Addresses https://my.company.com 297


298

q
Adding the Receiver for Web or the Web Interface site to the Trusted Site list Making changes to new registry settings
To add the web site to the trusted site list

1. From the Internet Explorer Tools menu, choose Internet Options > Security. 2. Select the Trusted sites icon and click the Sites button. 3. In the Add this website to the zone text field, type the URL to your Receiver for Web or Web Interface site and click Add. 4. Download the registry settings from http://support.citrix.com/article/CTX124871.html and make any registry changes. Use SsonRegUpx86.reg for Win32 user devices and SsonRegUpx64.reg for Win64 user devices. 5. Log off and then log on to the user device.
299

300

You must use Receiver (Enterprise) for smart card support. Enabling smart card logon allows users to use smart cards instead of passwords to authenticate to XenApp servers. You can use smart card logon either with or without pass-through authentication. You must enable smart card support on the server and set up and configure the user device properly with third-party smart card hardware and software. Refer to the documentation that came with your smart card equipment for instructions about deploying smart cards within your network. The smart card removal policy set on XenApp determines what happens if you remove the smart card from the reader during an ICA session. The smart card removal policy is configured through and handled by the Windows operating system.
q
301

Trusted server configuration is designed to identify and enforce trust relations involved in Receiver connections. This trust relationship increases the confidence of Receiver administrators and users in the integrity of data on user devices and prevents the malicious use of Receiver connections. When this feature is enabled, Receivers can specify the requirements for trust and determine whether or not they trust a connection to the server. For example, a Receiver connecting to a certain address (such as https://*.citrix.com) with a specific connection type (such as SSL) is directed to a trusted zone on the server. When trusted server configuration is enabled, XenApp servers or the Access Gateway must reside in a Windows Trusted Sites zone. (For step-by-step instructions about adding servers to the Windows Trusted Sites zone, see the Internet Explorer online help.) If you connect using SSL, add the server name in the format https://CN, where CN is the Common Name shown on the SSL certificate. Otherwise, use the format that Receiver uses to connect; for example if Receiver connects using an IP address, add the servers IP address. To enable trusted server configuration If you are changing this on a local computer, close all Receiver components, including the Connection Center. 1. As an administrator, open the Group Policy Editor by either running gpedit.msc locally from the Start menu when applying policies to a single computer or by using the Group Policy Management Console when applying domain policies. Note: If you already imported the icaclient template into the Group Policy Editor, you can omit Steps 2 to 5. 2. In the left pane of the Group Policy Editor, select the Administrative Templates folder. 3. From the Action menu, choose Add/Remove Templates. 4. Choose Add and browse to the Receiver Configuration folder (usually C:\Program Files\Citrix\ICA Client\Configuration) and select icaclient.adm. 5. Select Open to add the template and then Close to return to the Group Policy Editor. 6. Expand the Administrative Templates folder under the User Configuration node. 7. From the Group Policy Editor, expand Administrative Templates and navigate through Citrix Components > Citrix Receiver > Network Routing > Configure trusted server configuration. In Windows 7 and Windows Server 2008, expand Administrative Templates and navigate through Classic Administrative Templates (ADM) > Citrix Components to the desired configuration option. 8. From the Action menu, choose Properties and select Enabled. 302
303

When User Access Control (UAC) is enabled on devices running Windows Vista or later, only processes at the same elevation/integrity level as wfcrun32.exe can launch published applications. Example 1: When wfcrun32.exe is running as a normal user (un-elevated), other processes such as Receiver must be running as a normal user to launch applications through wfcrun32. Example 2: When wfcrun32.exe is running in elevated mode, other processes such as Connection Center, Receiver, and third party applications using the ICA Client Object that are running in non-elevated mode cannot communicate with wfcrun32.exe.
304
Citrix Receiver for Windows 3.0

About this Release Issues fixed in Receiver for Windows 3.0 System Requirements and Compatibility for Receiver for Windows 3.0 Licensing Your Product Deciding Which Receiver to Use Overview of Receiver Installation Packages To configure and install Receiver using command-line parameters Using the Receiver with XenDesktop Connections Optimizing the Receiver Environment Improving the Receiver User Experience Securing Your Connections Securing Receiver Communication
305
Citrix Receiver for Windows 3.0

About this Release Issues fixed in Receiver for Windows 3.0 System Requirements and Compatibility for Receiver for Windows 3.0 Licensing Your Product Deciding Which Receiver to Use Overview of Receiver Installation Packages To configure and install Receiver using command-line parameters Using the Receiver with XenDesktop Connections Optimizing the Receiver Environment Improving the Receiver User Experience Securing Your Connections Securing Receiver Communication
306
About the Citrix Receiver for Windows 3.0

Version 1.0 Notes: For Issues Fixed in Citrix Receiver for Windows 3.0, go to: http://support.citrix.com/article/CTX124164
307
What's New
q
Citrix Receiver for Windows.The Citrix Receiver replaces the Citrix Online Plug-in for Windows. The Online Plug-in 13.0 is embedded in Receiver. Unified user experience. Gives end users a common user interface whether using only Citrix Receiver or with any other Citrix Plug-ins. Improved user experience. Improved application launching and reconnection. Internet Explorer 9 support. Simplified listing of devices in the Desktop Viewer. To simplify the display of USB devices, by default any that use the Generic USB virtual channel (for example, webcams and memory sticks) are not displayed on the Devices tab of the Desktop Viewer Preferences dialog box. Users can view the complete list of devices using a checkbox on the tab. Enhanced Desktop Viewer user interface. The Preferences dialog box in the Desktop Viewer has been redesigned, and the USB button on the toolbar is now called Devices. Windows 7 support. The Citrix Desktop Lock (formerly called the Desktop Appliance Lock) now supports Windows 7. RemoteFX support. As an alternative to the Desktop Viewer UI, you can form connections to XenDesktop VDAs using Microsoft RemoteFX. For instructions on this, see CTX129509. Session pre-launch. Reduced application launch time at high-traffic periods. Configure this feature on the server and client sides. Multi-stream ICA. Improved QoS support by allowing Branch Repeater and third party routers to apply QoS policies across multiple ICA connections. Multiple audio device redirection. Enables remoting of multiple audio devices present on the user device. New Single Sign-On Plug-in. Simplified password management. Seamless Taskbar Grouping. Taskbar icons associated with applications published with XenApp 6 or later are grouped by application similar to how local application icons are grouped. Aero support. Receiver now supports the display of Windows Aero theme on virtual desktops. A new .msi file is included that works with the Virtual Desktop Agent (part of XenDesktop) to provide the support. User documentation. Topics that describe how users interact with their virtual desktops and control the Desktop Viewer have been moved from eDocs to the Receiver for Windows online help, which also includes the Connection Center help. This is available at http://support.citrix.com/help/receiver/en/receiverHelpWin.htm.
308
Known Issues
q
General Issues
q
If you use the Receiver with XenApp 5.0 Feature Pack 2 for Windows Server 2003 (32- or 64-bit editions), the Receiver plays audio even when you configure the Turn off speakers policy setting to disable the audio. [#242703] You might receive an error message when trying to launch an application with Web Interface after installing a previous version of the Receiver (Online plug-in) while logged in as one user, upgrading with CitrixReceiver.exe as another user, logging off the Receiver, and logging back on with the previous user name. The error message is: Citrix online plug-in Configuration Manager: No value could be found for (ClientHostedApps) that satisfies all lock down requirements. The lockdown requirements in force may be conflicting. [#261877] As a workaround, set the following registry key: HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Control Name: ClientHostedApps Value: FALSE (or set to * / TRUE if you have overridden the defaults in HKEY_LOCAL_MACHINE)
If you use Web Interface with Internet Explorer 8 and Windows 7 to upgrade to this version of Citrix Receiver, the upgrade finishes, but the Upgrade in Progress message remains on the screen and the log on screen does not appear. Workaround: Restart the browser [#247858] When you launch applications using the Web Interface, Connection Center does not enumerate the sessions. [#261177] After you launch a published application that is filtered by XenApp for Access Gateway, other published applications do not launch. [#263003]
309
Desktop Connections
q
Loss of video is experienced if files are being played with a published version of Windows Media Player through a virtual desktop session, and the Desktop Viewer window is changed from full-screen to window mode. As a workaround, minimize and restore the Media Player window, and then pause and resume the application (or stop and restart it). [#246230] You cannot log off gracefully from Windows XP 32-bit virtual desktops if you start (but do not log on to) the Receiver in the desktop session. If the Receiver logon dialog box is not completed, you cannot log off from the desktop. To work around the issue, complete the logon dialog box or close it. This issue is not observed on other virtual desktop operating systems. [#246516] When using Receiver for Windows 3.0 with a Windows XP virtual desktop created with XenDesktop 5, an error occurs if the user starts a published application from the desktop. This issue does not occur on desktops created with XenDesktop 5.5 or on other desktop operating systems created with XenDesktop 5. The workaround is to use Receiver for Windows 3.0 with XenDesktop 5.5. [#263079] The Citrix Desktop Lock (formerly the Citrix Desktop Appliance Lock), which is installed using DesktopApplianceLock.msi, does not redirect Adobe Flash content to domain-joined user devices. The content can be viewed but is rendered on the server, not locally. As a workaround, Adobe Flash redirection can be configured for server-side content fetching to pass the content from the server to the user device. This issue does not occur on non-domain-joined devices or when the content is viewed with the Desktop Viewer. [#263092] The Desktop Viewer Devices menu may not close when the user clicks the Devices icon. It also may remain open after its corresponding dialog box closes. If this occurs, click the Devices icon again. [#262202] Windows Media Player, when displayed in the non-primary monitor of a two-monitor Windows user device, may not work as expected. Due to an issue with the DirectX video mixing renderer filter VMR-9, the screen is black and there is no sound, although the player's progress bar advances. To correct this issue, edit the registry on the user device from which the XenDesktop connection is launched. In the HKEY_CURRENT_USER\Software\Citrix subkey, create the HdxMediaStream key. Name the key DisableVMRSupport. Set the type as REG_DWORD. Give the key the value 3. [#262852]
Third-Party Issues
q
310
System Requirements and Compatibility for the Citrix Receiver for Windows
q

q
q
Web Interface 5.x for Windows with a XenApp Services or XenDesktop Web site XenApp (any of the following products):
q
q q
XenDesktop 4 Delivery Services 1.0

q
311
System Requirements
q
Dazzle and ICA File Signing Support. ICA File Signing is not supported with Dazzle 1.1. Upgrades. Upgrades are supported only for Citrix XenApp Plugin for Hosted Apps 11.0, Desktop Receiver 11.1, and Citrix online plug-in 11.1,11.2, 12.0, and 12.1 releases. Availability of the Receiver for Windows 3.0 features. Some of the features and functionality of Receiver are available only when connecting to newer XenApp and XenDesktop versions and might require the latest hotfixes for XenApp, XenDesktop, and Secure Gateway. Previous versions of the Presentation Server Client/Online Plug-in and the current icaclient.adm file. Previous versions of the Presentation Server Client and Online Plug-in are not compatible with the Receiver for Windows 3.0 icaclient.adm file. Supported Browsers:
q
Internet Explorer Version 6.0 through 9.0
Mozilla Firefox Version 1.x through 5.x .NET Framework Requirements (XenDesktop Connections Only)
q
To use the Desktop Viewer, .NET 2.0 Service Pack 1 or later is required. This version is required because, if Internet access is not available, certificate revocation checks slow down connection startup times. The checks can be turned off and startup times improved with this version of the Framework but not with .NET 2.0. Use of the Citrix Desktop Lock does not require the .NET Framework to be installed.
q
q
For network connections to the server farm, a network interface card (NIC) and the appropriate network transport software Supported Connection Methods and Network Transports:
q
Protocol TCP/IP+HTTP
q
Citrix Receiver X
SSL/TLS+HTTPS X HDX MediaStream Multimedia Acceleration Applications and media formats supported by HDX MediaStream Multimedia Acceleration are:
q
Applications based on Microsofts DirectShow, DirectX Media Objects (DMO), and Media Foundation filter technologies such as Windows Media Player and RealPlayer. Applications like Internet Explorer and Microsoft Encarta are also supported, as they leverage Windows Media Player.
312
System Requirements
q
Both file-based and streaming (URL-based) media formats: WAV, all variations of MPEG, unprotected Windows Media Video (WMV), and Windows Media Audio (WMA).
Note: HDX MediaStream Multimedia Acceleration does not support media files protected with Digital Rights Management (DRM).
q
Smart Cards and the Citrix Desktop Lock The Citrix Desktop Lock can be used with smart cards connected to domain-joined user devices running Windows XP or Windows XPe but not Windows 7 or Windows Embedded Standard 7. This limitation does not apply to non-domain-joined user devices.
313
Deciding Which Receiver to Use

Different enterprises have different corporate needs, and your expectations and requirements for the way users access your published resources and virtual desktops can shift as your corporate needs evolve and grow. The Receivers and their internal features are:
q
Citrix Receiver ( CitrixReceiver.exe) - Smaller package that you can deploy from a Web page.
q
Receiver Experience Web plug-in Generic USB (XenDesktop) Desktop Viewer (XenDesktop) HDX Media Stream for Flash Aero desktop experience (for operating systems that support it)
Important: To use single sign-on, you must install CitrixReceiverEnterprise.exe.

q
Citrix Receiver (Enterprise) (CitrixReceiverEnterprise.exe)

q
Receiver Experience Web plug-in PNA plug-in Single sign-on/pass-through authentication Generic USB (XenDesktop) Desktop Viewer (XenDesktop) HDX Media Stream for Flash
Aero desktop experience (for operating systems that support it) See the specific product documentation for information about Receivers for other user devices and operating systems.
q
The Receivers differ in terms of:

q
Access method by which published resources and virtual desktops are delivered to users. Resources and desktops can be delivered to users on the desktop or through a Web browser.
314
Get Started
q
Installation packages. For more information about the installation packages, see Overview of Receiver Installation Packages.
To decide which Receiver best fits your needs, consider the way you want users to access your published resources and virtual desktops, the way you want to manage this access, and the feature set that your users will need.
Receiver Citrix Receiver
Access method Web browser-based access to published resources and virtual desktops.
User involvement
q
Receiver features
q
Minimal user interaction during installation Central administration of user settings Does not require administrator privileges to install Minimal user interaction during installation Central administration of user settings Requires administrator privileges to install
Hosted applications and desktops Desktop Viewer USB HDX Media Stream for Flash Integration with other Plug-ins
q q
Citrix Receiver (Enterprise)
Transparent integration of published resources and virtual desktops into users desktop.
Hosted applications and desktops Desktop Viewer USB HDX Media Stream for Flash Applications in the Start menu PNAgent support Pass-through authentication integration with other Plug-ins
q q
315

Citrix Receiver supports XenApp and XenDesktop connections.
XenApp Connections
Citrix Receiver for Windows supports the XenApp feature set. Centrally administer and configure the Receiver in the Delivery Services Console or the Web Interface Management Console using a Receiver site created in association with a site for the server running the Web Interface. Citrix Receiver (standard) is a smaller package that is installed with the CitrixReceiver.exe installer file. Administrative rights are not required to install this package, enabling installation by standard users. Citrix Receiver (Enterprise) operates with the Citrix offline plug-in, to provide application streaming to the user desktop. Install the Receiver (Enterprise) on user devices running the offline plug-in to take advantage of the full set of application streaming features of the plug-in and Citrix XenApp. For more information about the streamed application feature, see the Application Streaming documentation. The Desktop Viewer is not supported with XenApp connections. Important: The Receiver requires the Citrix Web Interface.
XenDesktop Connections
Citrix Receiver includes the Desktop Viewer, the client-side software that supports XenDesktop. Users running the Desktop Viewer on their devices access virtual desktops created with XenDesktop in addition to their local desktop. Users running the Citrix Desktop Lock (which you install in addition to the Desktop Viewer) interact only with the virtual desktop not the local desktop.
How Published Resources are Accessed with Receiver (standard)

If you want users to access published resources and virtual desktops from within a familiar browser environment, use this Receiver. Users access published resources and desktops by clicking links on a Web page you publish on your corporate intranet or the Internet. The published resource or desktop launches either in the same window or in a new, separate browser window. This version of Receiver does not require user configuration and does not have a user interface.
316
How Published Resources are Accessed with Receiver (Enterprise)

The Receiver (Enterprise) allows your XenApp users to access all of their published resources from a familiar Windows desktop environment. Users work with published resources the same way they work with local applications and files. Published resources are represented throughout the user desktop, including the Start menu and by icons that behave just like local icons. Users can double-click, move, and copy icons, and create shortcuts in their locations of choice. The Receiver (Enterprise) works in the background. Except for a menu available from the notification area and the Start menu, Receiver (Enterprise) does not have a user interface.
Receiver (standard) Management and Administration

You can use this Receiver to access resources and desktops available from the Web Interface and for access to resources published with traditional Application Launching and Embedding (ALE). Publish links to your resources with the Web Interface or by using an HTML wizard. In the webinterface.conf file for your XenApp websites, edit the ClientIcaWin32= line to specify the CitrixReceiver.exe installation file and remove the comment character (#). This Receiver requires the presence on user devices of any of these browsers: Microsoft Internet Explorer 6.0 through 9.0; or Mozilla Firefox 1.0 through 3.x.
Receiver (Enterprise) Management and Administration

You configure the Receiver (Enterprise) at a site created in the consoles and associated with the site for the server running the Web Interface. By using the consoles in this way, you can manage and control your Receiver (Enterprise) population dynamically throughout your network from a single location and in real time.
317

q
q
q
318

Desktop Viewer
Citrix Desktop Lock

319

q
CitrixReceiver.exe - General purpose package that enables web access to hosted applications and desktops. This Receiver (standard) does not require administrator rights to install and can be installed:
q
Automatically from Web Interface By the user
Using an Electronic Software Distribution (ESD) tool CitrixReceiverEnterprise.exe - Specific purpose package that enables native Windows access to hosted applications and pass-through authentication. Requires administrator rights to install and though the user can install it, Receiver (Enterprise) is usually installed with an ESD tool.
q
Important: Upgrades are supported only from the Citrix XenApp Plugin for Hosted Apps 11.0, Desktop Receiver 11.1, and Citrix online plug-in 11.1, 11.2, and 12.x. Remove any earlier versions before installing this version.

Because there are two Citrix Receiver installation packages and there were two online plug-in packages (web and full) in previous releases, each having different options, you have to consider the previously installed package when planning your upgrade. Use this table to determine how to procede with your upgrade. Currently installed No Online plug-in installed Upgrade Package CitrixReceiverEnterprise.exe Result Citrix Receiver (Enterprise) - web access - but manually configurable for PNA Citrix Receiver (standard) - web access Citrix Receiver (Enterprise) configured for PNA or SSO Citrix Receiver (standard) - web access
CitrixReceiver.exe
320
The following upgrade scenarios are not supported: Currently installed Online plug-in full configured for PNA or SSO Upgrade Package CitrixReceiver.exe Result Installer displays an error message and does not alter the previously installed client. Installer displays an error message and does not alter the previously installed client.
Citrix Receiver (Enterprise)
CitrixReceiver.exe
Not supported
Not supported
321

Users can install the Receiver from the Web Interface, the installation media, a network share, Windows Explorer, or a command line by running the CitrixReceiverEnterprise.exe or CitrixReceiver.exe installer package. Because the installer packages are self-extracting installations that extract to the user's temp directory before launching the setup program, ensure that there is enough free space available in the %temp% directory. When the user runs one of the Receiver installation .exe files, a message box immediately appears displaying the progress of the installation. When you cancel the installation before completion, some components might be installed. In that case, remove the Receiver with the Add/Remove Programs utility from the Control Panel on Windows XP or Windows Server 2003 (Programs and Features utility from the Control Panel on Windows Vista, Windows 7, and Windows Server 2008). Upgrades are supported only from the Citrix XenApp Plugin for Hosted Apps 11.0, Desktop Receiver 11.1, and Citrix online plug-in 11.1, 11.2, and 12.x. Remove any earlier versions before installing this current version. For command line installation parameters, see To configure and install the Citrix Receiver for Windows using command-line parameters. Important: For Firefox to work correctly with Receiver for Windows, ensure that you or the user install Firefox before installing Receiver. If Receiver is already installed, uninstall it, install Firefox, and reinstall Receiver. Also ensure that the whitelists of trusted and untrusted servers contain the XenApp and Web Interface server names.

322
323

324

Important: Log on using a local administrator account to carry out this installation procedure. In addition, consult About the Citrix Receiver for Windows 3.0 for workarounds to any known issues with the Desktop Lock. This procedure installs the plug-in so that virtual desktops are displayed using the Citrix Desktop Lock. Do not use this procedure if you want the Desktop Viewer to be available to users. 1. On the installation media, navigate to the folder called Citrix Receiver and Plug-ins\Windows\Receiver, and run CitrixReceiverEnterprise.exe from the command line using the following syntax: CitrixReceiverEnterprise.exe ADDLOCAL="ICA_Client,SSON,USB,DesktopViewer, Flash,PN_Agent,Vd3d" SERVER_LOCATION="my.server" ENABLE_SSON="Yes" For information about the properties used in this command, see To configure and install the Citrix Receiver for Windows using command-line parameters 2. Enter the URL of the XenDesktop Services site where your virtual desktops are located. The URL must be in the format http://servername or https://servername. If you are using hardware or software for load balancing or failover, you can enter a load-balanced address. Important: Check that the URL you enter is correct. If the URL is incorrectly typed, or you leave the field empty and the user does not enter a valid URL when prompted after installation, no virtual desktop or local desktop will be available. 3. On the XenDesktop installation media, navigate to the Citrix Receiver and Plug-ins\Windows\Receiver folder and double-click CitrixDesktopLock.msi. The Citrix Desktop Lock wizard appears. 4. On the License Agreement page, read and accept the Citrix license agreement and click Install. The Installation Progress page appears. 5. In the Installation Completed dialog box, click Close. 6. When prompted, restart the user device. If you have been granted access to a desktop and you log on as a domain user, the restarted device is displayed using the Desktop Lock.
325

326

327
You or your users can customize the Receiver installer by specifying command line options. Because the installer packages are self-extracting installations that extract to the user's temp directory before launching the setup program, ensure that there is enough free space available in the %temp% directory. Important: For Firefox to work correctly with Receiver for Windows, ensure that you or the user install Firefox before installing Receiver. If Receiver is already installed, uninstall it, install Firefox, and reinstall Receiver. Also ensure that the whitelists of trusted and untrusted servers contain the XenApp and Web Interface server names. Space Requirements Receiver (standard) - 78.8 Mbytes Receiver (Enterprise) - 93.6 Mbytes This includes program files, user data, and temp directories after launching several applications. 1. On the computer where you want to install the Receiver for Windows package, type the following at a command prompt: CitrixReceiverEnterprise.exe [Options] or CitrixReceiver.exe [Options] 2. Set your options as needed.
q
/? or /help displays usage information. /noreboot suppresses reboot during UI installations. This option is not necessary during silent installs. /silent disables the error and progress dialogs to execute a completely silent installation. PROPERTY=Value Where PROPERTY is one of the following all-uppercase variables (keys) and Value is the value the user should specify.
328
q
INSTALLDIR=Installation directory, where Installation directory is the location where the Receiver software is installed. The default value is C:\Program Files\Citrix\ICA Client. If you use this option and specify an Installation directory, you must install the RIInstaller.msi in the Installation directory\Receiver directory and the other .msi files in the Installation directory. CLIENT_NAME=ClientName, where ClientName is the name used to identify the user device to the server farm. The default value is %COMPUTERNAME%. ENABLE_DYNAMIC_CLIENT_NAME={Yes | No} The dynamic client name feature allows the client name to be the same as the computer name. When users change their computer name, the client name changes to match. To enable dynamic client name support during silent installation, the value of the property ENABLE_DYNAMIC_CLIENT_NAME in your installation file must be Yes. To disable dynamic client name support, set this property to No. ADDLOCAL=feature[,...]. Install one or more of the specified components. When specifying multiple parameters, separate each parameter with a comma and without spaces. The names are case sensitive. If you do not specify this parameter, all components included in the CitrixReceiverEnterprise.exe or CitrixReceiver.exe are installed by default. Note: ReceiverInside and ICA_Client are prerequisites for all other components and must be installed. ReceiverInside. Installs the Receiver experience. (Required) ICA_Client. Installs the standard Receiver. (Required) SSON. Installs single sign on. This value is supported only with CitrixReceiverEnterprise.exe. For more information, see http://support.citrix.com/article/CTX122676. USB. Installs USB. DesktopViewer. Installs the Desktop Viewer. Flash. Installs HDX media stream for flash. PN_Agent. Installs Receiver (Enterprise). This value is supported only with CitrixReceiverEnterprise.exe. Vd3d. Enables the Windows Aero experience (for operating systems that support it)
ENABLE_SSON={Yes | No}. The default value is Yes. Note that users must log off and log back onto their devices after an installation with pass-through authentication enabled. Important: If you disable single sign on pass-through authentication, users must reinstall Receiver if you decide to use pass-through authentication at a later time.
ENABLE_KERBEROS={Yes | No}. The default value is No. Specifies that Kerberos should be used; applies only when pass-through authentication (SSON)
329
To configure and install the Citrix Receiver for Windows using command-line parameters is enabled.
q
DEFAULT_NDSCONTEXT=Context1 [,]. Include this parameter to set a default context for Novell Directory Services (NDS). To include more than one context, place the entire value in quotation marks and separate the contexts by a comma. Examples of correct parameters: DEFAULT_NDSCONTEXT="Context1" DEFAULT_NDSCONTEXT=Context1,Context2
SERVER_LOCATION=Server_URL. The default value is blank. Provide the URL of the server running the Web Interface. The URL must be in the format http://servername or https://servername. The Receiver appends the default path and file name of the configuration file to the server URL. If you change the default location of the configuration file, enter the entire new path in the SERVER_LOCATION key.
If there is a problem with the installation, search in the user's %TEMP% directory for the logs with the prefix CtxInstall- or TrollyExpress- . For example: CtxInstall-ICAWebWrapper.log TrollyExpress-20090807-123456.log
Example of a Command-Line Installation CitrixReceiverEnterprise.exe /silent ADDLOCAL="ReceiverInside,ICA_Client,PN_Agent" ENABLE_SSON=no INSTALLDIR="c:\test" ENABLE_DYNAMIC_CLIENT_NAME=Yes DEFAULT_NDSCONTEXT="Context1,Context2" SERVER_LOCATION="http://testserver.net" CLIENT_NAME="Modified" This example:
Installs Receiver (Enterprise) without visible progress dialog boxes Installs only Receiver Inside, the standard Receiver (ICA_Client), and enterprise Receiver (PN_Agent) Disables pass-through authentication Specifies the location where the software is installed Enables dynamic client naming Specifies the default context for NDS Specifies the URL (http://testserver.net) of the server running the Web Interface, which Receiver will reference Specifies the name used to identify the user device to the server farm
330
To extract, install, and remove the individual Receiver (Enterprise) .msi files
Citrix does not recommend extracting the .msi files in place of running the installer packages. However, there might be times when you have to extract the Receiver (Enterprise) .msi files from CitrixReceiverEnterprise.exe manually, rather than running the installer package (for example, company policy prohibits using the .exe file). If you use the extracted .msi files for your installation, using the .exe installer package to upgrade or uninstall and reinstall might not work properly. For Citrix-recommended Receiver (Enteprise) installation information, see To configure and install Receiver for Windows using the command-line parameters and Delivering Receiver Using Active Directory and Sample Startup Scripts. 1. To extract the .msi files, type the following at a command prompt: CitrixReceiverEnterprise.exe /extract [Destination_name] where Destination _name is a complete pathname to the directory into which the .msi files are extracted. The directory must exist already and /extract adds a subfolder called extract to that directory. For example, you create a C:\test directory and when you run /extract, the extracted .msi files are put in C:\test\extract. 2. To install the .msi files, double click each file. Note: If User Access Control (UAC) is enabled, Citrix advises that you install the .msi files in elevated mode. The .msi files are supported per-machine and require administrator privileges to deploy them. When installing the Receiver (Enterprise) components, run the .msi files in this order: a. RIInstaller.msi b. ICAWebWrapper.msi c. SSONWrapper.msi d. GenericUSB.msi e. DesktopViewer.msi f. CitrixHDXMediaStreamForFlash-ClientInstall.msi g. PNAWrapper.msi h. Vd3d.msi
331
To extract, install, and remove the individual Receiver (Enterprise) .msi files
To remove the components

When removing the components, remove them in this order: 1. Vd3d.msi 2. PNAWrapper.msi 3. CitrixHDXMediaStreamForFlash-ClientInstall.msi 4. DesktopViewer.msi 5. GenericUSB.msi 6. SSONWrapper.msi 7. ICAWebWrapper.msi 8. RIInstaller.msi Each .msi file has an Add/Remove (Control Panel on Windows XP or Windows Server 2003) or Programs and Features (Control Panel on Windows Vista, Windows 7, and Windows Server 2008) entry in the following format:
Name of package RIInstaller.msi ICAWebWrapper.msi PNAWrapper.msi SSONWrapper.msi CitrixHDXMediaStreamForFlash-ClientInstall.msi DesktopViewer.msi GenericUSB.msi Vd3d.msi
Name displayed in Add/Remove or Programs and Features Citrix Receiver Inside Online Plug-in Citrix Receiver (PNA) Citrix Receiver (SSON) Citrix Receiver (HDX Flash Redirection) Citrix Receiver (DV) Citrix Receiver (USB) Citrix Receiver (Aero)
332

q

q
333

q



334

q



335

336
Configuring the Citrix Receiver for Windows

After the Receiver software is deployed to your users and they install it, there are configuration steps that can be performed for the Receiver. The Receiver (standard, CitrixReceiver.exe) does not require configuration. From the Citrix management console for the XenApp server, configure the options and settings for Receiver using the associated Receiver site. Each time users log on to the Receiver, they see the most recent configuration. Changes made while users are connected take effect when the Receiver configuration is refreshed manually or automatically after a designated interval. Important: Receiver requires the Citrix Web Interface. Receiver handles the following functions:
q
User authentication. Receiver provides user credentials to the Web Interface when users try to connect and every time they launch published resources. Application and content enumeration. Receiver presents users with their individual set of published resources. Application launching. Receiver is the local engine used to launch published applications. Desktop integration. Receiver integrates a users set of published resources (including virtual desktops) with the users physical desktop. User preferences. Receiver validates and implements local user preferences.
337
Using the Group Policy Object Template to Customize the Receiver

Citrix recommends using the Group Policy Object icaclient.adm template file to configure the Receiver options and settings. You can use the icaclient.adm template file with domain policies and local computer policies. For domain policies, import the template file using the Group Policy Management Console. This is especially useful for applying Receiver settings to a number of different user devices throughout the enterprise. To affect a single user device, import the template file using the local Group Policy Editor on the device. For details about Group Policy management, see the Microsoft Group Policy documentation.
To affect the policies on a local computer, import the icaclient.adm file with the local Group Policy Editor. 1. As an administrator, open the Group Policy Editor by running gpedit.msc from the Start menu. 2. In the left pane, select the Administrative Templates folder. 338
Using the Group Policy Object Template to Customize the Receiver 3. From the Action menu, choose Add/Remove Templates. 4. Choose Add and browse to the Configuration folder for Receiver (usually C:\Program Files\Citrix\ICA Client\Configuration) and select icaclient.adm. 5. Select Open to add the template and then Close to return to the Group Policy Editor.
339


340

q
341

342

USB Rule No No
343

q
q
344

q
q
345

q
346

347

q
348

349

q
350

q


351

352

353
354

q
q

q

q
355

q
356

q
357

q
360

361

362


363

364

q
365
366

The workspace control feature provides users with the ability to disconnect quickly from all running applications, reconnect to applications, or log off from all running applications. You can move among user devices and gain access to all of your applications when you log on. For example, health care workers in a hospital can move quickly among workstations and access the same set of applications each time they log on to XenApp. These users can disconnect from multiple applications at one user device and open all the same applications when they reconnect at a different user device. Workspace control is available only to users connecting to published resources with Citrix XenApp or through the Web Interface. Policies and client drive mappings change appropriately when you move to a new user device. Policies and mappings are applied according to the user device where you are currently logged on to the session. For example, if a health care worker logs off from a user device in the emergency room of a hospital and then logs on to a workstation in the hospitals X-ray laboratory, the policies, printer mappings, and client drive mappings appropriate for the session in the X-ray laboratory go into effect for the session as soon as the user logs on to the user device in the X-ray laboratory. Important: Workspace control can be used only with Version 11.x and later of the client/plug-in/Receiver, and works only with sessions connected to computers running Citrix Presentation Server Version 3.0, 4.0, or 4.5 or Citrix XenApp 5.0, 6.0, or 6.5. If the workspace control configuration settings of the Web Interface are configured to allow users to override the server settings, users can configure workspace control in the Account Settings options of the Web Interface Preference menu or the Reconnect Options page of the Receiver Options. The following options are available in the Receiver Options on the Reconnect Options page:
Enable automatic reconnection at logon allows users to reconnect to only disconnected applications or both disconnected and active applications Enable reconnection from the menu allows users to reconnect to only disconnected applications or both disconnected and active sessions
To configure workspace control settings For users launching applications through the Web Interface, similar options are available from the Settings page:
367

q
368

q
369

q

370

371
372


373


374

q
375

q

q
For example, printer01 (from computer01) in session 7 When connecting to servers running Presentation Server 3.0 or earlier, or when the Legacy printer name option from the Citrix policy Client printer names setting is enabled on the server, a different naming convention is used. The name of the printer takes the form:
376
Mapping Client Printers for More Efficiency Client/clientname#/printername where:

q
377

378

379

380


381



382
q
ctxgrab ctxcapture
383


q

384


385




386

387
Providing Support for NDS Users

This topic does not apply to XenDesktop connections. When launching Receiver software, users can log on and be authenticated using their Novell Directory Services (NDS) credentials. Supported NDS credentials are user name (or distinguished name), password, directory tree, and context. NDS support is integrated into the following:
q
Citrix Receiver. If NDS is enabled in the server farm, NDS users enter their credentials on an NDS tab on the Receiver logon screen. If users have the Novell Client (Version 4.8) installed, they can browse the NDS tree to choose their context. Pass-Through Authentication. If users have the Novell Client (Version 4.8) installed, you can pass their credentials to the XenApp server, eliminating the need for multiple system and application authentications. To enable pass-through authentication, configure the following policy options in the User Package in ZENworks for Desktops:
q
Enable the Dynamic Local User policy option
Set the Use NetWare Credentials value to On The Citrix Web Interface. NDS users enter their credentials on an NDS logon screen provided by the Web Interface. See the Web Interface Administrators documentation for information about configuring your server for NDS.
q
Note: To use NDS logon information with earlier versions of the clients, enter the NDS tree name in the Domain field and a distinguished name in the User field on the client logon screen.
Setting a Default Context for NDS

You can set a default context for NDS for Receiver. To set a default context for NDS, you must configure the particular installer file you are using to deploy Receiver.
388
Specifying Windows Credentials with the Novell ClientandPass-ThroughAuthentication

This topic does not apply to XenDesktop connections. If the Novell client is installed and you want the Receiver to use the users Windows credentials with pass-through authentication rather than the Novell Directory Server (NDS) credentials, use the Group Policy Editor to enable pass-through authentication without NDS credentials. To configure Receiver after installation 1. As an administrator, open the Group Policy Editor by either running gpedit.msc locally from the Start menu when applying policies to a single computer or by using the Group Policy Management Console when applying domain policies. Note: If you already imported the icaclient template into the Group Policy Editor, you can omit Steps 2 to 5. 2. In the left pane of the Group Policy Editor, select the Administrative Templates folder. 3. From the Action menu, choose Add/Remove Templates. 4. Choose Add and browse to the Receiver Configuration folder (usually C:\Program Files\Citrix\ICA Client\Configuration) and select icaclient.adm. 5. Select Open to add the template and then Close to return to the Group Policy Editor. 6. From the Group Policy Editor, expand Administrative Templates, navigate through Citrix Components > Citrix Receiver > User authentication, double click Local user name and password and select Enabled > Enable pass-through authentication. In Windows 7 and Windows Server 2008, expand Administrative Templates and navigate through Classic Administrative Templates (ADM) > Citrix Components to the desired configuration option. Do not select Use Novell Directory Server credentials.
389
DNS Name Resolution


390

391

q
392

This topic does not apply to XenDesktop connections. XenApp server supports ClearType font smoothing with Receiver for users on computers running Windows XP, Windows 7, and Windows Vista. ClearType font smoothing is set by default in Windows 7 and Windows Vista, but Standard font smoothing is set by default in Windows XP. If you enable ClearType font smoothing on Receiver, you are not forcing the user devices to use ClearType font smoothing. You are enabling the server to support ClearType font smoothing on user devices that have it set and are using Receiver. By disabling it for sessions, you are specifying that sessions launched from that Receiver do not remote the font smoothing setting. Receiver automatically detects the user devices font smoothing setting and sends it to the server. The session connects using this setting. When the session is disconnected or terminated, the user's profile setting on the server is set to original setting unless the user specifically changed it in the control panel in the session; then the server uses the new setting. An older Receiver (plug-in) connects using the font smoothing setting configured in that users profile on the server. When ClearType font smoothing is enabled, three times more data is sent across the virtual channel, which might cause a decrease in performance. Font smoothing must be enabled on users operating systems, the Receiver, the Web Interface site, and the server farm.

Use the Session Preferences task in the Citrix Web Interface Management console to enable or disable font smoothing for XenApp Web sites and the Session Options task for XenApp Services sites.
393

q
394

q
q
q
q
395

q
396
q

q
q
397
Logon Times

398

q
399

400

q
401
Local desktop
402

403

q
404


405
q
406
q
407

Receiver smart card support is based on Microsoft Personal Computer/Smart Card (PC/SC) standard specifications. Receiver supports only smart cards and smart card devices that are, themselves, supported by the underlying Windows operating system. A discussion of security issues related to PC/SC standards compliance is beyond the scope of this document. Enabling smart card support for Receiver is done through the Web Interface. For more information, see the Web Interface Administrators documentation. Note: Microsoft strongly recommends that only smart card readers tested and approved by the Microsoft Windows Hardware Quality Lab (WHQL) be used on computers running qualifying Windows operating systems. See http://www.microsoft.com for additional information about hardware PC/SC compliance. Receiver does not control smart card PIN management. PIN management is controlled by the cryptographic service provider for your cards.
408
409
This topic does not apply to XenDesktop connections. Rather than sending user passwords over the network, Kerberos pass-through authentication leverages Kerberos authentication in combination with Security Support Provider Interface (SSPI) security exchange mechanisms. Kerberos is an industry-standard network authentication protocol built into Microsoft Windows operating systems. Kerberos logon offers security-minded users or administrators the convenience of pass-through authentication combined with secret-key cryptography and data integrity provided by industry-standard network security solutions. With Kerberos logon, the Receiver does not need to handle the password and thus prevents Trojan horse-style attacks on the user device to gain access to users passwords. Users can log on to the user device with any authentication method; for example, a biometric authenticator such as a fingerprint reader, and still access published resources without further authentication. System requirements. Kerberos logon requires Citrix Presentation Server 3.0, 4.0, or 4.5, Citrix XenApp 5.0, 6.x and Citrix Presentation Server Clients for Windows 8.x, 9.x, 10.x, XenApp Hosted Plug-in 11.x, online plug-in 12.0, 12.1, or Receiver 3.0. Kerberos works only between Client/plug-ins/Receiver and servers that belong to the same or to trusted Windows 2000, Windows Server 2003, or Windows Server 2008 domains. Servers must also be trusted for delegation, an option you configure through the Active Directory Users and Computers management tool. Kerberos logon is not available in the following circumstances:
q
q
q
410

411

412

q
A SOCKS proxy server or secure proxy server (also known as security proxy server, HTTPS proxy server, or SSL tunneling proxy server). You can use proxy servers to limit access to and from your network and to handle connections between Receiver and servers. Receiver supports SOCKS and secure proxy protocols. Secure Gateway for Citrix XenApp or SSL Relay solutions with Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols. A firewall. Network firewalls can allow or block packets based on the destination address and port. If you are using Receiver through a network firewall that maps the server's internal network IP address to an external Internet address (that is, network address translation, or NAT), configure the external address. Trusted server configuration.
413

414

Proxy servers are used to limit access to and from your network, and to handle connections between Receivers and servers. Receiver supports SOCKS and secure proxy protocols. When communicating with the server farm, Receiver uses proxy server settings that are configured remotely on the server running the Web Interface. See the topics for Web Interface for information about configuring proxy server settings. In communicating with the Web server, Receiver uses the proxy server settings that are configured through the Internet settings of the default Web browser on the user device. You must configure the Internet settings of the default Web browser on the user device accordingly.
415
Connecting with the Secure Gateway or Citrix Secure Sockets Layer Relay
You can integrate Receiver with the Secure Gateway or Secure Sockets Layer (SSL) Relay service. Receiver supports both SSL and TLS protocols.
q
416
Connecting with the Secure Gateway

You can use the Secure Gateway in either Normal mode or Relay mode to provide a secure channel for communication between Receiver and the server. No Receiver configuration is required if you are using the Secure Gateway in Normal mode and users are connecting through the Web Interface. Receiver uses settings that are configured remotely on the server running the Web Interface to connect to servers running the Secure Gateway. See the topics for the Web Interface for information about configuring proxy server settings for Receiver. If the Secure Gateway Proxy is installed on a server in the secure network, you can use the Secure Gateway Proxy in Relay mode. See the topics for the Secure Gateway for more information about Relay mode. If you are using Relay mode, the Secure Gateway server functions as a proxy and you must configure Receiver to use:
q

q
417

q
418

In addition to the requirements contained in the System Requirements and Compatibility for Citrix Receiver for Windows 3.0, you also must ensure that:
q
419

420

421

SSL and TLS are configured in the same way, use the same certificates, and are enabled simultaneously. When SSL and TLS are enabled, each time you initiate a connection, Receiver tries to use TLS first and then tries SSL. If it cannot connect with SSL, the connection fails and an error message appears. To force Receiver to connect with TLS, you must specify TLS on the Secure Gateway server or SSL Relay service. See the topics for the Secure Gateway or your SSL Relay service documentation for more information. In addition, make sure the user device meets all system requirements. To use SSL/TLS encryption for all Receiver communications, configure the user device, Receiver, and the server running the Web Interface.
422

q
423
To configure Citrix Receiver to use SSL/TLS

424

q
425
To use the Group Policy template to meet FIPS 140 security requirements
q
q q
426
427
428
429
The ICA File Signing feature helps protect users from unauthorized application or desktop launches.Citrix Receiver verifies that a trusted source generated the application or desktop launch based on administrative policy and protects against launches from untrusted servers. You can configure this Receiver security policy for application or desktop launch signature verification using Group Policy Objects or Citrix Merchandising Server. ICA file signing is not enabled by default and is not supported with Dazzle 1.1 or earlier. The Web Interface enables and configures application or desktop launches to include a signature during the launch process using the Citrix ICA File Signing Service. The service can sign ICA files using a certificate from the computer's personal certificate store. The Citrix Merchandising Server with Receiver enables and configures launch signature verification using the Citrix Merchandising Server Adminstrator Console > Deliveries wizard to add trusted certificate thumbprints. To use Group Policy Objects to enable and configure application or desktop launch signature verification, follow this procedure: 1. As an administrator, open the Group Policy Editor by either running gpedit.msc locally from the Start menu when applying policies to a single computer or by using the Group Policy Management Console when applying domain policies. Note: If you already imported the ica-file-signing.adm template into the Group Policy Editor, you can omit Steps 2 to 5. 2. In the left pane of the Group Policy Editor, select the Administrative Templates folder. 3. From the Action menu, choose Add/Remove Templates. 4. Choose Add and browse to the Receiver Configuration folder (usually C:\Program Files\Citrix\ICA Client\Configuration) and select ica-file-signing.adm. 5. Select Open to add the template and then Close to return to the Group Policy Editor. 6. From the Group Policy Editor, expand Administrative Templates and navigate through Citrix Components > Enable ICA File Signing. In Windows 7 and Windows Server 2008, expand Administrative Templates and navigate through Classic Administrative Templates (ADM) > Citrix Components to the desired configuration option. 7. If you choose Enabled, you can add signing certificate thumbprints to the white list of trusted certificate thumbprints or remove signing certificate thumbprints from the white list by clicking Show and using the Show Contents screen. You can copy and paste the signing certificate thumbprints from the signing certificate properties. Use
430
ICA File Signing - Protection Against Application or Desktop Launches From Untrusted Servers the Policy drop-down menu to select Only allow signed launches (more secure) or Prompt user on unsigned launches (less secure). Option Only allow signed launches (more secure) Description Allows only properly signed application or desktop launches from a trusted server. The user sees a Security Warning message in Receiver if an application or desktop launch has an invalid signature. The user cannot continue and the unauthorized launch is blocked. Prompts the user every time an unsigned or invalidly signed application or desktop attempts to launch. The user can either continue the application launch or abort the launch (default).
431

432

Launching SSO or Using Secure Connections with Web Interface

Add the exact address of the Web Interface site in the sites zone. Example Web Interface Site Addresses https://my.company.com 433


434

q
Adding the Web Interface site to the Trusted Site list Making changes to new registry settings
To add the Web Interface site to the trusted site list

1. From the Internet Explorer Tools menu, choose Internet Options > Security. 2. Select the Trusted sites icon and click the Sites button. 3. In the Add this website to the zone text field, type the URL to your Web Interface site and click Add. 4. Download the registry settings from http://support.citrix.com/article/CTX124871.html and make any registry changes. Use SsonRegUpx86.reg for Win32 user devices and SsonRegUpx64.reg for Win64 user devices. 5. Log off and then log on to the user device.
435

436

Enabling smart card logon allows users to use smart cards instead of passwords to authenticate to XenApp servers. You can use smart card logon either with or without pass-through authentication. You must enable smart card support on the server and set up and configure the user device properly with third-party smart card hardware and software. Refer to the documentation that came with your smart card equipment for instructions about deploying smart cards within your network. The smart card removal policy set on XenApp determines what happens if you remove the smart card from the reader during an ICA session. The smart card removal policy is configured through and handled by the Windows operating system.
q
437

Trusted server configuration is designed to identify and enforce trust relations involved in Receiver connections. This trust relationship increases the confidence of Receiver administrators and users in the integrity of data on user devices and prevents the malicious use of Receiver connections. When this feature is enabled, Receivers can specify the requirements for trust and determine whether or not they trust a connection to the server. For example, a Receiver connecting to a certain address (such as https://*.citrix.com) with a specific connection type (such as SSL) is directed to a trusted zone on the server. When trusted server configuration is enabled, XenApp servers or the Access Gateway must reside in a Windows Trusted Sites zone. (For step-by-step instructions about adding servers to the Windows Trusted Sites zone, see the Internet Explorer online help.) If you connect using SSL, add the server name in the format https://CN, where CN is the Common Name shown on the SSL certificate. Otherwise, use the format that Receiver uses to connect; for example if Receiver connects using an IP address, add the servers IP address. To enable trusted server configuration If you are changing this on a local computer, close all Receiver components, including the Connection Center. 1. As an administrator, open the Group Policy Editor by either running gpedit.msc locally from the Start menu when applying policies to a single computer or by using the Group Policy Management Console when applying domain policies. Note: If you already imported the icaclient template into the Group Policy Editor, you can omit Steps 2 to 5. 2. In the left pane of the Group Policy Editor, select the Administrative Templates folder. 3. From the Action menu, choose Add/Remove Templates. 4. Choose Add and browse to the Receiver Configuration folder (usually C:\Program Files\Citrix\ICA Client\Configuration) and select icaclient.adm. 5. Select Open to add the template and then Close to return to the Group Policy Editor. 6. Expand the Administrative Templates folder under the User Configuration node. 7. From the Group Policy Editor, expand Administrative Templates and navigate through Citrix Components > Citrix Receiver > Network Routing > Configure trusted server configuration. In Windows 7 and Windows Server 2008, expand Administrative Templates and navigate through Classic Administrative Templates (ADM) > Citrix Components to the desired configuration option. 8. From the Action menu, choose Properties and select Enabled.
438

When User Access Control (UAC) is enabled on devices running Windows Vista or later, only processes at the same elevation/integrity level as wfcrun32.exe can launch published applications. Example 1: When wfcrun32.exe is running as a normal user (un-elevated), other processes such as Receiver must be running as a normal user to launch applications through wfcrun32. Example 2: When wfcrun32.exe is running in elevated mode, other processes such as Connection Center, Receiver, and third party applications using the ICA Client Object that are running in non-elevated mode cannot communicate with wfcrun32.exe.
439
ICA Settings Reference

ChannelName
ChannelName
ClientAudio
AudioDevice(2) CommandAckThresh MaxDataBufferSize PlaybackDelayThresh AudioHWSection ControlPollTime MaxMicBufferSize VariantName AudioInWakeOnInput ConverterSection NumCommandBuffers AudioOutWakeOnOutput DataAckThresh NumDataBuffers
ClientComm
COMAllowed(2) CommPollWaitMax CommPollSize CommPollWaitMin CommPollWaitInc CommWakeOnInput CommPollWaitIncTime MaxPort, WindowSize
ClientDrive
CDMReadOnly MaxOpenContext DisableDrives MaxWindowSize EnableAsyncWrites NativeDriveMapping EnableReadAhead SFRAllowed
ClientPrinterPort
PrinterThreadPriority PrintMaxRetry WindowSize WindowsPrinter
ClientPrinterQueue
PrinterResetTime WindowsPrinter UnicodeEnabled WindowSize2 VSLAllowed(2) WindowSize
Compress
DriverNameWin32(12) 440
DefaultSerialConnection
DTR
Delegation
LockdownProfiles, RegionIdentification
Dynamic
AcceptURLType DesiredColor(5) InitialProgram(2) RECD(2) SessionSharingLaunchOnly UseAlternateAddress(3) Address(2) DriverNameAlt LongCommandLine(2) RejectURLType SSOnCredentialType(3) Username(3) BUCC(2) DriverNameAltWin32 Path REWD(2) startIFDCD(3) Command DriverNameWin32(12) ProxyHost(3) RtpAudioLowestPort startSCD(2)
Encoding
InputEncoding
EncRC-5-0, EncRC-5-40, EncRC-5-56, and EncRC-5-128

DriverNameWin32(12)
ICA 3.0
BufferLength VirtualDriverEx BufferLength2 DriverNameWin32(12) VirtualDriver
Logging
LogConfigurationAccess, LogEvidence, LogFile
Ping
PingCount 441
PrelaunchApplication
State Schedule UserOverride
qwerty
LicenseType, startIFDCD(3)
442
Server
Address(2) AECD AltProxyAutoConfigURL(2) AltProxyBypassList(2) AltProxyHost(2) AltProxyPassword(2) AltProxyType(2) AudioBandwidthLimit AudioDuringDetach AUTHPassword AUTHUserName AutoLogonAllowed BrowserProtocol BUCC(2) CFDCD ClearPassword ClientAudio COCD ConnectionFriendlyName DataBits DesiredColor(5) DeviceName DisableCtrlAltDel DisableMMMaximizeSupport Domain DoNotUseDefaultCSL EnableAudioInput EnableClientSelectiveTrust EnableOSS EnableRtpAudio EnableSessionSharing EnableSessionSharingClient EnableSessionSharingHost(2) EncryptionLevelSession InitialProgram(2) IOBase KeyboardTimer(2) Launcher LaunchReference LocHttpBrowserAddress LogFlush LogonTicket LogonTicketType LongCommandLine(2) LPWD LVBMode(2) MouseTimer MSIEnabled NDS NRUserName NRWD Password PersistentCacheEnabled pnStartSCD ProxyAuthenticationBasic(2) ProxyAuthenticationNTLM(2) ProxyAuthenticationPrompt(2) ProxyAutoConfigURL(2) ProxyBypassList ProxyFallback(2) ProxyFavorIEConnectionSetting(2) ProxyHost(3) ProxyPassword(2) ProxyTimeout ProxyUseDefault ProxyUseFQDN(2) ProxyUsername RECD(2) REWD(2) ScalingWidth Schedule ScreenPercent SecureChannelProtocol(2) SecurityTicket SessionSharingKey SessionSharingName SmartcardRequired(2) SpeedScreenMMA SpeedScreenMMAAudioEnabled SpeedScreenMMAMaxBufferThreshold SpeedScreenMMAMaximumBufferSize SpeedScreenMMAMinBufferThreshold SpeedScreenMMASecondsToBuffer SpeedScreenMMAVideoEnabled SSLCACert SSLCertificateRevocationCheckPolicy(2) SSLCommonName SSLEnable SSLNoCACerts(2) SSLProxyHost(2) SSOnCredentialType(3) SSOnDetected startIFDCD(3) startSCD(2) TRWD TWIEmulateSystray TWIMode TWISuppressZZEcho TWITaskbarGroupingMode UseAlternateAddress(3) UseDefaultEncryption UseLocalUserAndPassword(2) UseMRUBrowserPrefs Username(3)
443
ICA Settings Reference endIFDCD FONTSMOOTHINGTYPE FriendlyName ICASOCKSProtocolVersion(2) ICASOCKSProxyHost(2) ICASOCKSProxyPortNumber(2) InitialProgram RtpAudioHighestPort ScalingHeight ScalingHeight ScalingMode ScalingPercent VirtualChannels WorkDirectory ZLAutoHiLimit ZLAutoLowLimit ZLKeyboardMode ZLMouseMode
Smartcard
BypassSmartcardDomain PCSCLibraryName BypassSmartcardPassword SmartcardRequired(2) BypassSmartcardUsername Username(3) PCSCCodePage
TCP/IP
DefaultHttpBrowserAddress, DriverNameWin32(12), ICAPortNumber
Thinwire 3.0
DesiredColor(5) Tw2CachePower WindowManagerMoveIgnored InstallColormap TW2StopwatchMinimum WindowManagerMoveTimeout PersistentCacheMinBitmap(2) TW2StopwatchScale WindowsCache PersistentCacheSize(2) TWIFullScreenMode
Transport
BrowserRetry(2) OutBufCountClient2 BrowserTimeout(2) OutBufCountHost HttpBrowserAddress OutBufCountHost2 OutBufCountClient OutBufLength
444
WFClient
AllowAudioInput AllowVirtualDriverEx AllowVirtualDriverExLegacy AltProxyAutoConfigURL(2) AltProxyBypassList(2) AltProxyHost(2) AltProxyPassword(2) AltProxyType(2) AlwaysSendPrintScreen AppendUsername BrowserRetry(2) BrowserTimeout(2) CbChainInterval CDMAllowed CGPAddress ClientName ClipboardAllowed ColorMismatchPrompt_Have16_Want256 ColorMismatchPrompt_Have16M_Want256 ColorMismatchPrompt_Have64K_Want256 COMAllowed(2) ContentRedirectionScheme CPMAllowed CRBrowserAcceptURLtype CRBrowserCommand CRBrowserPath CRBrowserPercentS CRBrowserRejectURLtype CREnabled CRPlayerAcceptURLtype CRPlayerCommand CRPlayerPath CRPlayerPercentS CRPlayerRejectURLtype CustomConnectionsIconOff Hotkey1Shift Hotkey2Char Hotkey2Shift Hotkey3Char Hotkey3Shift Hotkey4Char Hotkey4Shift Hotkey5Char Hotkey5Shift Hotkey6Char Hotkey6Shift Hotkey7Char Hotkey7Shift Hotkey8Char Hotkey8Shift Hotkey9Char Hotkey9Shift HotkeyJPN%dChar HowManySkipRedrawPerPaletteChange ICAHttpBrowserAddress ICAKeepAliveEnabled ICAKeepAliveInterval ICAPrntScrnKey ICASOCKSProtocolVersion(2) ICASOCKSProxyHost(2) ICASOCKSProxyPortNumber(2) KeyboardLayout KeyboardSendLocale KeyboardType KeyboardTimer(2) LocalIME LogAppend LogConnect LogErrors LogFileGlobalPath PNPDeviceAllowed Port1 Port2 POSDeviceAllowed PrinterFlowControl ProxyAuthenticationBasic(2) ProxyAuthenticationKerberos ProxyAuthenticationNTLM(2) ProxyAuthenticationPrompt(2) ProxyAutoConfigURL(2) ProxyBypassList ProxyFallback(2) ProxyFavorIEConnectionSetting(2) ProxyHost(3) ProxyPassword(2) ProxyPort ProxyType ProxyUseFQDN(2) ReadersStatusPollPeriod RemoveICAFile ResMngrRunningPollPeriod SecureChannelProtocol(2) SessionReliabilityTTL SkipRedrawPerPaletteChange SmartCardAllowed
SSLCertificateRevocationCheckPolicy(2 SSLCiphers SSLNoCACerts(2) SSLProxyHost(2) SSOnCredentialType(3) SSOnUserSetting SSPIEnabled SucConnTimeout SwapButtons TransparentKeyPassthrough
445
ICA Settings Reference DeferredUpdateMode DesiredColor(5) DisableSound DisableUPDOptimizationFlag DynamicCDM EmulateMiddleMouseButton EmulateMiddleMouseButtonDelay EnableInputLanguageToggle EnableSessionSharingHost(2) EnableSSOnThruICAFile FastIdlePollDelay ForceLVBMode FullScreenBehindLocalTaskbar FullScreenOnly Hotkey10Char Hotkey10Shift Hotkey1Char LogFileWin32 Lpt1 Lpt2 Lpt3 LVBMode(2) MinimizeOwnedWindows MissedKeepaliveWarningMsg MissedKeepaliveWarningTime MouseWheelMapping PassThroughLogoff PercentS PersistentCacheGlobalPath PersistentCacheMinBitmap(2) PersistentCachePath PersistentCachePercent PersistentCacheSize(2) PersistentCacheUsrRelPath TransportReconnectDelay TransportReconnectEnabled TransportReconnectRetries TransportSilentDisconnect TwainAllowed TWIIgnoreWorkArea TWISeamlessFlag TWIShrinkWorkArea UseAlternateAddress(3) UsersShareIniFiles VirtualCOMPortEmulation VSLAllowed(2) Win32FavorRetainedPrinterSettings WpadHost XmlAddressResolutionType ZLDiskCacheSize ZLFntMemCacheSize
446

ChannelName
ChannelName
ClientAudio
AudioDevice(2) CommandAckThresh MaxDataBufferSize PlaybackDelayThresh AudioHWSection ControlPollTime MaxMicBufferSize VariantName AudioInWakeOnInput ConverterSection NumCommandBuffers AudioOutWakeOnOutput DataAckThresh NumDataBuffers
ClientComm
COMAllowed(2) CommPollWaitMax CommPollSize CommPollWaitMin CommPollWaitInc CommWakeOnInput CommPollWaitIncTime MaxPort, WindowSize
ClientDrive
CDMReadOnly MaxOpenContext DisableDrives MaxWindowSize EnableAsyncWrites NativeDriveMapping EnableReadAhead SFRAllowed
ClientPrinterPort
PrinterThreadPriority PrintMaxRetry WindowSize WindowsPrinter
ClientPrinterQueue
PrinterResetTime WindowsPrinter UnicodeEnabled WindowSize2 VSLAllowed(2) WindowSize
Compress
DriverNameWin32(12) 447
DefaultSerialConnection
DTR
Delegation
LockdownProfiles, RegionIdentification
Dynamic
AcceptURLType DesiredColor(5) InitialProgram(2) RECD(2) SessionSharingLaunchOnly UseAlternateAddress(3) Address(2) DriverNameAlt LongCommandLine(2) RejectURLType SSOnCredentialType(3) Username(3) BUCC(2) DriverNameAltWin32 Path REWD(2) startIFDCD(3) Command DriverNameWin32(12) ProxyHost(3) RtpAudioLowestPort startSCD(2)
Encoding
InputEncoding
EncRC-5-0, EncRC-5-40, EncRC-5-56, and EncRC-5-128

DriverNameWin32(12)
ICA 3.0
BufferLength VirtualDriverEx BufferLength2 DriverNameWin32(12) VirtualDriver
Logging
LogConfigurationAccess, LogEvidence, LogFile
Ping
PingCount 448
PrelaunchApplication
State Schedule UserOverride
qwerty
LicenseType, startIFDCD(3)
449
Server
Address(2) AECD AltProxyAutoConfigURL(2) AltProxyBypassList(2) AltProxyHost(2) AltProxyPassword(2) AltProxyType(2) AudioBandwidthLimit AudioDuringDetach AUTHPassword AUTHUserName AutoLogonAllowed BrowserProtocol BUCC(2) CFDCD ClearPassword ClientAudio COCD ConnectionFriendlyName DataBits DesiredColor(5) DeviceName DisableCtrlAltDel DisableMMMaximizeSupport Domain DoNotUseDefaultCSL EnableAudioInput EnableClientSelectiveTrust EnableOSS EnableRtpAudio EnableSessionSharing EnableSessionSharingClient EnableSessionSharingHost(2) EncryptionLevelSession InitialProgram(2) IOBase KeyboardTimer(2) Launcher LaunchReference LocHttpBrowserAddress LogFlush LogonTicket LogonTicketType LongCommandLine(2) LPWD LVBMode(2) MouseTimer MSIEnabled NDS NRUserName NRWD Password PersistentCacheEnabled pnStartSCD ProxyAuthenticationBasic(2) ProxyAuthenticationNTLM(2) ProxyAuthenticationPrompt(2) ProxyAutoConfigURL(2) ProxyBypassList ProxyFallback(2) ProxyFavorIEConnectionSetting(2) ProxyHost(3) ProxyPassword(2) ProxyTimeout ProxyUseDefault ProxyUseFQDN(2) ProxyUsername RECD(2) REWD(2) ScalingWidth Schedule ScreenPercent SecureChannelProtocol(2) SecurityTicket SessionSharingKey SessionSharingName SmartcardRequired(2) SpeedScreenMMA SpeedScreenMMAAudioEnabled SpeedScreenMMAMaxBufferThreshold SpeedScreenMMAMaximumBufferSize SpeedScreenMMAMinBufferThreshold SpeedScreenMMASecondsToBuffer SpeedScreenMMAVideoEnabled SSLCACert SSLCertificateRevocationCheckPolicy(2) SSLCommonName SSLEnable SSLNoCACerts(2) SSLProxyHost(2) SSOnCredentialType(3) SSOnDetected startIFDCD(3) startSCD(2) TRWD TWIEmulateSystray TWIMode TWISuppressZZEcho TWITaskbarGroupingMode UseAlternateAddress(3) UseDefaultEncryption UseLocalUserAndPassword(2) UseMRUBrowserPrefs Username(3)
450
ICA Settings Reference endIFDCD FONTSMOOTHINGTYPE FriendlyName ICASOCKSProtocolVersion(2) ICASOCKSProxyHost(2) ICASOCKSProxyPortNumber(2) InitialProgram RtpAudioHighestPort ScalingHeight ScalingHeight ScalingMode ScalingPercent VirtualChannels WorkDirectory ZLAutoHiLimit ZLAutoLowLimit ZLKeyboardMode ZLMouseMode
Smartcard
BypassSmartcardDomain PCSCLibraryName BypassSmartcardPassword SmartcardRequired(2) BypassSmartcardUsername Username(3) PCSCCodePage
TCP/IP
DefaultHttpBrowserAddress, DriverNameWin32(12), ICAPortNumber
Thinwire 3.0
DesiredColor(5) Tw2CachePower WindowManagerMoveIgnored InstallColormap TW2StopwatchMinimum WindowManagerMoveTimeout PersistentCacheMinBitmap(2) TW2StopwatchScale WindowsCache PersistentCacheSize(2) TWIFullScreenMode
Transport
BrowserRetry(2) OutBufCountClient2 BrowserTimeout(2) OutBufCountHost HttpBrowserAddress OutBufCountHost2 OutBufCountClient OutBufLength
451
WFClient
AllowAudioInput AllowVirtualDriverEx AllowVirtualDriverExLegacy AltProxyAutoConfigURL(2) AltProxyBypassList(2) AltProxyHost(2) AltProxyPassword(2) AltProxyType(2) AlwaysSendPrintScreen AppendUsername BrowserRetry(2) BrowserTimeout(2) CbChainInterval CDMAllowed CGPAddress ClientName ClipboardAllowed ColorMismatchPrompt_Have16_Want256 ColorMismatchPrompt_Have16M_Want256 ColorMismatchPrompt_Have64K_Want256 COMAllowed(2) ContentRedirectionScheme CPMAllowed CRBrowserAcceptURLtype CRBrowserCommand CRBrowserPath CRBrowserPercentS CRBrowserRejectURLtype CREnabled CRPlayerAcceptURLtype CRPlayerCommand CRPlayerPath CRPlayerPercentS CRPlayerRejectURLtype CustomConnectionsIconOff Hotkey1Shift Hotkey2Char Hotkey2Shift Hotkey3Char Hotkey3Shift Hotkey4Char Hotkey4Shift Hotkey5Char Hotkey5Shift Hotkey6Char Hotkey6Shift Hotkey7Char Hotkey7Shift Hotkey8Char Hotkey8Shift Hotkey9Char Hotkey9Shift HotkeyJPN%dChar HowManySkipRedrawPerPaletteChange ICAHttpBrowserAddress ICAKeepAliveEnabled ICAKeepAliveInterval ICAPrntScrnKey ICASOCKSProtocolVersion(2) ICASOCKSProxyHost(2) ICASOCKSProxyPortNumber(2) KeyboardLayout KeyboardSendLocale KeyboardType KeyboardTimer(2) LocalIME LogAppend LogConnect LogErrors LogFileGlobalPath PNPDeviceAllowed Port1 Port2 POSDeviceAllowed PrinterFlowControl ProxyAuthenticationBasic(2) ProxyAuthenticationKerberos ProxyAuthenticationNTLM(2) ProxyAuthenticationPrompt(2) ProxyAutoConfigURL(2) ProxyBypassList ProxyFallback(2) ProxyFavorIEConnectionSetting(2) ProxyHost(3) ProxyPassword(2) ProxyPort ProxyType ProxyUseFQDN(2) ReadersStatusPollPeriod RemoveICAFile ResMngrRunningPollPeriod SecureChannelProtocol(2) SessionReliabilityTTL SkipRedrawPerPaletteChange SmartCardAllowed
SSLCertificateRevocationCheckPolicy(2 SSLCiphers SSLNoCACerts(2) SSLProxyHost(2) SSOnCredentialType(3) SSOnUserSetting SSPIEnabled SucConnTimeout SwapButtons TransparentKeyPassthrough
452
ICA Settings Reference DeferredUpdateMode DesiredColor(5) DisableSound DisableUPDOptimizationFlag DynamicCDM EmulateMiddleMouseButton EmulateMiddleMouseButtonDelay EnableInputLanguageToggle EnableSessionSharingHost(2) EnableSSOnThruICAFile FastIdlePollDelay ForceLVBMode FullScreenBehindLocalTaskbar FullScreenOnly Hotkey10Char Hotkey10Shift Hotkey1Char LogFileWin32 Lpt1 Lpt2 Lpt3 LVBMode(2) MinimizeOwnedWindows MissedKeepaliveWarningMsg MissedKeepaliveWarningTime MouseWheelMapping PassThroughLogoff PercentS PersistentCacheGlobalPath PersistentCacheMinBitmap(2) PersistentCachePath PersistentCachePercent PersistentCacheSize(2) PersistentCacheUsrRelPath TransportReconnectDelay TransportReconnectEnabled TransportReconnectRetries TransportSilentDisconnect TwainAllowed TWIIgnoreWorkArea TWISeamlessFlag TWIShrinkWorkArea UseAlternateAddress(3) UsersShareIniFiles VirtualCOMPortEmulation VSLAllowed(2) Win32FavorRetainedPrinterSettings WpadHost XmlAddressResolutionType ZLDiskCacheSize ZLFntMemCacheSize
453
AcceptURLType
Specifies the acceptable URL types for the Content Redirection scheme. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM Dynamic ContentRedirection INI_CR_ACCEPT_URL_TYPE String Read Yes No
Values
Value "" http https Description None rejected - Default
INI Location
N/A
Registry Location
N/A
454
Address(2)
Address of the target server. Gives application server host name. It is also used to check whether it is a dialup or lan connection. For TCP/IP connections, this can be the DNS name of a XenApp server, the IP address of a XenApp server, or the name of a published application. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM Server,dynamic Misc INI_ADDRESS String Read & Write No No
Values
Value "" Description DNS name or IP Address of a Citrix server - Default
INI Location
INI File Module.ini Module.ini Module.ini Module.ini Module.ini All_Regions.ini canonicalization.ini Section TCP/IP TCP/IP - FTP TCP/IP - Novell Lan WorkPlace TCP/IP - Microsoft TCP/IP - VSL Network\Protocols TCP/IP Value Address
Registry Location
This key must be specified for .ica files. Registry Key Value
455
Address(2) HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Canonicalization\TCP/IP HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP - FTP HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP - Microsoft HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP - Novell Lan WorkPlace HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP - VSL HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Protocols HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Protocols Address
456
AECD
End User Experience Monitoring APPLICATION_ENUM_CLIENT (AECD). End User Experience Monitoring (EUEM) startup data. The time it takes to get the list of applications. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM Server EUEM INI_EUEM_AECD Integer Read & Write No No
Values
Value -1 Description Initial reset value - Default
INI Location
INI File All_Regions.ini Section Virtual Channels\End User Experience Value
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\End User Experience HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\End User Experience Value
457
AllowAudioInput
Allows the audio input for client audio. Gives a boolean value specifying whether audio input is allowed or not. Note: UNIX specific implemenation. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM WFClient Audio INI_ALLOWAUDIOINPUT Boolean Read Yes No
Values
Value False True Description Client audio input is not allowed - Default Client audio input is allowed
INI Location
N/A
Registry Location
N/A
458
AllowVirtualDriverEx
Allows third party virtual Driver Extention. Used to check whether virtual driver extension is allowed and if yes, appends third party virtual channels. To append a third-party virtual channel list to current virtual drivers, set AllowVirtualDriverEx to TRUE. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM WFClient Core INI_ALLOW_VIRTUALDRIVER_THIRDPARTY Boolean Read No No
Values
Value TRUE FALSE Description Allows third-party virtual Driver Extention - Default Does not allow third-party virtual driver extention
INI Location
INI File All_Regions.ini Section Virtual Channels\Third Party Value *
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Third Party HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Third Party Value * *
459
AllowVirtualDriverExLegacy
Allows legacy third-party virtual drivers. Specifies whether (TRUE) or not (FALSE) to load legacy third-party virtual driver. If this is set, the client parses the INI_ICA30 section for value INI_VIRTUALDRIVER, which is a list of Virtual Drivers separated by commas; ICA client attempts to load each Virtual Driver in this list. In order to successfully load, the .ini file must contain a section name that matches the Virtual Driver, and has correct Virtual Driver entries in the section. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM WFClient Core INI_ALLOW_VIRTUALDRIVER_THIRDPARTY_LEGACY Boolean Read No No
Values
Value TRUE FALSE Description Allow third-party legacy virtual drivers - Default Do not allow third-party legacy virtual drivers
INI Location
INI File All_Regions.ini Section Virtual Channels\Third Party Value *
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Third Party HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Third Party Value * *
460
AltProxyAutoConfigURL(2)
URLs for proxy auto detection script. Gives the URL (location) of proxy auto detection(.pac) script. Automatic Proxy Configuration is a proxy mode where the proxy configuration is described in a file, called a PAC (.pac) file. It must be set if the value of "AltProxyType" is Script; otherwise, it is ignored. ADM UI Element : Citrix Components > Citrix Receiver > Network routing > Proxy > Configure client failover proxy settings > Proxy script URLs Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM WFClient,Server Proxy INI_ALTPROXYAUTOCONFIGURL String Read No Yes
Values
Value "" Description URL for proxy auto detection script - Default
INI Location
INI File All_Regions.ini Section Network\Proxy Value
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy Value 3
461
AltProxyBypassList(2)
List of servers that do not traverse the failover proxy. Specifies a list of hosts for which to bypass proxy connections. For any proxy type, you can provide a list of servers that do not traverse the proxy. These should be placed in the "Bypass server list." An asterisk (*) included in a host name acts as a wildcard (for example, *.widgets.com). Multiple hosts must be separated by a semicolon (;) or comma (,). The bypass list can be up to 4096 characters. This parameter is ignored if the value of ProxyType is None or Auto. ADM UI Element : Citrix Components > Citrix Receiver > Network routing > Proxy > Configure client failover proxy settings > Bypass server list. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM WFClient, Server Proxy INI_ALTPROXYBYPASSLIST String Read No Yes
Values
Value "" Description List of hosts, seperated by semi-colon (;) or comma (,) - Default
INI Location
462
AltProxyBypassList(2)
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy Value
463
AltProxyHost(2)
Address of alternate (failover) proxy server. Specifies the address of the proxy server. It is required if the value of ProxyType is any of the following: Socks, SocksV4, SocksV5, Tunnel(Secure); otherwise, ProxyHost is ignored. To indicate a port number other than 1080 (default for SOCKS) or 8080 (default for Secure), append the appropriate port number to the value after a colon (:). ADM UI Element : Citrix Components > Citrix Receiver > Network routing > Proxy > Configure client failover proxy settings > Proxy host names Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM WFClient,Server Proxy INI_ALTPROXYHOST String Read No Yes
Values
Value "" Description Proxy Server Address - Default
INI Location
Registry Location
464
AltProxyPassword(2)
Failover proxy server password for user. Holds the clear text password to be used to automatically authenticate the client to the failover proxy. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM WFClient,Server Proxy INI_ALTPROXYPASSWORD String Read No No
Values
Value "" Description Prompt the user for the proxy password - Default
INI Location
Registry Location
465
AltProxyType(2)
Failover proxy type requested for connection. Specifies what type of failover proxy server a host session uses. When AltProxyType = "Secure", the client contacts the proxy identified by the "AltProxyHost" and "AltProxyPort" settings. The negotiation protocol uses an "HTTP CONNECT" header request specifying the desired destination. ADM UI Element : Citrix Components > Citrix Receiver > Network routing > Proxy > Configure client failover proxy settings > Proxy types Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM Server, WFClient Proxy INI_ALTPROXYTYPE String Read No Yes
Values
Value None Auto Tunnel (Secure) Wpad Socks Socks v4 Socks v5 Script Description Use Direct Connection - Default Auto Detect from Web browser Interpret proxy auto-configuration script
466
AltProxyType(2)
INI Location
INI File All_Regions.ini Trusted_Region.ini Untrusted_Region.ini Section Network\Proxy Network\Proxy Network\Proxy Value Auto Auto
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\Trusted Region\Lockdown\Network\Proxy HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\Untrusted Region\Lockdown\Network\Proxy HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy Value Auto Auto
467
AlwaysSendPrintScreen
Turns on or off the " AlwaysSendPrintScreen" attrtibute in seamless application. By enabling the key, user can use the " Print Screen" key on the keyboard while an ICA session is running with seamless application. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM WFClient Seamless INI_ALWAYSSENDPRNTSCRN Boolean Read No No
Values
Value Off On Description Print Screen key cannot be used - Default Print Screen key can be used
INI Location
INI File All_Regions.ini Section Virtual Channels\Keyboard Value
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Keyboard HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\ Value
468
AppendUsername
Specifies whether or not user can append user name to the window title bar. If the attribute is non zero, user can concatenate the user name with the regular text for the window title bar (very long window titles will be truncated). Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM WFClient CoreUI INI_APPEND_USERNAME Integer Read No No
Values
Value 0 1 Description Do not append the username - Default Add the username to the window title
INI Location
INI File All_Regions.ini Section Client Engine\GUI Value
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\GUI HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\GUI Value
469
AudioBandwidthLimit
Specifies the audio bandwidth limit and, by extension, the audio quality for the connection. Higher audio quality requires more bandwidth. The bandwidth requirements for high quality audio might make this setting unsuitable for many deployments. Corresponding UI Element: For applicationsetname: SETTINGS dialog box > DEFALUT OPTION tab > SOUND QUALITY menu For applicationservername: PROPERTIES dialog box > OPTIONS tab > SOUND QUALITY menu ADM UI Element: Citrix Components > Citrix Receiver > User experience > Client audio settings. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM Server Audio INI_AUDIOBANDWIDTHLIMIT Integer Read No Yes
Values
Value 1 2 0 Description Medium: 64 kilobits per second (network Connection) - Default Low: 4 Kbps (serial Connection) High : 1.4 megabits per second (Mbps)
INI Location
INI File All_Regions.ini Section Virtual Channels Value
470
AudioBandwidthLimit
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Audio HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Audio Value * *
471
AudioDevice(2)
Specifies the output device when there is more than one audio device available. It should default to the name that is standard for each UNIX variant. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM ClientAudio Audio INI_AUDIODEVICE String Read Yes No
Values
Value /dev/dsp Description For Linux, LinuxArm, or UCLinux - Default /dev/audio For Solaris, SolarisX86, or netbsd - Default <none> For any other platform - Default
INI Location
N/A
Registry Location
N/A
472
AudioDuringDetach
Specifies audio behavior when the ICO is detached from the page. Controls the audio behavior when a user navigates to a page with an ICA session, starts playing a wave file, and then navigates away. If AudioDuringDetach is false and the ICO is detached from the page, the audio stops. If it is true, the audio continues even after the detach. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM Server Audio INI_AUDIODURINGDETACH Boolean Read No No
Values
Value False True Description The audio will stop when ICO is detached - Default Audio will continue even after ICO is detached
INI Location
N/A
Registry Location
N/A
473
AudioHWSection
Used to locate the driver module in the [AudioConverter] section. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM ClientAudio Audio INI_CAM_AUDHW_SECTIONNAME String Read No No
Values
Value Description AudioConverter Default
INI Location
INI File Module.ini Module.ini Section AudioConverter ClientAudio Value AudioHardware AudioConverter
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\AudioConverter HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientAudio Value AudioHardware AudioConverter
474
AudioInWakeOnInput
Enable/Disable audio input. Audio is on when audio is detected on input channel. Linux only platform. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM ClientAudio Audio INI_CAM_AUDIOIN_WAKE_ON_INPUT Boolean Read & Write No No
Values
Value 1 0 Description Enable audio input - Default Disable audio input
INI Location
N/A
Registry Location
N/A
475
AudioOutWakeOnOutput
Enable/Disable audio output. Audio is enabled when audio is detected on output channel. Linux only platform. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM ClientAudio Audio INI_CAM_AUDIOOUT_WAKE_ON_OUTPUT Boolean Read No No
Values
Value 1 0 Description Enable audio input - Default Disable audio input
INI Location
N/A
Registry Location
N/A
476
AUTHPassword
Specifies SSL authorization password. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM Server SSL INI_AUTHPASSWORD String Read No No
Values
Value "" Description If present, any valid string representing password for authentication Default
INI Location
N/A
Registry Location
N/A
477
AUTHUserName
Specifies the SSL authorization username. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM Server SSL INI_AUTHUSERNAME String Read No No
Values
Value "" Description If present, the valid string representing username for authentication Default
INI Location
N/A
Registry Location
N/A
478
AutoLogonAllowed
Specifies whether or not autologon is allowed for Secure ICA client; specifies whether (Off) or not (On) to require users to enter their user name, domain name, and password when connecting using encryption levels greater than Basic. By default, users are required to enter this information, even if it is present in appsrv.ini. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM Server SSL AUTOLOGON Boolean Read No No
Values
Value FALSE TRUE Description Does not allow autologon for secure ICA client - Default Allows autologon for secure ICA client
INI Location
INI File Section Value * All_Regions.ini Login
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon Value * *
479
BrowserProtocol
Specifies the network protocol used for ICA browsing. Value contains the borwser-s protocol to use of either HTTP on TCP or UDP. Note: IPX, SPX, and NetBIOS are no longer supported.
Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM
Server EnumRes INI_BROWSEPROTOCOL String Read/Write No No
Values
Value UDP Description Default HTTPonTCP
INI Location
INI File All_Regions.ini Section Application Browsing Value
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Application Browsing HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Application Browsing Value
480
BrowserRetry(2)
Specifies the number of times the ICA Client device will resubmit an ICA Master Browser request that has timed out. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM Transport,WFClient EnumRes INI_BROWSERRETRY Integer Read No No
Values
Value 3 Description Default
INI Location
INI File Module.ini All_Regions.ini appsrv.ini Section TCP/IP Application Browsing WFClient Value 3 * 3
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Application Browsing HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Application Browsing Value 3 * *
481
BrowserTimeout(2)
Specifies the number of milliseconds the ICA Client will wait for a response after making a request to the ICA Master Browser. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM Transport,WFClient EnumRes INI_BROWSERTIMEOUT Integer Read No No
Values
Value 1000 Description Timeout (ms) - Default
INI Location
INI File Module.ini All_Regions.ini appsrv.ini Section TCP/IP Application Browsing WFClient Value 1000 * 1000
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Application Browsing HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Application Browsing Value 1000 * *
482
BUCC(2)
The number of backup URL retries before success. This is one of the Session Client startup data while End User Experience Monitoring (EUEM) metrics are stored. Note: This is the only start-up metric that is a count of attempts, rather than a duration. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM Server, Dynamic EUEM INI_EUEM_BUCC Integer Read & Write No No
Values
Value 0 Description Number of backup URL retries before success - Default
INI Location
Registry Location
483
BufferLength
Specifies the input buffer length in bytes for connections to MetaFrame XP, Feature Release 1 or earlier servers. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM ICA 3.0 Core INI_BUFFERLENGTH Integer Read No No
Values
Value 2048 Description Buffer Length (Bytes) - Default
INI Location
INI File Module.ini Section ICA 3.0 Value 2048
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ICA 3.0 Value 2048
484
BufferLength2
Specifies the input buffer length in bytes for connections to MetaFrame XP, Feature Release 2 or later servers. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM ICA 3.0 Core INI_BUFFERLENGTH2 Integer Read No No
Values
Value 5000 Description Buffer Length (Bytes) - Default
INI Location
INI File Module.ini Section ICA 3.0 Value 5000
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ICA 3.0 Value 5000
485
BypassSmartcardDomain
Enable/Disable bypass switch for domain name. Specifies whether (FALSE) or not (TRUE) to use smartcard to get the domain name or get it from appsrv.ini file. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM Smartcard Smartcard INI_DOMAINBYPASS Boolean Read No No
Values
Value False True Description Does not bypass smartcard to get domain information - Default Bypass smartcard for domain information
INI Location
N/A
Registry Location
N/A
486
BypassSmartcardPassword
Specifies whether (FALSE) or not (TRUE) to get password from smartcard. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM Smartcard Smartcard INI_DOMAINBYPASS String Read No No
Values
Value False True Description Does not bypass smartcard to get user information - Default Bypass smartcard for user information
INI Location
N/A
Registry Location
N/A
487
BypassSmartcardUsername
Specifies whether (FALSE) or not (TRUE) to use smartcard to get username or get it from appsrv.ini file. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM Server Smartcard INI_USERNAMEBYPASS String Read No No
Values
Value False True Description Does not bypass smartcard to get user information - Default Bypass smartcard for user information
INI Location
N/A
Registry Location
N/A
488
CbChainInterval
Specifies the number of milliseconds before testing if clipboard viewer chain is broken. Set to a positive number or to 0 to disable testing. Copying content from the user device and pasting it in a published application failed. This issue was caused by a third party application that prevented the client from receiving notification when new content was copied to the local clipboard. This attribute introduces support for a mechanism to check at periodic intervals the client`s ability to receive clipboard change notifications. If the mechanism finds the client cannot receive the notifications, the client attempts to register itself to receive future notifications. To enable this functionality, add in appsrv.ini files as follows: [WFClient] CbChainInterval=<value>, where value is the interval, in milliseconds, at which checks are to be performed. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM WFClient Clipboard INI_VCLIPBOARD_VIEWER_CHAIN_TEST_INTERVAL Integer Read No No
Values
Value 0 2000 Description Disable testing - Default Minimum (ms)
INI Location
N/A
Registry Location
N/A
489
CDMAllowed
Specifies whether Client Drive Mapping is allowed or not. ADM UI Element : Citrix Components > Citrix Receiver > Remoting client devices > Client drive mapping > Enable client drive mapping Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM WFClient CDM INI_CDMALLOWED Boolean Read No Yes
Values
Value True False Description Allow Client Drive Mapping - Default Do not allow Client Drive Mapping
INI Location
INI File All_Regions.ini appsrv.ini Section Virtual Channels\Drives WFClient Value * On
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Drives HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Drives Value * *
490
CDMReadOnly
Specifies that the CDM virtual channel permits read-only access to client drives. ADM UI Element : Citrix Components > Citrix Receiver > Remoting client devices > Client drive mapping > Read-only client drives Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM ClientDrive CDM INI_CDMREADONLY Boolean Read No Yes
Values
Value False True Description CDM is not read-only - Default CDM is read-only
INI Location
INI File All_Regions.ini Module.ini canonicalization.ini Section Virtual Channels\Drives ClientDrive ClientDrive Value * False CDMReadOnly
491
CDMReadOnly
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Canonicalization\ClientDrive HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientDrive HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Drives HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Drives Value CDMReadOnly False * *
492
CFDCD
Configuration File Download Client Duration (CFDCD) is the time it takes to get the configuration file from the XML server. This is one of the Session Client startup data while End User Experience Monitoring (EUEM) metrics are stored.
Server EUEM INI_EUEM_CFDCD Integer Read & Write No No
Values
Value -1 Description Default
INI Location
Registry Location
493
CGPAddress
Specifies the CGP address. It is in "hostname:port" form. Rather than specifying the hostname, you can type an asterisk (*) to use the Address parameter value as the host (session reliability server). The port value is optional. If you do not specify a port value, the default 2598 is used. If a connection on port 2598 fails, the client tries to establish a standard (non-session reliability) connection on port 1494. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM WFClient CGP INI_CGPADDRESS String Read & Write No No
Values
Value "" 0.0.0.0 Description If present, some valid CGP address - Default Bad CGP Address, use it as a marker for testing
INI Location
N/A
Registry Location
N/A
494
ChannelName
Specifies a name for the static virtual channel to use for a specific DVC plug-in. By default the static channel name is automatically generated using the module file name of the DVC plug-in. To ensure that a unique name is generated, upon collision one or two digits can be used at the end of the name to make it unique while keeping the name length at a maximum of seven characters. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM ChannelName DVC INI_DVC_PLUGIN_<DVC plugin name> String Read No No
Values
Value Description Static virtual channel name
INI Location
INI File Module.ini Section [DVC_Plugin_<DVC plugin name> ] Value
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\DVC_Plugin_<DVC plugin name> Value *
495
ClearPassword
Specifies the clear password to automatically authenticate the client. It is a plain text password. It overrides the Password parameter, but it only overrides the Password parameter if the EncryptionLevel of Password is basic or the AutoLogonAllowed = On in the INI file. Legacy Web Interface ticketing was implemented by passing a single-use authentication cookie to the server in the Clear Text password field. ADM UI Element : Citirix Components > Citrix Receiver > User authentication > Web Interface authentication ticket > Legacy ticket handling Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM Server Core INI_CLEAR_PASSWORD String Read No Yes
Values
Value "" Description Clear Password - Default
INI Location
INI File All_Regions.ini Section Logon\Saved Credentials Value
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon\Saved Credentials HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon\Saved Credentials Value
496
ClientAudio
Specifies whether (On) or not (Off) to enable client audio mapping. Use this policy to control how sound effects and music produced by remote applications or desktops are directed to the client computer. When this policy is enabled, the "Enable audio" check box can be used to completely disable client audio mapping. This does not affect the client to server audio data, which is controlled through the "Remoting client devices" policy. It is also possible to control the audio quality. Three quality levels are supported: low, medium, and high. This setting affects both server to client and client to server audio quality. Note that the bandwidth requirements for high quality audio could make this setting unsuitable for many deployments. ADM UI Element : Citrix Components > Citrix Receiver > User experience > Client audio settings > Enable audio Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM Server Audio INI_CAM Boolean Read No Yes
Values
Value Off On Description Disables client audio mapping - Default Enables client audio mapping
INI Location
INI File Module.ini All_Regions.ini Section VirtualDriver Virtual Channels\Audio Value *
497
ClientAudio
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\VirtualDriver HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Audio HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Audio Value * *
498
ClientName
Specifies the client name used to get serial number. Clients prior to Version 6.30 store the client name in the [WFClient] section of wfcname.ini. As of Version 6.30, clients retrieve the client name from the system registry. As of Version 6.03 or later, any ClientName setting in wfcname.ini is used only for migrating the client name to the registry during client install; for example, when upgrading from or auto-updating a pre-Version 6.30 client. The ClientName setting in the .ica file overrides the default way of retrieving the client name as described in Default Value. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM WFClient Core INI_CLIENTNAME String Read No No
Values
Value "" Description Client name - Default
INI Location
INI File All_Regions.ini Section Client Engine Value
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine Value
499
ClipboardAllowed
Enable or disable access to the client clipboard. Use this policy to enable and restrict the remote application or desktop`s access to the client clipboard contents. ADM UI Element: Citrix Components > Citrix Receiver > Remoting client devices > Clipboard > Enable/Disable Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM WFClient Clipboard INI_CLIPBOARDALLOWED Boolean Read No Yes
Values
Value True False Description Enable access to clipboard - default Disable access to clipboard
INI Location
INI File All_Regions.ini Section Virtual Channels\Clipboard Value *
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Clipboard HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Clipboard Value * *
500
COCD
End User Experience Monitoring (EUEM) COCD - CREDENTIALS_OBTENTION_CLIENT The time it takes to get the user credentials. COCD is measured only when credentials are entered manually by the user. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM Server EUEM INI_EUEM_COCD Integer Read & Write No No
Values
Value -1 Description Initial reset value - default
INI Location
Registry Location
501
ColorMismatchPrompt_Have16M_Want256
Specifies whether or not to display a warning if the client devices color depth is high color (16-bit) and the connection configuration is for 256 colors. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM WFClient Core INI_HAVE16M_WANT256 Boolean Read & Write No No
Values
Value On Off Description Enable device color depth warning display - default Disable device color depth warning display
INI Location
INI File appsrv.ini Section WFClient Value On
Registry Location
N/A
502
ColorMismatchPrompt_Have16_Want256
Specifies whether or not to display a warning if the client devices color depth is 16 colors and the connection configuration is for 256 colors. Not implemented in Program Neighborhood Client. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM WFClient Core INI_HAVE16_WANT256 Boolean Read No No
Values
Value On Off Description Displays a warning message in case of color depth error - default Does not display a warning message in case of color depth error
INI Location
Registry Location
N/A
503
ColorMismatchPrompt_Have64k_Want256
Specifies whether or not to display a warning if the client devices color depth is true color (32-bit) and the connection configuration is for 256 colors. Not implemented in Program Neighborhood Client.
WFClient Core INI_HAVE64K_WANT256 Boolean Read No No
Values
Value On Off Description Displays a warning message in case of low color depth error - default Does not display a warning message in case of color depth error
INI Location
Registry Location
N/A
504
COMAllowed(2)
Specifies whether or not COM port mapping is permitted. Use this policy to enable and restrict the remote application or desktop`s access to the clients serial ports. This allows the server to use locally attached hardware. Troubleshooting: Remote PDA synchronization uses "virtual COM ports." These are serial port connections that are routed through USB connections. For this reason, it is necessary to enable serial port access to use PDA synchronization. ADM UI Element: Citrix Components > Citrix Receiver > Remoting client devices > Client Hardware Access > Map Serial Ports Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM WFClient,ClientComm COMPortMapping INI_COMALLOWED Boolean Read No Yes
Values
Value On Off Description COM Port mapping is permitted - default COM Port mapping is disabled
INI Location
INI File All_Regions.ini appsrv.ini Section Virtual Channels\Serial Port WFClient Value * On
505
COMAllowed(2)
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Serial Port HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Serial Port Value * *
506
Command
Specify the command for Content Redirection. This is the command that runs the executable used for server to client redirection. There is no default value for this attribute. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM dynamic ContentRedirection INI_CR_CMD String Read Yes No
Values
Value "" Description Content Redirection Command - default
INI Location
N/A
Registry Location
N/A
507
CommandAckThresh
Command ACKs sent - threshold; the number of outstanding ACKs queued before a Command ACK is sent. ACKs are sent in the following situations:
q
The time since the last ACK was sent is at or above the delay threshold (time in milliseconds), OR The number of outstanding ACKs to be sent is at or above the threshold (Number of Command ACKs). ClientAudio Audio INI_CAM_CMDACK_THRESH Integer Read No No
Values
Value 1 Description Number of command ACKs sent threshold - default
INI Location
INI File Module.ini Section ClientAudio Value 1
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientAudio Value 1
508
CommPollSize
Turns On or Off COM (communication) port polling for CCM (Citrix Client port Mapping). Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM ClientComm COMPortmapping INI_CCMCOMMPOLLSIZE String Read No No
Values
Value On Off Description Enable Com port polling (for wince) - default Disable com port polling (for any other
INI Location
INI File Module.ini Section ClientComm Value On
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientComm Value On
509
CommPollWaitInc
Amount of time to slow down rate of COM polling. This setting is used to slow down the rate for polling of the COM port by the specified number of milliseconds. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM ClientComm COMPortmapping INI_CCMCOMMPOLLWAITINC Integer Read No No
Values
Value 1 Description default
INI Location
INI File Module.ini Section ClientComm Value 1
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientComm Value 1
510
CommPollWaitIncTime
Specifies the number of times to poll the COM port at the current poll rate before slowing the poll rate by "CommPollWaitInc" milliseconds. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM ClientComm COMPortmapping INI_CCMCOMMPOLLWAITINCTIME Integer Read No No
Values
INI Location
Registry Location
511
CommPollWaitMax
Specifies the maximum wait time (in milliseconds) for COM polling. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM ClientComm COMPortmapping INI_CCMCOMMPOLLWAITMAX Integer Read No No
Values
INI Location
Registry Location
512
CommPollWaitMin
Specifies the minimum wait time (in milliseconds) for COM polling.
ClientComm COMPortmapping INI_CCMCOMMPOLLWAITMIN Integer Read No No
Values
Value 1 0 Description 1 millisecond timeout No delay - default
INI Location
INI File Module.ini Section ClientComm Value
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientComm Value
513
CommWakeOnInput
This setting is used to wake the client upon COM port activity. Only used if pooling is allowed. These settings configure the client to be a bit more responsive to incoming serial port data and information. Setting this parameter causes the Unix clients (Linux and Solaris) to wake-up immediately when the system receives a byte on a serial port.
ClientComm COMPortmapping INI_CCM_WAKE_ON_INPUT Boolean Read No No
Values
Value TRUE FALSE Description Allows wake on input from a serial line - default Does not allow wake on input form a serial line
INI Location
N/A
Registry Location
N/A
514
ConnectionFriendlyName
Specifies the connection friendly name string for the server. This is the user-defined server name. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM Server Core INI_CONNECTIONFRIENDLYNAME String Read No Yes
Values
Value "" Description Friendly name string for the server - default
INI Location
INI File All_Regions.ini Section Client Engine\GUI Value
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\GUI HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\GUI Value
515
ContentRedirectionScheme
Specifies the list of new schemes. Each scheme is added as new scheme. This is done as a part of setting up Content Redirection for a Unix client. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM WFClient ContentRedirection INI_CR_SCHEME String Read Yes No
Values
Value "" Description default
INI Location
N/A
Registry Location
N/A
516
ControlPollTime
This setting is used as a timer, in milliseconds, to poll client audio control values. If any control value changes, the new value is sent to the server. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM ClientAudio Audio INI_CAM_CONTROLPOLLTIME Integer Read No No
Values
Value 1000 Description 1 sec (1000 msec) - default
INI Location
N/A
Registry Location
N/A
517
ConverterSection
Audio converter list. Used to get the [AudioConverterList] section Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM ClientAudio Audio INI_CAM_AUDCVT_LIST_SECTIONNAME String Read No No
Values
Value AudioConverterList Description default
INI Location
INI File Module.ini Section AudioConverter Value AudioConverterList
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\AudioConverter Value AudioConverterList
518
CPMAllowed
Specifies whether (On) or not (Off) parallel port mapping is allowed. Enable and restrict the remote application or desktop`s access to the clients parallel ports. This allows the server to use locally attached hardware. ADM UI Element: Citrix Component > Citrix Receiver > Remoting client devices > Client hardware access > Map parallel ports Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM WFClient ParallelPortMapping INI_CPMALLOWED Boolean Read No Yes
Values
Value true false Description Enable parallel port mapping - default Disable parallel port mapping
INI Location
INI File All_Regions.ini appsrv.ini Section Virtual Channels\Printing WFClient Value * On
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Printing HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Printing Value * *
519
CRBrowserAcceptURLtype
Specify the acceptable browser URL types. Provides acceptable browser URL types for specific content redirection scheme. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM WFClient ContentRedirection INI_CR_BROWSER_ACCEPT_URL String Read Yes No
Values
Value http, https Browser Description default
INI Location
N/A
Registry Location
N/A
520
CRBrowserCommand
Name of the browser executable used to handle redirected browser URLs and it is appended with %s (for example, netscape %s). Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM WFClient ContentRedirection INI_CR_BROWSER_CMD String Read Yes No
Values
Value $ICAROOT/util/nslaunch %s ${BROWSER:=netscape}%s mozilla %s Description default
INI Location
N/A
Registry Location
N/A
521
CRBrowserPath
Server to client content redirection browser path, that is, the directory where the browser executable is located. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM WFClient ContentRedirection INI_CR_BROWSER_PATH String Read Yes No
Values
Value "" Description Browser path - default
INI Location
N/A
Registry Location
N/A
522
CRBrowserPercentS
The number of occurrences of %s in the CRBrowserCommand setting Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM WFClient ContentRedirection INI_CR_N_BROWSER_PERCENT_S Integer Read Yes No
Values
INI Location
N/A
Registry Location
N/A
523
CRBrowserRejectURLtype
Specifies the browser URL types that should be rejected for the specific content redirection scheme. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM WFClient ContentRedirection INI_CR_BROWSER_REJECT_URL String Read Yes No
Values
Value "" Description Browser URL to reject - default
INI Location
N/A
Registry Location
N/A
524
CREnabled
Specifies whether server to client content redirection is enabled. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM WFClient ContentRedirection INI_CR_ENABLED Boolean Read Yes No
Values
Value TRUE FALSE Description Enable Content redirection - default Disable content redirection
INI Location
INI File All_Regions.ini Section Virtual Channels\Control Value *
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Control HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Control Value * *
525
CRPlayerAcceptURLtype
Specifies which types of strings are acceptable for RealPlayer Schemes for content redirection setting of the Unix client. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM WFClient ContentRedirection INI_CR_PLAYER_ACCEPT_URL String Read Yes No
Values
Value "rtsp,rtspu,pnm" Description default
INI Location
N/A
Registry Location
N/A
526
CRPlayerCommand
Specifies the name of the executable used to handle the redirected multimedia URLs, appended with %s during RealPlayer content redirection for the Unix client. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM WFClient ContentRedirection INI_CR_PLAYER_CMD String Read Yes No
Values
Value realplay %s Description default
INI Location
N/A
Registry Location
N/A
527
CRPlayerPath
Specifies the directory where the RealPlayer executable is located during content redirection for the Unix client. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM WFClient ContentRedirection INI_CR_PLAYER_PATH String Read Yes No
Values
Value "" Description
INI Location
N/A
Registry Location
N/A
528
CRPlayerPercentS
The number of occurrences of %s in the CRPlayerCommand setting Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM WFClient ContentRedirection INI_CR_N_PLAYER_PERCENT_S Integer Read Yes No
Values
INI Location
N/A
Registry Location
N/A
529
CRPlayerRejectURLtype
Specifies which type of strings will be rejected for RealPlayer Schemes for content redirection setting of the UNIX client. The reason there is both an accept and reject is that the code that tests them matches just to the length of the definition. So if you accept HTTP, it also means that HTTPS will be accepted. In case you wanted only HTTP, there is the option to explicitly reject HTTPS.
WFClient ContentRedirection INI_CR_PLAYER_REJECT_URL String Read Yes No
Values
Value * Description The type of string to reject for content redirection - No default value.
INI Location
N/A
Registry Location
N/A
530
DataAckThresh
Data acknowledgment threshold value, which represents the maximum number of command acknowledgments that can accumulate before sending an acknowledgment (purging the queue). Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM ClientAudio Audio INI_CAM_DATAACK_THRESH Integer Read No No
Values
Value 1 Description Do not send any other command until you get the ack - default
INI Location
Registry Location
531
DataBits
Specifies the number of data bits used for serial connections. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM Server SerialPort INI_DATA String Read & Write No No
Values
Value 8 Description Number of data bits for serial connection - default
INI Location
N/A
Registry Location
N/A
532
DefaultHttpBrowserAddress
Default HTTP browser address for TCP. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM TCP/IP EnumRes INI_DEFHTTPBROWSERADDRESS String Read No No
Values
Value "" Description Default HTTP browser address - default
INI Location
INI File Module.ini Section TCP/IP Value
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP Value
533
DeferredUpdateMode
Enables or disables deferred screen update mode. Add this value and the ForceLVBMode value to the [WFClient] section of the Appsrv.ini file located in the users profile directory on the computer running Citrix XenApp to address repaint issues due to a poor refresh rate. This may occur with some applications when running the application in seamless mode while utilizing the pass-through client on the server. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM WFClient Graphics INI_DEFERRED_UPDATE_MODE Boolean Read No No
Values
Value False True Description Disable deferred screen updates - default Enable deferred screen updates
INI Location
N/A
Registry Location
N/A
534
DesiredColor(5)
Specifies the preferred color depth for a session. In general, low color depths give better performance over low bandwidth; however some of the compression technologies available can only be used with full color, so the effective performance depends on the individual application and usage pattern. The server may choose not to honor the color depth setting chosen because higher color depths result in heavy memory usage on the servers. 256 or greater colors are supported only for Windows clients. The value of 8 is treated as "true color" which is 32-bit, unless the administrator explicitly prohibits a server from supporting a 32-bit session. In that case, the session is downgraded to 24-bit. ADM UI Element: Citrix Components > Citrix Receiver > User experience > Client graphics settings > Color depth Interface Element:
q
For applicationsetname: Settings dialog box > Default Options tab > Window Properties > Window Colors menu For applicationservername: Properties dialog box > Options tab > Window Properties > Window Colors menu dynamic,WFClient,Thinwire3.0,Thinwire3.0,Server Graphics INI_DESIREDCOLOR String Read No Yes
Values
Value 1 2 4 8 Description 16 colors - default 256 colors high color true color
535
DesiredColor(5)
INI Location
INI File Module.ini All_Regions.ini canonicalization.ini wfclient.ini appsrv.ini Section Thinwire3.0 Virtual Channels\Thinwire Graphics Thinwire3.0 Thinwire3.0 WFClient Value 8 * DesiredColor 0x0002 2
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Canonicalization\Thinwire3.0 HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Thinwire3.0 HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Thinwire Graphics HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Thinwire Graphics Value DesiredColor 8 * *
536
DeviceName
Specifies the device name for serial connections (COM1, COM2, etc). If this value is not NULL, it is assumed that a serial port connection is being used. If this value is NULL (empty string), the network transport driver is used. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM Server SerialPort INI_DEVICE String Read & Write No No
Values
Value COM1 Description Name of COM port
INI Location
N/A
Registry Location
N/A
537
DisableCtrlAltDel
Enables (Off) or disables (On) the Ctrl+Alt+Del key combination within the ICA session to prevent users from shutting down the Citrix server. ADM UI element: Citrix Components -> Presentation Server Client -> User Authentication -> Smartcard Authentication-> Passthrough Authentication for PIN Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM Server Keyboard INI_CTRLALTDEL Boolean Read & Write No Yes
Values
Value On Off Description Disables the Ctrl+Alt+Del key combination - default Enables the Ctrl+Alt+Del key combination
INI Location
INI File All_Regions.ini Section Virtual Channels\Smartcard Value *
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Smartcard HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Smartcard Value * *
538
DisableDrives
Gives the list of the client drives that should not be mapped to the server. Access to Windows drives can be disabled by entering the relevant drive letter in the "Do not map drives" box. This is a concatenation of all drives that should not be mapped when connecting to a published application or desktop, for example "ABFK" disables the drives A, B, F and K. (DisableDrives = "A,B,F,K") ADM UI Element : Citrix Components > Citrix Receiver > Remoting client devices > Client drive mapping > Do not map drives Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM ClientDrive CDM INI_DISABLEDRIVES String Read No Yes
Values
Value "" Description Client drives to map - default
INI Location
INI File All_Regions.ini Module.ini canonicalization.ini Section Virtual Channels\Drives ClientDrive ClientDrive Value DisableDrives
539
DisableDrives
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Canonicalization\ClientDrive HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientDrive HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\VirtualChannels\Drives HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\VirtualChannels\Drives Value DisableDrives
540
DisableMMMaximizeSupport
Enable/disable desktop maximize capability. This setting is used by monitor layout to disable maximize capability. MonitorLayout is the data that is sent to the server to describe the layout of the client`s desktop in a multi-monitor environment. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM Server MultiMonitor INI_DISABLE_MAXIMIZE Boolean Read No No
Values
Value False True Description Enables maximize capability - default Disables maximize capability
INI Location
INI File All_Regions.ini Section Virtual Channels\Seamless Windows Value *
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Seamless Windows HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Seamless Windows Value * *
541
DisableSound
Disables Windows alert sounds (the Windows "Asterisk" event). If client audio mapping is disabled with the ClientAudio parameter, this setting has no effect. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM WFClient Audio INI_SOUND Boolean Read No No
Values
Value Off On Description Enable windows alert sounds - default Disable windows alert sounds
INI Location
INI File appsrv.ini Section WFClient Value Off
Registry Location
N/A
542
DisableUPDOptimizationFlag
Disables the universal printer driver (UPD) bitmap compression (only) or both the compression and optimization. When printing to certain printers using the UPD, letters might be printed faded and barely legible. The issue occurs because certain print drivers do not work well with XenApp UPD optimization, which compresses the bitmap to use fewer bits whenever possible. To disable this optimization, modify the users appsrv.ini file using a text editor and insert this parameter in the [WFClient] section. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM WFClient Printing INI_UPD_OPTIMIZATION_DISABLE_FLAG Integer Read No No
Values
Value 0 1 2 Description Do not disable UPD compression and optimization - default Disables bitmap compression, which attempts to use fewer bits to encode the bitmap Disables optimization that skips spaces; it also disables bitmap compression
INI Location
N/A
Registry Location
N/A
543
Domain
XenApp domain name. This is the domain name that appears in the Domain text box if the user selects the user-specified credentials option for the associated custom ICA connection. "Domain" can be used to restrict or override which users can be automatically authenticated to servers. These can be specified as comma-separated lists. Corresponding UI Element Properties dialog box > Logon Information tab > Userspecified credentials option > Domain text box ADM UI Element: Citrix Components > Citrix Receiver > User Authentication > Locally Stored Credentials > Domain Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM Server Core INI_DOMAIN String Read No Yes
Values
Value "" Description Domain name - default
INI Location
544
Domain
Registry Location
545
DriverNameAlt
Specifies the name of the Unix/Mac alternate virtual driver. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM dynamic Core INI_DRIVERNAMEALT String Read No No
Values
Value DriverName Description default
INI Location
N/A
Registry Location
N/A
546
DriverNameAltWin32
Specifies the name of the Win32 alternate virtual driver. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM dynamic Core INI_DRIVERNAMEALT String Read No No
Values
Value DriverNameWin32 Description default
INI Location
N/A
Registry Location
N/A
547
DriverNameWin32(12)
Specifies the name of the Win32 driver file to load for the specified driver. The driver could be one of the following. depending on the section name from where this attribute is being read.
q
ClientAudio HW driver Transport driver TCP/IP transport driver ICA 3.0 Winstation driver ClientAudio driver Compress driver EncRC5-0 driver EncRC5-128 driver EncRC5-40 driver EncRC5-56 driver EncryptionLevelSession driver
Compress,dynamic,EncRC5-56,EncRC5-40,EncRC5-128,EncRC5-0,dynamic 3.0,TCP/IP,dynamic,dynamic,dynamic Core INI_DRIVERNAMEWIN32 String Read & Write No No
548
DriverNameWin32(12)
Values
Value "" pdcompn.dll pdc0n.dll pdc128n.dll pdc40n.dll pdc56n.dll Description For ClientAudio HW, Transport, TCP/IP, ICA 3.0, ClientAudio, EncryptionLevelSession drivers - default For Compress driver - default For EncRC5-0 driver - default For EncRC5-128 driver - default For EncRC5-40 driver - default For EncRC5-56 driver - default
INI Location
INI File Module.ini Module.ini Module.ini Module.ini Module.ini Module.ini Module.ini Module.ini Module.ini Module.ini Module.ini Module.ini Module.ini Module.ini Module.ini Module.ini Module.ini Module.ini Module.ini Module.ini Module.ini Module.ini Module.ini 549 Section TCP/IP ICA 3.0 RFrame Frame Reliable EncRC5-0 Encrypt EncRC5-40 EncRC5-56 EncRC5-128 Thinwire3.0 ClientDrive ClientPrinterQueue ClientPrinterPort ClientComm Clipboard TWI ZL_FONT ZLC ICACTL LicenseHandler ClientAudio AudioConverter Value TDWSTCPN.DLL WDICA30N.DLL PDRFRAMN.DLL PDFRAMEN.DLL PDRELIN.DLL PDC0N.DLL PDCRYPTN.DLL PDC40N.DLL PDC56N.DLL PDC128N.DLL VDTW30N.DLL VDCDM30N.DLL VDSPL30N.DLL VDCPM30N.DLL VDCOM30N.DLL VDCLIPN.DLL VDTWIN.DLL VDFON30N.DLL VDZLCN.DLL VDCTLN.DLL VDLICN.DLL VDCAMN.DLL AUDCVTN.DLL
DriverNameWin32(12) Module.ini Module.ini Module.ini Module.ini Module.ini Module.ini Module.ini Module.ini Module.ini AudioHardware ConverterADPCM SmartCard Multimedia SpeechMike TwainRdr SSPI UserExperience Compress AUDHALN.DLL ADPCM.DLL VDSCARDN.DLL VDMMN.DLL VDSPMIKE.DLL VDTWN.DLL VDSSPIN.DLL VDEUEMN.DLL PDCOMPN.DLL
550
DriverNameWin32(12)
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\AudioConverter HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\AudioHardware HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientAudio HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientComm HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientDrive HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientPrinterPort HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientPrinterQueue HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Clipboard HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Compress HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ConverterADPCM HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\EncRC5-0 HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\EncRC5-128 HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\EncRC5-40 HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\EncRC5-56 HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Encrypt HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Frame HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ICA 3.0 HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ICACTL HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\LicenseHandler HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Multimedia Value AUDCVTN.DLL AUDHALN.DLL VDCAMN.DLL VDCOM30N.DLL VDCDM30N.DLL VDCPM30N.DLL VDSPL30N.DLL VDCLIPN.DLL PDCOMPN.DLL ADPCM.DLL PDC0N.DLL PDC128N.DLL PDC40N.DLL PDC56N.DLL PDCRYPTN.DLL PDFRAMEN.DLL WDICA30N.DLL VDCTLN.DLL VDLICN.DLL VDMMN.DLL
551
DriverNameWin32(12) HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Reliable HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\RFrame HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\SmartCard HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\SpeechMike HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\SSPI HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Thinwire3.0 HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TwainRdr HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TWI HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\UserExperience HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ZLC HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ZL_FONT PDRELIN.DLL PDRFRAMN.DLL VDSCARDN.DLL VDSPMIKE.DLL VDSSPIN.DLL TDWSTCPN.DLL VDTW30N.DLL VDTWN.DLL VDTWIN.DLL VDEUEMN.DLL VDZLCN.DLL VDFON30N.DLL
552
DTR
Set the Default state of the COM port DTR. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM Default Serial Connection COMPortMapping INI_DTR Boolean Read & Write No No
Values
Value On Off Description Set DTR ON by default - default Set DTR OFF by default
INI Location
INI File Module.ini Section Hardware Receive Flow Control Value
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Hardware Receive Flow Control Value
553
DynamicCDM
Specifies whether Dynamic Client Drive Mapping is allowed or not. This setting enables or disables PnP support for USB thumb drives. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM WFClient USB Thumb Drive Support INI_DYNAMIC_CDM Boolean Read No Yes
Values
Value true false Description Dynamic Client Drive Mapping is allowed - default Dynamic Client Drive Mapping is not allowed
INI Location
INI File All_Regions.ini Appsrv.ini Section Virtual Channels\Drives WFClient Value * On
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Drives HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Drives Value * *
554
EmulateMiddleMouseButton
Emulate middle mouse button on a system with a two-button mouse. This setting is used with EmulateMiddleMouseButtonDelay. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM WFClient Mouse INI_EMULATE_MIDDLE_MOUSE_BUTTON Boolean Read No No
Values
Value TRUE FALSE Description Emulate middle mouse button - default Do not emulate middle mouse button (default for Win16)
INI Location
N/A
Registry Location
N/A
555
EmulateMiddleMouseButtonDelay
Specifies timer used in middle mouse button emulation. When middle-mouse button emulation is enabled (EmulateMiddleMouseButton set to True), holding left and right mouse buttons down together for the specified timeout emulates the pressing of the middle button. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM WFClient Mouse INI_EMULATE_MIDDLE_MOUSE_BUTTON_DELAY Integer Read No No
Values
Value 100 Description Time in milliseconds.
INI Location
INI File n/a Section Value
Registry Location
Registry Key n/a Value
556
EnableAsyncWrites
Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM ClientDrive CDM INI_ENABLE_ASYNCWRITES Boolean Read No No
Values
Value On Off Description Enable async disk write. Disable disk write.
INI Location
INI File n/a Section Value
Registry Location
Registry Key n/a Value
557
EnableAudioInput
Enable access to audio capture devices. Use this policy to enable and restrict the remote application or desktop access to local audio capture devices (microphones). ADM Interface Element: Remoting Client Devices->Client Microphone->Enable Client Microphone Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM Server Audio INI_AUDIOINPUTENABLE Boolean Read No Yes
Values
Value True False Description Allow use of audio capture devices (microphone). Disallow use of audio capture devices (microphone).
INI Location
INI File All_Regions.ini Section Virtual Channels\Audio Value *
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Audio HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Audio Value * *
558
EnableClientSelectiveTrust
Enables Trusted Server Configuration. Use this policy to control how the client identifies the published application or desktop to which it is connecting. The client determines a trust level, known as a trust region with a connection. The trust region then determines how the client is configured for the connection. When this policy is enabled, the client can perform region identification by using the Enforce trusted server configuration option. By default, region identification is based on the address of the server the client is connecting to. To be a member of the trusted region, the server must be a member of the Windows Trusted Sites zone. You can configure this using the Windows Internet Explorer > Internet Options > Trusted sites setting. Alternatively, for compatibility with non-Windows clients, the server address can be specifically trusted using the Address setting. This is a comma-separated list of servers, which also supports the use of wildcards; for example, cps*.citrix.com. ADM UI Element : Citrix Components > Citrix Receiver > Network Routing > Configure Trusted Server Configuration > Enforce Trusted Server Configuration Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM Server CST INI_CLIENTSELECTIVETRUST_ENABLED Boolean Read No Yes
Values
Value 0 1 Description Default
INI Location
INI File All_Regions.ini Section Network\ClientSelectiveTrust Value *
559
EnableClientSelectiveTrust
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\ClientSelective HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\ClientSelectiveTrust Value * *
Troubleshooting
In the default configuration, when trusted server configuration prevents the client from connecting, the following error message is displayed: <Server> ERROR: Cannot connect to the Citrix XenApp Server. The server (xxx) is not trusted for ICA connections. Connections to the (Untrusted Region) Region are not allowed by lockdown settings. Please contact your administrator. The server identified in the "xxx" must be added to the Windows Trusted Sites zone (as either http:// or https:// for SSL connections) for the connection to succeed. For the SSL connections, add the certificate common name to the Windows Trusted Sites zone. For non-SSL connections, all servers that are contacted must be individually trusted. When using application browsing, include both the XML Service and the server it redirects to in the Windows Trusted Sites zone.
560
EnableInputLanguageToggle
Allows users to define and use hotkeys, such as the grave accent or the Ctrl + Shift key combination to switch between allowed input languages. For Win32 only. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM WFClient Keyboard INI_INPUTLANGUAGETOGGLE Boolean Read No No
Values
Value FALSE TRUE Description Disabled - Default Enabled
INI Location
N/A
Registry Location
N/A
561
EnableOSS
Specifies whether or not to enable Off Screen Surface (OSS). Enables the server to command the creation and use of X pixmaps for off-screen drawing. Reduces bandwidth in 15 and 24-bit color at the expense of X server memory and processor time. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM Server Graphics INI_ENABLE_OSS Boolean Read No No
Values
Value TRUE FALSE Description Enable OSS - Default Disable OSS
INI Location
INI File All_Regions.ini Section Virtual Channels\Thinwire Graphics Value *
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Thinwire Graphics HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Thinwire Graphics Value *
562
EnableReadAhead
Enables read-ahead for processing the request. Memory-constrained clients may allocate less memory for this purpose. This attributes indicates that whether drive mapping acceleration is supported or not. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM ClientDrive CDM INI_ENABLE_READAHEAD Boolean Read No No
Values
Value TRUE FALSE Description Enable read-ahead - Default Disable read-ahead
INI Location
N/A
Registry Location
N/A
563
EnableRtpAudio
Enables or disables the real-time transport of audio over UDP. ADM UI Element: Citrix Components > Citrix Receiver > User experience > Client audio settings Section Feature Attribute Name Definition Location Data Type Access Type UNIX Specific Present in ADM Server Audio INI_RTPAUDIOENABLE inc\icaini.h Boolean Read No Yes
Values
Value TRUE FALSE Description Enables Rtp Audio Disables Rtp Audio Default
INI Location
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Audio HKEY_CURRENT_USER\Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Audio Value * *
564
EnableSessionSharing
Use this policy to configure the client handling of remote applications. When enabled, this policy uses the list in the "Application" box to determine which published applications can be directly launched by the client. You can request that remote applications share sessions (run in a single ICA connection). This provides a better user experience, but is sometimes not desirable. The session sharing feature can be disabled by clearing the "Session sharing" check box. ADM UI Element : Citrix Components > Citrix Receiver > User experience > Remote applications Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM Server SessionSharing INI_ENABLE_SESSIONSHARING Boolean Read No Yes
Values
Value On Off Description Enable session sharing - Default Disable session sharing
INI Location
INI File All_Regions.ini Section Client Engine\Session Sharing Value *
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Session Sharing HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Session Sharing Value * *
565
EnableSessionSharing
Troubleshooting
Published applications are denoted by a # in front of the application name. Omitting the # symbol attempts to launch a particular program or desktop. A computer running XenApp will not allow this by default, and rejects the connection, displaying: "You do not have access to this session." Session sharing is controlled by the SessionSharingKey that prevents applications launched from different Web Interface servers from sharing sessions. In addition, applications with different graphics or security settings are prevented from sharing sessions.
566
EnableSessionSharingClient
Enables or disables seamless applications to operate using the same session on the same terminal server. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM Server SessionSharing INI_SESSION_SHARING_CLIENT Boolean Read No No
Values
Value FALSE TRUE Description Disable session sharing - Default Enable session sharing
INI Location
INI File All_Regions.ini Section Client Engine\Session Sharing Value *
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Session Sharing HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Session Sharing Value * *
567
EnableSessionSharingHost(2)
Specifies whether or not to accept the session sharing requests from other ICA sessions on the same X display. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM WFClient, Server SessionSharing INI_SESSION_SHARING_HOST Boolean Read No No
Values
Value FALSE TRUE Description Does not accept session sharing requests from other ICA session - Default Accepts session sharing requests from other ICA session
INI Location
INI File All_Regions.ini Section Client Engine\Session Sharing Value
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Session Sharing HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Session Sharing Value
568
EnableSSOThruICAFile
Specifies whether or not to use the same user name and password the user used to log on to the client device for authentication through .ica files. For security reasons, users cannot be authenticated to the server unless this parameter is present and its value set to On, even if UseLocalUserAndPassword and SSOnUserSetting are specified in the .ica file. The EnableSSOnThruICAFile entry should be present in the APPSRV.INI file to respect the other SSON entries in the ICA File. Used in three User Authentication policies in ADM file. Smart card authentication: Use this policy to control how the client uses smart cards attached to the client device. When enabled, this policy allows the remote server to access smart cards attached to the client device for authentication and other purposes. When disabled, the server cannot access smart cards attached to the client device. ADM UI Element : Citrix Components > Citrix Receiver > User authentication > Smart card authentication > Use pass-through authentication for PIN Kerberos authentication: Use this policy to control how the client uses Kerberos to authenticate the user to the remote application or desktop. When enabled, this policy allows the client to authenticate the user using the Kerberos protocol. Kerberos is a Domain Controller authorised authentication transaction that avoids the need to transmit the real user credential data to the server. When disabled, the client will not attempt Kerberos authentication. ADM UI Element : Citrix Components > Citrix Receiver > User authentication > Kerberos authentication Local user name and password: Use this policy to instruct the client to use the same logon credentials (pass-through authentication) for the XenApp server as the client machine. When this policy is enabled, the client can be prevented from using the current user's logon credentials to authenticate to the remote server by clearing the "Enable pass-through authentication" check box. ADM UI Element : Citrix Components > Citrix Receiver > User authentication > Local user name and password Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM WFClient SSON INI_ENABLE_SSON_THRU_ICA_FILE String Read No Yes
569
EnableSSOThruICAFile
Values
Value FALSE TRUE Off On 0 1 no yes Description Do not use same user name and password - Default Use same user name and password Do not use same user name and password Use same user name and password Do not use same user name and password Use same user name and password Do not use same user name and password Use same user name and password
INI Location
INI File All_Regions.ini Section Logon\Local Credentials Value *
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon\Local Credentials HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon\Local Credentials Value * *
570
EncryptionLevelSession
Specifies the encryption level of the ICA connection. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM Server SecureICA INI_ENCRYPTIONLEVELSESSION String Read and write No No
Values
Value Basic RC5 (128 bit Logon Only) RC5 (40-bit) RC5 (56-bit) RC5 (128 bit) Description Encryption level - Default Encryption level Encryption level Encryption level Encryption level
INI Location
INI File All_Regions.ini Section Network\Encryption Value
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Encryption HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Encryption Value
571
endIFDCD
End User Experience Monitoring EUEM ENDIFDCD ICA File download. ENDIFDCD the time at which the ICA file download was finished. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM Server EUEM INI_EUEM_ENDIFDCD Integer Read and write No No
Values
Value 0 Description Initial time value - Default
INI Location
Registry Location
572
FONTSMOOTHINGTYPE
Specifies the font smoothing type for the session. The value is only set at connection time whether it's a new connection or for a reconnect. The Web plug-in and Receiver only set the value to client default or none.
Server FontSmoothing INI_FONTSMOOTHINGTYPE Integer Read No No
Values
Value 0 1 Description Client default uses the user profile setting for font smoothing - Default None
INI Location
INI File All_Regions.ini appsvr.ini Section Virtual Channels\Thinwire Graphics application/server Value * value
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Thinwire Graphics HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Thinwire Graphics Value * *
573
ForceLVBMode
Address repaint issues due to a poor refresh rate. Add this value and the DeferredUpdateMode value to the [WFClient] section of the Appsrv.ini file located in the users profile directory on the computer running XenApp to address repaint issues due to a poor refresh rate. This may happen with some applications when running an application in seamless mode while utilizing the pass-through client on the server. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM WFClient Graphics INI_FORCELVB_MODE Integer Read No No
Values
Value 0 1 Description Do not force LVBMode - Default Force LVBMode
INI Location
N/A
Registry Location
N/A
574
FriendlyName
Specifies user native language type (friendly name) for communication. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM Server Core INI_FRIENDLYNAME String Read No No
Values
Value "" Description User's language setting - Default
INI Location
N/A
Registry Location
N/A
575
FullScreenBehindLocalTaskbar
Allows you to enable true full screen mode for a WBT session. Used on WINCE platform. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM WFClient Core INI_FULL_SCREEN_BEHIND_LOCAL_TASKBAR Boolean Read No No
Values
Value FALSE TRUE Description ICA session is sized according to the size of the local taskbar - Default Full screen mode is enabled and the ICA session is behind the local taskbar
INI Location
N/A
Registry Location
N/A
576
FullScreenOnly
Specifies the default value for TransparentKeyPassthrough attribute. When no TransparentKeyPassthrough setting in the ICA file is passed to the ICA Engine, the keyboard transparent feature behaves as if FullScreenOnly is set.
WFClient Keyboard INI_TPKEYPASSTHRU_FULLSCRNONLY Integer Read No No
Values
Value 3 2 1 Description Full Screen (default). Key combinations apply to non-seamless ICA sessions in full-screen mode. Remote. Key combinations apply to seamless and non-seamless ICA sessions when their windows have the keyboard focus. Local. Key combinations apply to the local desktop.
INI Location
INI File Module.ini Section TransparentKeyPassthrough Value 3
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TransparentKeyPassthrough Value 3
577
HotKey10Char
Specifies the keys to use for mapping hotkey sequence. Each action is defined by a combination of a character and a shift state. To disable a particular hotkey, set both its character and shift state parameters to (none). Hotkey10 - Toggle Latency Reduction. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM WFClient Keyboard INI_HOTKEY10_CHAR String Read No No
Values
Value F10 F5 1 Description Mac and UNIX platforms default Win32 platform default WinCE platform default
INI Location
INI File All_Regions.ini appsrv.ini Section Client Engine\Hot Keys WFClient Value F5
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Hot Keys HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Hot Keys Value
578
HotKey10Shift
Specifies the keys to use for mapping hotkey sequence. Along with Hotkey10Char, specifies the key combinations to use for the various hotkey sequences. Hotkey10 is used for Toggle Latency Reduction action. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM WFClient Keyboard INI_HOTKEY10_SHIFT String Read No No
Values
Value Alt+Ctrl Ctrl Alt Shift none Description Mac and UNIX platforms default Win32 platform default WinCE platform default
INI Location
INI File All_Regions.ini appsrv.ini Section Client Engine\Hot Keys WFClient Value Ctrl
579
HotKey10Shift
Registry Location
580
HotKey1Char
Specifies the keys to use for mapping hotkey sequence. Each action is defined by a combination of a character and a shift state. To disable a particular hotkey, set both its character and shift state parameters to (none). Hotkey1 is used for "Task List" action. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM WFClient Keyboard INI_HOTKEY1_CHAR String Read No No
581
HotKey1Char
Values
Value F1 6 (none) F2 F3 F4 F5 F6 F7 F8 F9 F10 F11 F12 ESC minus plus star tab Description Mac, UNIX, and Win32 platforms default WinCE platform default
INI Location
Registry Location
582
HotKey1Shift
Specifies the keys to use for mapping hotkey sequence. Each action is defined by a combination of a character and a shift state. To disable a particular hotkey, set both its character and shift state parameters to (none). Hotkey1 is used for "Task List" action. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM WFClient Keyboard INI_HOTKEY1_SHIFT String Read No No
Values
Value Alt+Ctrl Shift Ctrl Description Mac and UNIX platforms default Win32 platform default WinCE platform default
INI Location
INI File All_Regions.ini appsrv.ini Section Client Engine\Hot Keys WFClient Value Shift
Registry Location
583
HotKey2Char
Specifies the keys to use for mapping hotkey sequence. Each action is defined by a combination of a character and a shift state. To disable a particular hotkey, set both its character and shift state parameters to (none). Hotkey2 is used for Close Remote Application action.
WFClient Keyboard INI_HOTKEY2_CHAR String Read No No
584
HotKey2Char
Values
Value F2 F3 2 (none) F1 F4 F5 F6 F7 F8 F9 F10 F11 F12 ESC minus plus star tab Description Mac and UNIX platforms default Win32 platform default WinCE platform default
INI Location
Registry Location
585
HotKey2Shift
Along with Hotkey2Char, specifies the key combinations to use for the various hotkey sequences. Each action is defined by a combination of a character and a shift state. To disable a particular hotkey, set both its character and shift state parameters to (none). Hotkey2 is "Close Remote Application" action. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM WFClient Keyboard INI_HOTKEY2_SHIFT String Read No No
Values
Value Alt+Ctrl Shift Ctrl (none) Alt Description Mac and UNIX platforms default Win32 platform default WinCE platform default
INI Location
586
HotKey2Shift
Registry Location
587
HotKey3Char
Specifies the keys to use for mapping hotkey sequence. Each action is defined by a combination of a character and a shift state. To disable a particular hotkey, set both its character and shift state parameters to (none). Hotkey10 - Toggle Title Bar. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM WFClient Keyboard INI_HOTKEY3_CHAR String Read No No
Values
INI Location
Registry Location
588
HotKey3Shift
Along with Hotkey3Char, specifies the key combinations to use for the various hotkey sequences. Each action is defined by a combination of a character and a shift state. To disable a particular hotkey, set both its character and shift state parameters to (none). Hotkey3 is "Toggle Title Bar" action. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM WFClient Keyboard INI_HOTKEY3_SHIFT String Read No No
Values
Value Alt+Ctrl Shift Ctrl Description Mac and UNIX platforms default Win32 platform default WinCE platform default
INI Location
Registry Location
589
HotKey4Char
Specifies the keys to use for mapping hotkey sequence. Each action is defined by a combination of a character and a shift state. To disable a particular hotkey, set both its character and shift state parameters to (none). Hotkey4 is "CTRL-ALT-DEL" action. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM WFClient Keyboard INI_HOTKEY4_CHAR String Read No No
590
HotKey4Char
Values
INI Location
Registry Location
591
HotKey4Shift
Along with Hotkey4Char, specifies the key combinations to use for the various hotkey sequences. Each action is defined by a combination of a character and a shift state. To disable a particular hotkey, set both its character and shift state parameters to (none). Hotkey4 is used for "CTRL-ALT-DEL" action. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM WFClient Keyboard INI_HOTKEY4_SHIFT String Read No No
Values
Value Alt+Ctrl Ctrl Shift (none) Alt Description Mac and UNIX platforms default Win32 and WinCE platforms default
INI Location
592
HotKey4Shift
Registry Location
593
HotKey5Char
Specifies the keys to use for mapping hotkey sequence. Each action is defined by a combination of a character and a shift state. To disable a particular hotkey, set both its character and shift state parameters to (none). Hotkey5 - CTRL-ESC. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM WFClient Keyboard INI_HOTKEY5_CHAR String Read No No
Values
INI Location
Registry Location
594
HotKey5Shift
Along with Hotkey5Char, specifies the key combinations to use for the various hotkey sequences. Each action is defined by a combination of a character and a shift state. To disable a particular hotkey, set both its character and shift state parameters to (none). Hotkey5 is used for "CTRL-ESC" action. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM WFClient Keyboard INI_HOTKEY5_SHIFT String Read No No
Values
Value Alt+Ctrl Ctrl Shift (none) Alt Description Mac and UNIX platforms default Win32 and WinCE platforms default
INI Location
595
HotKey5Shift
Registry Location
596
HotKey6Char
Specifies the keys to use for mapping hotkey sequence. Each action is defined by a combination of a character and a shift state. To disable a particular hotkey, set both its character and shift state parameters to (none). Hotkey6 is used for "ALT-ESC" action. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM WFClient Keyboard INI_HOTKEY6_CHAR String Read No No
597
HotKey6Char
Values
INI Location
Registry Location
598
HotKey6Shift
Along with Hotkey6Char, specifies the key combinations to use for the various hotkey sequences. Each action is defined by a combination of a character and a shift state. To disable a particular hotkey, set both its character and shift state parameters to (none). Hotkey6 - ALT-ESC Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM WFClient Keyboard INI_HOTKEY6_SHIFT String Read No No
Values
Value Alt+Ctrl Alt Ctrl Description Mac and UNIX platforms default Win32 platform default WinCE platform default
INI Location
INI File All_Regions.ini appsrv.ini Section Client Engine\Hot Keys WFClient Value Alt
Registry Location
599
HotKey7Char
Specifies the keys to use for mapping hotkey sequence. Each action is defined by a combination of a character and a shift state. To disable a particular hotkey, set both its character and shift state parameters to (none). Hotkey7 is used for "ALT-TAB" action. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM WFClient Keyboard INI_HOTKEY7_CHAR String Read No No
600
HotKey7Char
Values
Value F7 plus 8 (none) F1 F2 F3 F4 F5 F6 F8 F9 F10 F11 F12 ESC minus star tab Description Mac and UNIX platforms default Win32 platform default WinCE platform default
INI Location
INI File All_Regions.ini appsrv.ini Section Client Engine\Hot Keys WFClient Value plus
Registry Location
601
HotKey7Shift
Along with Hotkey7Char, specifies the key combinations to use for the various hotkey sequences. Each action is defined by a combination of a character and a shift state. To disable a particular hotkey, set both its character and shift state parameters to (none). Hotkey7 is used for "ALT-TAB" action. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM WFClient Keyboard INI_HOTKEY7_SHIFT String Read No No
Values
Value Alt+Ctrl Alt Ctrl (none) Shift Description Mac and UNIX platforms default Win32 platform default WinCE platform default
INI Location
602
HotKey7Shift
Registry Location
603
HotKey8Char
Specifies the keys to use for mapping hotkey sequence. Each action is defined by a combination of a character and a shift state. To disable a particular hotkey, set both its character and shift state parameters to (none). Hotkey8 is used for ALT-BACKTAB action. Corresponding UI element ICA Settings dialog box > Hotkeys tab > right menu column Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM WFClient Keyboard INI_HOTKEY8_CHAR String Read No No
Values
Value F8 minus 9 Description Mac and UNIX platforms default Win32 platform default WinCE platform default
INI Location
INI File All_Regions.ini appsrv.ini Section Client Engine\Hot Keys WFClient Value minus
604
HotKey8Char
Registry Location
605
HotKey8Shift
Along with Hotkey8Char, specifies the key combinations to use for the various hotkey sequences. Each action is defined by a combination of a character and a shift state. To disable a particular hotkey, set both its character and shift state parameters to (none). Hotkey8 is used for ALT-BACKTAB action. Corresponding UI element ICA Settings dialog box > Hotkeys tab > right menu column Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM WFClient Keyboard INI_HOTKEY8_SHIFT String Read No No
Values
Value Alt+Ctrl Alt Ctrl Description Mac and UNIX platforms default Win32 platform default WinCE platform default
INI Location
606
HotKey8Shift
Registry Location
607
HotKey9Char
Specifies the keys to use for mapping hotkey sequence. Each action is defined by a combination of a character and a shift state. To disable a particular hotkey, set both its character and shift state parameters to (none). Hotkey9 is used for CTRL-SHIFT-ESC action.
WFClient Keyboard INI_HOTKEY9_CHAR String Read No No
608
HotKey9Char
Values
INI Location
Registry Location
609
HotKey9Shift
Along with Hotkey9Char, specifies the key combinations to use for the various hotkey sequences. Each action is defined by a combination of a character and a shift state. To disable a particular hotkey, set both its character and shift state parameters to (none). Hotkey9 is used for CTRL-SHIFT-ESC action. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM WFClient Keyboard INI_HOTKEY9_SHIFT String Read No No
Values
Value Alt+Ctrl Ctrl (none) Shift Alt Description Mac and UNIX platforms default Win32 and WinCE platforms default
INI Location
610
HotKey9Shift
Registry Location
611
HotKeyJPN%dChar
Specifies the hotkeyJPN I key. Used to form a strings like HotkeyJPN1Char, HotkeyJPN2Char, HotkeyJPN3Char. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM WFClient Keyboard INI_HOTKEYJPN_CHAR String Read No No
Values
N/A
INI Location
N/A
Registry Location
N/A
612
HowManySkipRedrawPerPaletteChange
Specifies the number of consecutive redraw requests to skip before redrawing the screen. See SkipRedrawPerPaletteChange for more information. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM WFClient Graphics INI_NUMSKIPREDRAWPERPALETTECHANGE Integer Read No No
Values
Value 9 Description Number of times to skip redraw request - Default
INI Location
N/A
Registry Location
N/A
613
HttpBrowserAddress
Specifies the location of the browser used in conjunction with the particular network protocol specified for browsing in BrowserProtocol. If BrowserProtocol value is HTTPonTCP, then parameter used to locate the browser is HttpBrowserAddress or LocHttpBrowserAddress Whether [Protocol]BrowserAddress or Loc[Protocol]BrowserAddress is used depends on the value of DoNotUseDefaultCSL.
q
If DoNotUseDefaultCSL value is FALSE (default) then parameter used to locate the browser is [Protocol]BrowserAddress. If DoNotUseDefaultCSL value is TRUE then parameter used to locate the browser is Loc[Protocol]BrowserAddress (overriding any existing [Protocol]BrowserAddress settings).
Section : All [Protocol]BrowserAddress settings: WFClient for all custom ICA connections unless otherwise overridden Section : applicationsetname for each applicable published applicationset Corresponding UI Element For applicationsetname: Settings dialog box > Connection tab > Server Location >Network Protocol Published application sets do not use Loc[Protocol]BrowserAddress Section : All Loc[Protocol]BrowserAddress settings: applicationservername for each custom ICA connection Corresponding UI Element For applicationservername: Properties dialog box > Connection tab > Server Location >Network Protocol Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM Transport EnumRes INI_HTTPBROWSERADDRESS String Read No No
614
HttpBrowserAddress
Values
Value "" Description Any valid server name or address - Default
INI Location
INI File Module.ini All_Regions.ini canonicalization.ini Section TCP/IP Application Browsing\HTTP Addresses TCP/IP Value HttpBrowserAddress
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Canonicalization\TCP/IP HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Application Browsing\HTTP Addresses HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Application Browsing\HTTP Addresses Value HttpBrowserAddress
615
ICAHttpBrowserAddress
Specifies the browser address. Used for HTTP or HTTPS browsing (BrowserProtocol=HTTPonTCP) if the browser address is not set through the HttpBrowserAddress or the Loc[Protocol]BrowserAddress parameters. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM Transport EnumRes INI_ICADOMAINNAME String Read No No
Values
Value ica Description Any valid server name or address - Default
INI Location
INI File All_Regions.ini appsrv.ini Section Application Browsing WFClient Value ica
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Application Browsing HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Application Browsing Value
616
ICAKeepAliveEnabled
Use this parameter to notify users when inactive seamless applications are disconnected from the server under the following scenarios:
q
Users are using a published application that displays dynamic information The client auto-reconnect feature is disabled Applications for users of multi-monitors are out of focus
If ICAKeepAliveEnabled is set to On, it enables a timer in the ICA Client Engine. This timer checks every N milliseconds (where N is set by ICAKeepAliveInterval) to determine if any data was sent by the server. If no data was sent, the timer pings the server, to which it expects a response after N milliseconds. If the server responds, the connection is still present. If there is no response or the ping request fails, the client displays an error message and the connection is terminated. To enable this enhancement, add the following two values to the [WFClient] section of the Appsrv.ini file:
q
ICAKeepAliveEnabled=On ICAKeepAliveInterval =<time in milliseconds for an ICA ping>
If the connection to the server goes down and these values were added to the Appsrv.ini file, the user receives an error message and the session terminates. The user must reconnect manually to the session. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM WFClient Core INI_PING_ENABLED Boolean Read No No
Values
Value Off On Description Disable ICA Keep Alive - Default Enable ICA Keep Alive
617
ICAKeepAliveEnabled
INI Location
N/A
Registry Location
N/A
618
ICAKeepAliveInterval
Specifies the interval that is used for the ICAKeepAliveEnabled setting. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM WFClient Core INI_PING_RETRY_INTERVAL Integer Read No No
Values
Value 180000 10000 Description milliseconds - Default milliseconds - UNIX platform default
INI Location
N/A
Registry Location
N/A
619
ICAPortNumber
Specifies the TCP port used for the ICA protocol. Change the port on all Citrix servers in the farm using the ICAPORT command-line utility before you change this parameter on clients. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM TCP/IP Core INI_ICAPORTNUMBER Integer Read No No
Values
Value 1494 Description TCP network port number - Default
INI Location
INI File Module.ini Module.ini Module.ini Module.ini All_Regions.ini Module.ini canonicalization.ini Section TCP/IP - FTP TCP/IP - Novell Lan WorkPlace TCP/IP - Microsoft TCP/IP - VSL Network\Protocols TCP/IP TCP/IP Value 1494 ICAPortNumber
620
ICAPortNumber
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Canonicalization\TCP/IP HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP - FTP HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP - Microsoft HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP - Novell Lan WorkPlace HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP - VSL HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Protocols HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Protocols Value ICAPortNumber 1494
621
ICAPrntScrnKey
Key mapping for the hotkey for PrntScrn. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM WFClient Keyboard INI_VK_PRNTSCRN_CHAR String Read No No
Values
Value "" Description Default
INI Location
N/A
Registry Location
N/A
622
ICASOCKSProtocolVersion(2)
Specifies which version of the SOCKS protocol to use for the connection. If ICASOCKSProtocolVersion is set, the following parameters are used to specify SOCKS proxy settings:
q
ICASOCKSProxyHost ICASOCKSPortNumber ICASOCKSrfc1929Password ICASOCKSrfc1929UserName ICASOCKSTimeout
Used only if ProxyType = ProxySocks. Configure SOCKS proxy settings: Use to configure the use of additional SOCKS proxies required for some advanced network topologies. When enabled, the client examines the "SOCKS protocol version" setting. If connection via SOCKS is not disabled, the client connects using the SOCKS proxy specified by the "Proxy host names" and "Proxy ports" settings. The client supports connections using either SOCKS v4 or SOCKS v5 proxy servers. Alternatively, it can automatically detect the version being used by the proxy server. ADM UI Element : Citrix Components > Citrix Receiver > Network routing > Proxy > Configure SOCKS proxy settings > SOCKS protocol version Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM Server, WFClient Proxy INI_SOCKSPROTOCOLVERSION Integer Read No Yes
623
ICASOCKSProtocolVersion(2)
Values
Value 5 5 5 5 Description Use SOCKS version 5 Use SOCKS version 5 Use SOCKS version 5 Use SOCKS version 5
INI Location
INI File All_Regions.ini appsrv.ini Section Network\Proxy WFClient Value -1
Registry Location
Troubleshooting
The SOCKS proxy settings are designed for traversing a proxy in addition to the primary or alternative proxy server. When traversing only a single proxy, these SOCKS proxy settings should be disabled.
624
ICASOCKSProxyHost(2)
Specifies the DNS name or IP address of the SOCKS proxy to use. Configure SOCKS proxy settings : Use this policy to configure the use of additional SOCKS proxies required for some advanced network topologies. When enabled, the client examines the "SOCKS protocol version" setting. If connection via SOCKS is not disabled, the client connects using the SOCKS proxy specified by the "Proxy host names" and "Proxy ports" settings. The client supports connections using either SOCKS v4 or SOCKS v5 proxy servers. Alternatively, it can automatically detect the version being used by the proxy server. ADM UI Element : Citrix Components > Citrix Receiver > Network routing > Proxy > Configure SOCKS proxy settings > Proxy host names Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM Server, WFClient Proxy INI_SOCKSPROXYHOST String Read No Yes
Values
Value "" Description DNS name or IP address of proxy host
INI Location
INI File All_Regions.ini appsrv.ini Section Network\Proxy WFClient Value
625
ICASOCKSProxyHost(2)
Registry Location
Troubleshooting
626
ICASOCKSProxyPortNumber(2)
Specifies the port number of the SOCKS proxy server. This parameter is deprecated by ProxyType, but maintained to ensure backward compatibility with older .ini/.ica files that do not contain ProxyType. Use this policy to configure the use of additional SOCKS proxies that are required for some advanced network topologies. When enabled, the client will examine the "SOCKS protocol version" setting. If connection via SOCKS is not disabled, the client will attempt to connect using the SOCKS proxy specified by the "Proxy host names" and "Proxy ports" settings. The client supports connections using either SOCKS v4 or SOCKS v5 proxy servers. Alternatively, it can attempt to automatically detect the version being used by the proxy server. ADM UI Element : Citrix Components > Citrix Receiver > Network routing > Proxy Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM Server, WFClient Proxy INI_SOCKSPROXYPORTNUMBER Integer Read No Yes
Values
Value 1080 Description Port number - Default
INI Location
INI File All_Regions.ini appsrv.ini Section Network\Proxy WFClient Value * 1080
627
ICASOCKSProxyPortNumber(2)
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy Value * *
Troubleshooting
628
InitialProgram
Specifies the initial program to start after establishing the associated custom ICA connection. For server connections, this is the full path and file name. For published applications, this is the name of the published application preceded by the pound (#) symbol. Omitting the # symbol attempts to launch a particular program or desktop. A computer running Citrix XenApp will not allow this by default, and rejects the connection, displaying: "You do not have access to this session." This key must be specified for .ica files. InitialProgram takes initial app and also some parameters up to the length of a single INI line length. Syntax: InitialProgram=#<AppName> <parameters> For example: InitialProgram=#Notepad \\Client\V:\folder\file.txt If longer parameters have to be passed, then the following should be used:
q
LongCommandLine=first part.. LongCommandLine000=continuation
In this case anything passed after InitialProgram is ignored. Related Parameters: LongCommandLine Corresponding UI Element: Properties dialog box > Application tab > Application text box ADM UI Element: Citrix Receiver > User Experience > Remote Applications > Application Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM Server Core INI_INITIALPROGRAM String Read & Write No Yes
Values
Value "" Description Initial Program - Default
629
InitialProgram
INI Location
INI File Section Value All_Regions.ini Client Engine\Application Launching
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Application Launching HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Application Launching Value
630
InitialProgram(2)
Specifies the initial program to start after establishing the associated custom ICA connection. For server connections, this is the full path and file name. For published applications, this is the name of the published application preceded by the pound (#) symbol. Omitting the # symbol attempts to launch a particular program or desktop. A computer running Citrix XenApp will not allow this by default, and rejects the connection, displaying: "You do not have access to this session." This key must be specified for .ica files. Related Parameters: LongCommandLine Corresponding UI Element: Properties dialog box > Application tab > Application text box ADM UI Element: Citrix Receiver > User Experience > Remote Applications > Application Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM dynamic,Server Core INI_INITIALPROGRAM String Read & Write No Yes
Values
Value Default Description Initial program
INI Location
INI File All_regions.ini Section Client Engine\Application Launching Value Not applicable
631
InitialProgram(2)
Registry Location
632
InputEncoding
Describes the character encoding type of the .ica file. This information is used by the client to convert and understand the .ica file if the Web server that created it used an encoding type that is different from that of the the client.
Encoding Core INI_INPUT_ENCODING String Read No No
Values
Value ISO8859_1 SJIS EUC-JP UTF8 Description Default
INI Location
Not applicable.
Registry Location
Not applicable.
633
InstallColormap
Force colormap installation on UNIX or AIX operating systems if the window has the override_redirect attribute. On UNIX or AIX operating systems, window managers install colormaps rather than having the client device do it. This does not occur if the window has the override_redirect attribute set. In this case installation of the colormap is explicitly forced. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM Thinwire3.0 Core INI_INSTALL_COLORMAP Boolean Read Yes No
Values
Value TRUE FALSE Description Default - Window colormap is forced Window colormap is not forced
INI Location
Not applicable.
Registry Location
Not applicable.
634
IOBase
Specifies the standard COM port I/O base address. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM Server COMPortMapping INI_IOADDR String Read No No
Values
Value Default Description Default
INI Location
Not applicable.
Registry Location
Not applicable.
635
KeyboardLayout
Specifies the keyboard layout of the client device. The Citrix XenApp server uses the keyboard layout information to configure the ICA session for the clients keyboard layout. The default value causes the keyboard layout specified in the user profile to be used. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM WFClient Keyboard INI_KEYBOARDLAYOUT String Read No No
Values
Value "" Description Default is user profile
INI Location
INI File All_regions.ini wfclient.ini appsrv.ini Section Virtual Channels\Keyboard WFClient WFClient Value (User Profile) (User Profile)
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Keyboard HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Keyboard Value
636
KeyboardSendLocale
Send keyboard locale setting. Specifies whether to make the default input locale in an ICA session the same as the default input locale on the client operating system (Control Panel > Keyboard > Input Locales). Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM WFClient Keyboard INI_KEYBOARDSENDLOCALE Boolean Read No No
Values
Value Off On Description Default - Disable using the client operating system locale Use the client operating system locale
INI Location
INI File All_regions.ini Section Virtual Channels\Keyboard Value
Registry Location
637
KeyboardTimer(2)
Specifies the amount of time, in milliseconds, the client queues keystrokes before passing them to the server. Use keystroke queueing if bandwidth limitations require a reduction of network traffic. Queuing reduces the number of network packets sent from the client to the server, but also reduces keyboard responsiveness during the session. Higher values improve performance when connecting over a RAS connection. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM Server, WFClient Keyboard INI_KEYBOARDTIMER Integer Read No No
Values
Value 0 50 Description Default - no delay 50 milliseconds (default for WinCE)
INI Location
INI File All_regions.ini appsrv.ini Section Virtual Channels\Keyboard WFClient Value
Registry Location
638
KeyboardType
Specifies the keyboard type of the client device. The Citrix XenApp server uses this information to configure the ICA session for the clients keyboard type. Use the default value for most English and European keyboards. When using a Japanese keyboard, specifying the default auto-detects the correct keyboard type. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM Server, WFClient Keyboard INI_KEYBRDTYPESECTION String Read No No
639
KeyboardType
Values
Value "" IBM PC/XT or compatible keyboard 101 Keyboard (Japanese) 106 Keyboard (Japanese) NEC PC-9800 on PC98-NX (Japanese) NEC PC-9800 on PC98-NX 2 (Japanese) NEC PC-9800 Windows 95 and 98 (Japanese) NEC PC-9800 Windows NT (Japanese) Japanese Keyboard for 106n (Japanese) DEC LK411-JJ Keyboard (Japanese) DEC LK411-AJ Keyboard (Japanese) Description Default - Auto-detect
640
KeyboardType
INI Location
INI File All_regions.ini wfclient.ini appsrv.ini Section Virtual Channels\Keyboard WFClient WFClient Value (Default) (Default)
Registry Location
641
Launcher
Specifies the name of launch mechanism (that is, the client launcher name). This parameter is used to launch multiple ICA windows from the startup folder at logon time. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM Server Core INI_LAUNCHER String Read No No
Values
Value ICA Client WI PN PNAgent MSAM Custom Description Default - launch by using the ICA client Launch through the Web Interface Launch through Program Neighborhood client Launch through Program Neighborhood agent Launch through the Metaframe Secure Access Manager Launch through a custom client
INI Location
INI File All_regions.ini Section Client Engine\ICA File Value
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\ICA File HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\ICA File Value
642
LaunchReference
Reference token for a specific session on a Citrix XenApp server. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM Server Core INI_LAUNCHREFERENCE String Read No No
Values
Value "" Description Default - Session Launch Token
INI Location
INI File All_regions.ini Section Client Engine\Application Launching Value
Registry Location
643
LicenseType
Specifies the license type. If the user is an offline plug-in user but the requested application is an online application, then add "LicenseType=offline" to the file so that the Citrix XenApp server will request an offline license. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM qwerty Core <LicenseType> String Write No No
Values
Value offline online Description Default - an offline application license is requested an online application license is requested
INI Location
Not applicable.
Registry Location
Not applicable.
644
LocalIME
Specifies if Local IME (Input Method Editor) is enabled. When local IME is enabled, keyevents that were processed by IME should be ignored. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM WFClient Keyboard INI_USE_LOCAL_IME Integer Read No No
Values
Value 0 1 Description Default - disable local IME Enable local IME
INI Location
INI File All_regions.ini Section Virtual Channels\Keyboard Value
Registry Location
645
LocHttpBrowserAddress
Specify the location of the browser used in conjunction with the HTTP specified for browsing in BrowserProtocol. If the value of DoNotUseDefaultCSL is = False (default) then the parameter used to locate the browser is HttpBrowserAddress. If DoNotUseDefaultCSL is = true then the parameter used to locate the browser is LocHttpBrowserAddress (overriding any existing HttpBrowserAddress settings). For applicationsetname: Settings dialog box > Connection tab > Server Location > Network Protocol For applicationservername: Properties dialog box > Connection tab > Server Location > Network Protocol Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM Server EnumRes INI_LOCHTTPBROWSERADDRESS String Read No No
Values
Value "" Description Default - Location of HTTP Browser
INI Location
INI File All_regions.ini Section Application Browsing\HTTP Addresses Value
646
LocHttpBrowserAddress
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Application Browsing\HTTP Addresses HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Application Browsing\HTTP Addresses Value
647
LockdownProfiles
Specifies whether lockdown profiles should be read from the administrator location or user location. This is ignored if there is no administrator configuration. By default lockdown profiles are read from both locations, administrator and user. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM Delegation ClientLockdown INI_DELEGATION_LOCKDOWNPROFILES String Read No No
Values
Value administrator user Description Read lockdown profiles from the administrator location Read lockdown profiles from the user location
grouppolicy_machine grouppolicy_user
INI Location
INI File Module.ini Section Delegation Value administrator, user, grouppolicy_machine, grouppolicy_user
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Delegation Value administrator, user, grouppolicy_machine, grouppolicy_user
648
LogAppend
Specifies file open mode for logs. Switches between appending new log file entries to the end of the existing log file (On) and creating a new file (Off). For 16-bit DOS client the existing log file is the value of "LogFile" attribute and for Win32 the existing log file is the value of "LogFileWin32" attribute. Applies only at start of session. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM WFClient Core INI_LOGAPPEND Boolean Read & Write No No
Values
Value FALSE TRUE Description Default - Creates a new log file and writes new log entries to it Append new log file entries to the end of the existing log file
INI Location
INI File appsrv.ini Section WFClient Value Off
Registry Location
Not applicable.
649
LogConfigurationAccess
Enable or disable logging of configuration access. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM Logging ConfigMgr INI_LOG_CONFIGURATION_ACCESS Boolean Read No No
Values
Value FALSE TRUE Description Default
INI Location
INI File Module.ini Section Logging Value False
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Logging Value false
650
LogConnect
Enables or disables the logging of Citrix XenApp server connection status changes (connection and disconnection). Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM WFClient Core INI_LOGCONNECT Boolean Read & Write No No
Values
Value TRUE FALSE Description Default - Logs connections to and disconnections from Citrix servers Does not log connections to and disconnections from Citrix servers
INI Location
Registry Location
Not applicable.
651
LogErrors
Enables (On) or disables (Off) the logging of Citrix XenApp server connection errors. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM WFClient Core INI_LOGERRORS Boolean Read & Write No No
Values
Value On Off Description Default - Enables Citrix XenApp server connection error log Disables Citrix XenApp server connection error log
INI Location
Registry Location
Not applicable.
652
LogEvidence
Specifies whether to return a location suitable for writing log entries. This is a log type, not an attribute for itself. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM Logging Core INI_LOG_EVIDENCE Boolean Read No No
Values
Value FALSE TRUE Description Default - No file to write log information. File location found to write log information
INI Location
INI File Module.ini Section Logging Value False
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Logging Value false
653
LogFile
Specifies the name of the Citrix XenApp plug-in log file. The log file is generated by the plug-in at run-time and is saved in the ICA Client directory. The types of details logged depends on the values of the LogConnect, LogErrors, LogReceive, and LogTransmit parameters. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM Logging Core INI_LOG_File String Read No No
Values
Value "" Description Default - If present, then any valid file name.
INI Location
INI File Module.ini appsrv.ini Section Logging WFClient Value C:\Program Files\Citrix\ICA Client\wfclient.log
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Logging Value
654
LogFileGlobalPath
Specifies how log files are created. If On, a single log file is used for all users of a given client device. LogFileWin32 must specify the entire directory path to the log file, including the file name. If Off, a separate log file is created for each user and stored in the users profile directory. In this case, LogFileWin32 specifies the file name only. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM WFClient Core INI_LOGFILEGLOBALPATH Boolean Read No No
Values
Value off on Description Default - LogWinFile32 specifies the log file name only LogFileWin32 specifies the entire directory path to the log file
INI Location
Not applicable.
Registry Location
Not applicable.
655
LogFileWin32
Specifiy the name of the log file. The types of details logged depends on the values of the LogConnect, LogErrors, LogReceive, and LogTransmit parameters. Log data can alternately be sent to standard out or standard error by specifying stdout or stderr instead of a file name. If LogFileGlobalPath=On, a single log file is used for all users of a given client device. LogFileWin32 must specify the entire directory path to the log file, including the file name. If LogFileGlobalPath=Off, a separate log file is created for each user and stored in the users profile directory. In this case, LogFileWin32 specifies the file name only.
WFClient Core INI_LOGFILE32 String Read No No
Values
Value "" Description Log file name.
INI Location
INI File appsrv.ini Section WFClient Value
Registry Location
N/A
656
LogFlush
Specifies whether to flush out log results for each write. All the log data is written out as quickly as possible instead of being cached in memory. This ensures that the log file is completely up to date at any given moment. When set to True, the system writes each log record as it is generated. When set to False, the system buffers log records and writes them periodically for optimal performance. The log file location is specified in the registry at HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\AppData. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM Server Core INI_LOGFLUSH Boolean Read No No
Values
Value False True Description Default - Does not flush the log result Flush out the log result
INI Location
Not applicable.
Registry Location
Not applicable.
657
LogonTicket
Specifies client authentication token for web interface. The client handles an authentication token in the form of an opaque LogonTicket with an associated interpretation defined by the LogonTicketType. This functionality can be disabled by clearing the Web Interface 4.5 and above check box. ADM UI Element: Citrix Receiver > User Authentication > Web Interface Authentication ticket > Web interface 4.5 and above Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM Server Core INI_LOGONTICKET String Read No Yes
Values
Value "" Description Default.
INI Location
INI File Section Value All_regions.ini Logon\Ticket
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon\Ticket HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon\Ticket Value
658
LogonTicketType
Specifies the logon ticket type for "Web interface authentication ticket". Use this policy to control the ticketing infrastructure used when authenticating through the Web Interface. The client handles an authentication token in the form of an opaque LogonTicket with an associated interpretation defined by the LogonTicketType. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM Server Core INI_LOGONTICKETTYPE Integer Read No No
Values
Value 0 1 2 Description Default - no ticket For Secure Ticketing Authority (STA) version 1 ticket For STA version 4 ticket
INI Location
INI File Section Value All_regions.ini Logon\Ticket
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon\Ticket HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon\Ticket Value
659
LongCommandLine
Allows passing of a very long string of parameters to the program specified in InitialProgram. The value of LongCommandLine replaces any command-line parameters specified at the end of InitialProgram. To provide LongCommandLine support without breaking compatibility with older XenApp plug-ins, all lines in the .ica/.ini file must be limited to 255 characters. To support longer command lines, use a series of LongCommandLine parameters as follows: LongCommandLine="The beginning of my long command line" LongCommandLine000="continuation of my long command line" LongCommandLine001="the rest of my long command line" Each value must be in quotation marks ("") and must not exceed 224 characters. The ICA Client engine concatenates the values to create a single long command line parameter. You can include as many LongCommandLine parameters as necessary.
dynamic, Server Core INI_LONGPARAMETERS String Read & Write No No
Values
INI Location
INI File Section Value All_regions.ini Client Engine\Application Launching 660
LongCommandLine
Registry Location
661
Lpt1
Specifies the mappping information between host lpt and client port. Both Lpt1 and Port1 together specify the mapping information between host lpt and client port. Connect this (1=lpt1...8=lpt8) host lpt to the client port specified by Port1. For example, Lpt1=4 means connect host lpt4 to client port specified by Port1. Lpt1=0 means no mapping information is specified by this attribute but some other attributes like Lpt2-Port2, Lpt3-Port3 may have this information. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM WFClient ParallelportMapping INI_LPT1 Integer Read No No
Values
Value 0 1 through 8 Description Default - No mapping is specified by this attribute. Connect this host lpt to the client device port specified by Port11 entry
INI Location
Not applicable.
Registry Location
Not applicable.
662
Lpt2
Values
INI Location
Not applicable.
Registry Location
Not applicable.
663
Lpt3
Values
INI Location
Not applicable.
Registry Location
Not applicable.
664
LPWD
End User Experience Monitoring EUEM LPWD - LAUNCH_PAGE_WEB_SERVER. The time it takes to process the launch page (launch.aspx) on the Web Interface server. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM Server EUEM INI_EUEM_LPWD Integer Read No No
Values
Value -1 Description Initial reset value
INI Location
INI File Section Value All_regions.ini Virtual Channels\End User Experience
Registry Location
665
LvbMode2
Enables or disables local video buffer (LVB) mode. For WINCE, the attribute is read from Server section. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM Server, WFClient Graphics INI_LVB_MODE Boolean Read No No
Values
Value False True Description Default - Turns LVB mode off Turns LVB mode on
INI Location
Not applicable.
Registry Location
Not applicable.
666
MaxDataBufferSize
Set the maximum client audio data buffer size (that is, the size of the maximum client audio data packet the client can accept and/or send). Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM ClientAudio Audio INI_CAM_MAXDATABUFFERSIZE Integer Read No No
Values
Value 2048 Description Default - value for maximum data buffer size for initial
INI Location
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientAudio Value
667
MaxMicBufferSize
Set the maximum data buffer size for audio input (that is, the size of the maximum client audio input packet the client can accept and/or send). Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM ClientAudio Audio INI_CAM_MAXMICBUFFERSIZE Integer Read No No
Values
Value 256 128-256 Description Default - value for maximum input buffer size Value for maximum input buffer size
INI Location
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientAudio Value
668
MaxOpenContext
Specifies the number of files that can be opened on a client-mapped drive. "Out of file handles" message might be encountered when an application running on the server opens too many files on a client mapped drive and causes the ICA session to run out of file handles. The operating system does not provide the ICA Client engine sufficient file handles on request. This can be solved by increasing the number of initial file handles available to the Client by adding the MaxOpenContext parameter to the [ClientDrive] section in the MODULE.INI file . If the user needs to open a large number of files, increase the number of initial file handles to 50 or greater. The default value for MaxOpenContext is 20. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM ClientDrive CDM INI_MAXOPENCONTEXT Integer Read No No
Values
Value 20 Description Default - Number of initial file handles available to the client
INI Location
Not applicable.
Registry Location
Not applicable.
669
MaxPort
Specify the maximum number of COM ports supported by the client platform. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM ClientComm COMPortMapping INI_CCMMAXPORT Integer Read No No
Values
INI Location
Not applicable.
Registry Location
Not applicable.
670
MaxWindowSize
Set the maximum write window size (in bytes) for flow management (that is, the maximum number of bytes writeable for the ClientDrive section). Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM ClientDrive CDM INI_MAXWINDOWSIZE Integer Read No No
Values
Value 6276 Description Default - value for maximum write window size
INI Location
INI File Module.ini Module.ini Module.ini Section ClientDrive ClientPrinterPort ClientPrinterQueue Value 8650 2048 8650
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientDrive HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientPrinterPort Value 8650 2048
HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA 8650 Client\Engine\Configuration\Advanced\Modules\ClientPrinterQueue
671
MinimizeOwnedWindows
Specify whether all child windows are minimized when the parent window is minimized. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM WFClient Core INI_MINIMIZE_OWNED_WINDOWS Boolean Read No No
Values
Value 0 1 Description Default - disable minimize Enable minimize
INI Location
Not applicable.
Registry Location
Not applicable.
672
MissedKeepaliveWarningMsg
Specify the message displayed when the keep-alive time has expired. It will display according to the amount of time in seconds defined in MissedKeepaliveWarningTime. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM WFClient CGP INI_CGP_WARNMESSAGE String Read No No
Values
Value "" Description Default - Keep Alive Expiration Message
INI Location
INI File Section Value All_regions.ini Network\CGP
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\CGP HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\CGP Value
673
MissedKeepaliveWarningTime
Specify the number of seconds to display the message defined in MissedKeepaliveWarningMsg after the keep-alive time has expired. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM WFClient CGP INI_CGP_WARNTIME Integer Read No No
Values
Value 0 1 through 60 Description Default - off. Amount of time in seconds to display the message. Maximum value is 60.
INI Location
INI File Section Value All_regions.ini Network\CGP
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\CGP HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\CGP Value
674
MouseTimer
Specifies the amount of time, in milliseconds, the client queues mouse events before passing them to the server. Use mouse event queueing if bandwidth limitations require a reduction of network traffic. Queuing reduces the number of network packets sent from the client to the server, but also reduces responsiveness to mouse movements during the session. Higher values improve performance when connecting over a RAS connection. It is also read from the following sections:
q
Thinwire 3.0 (if the operating environment is WinCE). In WinCE, the setting for queuing the mouse events is not in the UI, so it mustbe set in module.ini. As an internet client, it does not have access to the WFClient section of the module.ini file and is loaded it from the Thinwire section. WFClient (if the operating environment is other than WinCE) Server Mouse INI_MOUSETIMER Integer Read No No
Values
Value 0 1 through 900 Description Default - off. Amount of time in milliseconds to queue mouse events. Maximum value is 900.
INI Location
INI File Section Value All_regions.ini Virtual Channels\Mouse appsrv.ini WFClient
675
MouseTimer
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Mouse HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Mouse Value
676
MouseWheelMapping
Specifies the mouse buttons whose down events are processed as mouse wheel motion. This attribute is considered as specific for MacIntosh/UNIX. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM WFClient Mouse INI_MOUSEWHEELMAPPING Integer Read No No
Values
Value 4,5 Description Default. mousewheelupmapping is assigned to button 4, mousewheeldownmapping is assigned to button 5.
INI Location
INI File Section Value All_regions.ini Virtual Channels\Mouse
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Mouse HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Mouse Value
677
MSIEnabled
Allows Multi-Stream ICA connections. Use this setting to enable or disable the Multi-Stream ICA feature on the client. Section Feature Attribute Name Definition Location Data Type Access Type UNIX Specific Present in ADM WFClient Multi-Stream ICA INI_MSIENABLED Client_Ini.h Boolean Read No Yes
Values
Value TRUE FALSE Description Allows Multi-Stream ICA connections. Does not allow Multi-Stream ICA connections. Default
INI Location
INI File All_Regions.ini Section NetWork\Multi-Stream Value *
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Multi-Stream HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Multi-Stream Value * *
678
NativeDriveMapping
Specify the pass-through support for the network drive. Local or network drives configured on the server running Citrix XenApp can now be mapped by the pass-through client in a pass-through session by adding the following line to the [ClientDrive] section of the Module.ini file: NativeDriveMapping=TRUE. When TRUE, the client drives on the client device are not mapped and are not available. The drives configured on the server are mapped and are available to the pass-through client. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM ClientDrive CDM INI_CDMINCLUDENETWORKDRIVEINPASSTHRU Boolean Read No No
Values
Value FALSE TRUE Description Default. Native drive mapping is disabled. Native drive mapping is enabled.
INI Location
INI File Section Value * True NativeDriveMapping All_regions.ini Virtual Channels\Drives Module.ini ClientDrive
canonicalization.ini ClientDrive
679
NativeDriveMapping
Registry Location
Registry Key Value HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA NativeDriveMapping Client\Engine\Configuration\Advanced\Canonicalization\ClientDrive HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientDrive HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Drives HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Drives TRUE *
680
NDS
Specifies a string representing the single sign-on credential type of NDS (for Novell Directory Service). Other credential types are NT and Any. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM Server SSON INI_SSON_CREDENTIAL_NDS String Read No No
Values
Value NDS Description Default
INI Location
Not applicable.
Registry Location
Not applicable.
681
NRUserName
Indicates a string representing the user name for a XenApp farm connection. If Username or INI_USERNAME for custom connections is not found, NRUserName is retrieved. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM Server Core INI_NR_USERNAME String Read No No
Values
INI Location
Not applicable.
Registry Location
Not applicable.
682
NRWD
Name Resolution Web server Duration (NRWD) is the time it takes the XML Service to resolve the name of a published application to an IP address. This metric is only collected for new sessions, and only if the ICA file does not specify a connection to a Citrix XenApp server with the IP address already provided. This is one of the Session Client startup data while End User Experience Monitoring (EUEM) metrics are stored. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM Server EUEM INI_EUEM_NWRD Integer Read & Write No No
Values
Value -1 Description Default.
INI Location
INI File Section Value All_regions.ini Virtual Channels\End User Experience
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\End User Experience HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\End User Experience Value *
683
NumCommandBuffers
Set the maximum number of client audio command buffers. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM ClientAudio Audio INI_CAM_NUMCOMMANDBUFFERS Integer Read No No
Values
Value 64 Description Default. Number of command buffers.
INI Location
Registry Location
684
NumDataBuffers
Set the maximum number of client audio data buffers created. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM ClientAudio Audio INI_CAM_NUMDATABUFFERS Integer Read No No
Values
Value 32 Description Default. Number of data buffers.
INI Location
Registry Location
685
OutBufCountClient
Number of outbuffers allocated on client.
Transport Core INI_OUTBUFCOUNTCLIENT Integer Read No No
Values
INI Location
INI File Module.ini Module.ini Module.ini Module.ini Module.ini Section TCP/IP TCP/IP FTP TCP/IP Novell Lan WorkPlace TCP/IP Microsoft TCP/IP VSL Value 6 6 6 6 6
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP Value 6
686
OutBufCountClient HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP FTP HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP Microsoft HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP Novell Lan WorkPlace HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP VSL HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP FTP HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP FTP HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP FTP 6 6 6
6 6 6 6
687
OutBufCountClient2
Number of outbuffers on client for high throughput. Used only when PD drivers (Protocol Drivers) supports any high-throughput in the server. If high throughput is supported then certain drivers should switch to large sizing. For that, OutBufCountClient2 is used.
Transport Core INI_OUTBUFCOUNTCLIENT2 Integer Read No No
Values
INI Location
Registry Location
688
OutBufCountClient2 Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP FTP HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP Microsoft HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP Novell Lan WorkPlace HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP VSL HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP FTP HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP FTP HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP FTP Value 44 44 44 44
44 44 44 44
689
OutBufCountHost
Specifies the number of server output buffers to allocate.
Transport Core INI_OUTBUFCOUNTHOST Integer Read No No
Values
INI Location
Registry Location
690
OutBufCountHost HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP FTP HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP Microsoft HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP Novell Lan WorkPlace HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP VSL 6 6 6
691
OutBufCountHost2
Specifies high performance server buffer count. Used only when PD drivers (Protocol Drivers) supports any high-throughput in the server. If high throughput is supported then certain drivers should switch to large sizings. For that, OutBufCountHost2 is used.
Transport Core INI_OUTBUFCOUNTHOST2 Integer Read No No
Values
INI Location
Registry Location
Registry Key Value
692
OutBufCountHost2 HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP FTP HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP Microsoft HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP Novell Lan WorkPlace HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP VSL 44 44 44 44
44
693
OutBufLength
Specifies the size (in bytes) of the output buffer for transport driver.
Transport Core INI_OUTBUFLENGTH Integer Read No No
Values
Value 1460 530 Description Default for WinCE Default for Wany other platform
INI Location
Registry Location
694
OutBufLength HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP FTP HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP Microsoft HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP Novell Lan WorkPlace HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP VSL 1460 1460 1460
1460
695
PassThroughLogoff
Enables and disables the posting of a logoff message.
WFClient Core INI_PASSTHROUGHLOGOFF Boolean Read No No
Values
N/A
INI Location
INI File All_Regions.ini Section Value
Registry Location
N/A
696
Password
Specifies the encrypted password that appears in the Password text box if the user selects the User- specified credentials option for the associated custom ICA connection. Use "Locally stored credentials" policy to control how user credential data stored on user machines or placed in ICA files is used to authenticate the user to the remote published application or desktop. When this policy is enabled, you can prevent locally stored passwords from being automatically sent to remote servers by clearing the Allow authentication using locally stored credentials check box. This causes any password fields to be replaced with dummy data. ADM UI Element: Citrix Components > Citrix Receiver > User authentication > Locally stored credentials > Allow authentication using locally stored credentials Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM Server Core INI_PASSWORD String Read & Write No Yes
Values
Value "" Description Default - Any string representing a password
INI Location
697
Password
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon\Saved Credentials KEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon\Saved Credentials Value
698
Path
Specify the content redirection path for the executable used for server to client redirection. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM dynamic FeatureRedirection INI_CR_PATH String Read Yes No
Values
Value "" Description Content Redirection Path (no default path for this attribute)
INI Location
N/A
Registry Location
N/A
699
PCSCCodePage
Specifies smart card code-page identifier for an ANSI-based String encoding system. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM SmartCard SmartCard INI_PCSC_CODEPAGE Integer Read Yes No
Values
Value 0 Description Default. Code-page identifier value
INI Location
N/A
Registry Location
N/A
700
PCSCLibraryName
Specifies name of smart card`s dynamic link library name. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM SmartCard SmartCard INI_PCSC_LIBRARY_NAME String Read Yes No
Values
Value Description libpcsclite.so Default. Dynamic link library name.
INI Location
N/A
Registry Location
N/A
701
PercentS
Number of occurrences of % (percent signs) in the UNIX command settings used to handle redirected browser URLs. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM WFClient ContentRedirection INI_CR_PERCENT_S Integer Read Yes No
Values
Value 0 Description Default number of percent signs.
INI Location
N/A
Registry Location
N/A
702
PersistentCacheEnabled
Enables (On) or disables (Off) the persistent disk cache. The persistent disk cache stores commonly used graphical objects such as bitmaps on the hard disk of the client device. Using persistent disk cache increases performance across low-bandwidth connections but reduces the amount of available client disk space. For clients on high-speed LANs, using persistent disk cache is, therefore, not warranted. Disk caching is enabled by default for dial-in connections. ADM UI Element : Citrix Components > Citrix Receiver > User experience > Client graphics settings > Disk-based caching Interface Element For published application sets: Settings dialog box > Default Options tab > Use disk cache for bitmaps option For custom ICA connections: Properties dialog box > Options tab > Use disk cache for bitmaps option For client devices with limited RAM, better compression rates can be achieved by saving temporary graphics objects to the disk cache.
Server Graphics INI_DIMCACHEENABLED Boolean Read & Write No Yes
Values
Value 0 or OFF 1 or ON Description Default. Does not use persistent disk cache Uses the persistent disk cache
INI Location
INI File 703 Section Value
PersistentCacheEnabled Module.ini All_Regions.ini appsrv.ini canonicalization.ini Thinwire3.0 Virtual Channels\Thinwire Graphics WFClient Thinwire3.0 OFF * OFF PersistentCacheEnabled
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Thinwire3.0 HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Thinwire Graphics HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Thinwire Graphics HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Canonicalization\Thinwire3.0 Value OFF * * PersistentCacheEnabled
704
PersistentCacheGlobalPath
Specify the type of cache directory to use. If On, a single cache directory is used for all users of a given client device. PersistentCachePath must specify the entire directory path to the cache directory, including the cache directory name. If Off, a separate cache directory is created for each user and stored in the user`s profile directory. In this case, PersistentCachePath specifies the cache directory name only. Note: This is a case sensitive string. Only the On string is verified; if the PersistentCacheEnabled value is "on" or "ON" then the "Off" value is the assumed default. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM WFClient Graphics INI_DIMCACHEPATHGLOBAL String Read No No
Values
Value Off On Description Default. Disable single cache directory. Enable single cache directory.
INI Location
N/A
Registry Location
N/A
705
PersistentCacheMinBitmap(2)
Sets the minimum size, in bytes, of a bitmap that is added to the persistent disk cache. Bitmaps that are too small will not be cached. The persistent disk cache stores commonly used graphical objects such as bitmaps on the hard disk of the client device. Using persistent disk cache increases performance across low bandwidth connections but reduces the amount of available client disk space.
WFClient,Thinwire3.0 Graphics INI_DIMMINBITMAP Integer Read No No
Values
Value 0 Description Size in bytes - Default
INI Location
INI File All_Regions.ini Module.ini canonicalization.ini appsrv.ini Section Virtual Channels\Thinwire Graphics Thinwire3.0 Thinwire3.0 WFClient Value * PersistentCacheMinBitmap 8192
Registry Location
Registry Key Value
706
PersistentCacheMinBitmap(2) HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Canonicalization\Thinwire3.0 HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Thinwire3.0 HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Thinwire Graphics HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Thinwire Graphics PersistentCacheMinBitmap * *
707
PersistentCachePath
Specifies the location of the local directory containing the cached image data. The PersistentCachePath entry specifies where the Cache folder will be created. Create the Cache folder under the user's profile under the hidden folder \Application Data\ICAClient\.
WFClient Graphics INI_DIMCACHEPATH String Read & Write No No
Values
Value "" Description Location of Persistent Disk Cache - Default
INI Location
INI File All_Regions.ini Module.ini canonicalization.ini appsrv.ini Section Virtual Channels\Thinwire Graphics Thinwire3.0 Thinwire3.0 WFClient Value PersistentCachePath
C:\Documents and Settings\userprofilename\Appl Data\ICAClient\Cache
Registry Location
Registry Key Value
708
PersistentCachePath HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Canonicalization\Thinwire3.0 HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Thinwire3.0 HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Thinwire Graphics HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Thinwire Graphics PersistentCachePath
709
PersistentCachePercent
Determines what percentage of disk drive to use for persistent cache. Functionality is obsolete.
WFClient Graphics INI_DIMCACHEPERCENT_UI Integer Read & Write No No
Values
Value 3 Description Percentage to use. (3%) - Default
INI Location
INI File appsrv.ini Section WFClient Value
Registry Location
Registry information not found.
710
PersistentCacheSize(2)
Specifies the size of the persistent disk cache in bytes.
WFClient,Thinwire3.0 Graphics INI_DIMCACHESIZE Integer Read No No
Values
Value 0 Description Disk cache size in bytes. - Default
INI Location
INI File All_Regions.ini Module.ini canonicalization.ini appsrv.ini Section Virtual Channels\Thinwire Graphics Thinwire3.0 Thinwire3.0 WFClient Value * PersistentCacheSize 30000000
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Canonicalization\Thinwire3.0 HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Thinwire3.0 Value PersistentCacheSize
711
PersistentCacheSize(2) HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Thinwire Graphics HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Thinwire Graphics * *
712
PersistentCacheUsrRelPath
Specifies the location of the persistent disk cache. Used only if PersistentCacheGlobalPath = Off, a separate cache directory is created for each user and stored in the users profile directory, and PersistentCachePath (location of the persistent disk cache) specifies the cache directory name only.
WFClient Graphics INI_DIMCACHEUSRPATH String Read No No
Values
Value "" Description Cache Location - Default
INI Location
INI information not found.
Registry Location
713
PingCount
Specifies the number of times to ping. It is a tunable parameter used by the Ping virtual channel. CTXPING sends PingCount separate pings. Each ping consists of a BEGIN packet and an END packet.
Ping Ping INI_PING_PINGCOUNT Integer Read No No
Values
Value 3 Description Pings - Default
INI Location
Registry Location
714
PlaybackDelayThresh
Delay, in milliseconds, between being asked to open audio device and actually opening it in order to build up a backlog of sound.
ClientAudio Audio INI_CAM_PLAYDELAY_THRESH Integer Read No No
Values
Value 250 0 Description Milliseconds - Default Disable audio input
INI Location
Registry Location
715
PNPDeviceAllowed
Use this policy to enable and restrict the remote application or desktop's access to the client USB PNP devices. ADM UI Element: Citrix Components > Citrix Receiver > Remoting client devices > USB PNP Devices
WFClient PlugNPlaySupport INI_DVC_PNPDEVICE Boolean Read No Yes
Values
Value True False Description Allows USB PnP device redirection - Default Does not allow USB PnP device redirection
INI Location
INI File All_Regions.ini Section Virtual Channels\PNPDeviceAllowed Value *
Registry Location
Registry Key HKLM\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\DVC_PlugAndPlay\PNPDeviceAllowed Value *
716
pnStartSCD
New session creation time, from the moment wfica32.exe is launched to when the connection is established. This is one of the Session Client startup data while End User Experience Monitoring (EUEM) metrics are captured.
Server EUEM INI_EUEM_PNSTARTSCD Integer Read No No
Values
INI Location
Registry Location
717
Port1
Specifies the mappping information between the host LPT and client port. Both Port1 and Lpt1 together specify the mapping information between the host LPT and client port. Connect the host LPT specified by Lpt1 to this (1=lpt1,...,8=com4) client port. For example, if Port1=2, this means the host LPT specified by Lpt1 is connected to client port Lpt2. If Port1=0, this means no mapping information is specified by this attribute but some other attributes like Lpt2-Port2, Lpt3-Port3 may have this information.
WFClient ParallelPortMapping INI_PORT1 Integer Read No No
Values
Value 0 1-8 Description No mapping information specified by this attribute - Default Connect the host lpt specified by Lpt1 to this client port
INI Location
Registry Location
718
Port2
Specifies the mapping information between the host LPT and client port. Both Port2 and Lpt2 together specify the mapping information between the host LPT and client port. Connect the host LPT specified by Lpt2 to this (1=lpt1,...,8=com4) client port. For example, if Port2=1, this means the host LPT specified by Lpt2 is connected to client port Lpt1. If Port2=0, this means no mapping information is specified by this attribute but some other attributes like Lpt1-Port1, Lpt3-Port3 may have this information.
WFClient ParallelPortMapping INI_PORT2 Integer Read No No
Values
Value 0 1-8 Description No mapping information specified by this attribute - Default Connect the host LPT specified by Lpt2 to this client port
INI Location
Registry Location
719
POSDeviceAllowed
Use this policy to enable and restrict the remote application or desktop's access to the client USB POS devices. For this setting to work PNPDeviceAllowed should be set to allowed. If PNPDeviceAllowed is set to disallowed, POS devices wont be available in the session, regardless of the POSDeviceAllowed value. ADM UI Element : Citrix Components > Citrix Receiver > Remoting client devices > POS USB Devices
WFClient PlugNPlaySupport INI_DVC_POSDEVICE Boolean Read No Yes
Values
Value True False Description Allows USB POS device redirection - Default Does not allow USB POS device redirection
INI Location
INI File All_Regions.ini Section Virtual Channels\POSDeviceAllowed Value *
Registry Location
Registry Key Value
720
POSDeviceAllowed HKLM\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\DVC_PlugAndPlay\POSDeviceAllowed *
721
PrinterFlowControl
Specifies whether flow control on a printer virtual channel is allowed.
WFClient Printing INI_CPM_FLOW_CONTROL Boolean Read No No
Values
Value False True Description Disables flow control - Default Enable flow control
INI Location
Registry Location
722
PrinterResetTime
Gives the amount of time (in milliseconds) that the client will wait for a printer to reset.
ClientPrinterQueue Printing INI_VSLPRINTERRESETTIME Integer Read No No
Values
Value 1100 Description Wait time (ms) - Default
INI Location
INI File Module.ini Module.ini Section ClientPrinterPort ClientPrinterQueue Value 1100 1100
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientPrinterPort HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientPrinterQueue Value 1100 1100
723
PrinterThreadPriority
Specify the printer thread priority for CPM. Can be adjusted for performance.
ClientPrinterPort Printing INI_CPMPRINTERTHREADPRIORITY Integer Read No No
Values
Value 0 1 2 3 Description Normal - Default Above Normal Highest Time-critical
INI Location
Registry Location
724
PrintMaxRetry
Specify the maximum number of times to retry printing. The number of times to retry sending data to the printer when writing data to the printer fails and elicits an ambigous LastError. Attempts that result in specific errors, such as "Out of Paper," will not be retried.
ClientPrinterPort Printing INI_CPMPRINTMAXRETRY Integer Read No No
Values
Value 0 1000 Description Default PrintMaxRetry variable
INI Location
Registry Location
725
ProxyAuthenticationBasic(2)
Specifies whether or not the Basic authentication mechanism is allowed. Configure proxy authentication: Use this policy to control the authentication mechanisms that the client uses when connecting to a proxy server. Authenticating proxy servers can be used to monitor data traffic in large network deployments. In general, authentication is handled by the operating system but in some scenarios, the user may be provided with a specific user name and password. To prevent the user from being specifically prompted for these credentials, clear the Prompt user for credentials check box. This will force the client to attempt an anonymous connection. Alternatively, you can configure the client to connect using credentials passed to it by the Web Interface server, or these can be explicitly specified via Group Policy using the Explicit user name and Explicit password options.
WFClient,Server Proxy INI_PROXYAUTHBASIC Boolean Read No Yes
Values
Value True False Description Basic authentication mechanism is allowed - Default Basic authentication mechanism is not enabled
INI Location
INI File All_Regions.ini Section Network\Proxy Value *
Registry Location
726
ProxyAuthenticationBasic(2)
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy
Value * *
Troubleshooting
In general, NTLM proxy authentication will be performed under the control of the domain controller and cannot be controlled by the client. Both client and proxy will need to be configured with the appropriate domain level trust relations. Proxy authentication cannot be linked to the pass-through authentication feature of the client. In general, the proxy password will be unrelated to users' passwords. ADM UI Element: Citrix Components > Citrix Receiver > Network routing > Proxy > Configure proxy authentication
727
ProxyAuthenticationKerberos
Specifies whether or not Kerberos authentication is allowed. This is one of the authentication mechanisms that the client uses when connecting to a proxy server. Authenticating proxy servers can be used to monitor data traffic in large network deployments. Kerberos is a domain controller authorized authentication transaction that avoids the need to transmit the real user credential data to the server.
WFClient Proxy INI_PROXYAUTHKERBEROS Boolean Read No No
Values
Value False True Description Does not allow Kerberos authentication - Default Allows Kerberos authentication
INI Location
Registry Location
728
ProxyAuthenticationNTLM(2)
NT Lan Manager (NTLM) proxy authentication option. NTLM proxy authentication will be performed under the control of the domain controller and cannot be controlled by the client. Both client and proxy will need to be configured with the appropriate domain level trust relations. ADM UI Element: Citrix Components > Citrix Receiver > Network Routing > Proxy > Configure proxy authentication
WFClient,Server Proxy INI_PROXYAUTHNTLM Boolean Read No Yes
Values
Value True False Description NTLM proxy authentication option is enabled - Default NTLM proxy authentication option is not enabled
INI Location
Registry Location
Registry Key Value
729
ProxyAuthenticationNTLM(2) HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy * *
730
ProxyAuthenticationPrompt(2)
Specifies whether or not the Prompt proxy authentication mechanism is used. Configure proxy authentication: Use this policy to control the authentication mechanisms that the client uses when connecting to a proxy server. Authenticating proxy servers can be used to monitor data traffic in large network deployments. In general, authentication is handled by the operating system but in some scenarios, the user may be provided with a specific user name and password. To prevent the user from being specifically prompted for these credentials, clear the Prompt user for credentials check box. This will force the client to attempt an anonymous connection. Alternatively, you can configure the client to connect using credentials passed to it by the Web Interface server, or these can be explicitly specified via Group Policy using the Explicit user name and Explicit password options. ADM UI Element: Citrix Components > Citrix Receiver > Network routing > Proxy > Configure proxy authentication > Prompt user for credentials
WFClient,Server Proxy INI_PROXYAUTHPROMPT Boolean Read No Yes
Values
Value True False Description Prompt proxy authentication mechanism is used - Default Prompt proxy authentication mechanism is not used
INI Location
731
ProxyAuthenticationPrompt(2)
Registry Location
732
ProxyAutoConfigURL(2)
Specifies the location of a proxy auto-detection (.pac) script. It must be set if the value of ProxyType is Script. Otherwise, it is ignored. When ProxyType=Script is selected, the client will retrieve a JavaScript based .pac file from the URL specified in the Proxy script URLs policy option. The .pac file is executed to identify which proxy server should be used for the connection. ADM UI Element: Citrix Components > Citrix Receiver > Network routing > Proxy > Configure client proxy settings > Proxy script URLs
WFClient,Server Proxy INI_PROXYAUTOCONFIGURL String Read No Yes
Values
Value "" Description If present then any string giving location of a .pac script - Default
INI Location
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy Value
733
ProxyAutoConfigURL(2) HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy
734
ProxyBypassList
Specifies a list of hosts for which to bypass proxy connections. An asterisk (*) included in a host name acts as a wildcard (for example, *.widgets.com). Multiple hosts must be separated by a semicolon (;) or comma (,). This parameter is ignored if the value of ProxyType is None or Auto. Configure client proxy settings: Use this policy to configure the primary network proxies that the client can use when connecting to a remote application or desktop. When this policy is not configured, the client will use its own settings to decide whether to connect through a proxy server. When this policy is enabled, the client will use the proxy configured based on the proxy type selected. For any proxy type, you can provide a list of servers that do not traverse the proxy. These should be placed in the Bypass server list. ADM UI Element: Citrix Components > Citrix Receiver > Network routing > Proxy > Configure client proxy settings > Bypass server list
Server Proxy INI_PROXYBYPASSLIST String Read No Yes
Values
Value "" Description Lists of hosts, separated by ";" or ","
INI Location
Registry Location
735
ProxyBypassList
Value
736
ProxyFallback(2)
Allows clients to bypass the proxy to connect to servers. If a Proxy Auto Configuration (PAC) file is used and the client is unable to download the PAC file, for example, due to the clients location, the client cannot connect to servers. Support for a proxy fallback has been added that allows clients to bypass the proxy to connect to servers. To enable the fallback: 1. Open the Appsrv.ini file in a text editor. 2. Locate the DoNotUseDefaultCSL entry. 3. Perform one of the following actions:
q
If set to True, add the following parameter to the [applicationservername] and, if applicable, the [applicationsetname] sections: ProxyFallback=yes
If set to False, add the following parameter to the [WFClient] section:
ProxyFallback=yes 4. Save your changes and close the file. If both the primary and alternative proxy fail to service the connection, selecting the Failover to direct check box instructs the client to attempt a final direct connection with no proxies. ADM UI Element: Citrix Components > Citrix Receiver > Network routing > Proxy > Configure client failover proxy settings > Failover to direct
WFClient,Server Proxy INI_PROXYFALLBACK Boolean Read No Yes
Values
737
ProxyFallback(2) Value 0 Description Not set - Default
INI Location
Registry Location
738
ProxyFavorIEConnectionSetting(2)
Specifies from where the client checks the proxy settings. Use this setting when the client is used to connect to the Internet and has a proxy server setting set up for a LAN connection. By default, the client checks the proxy settings for LAN connections. Setting this value to On causes the client to check the Internet Explorer connection settings for the proxy server information. For the Windows CE platform, it will not be read from ini file and its value will be set to True. Otherwise, it will be read form the WFClient section. It is used when ProxyType is set to Auto.
Server,WFClient Proxy INI_PROXYFAVORIECONNECTIONSETTING Boolean Read No No
Values
Value False True Description Client checks the Internet Explorer connection settings for the proxy server information - Default Causes the client to check the Internet Explorer connection settings for
INI Location
Registry Location
739
ProxyFavorIEConnectionSetting(2)
Value * *
740
ProxyHost(3)
Specifies the address of the proxy server. It is required if ProxyType contains any of the following values:
q
SOCKS SOCKS V4 SOCKS V5 Secure
ProxyHost is otherwise ignored. To indicate a port number other than 1080 (default for SOCKS) or 8080 (default for Secure), append the appropriate port number to the value after a colon (:). ADM UI Element: Citrix XenApp > Network Routing > Proxy > Configure client proxy settings
WFClient,dynamic,Server Proxy INI_PROXYHOST String Read No Yes
Values
Value "" Description Proxy Server Address - Default
INI Location
741
ProxyHost(3)
Registry Location
742
ProxyPassword(2)
Holds the clear text password to be used to automatically authenticate the client to the proxy. Use this policy to control the authentication mechanisms that the client uses when connecting to a proxy server. Authenticating proxy servers can be used to monitor data traffic in large network deployments. In general, authentication is handled by the operating system but in some scenarios, the user may be provided with a specific user name and password. To prevent the user from being specifically prompted for these credentials, clear the Prompt user for credentials check box. This will force the client to attempt an anonymous connection. Alternatively, you can configure the client to connect using credentials passed to it by the Web Interface server, or these can be explicitly specified via Group Policy using the Explicit user name and Explicit password options.
WFClient,Server Proxy INI_PROXYPASSWORD String Read No Yes
Values
Value "" Description Password - Default
INI Location
Registry Location
743
ProxyPassword(2) Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy Value
Troubleshooting
In general NTLM proxy authentication will be performed under the control of the domain controller and cannot be controlled by the client. Both client and proxy will need to be configured with the appropriate domain level trust relations. Proxy authentication cannot be linked to the pass-through authentication feature of the client. In general, the proxy password will be unrelated to users' passwords. ADM UI Element: Citrix Components > Citrix Receiver > Network routing > Proxy > Configure proxy authentication > Explicit password
744
ProxyPort
Identifies the port number for proxy support. The proxy port number must be a positive integer less than 65536. The port number depends on the proxy type. ADM UI Element: Citrix Components > Citrix Receiver > Network routing > Proxy > Configure client proxy settings > Proxy ports
WFClient Proxy INI_PROXYPORTNUMBER Integer Read No Yes
Values
Value 0 65536 Description Default Maximum Port Value
INI Location
Registry Location
745
ProxyTimeout
Specifies the time, in milliseconds (ms), to wait for browsing requests through a proxy server to be satisfied. Uses the value of BrowserTimeout, if specified. Otherwise, it uses the Web browser default timeout (2,000 ms). Note: This value is ignored if it is less than the Web browser default timeout.
Server Proxy INI_PROXYTIMEOUT Integer Read No No
Values
Value 3000 Description Proxy timeout (ms) - Default
INI Location
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy 746 Value * *
ProxyType
Identifies the proxy type requested for the connection. When AltProxyType = Secure, the client will contact the proxy identified by the AltProxyHost and AltProxyPort settings. The negotiation protocol will use a HTTP CONNECT header request specifying the desired destination. Proxy type: None When None is selected, the client will attempt to connect to the server directly without traversing a proxy server. Proxy type: Auto When Auto is selected, the client will use the local machine settings to determine which proxy server to use for a connection. This is usually the settings used by the Web browser installed on the machine. Proxy type: Script When Script is selected, the client will retrieve a JavaScript based .pac file from the URL specified in the Proxy script URLs policy option. The .pac file is executed to identify which proxy server should be used for the connection. Proxy type: Secure When Secure is selected, the client will contact the proxy identified by the Proxy host names and Proxy ports settings. The negotiation protocol will use a HTTP CONNECT header request specifying the desired destination address. This proxy protocol is commonly used for HTTP based traffic, and supports GSSAPI proxy authentication. Proxy Type: SOCKS/SOCKS V4/SOCKS V5 When a SOCKS proxy is selected, the client will perform a SOCKS V4 or SOCKS V5 handshake to the proxy identified by the Proxy hostnames and Proxy ports settings. The SOCKS option will detect and use the correct version of SOCKS. ADM UI Element: Citrix Components > Citrix Receiver > Network routing > Proxy > Configure client proxy settings > Proxy types
Section Feature Attribute Name Data Type Access Type
WFClient Proxy INI_PROXYTYPE String Read & Write
747
ProxyType UNIX Specific Present in ADM No Yes
Values
Value None Tunnel (Secure) Wpad Auto SOCKS SOCKS V4 SOCKS V5 Script Description Use Direct connection - Default Use secure (HTTPS) proxy Auto detect from Web browser Interpret proxy auto-configuration script
INI Location
INI File All_Regions.ini Trusted_Region.ini Untrusted_Region.ini Section Network\Proxy Network\Proxy Network\Proxy Value Auto Auto
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\Trusted Region\Lockdown\Network\Proxy HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\Untrusted Region\Lockdown\Network\Proxy HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy Value Auto Auto
748
ProxyUseDefault
For UNIX and Macintosh, this parameter determines from which section the default proxy is chosen. If set to True, the section is [WFClient]; otherwise, [serversection].
Server Proxy INI_PROXYUSEDEFAULT Boolean Read No No
Values
Value True False Description Default proxy is chosen from WFClient - Default Default proxy is chosen from serversection
INI Location
Registry Location
749
ProxyUseFQDN(2)
This setting is used in an environment that is set up to connect to applications through a proxy and Secure Gateway. If the proxy is configured to allow only FQDNs, when the client tries to connect to the applications, the proxy may reject the request. This happens because the client resolves the Secure Gateway server name to the IP address before trying to connect to the server. Setting this value to On ensures that the client does not try to resolve the Secure Gateway server name to an address but will instead send the name to the proxy. The client should be able to resolve the address and then connect to the Secure Gateway server through the proxy.
Server,WFClient Proxy INI_PROXYUSEFQDN Boolean Read No No
Values
Value False True Description Client resolves the Secure Gateway server name to an address - Default Client send the servername to the proxy which resove the address
INI Location
Registry Location
750
ProxyUseFQDN(2) Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy Value * *
751
ProxyUsername
Holds the user name to be used to automatically authenticate the client to the proxy. Use this policy to control the authentication mechanisms that the client uses when connecting to a proxy server. Authenticating proxy servers can be used to monitor data traffic in large network deployments. In general, authentication is handled by the operating system but in some scenarios, the user may be provided with a specific user name and password. To prevent the user from being specifically prompted for these credentials, clear the Prompt user for credentials check box. This will force the client to attempt an anonymous connection. Alternatively, you can configure the client to connect using credentials passed to it by the Web Interface server, or these can be explicitly specified via Group Policy using the Explicit user name and Explicit password options. Proxy authentication cannot be linked to the pass-through authentication feature of the client. In general, the proxy password will be unrelated to users' passwords. ADM UI Element: Citrix Components > Citrix Receiver > Network routing > Proxy > Configure proxy authentication >Explicit user name
Server Proxy INI_PROXYUSERNAME String Read No Yes
Values
Value "" Description User Name (prompt given) - Default
INI Location
INI File All_Regions.ini 752 Section Network\Proxy Value
ProxyUsername
Registry Location
753
ReadersStatusPollPeriod
Specifies the delay, in milliseconds, for reading information from a smart card after the card is inserted or removed, or a reader is disconnected, etc. When inserting a smart card into the reader there is a two- to five-second delay before the information from the card is read. This delay occurs by design, but it is configurable. The client polls the card for events and the default value for this is five seconds.
WFClient SmartCard INI_READERS_STATUS_POLL_PERIOD Integer Read No No
Values
Value 500 5000 Description For WinCE only - Default For any other platforms
INI Location
INI File All_Regions.ini Section Virtual Channels\Smartcard Value
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Smartcard Value
754
ReadersStatusPollPeriod HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Smartcard
755
RECD(2)
Reconnection Enumeration Client Duration (RECD) is the time it takes a client to get a list of reconnections. This is one of the Session Client startup data while End User Experience Monitoring (EUEM) metrics are stored.
Server,dynamic EUEM INI_EUEM_RECD Integer Read & Write No No
Values
INI Location
Registry Location
756
RegionIdentification
Specifies whether regions.ini should be read from the administrator location or user location. This is ignored if there is no administrator configuration. Regions.ini is used to perform region identification of client connections to servers.
Delegation ClientLockdown INI_DELEGATION_REGIONIDENTIFICATION String Read No No
Values
Value Description administratorDefault user
INI Location
INI File All_Regions.ini Section Delegation Value administrator
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Delegation Value administrator
757
RegionIdentification
Troubleshooting
Not applicable.
758
RejectURLType
Specifies URLs that are explicitly rejected for content redirection. The reason there is both an accepturltype and a rejecturltype setting is that the code that tests them matches just to the length of the definition. So if you accept HTTP, it also means that HTTPS will also be accepted. In case you wanted only HTTP, there is the option to explicitly reject HTTPS.
dynamic ContentRedirection INI_CR_REJECT_URL_TYPE String Read Yes No
Values
Value "" Description Reject URL
INI Location
Registry Location
759
RemoveICAFile
Specifies whether or not the ICA file should be deleted after the session is finished.
WFClient Core INI_REMOVEICAFILE Boolean Read & Write No No
Values
Value Off On True False yes no 1 0 Description Does not remove ICA file - Default Removes ICA file Removes ICA file Does not remove ICA file Removes ICA file Does not remove ICA file Removes ICA file Does not remove ICA file
INI Location
INI File All_Regions.ini Section Client Engine\ICA File Value *
Registry Location
Registry Key Value
760
RemoveICAFile HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\ICA File HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\ICA File * *
761
ResMngrRunningPollPeriod
Specifies the time, in milliseconds, of polling for a restart of the Smart Card Resource Manager. Used only when there is an outstanding query for that Smart Card Resource Manager availability. Used to create a timer for polling for a restart of the Smart Card Resource Manager.
WFClient SmartCard INI_RES_MNGR_RUNNING_POLL_PERIOD Integer Read No No
Values
Value 10000 Description Time in milliseconds - Default
INI Location
INI File All_Regions.ini Section Virtual Channels\Smartcard Value
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Smartcard HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Smartcard Value
762
REWD(2)
Specifies the time it takes Web Interface to get the list of reconnections from the XML Service. REWD stands for Reconnection Enumeration Web server Duration. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM dynamic,Server EUEM INI_EUEM_REWD Integer Read & Write No No
Values
Value -1 Description Initial reset value
INI Location
Registry Location
763
RtpAudioHighestPort
Specifies the highest UDP port that the client can attempt to use for transmission of Real-time Transport Protocol (RTP) audio. ADM UI Element: Citrix Components > Citrix Receiver > User experience > Client audio settings Section Feature Attribute Name Definition Location Data Type Access Type UNIX Specific Present in ADM Server Audio INI_RTPAUDIOHIGHESTPORT inc\icaini.h Integer Read No Yes
Values
Value 16509 Description Default Value
INI Location
Registry Location
Registry Key HKEY_LOCAL_MACHINE\Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Audio HKEY_CURRENT_USER\Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Audio Value RtpAudioHighestPort
RtpAudioHighestPort
764
RtpAudioLowestPort
Specifies the lowest UDP port that the client can attempt to use for transmission of Real-time Transport Protocol (RTP) audio. ADM UI Element: Citrix Components > Citrix Receiver > User experience > Client audio settings Section Feature Attribute Name Definition Location Data Type Access Type UNIX Specific Present in ADM Dynamic, Server Audio INI_RTPAUDIOLOWESTPORT inc\icaini.h Integer Read No Yes
Values
Value 16500 Description Default Value
INI Location
Registry Location
Registry Key HKEY_LOCAL_MACHINE\Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Audio HKEY_CURRENT_USER\Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Audio Value RtpAudioLowestPort
RtpAudioLowestPort
765
ScalingHeight
Specifies the height of scaled window. This is one of the scaling properties (ScalingMode, ScalingPercent, ScalingHeight, and ScalingWidth) which is used to determine the initial "scaled"state of the session. Only used when ScalingMode=2. ScalingMode=2 setting instructs ICO (ICA Client Object) to use the ScalingHeight and ScalingWidth properties. It ignores the ScalingPercent property. The width and height of the scaling area are checked against the size of the control window. The size cannot be bigger than the control window area. If the width and height is not less than the session size it means that scaling should not be enabled. This property is the initial settings. Changes made to property during a connected session will not have any effect. When the session is established, use scaling methods to change the scaling attributes of the session. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM Server Core INI_SCALING_HEIGHT Integer Read No No
Values
Value 0 Description No scaling - Default
INI Location
N/A
Registry Location
N/A
766
ScalingMode
Specifies the scaling mode that will be used for the initial connection. ScalingMode can be set to one of four possible initial states.
q
0 (Disabled): This is the default setting and means that scaling is not enabled at initialization. 1 (Percent): This setting instructs ICO to use the ScalingPercent property to determine the size of the scaling area. It ignores ScalingWidth and ScalingHeight. One hundred percent means that the area of the scaling is the same as the area of the control window. Fifty percent means that the scaling area is fifty percent of the control window. 2 (Size): This setting instructs ICO to use the ScalingHeight and ScalingWidth properties. It ignores the ScalingPercent property. The width and height of the scaling area are checked against the size of the control window. The size cannot be bigger than the control window area. 3 (To fit Window): This setting instructs ICO to fit the session into the existing control window. This is the easiest to do for a script because it forces the session to show its complete yet scaled area inside the control window.
This mode ignores the three other properties ScalingPercent, ScalingWidth, and ScalingHeight. This property is the initial settings. Changes made to property during a connected session will not have any effect. When the session is established, use scaling methods to change the scaling attributes of the session. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM Server Core INI_SCALING_MODE Integer Read No No
767
ScalingMode
Values
Value 0 1 2 3 Description Disabled - Default Percent Size To fit window (autosize)
INI Location
N/A
Registry Location
N/A
768
ScalingPercent
Specifies scaling percentage to calculate the width and height of the ICA client`s window. This setting instructs ICO to use the ScalingPercent property to determine the size of the scaling area. It ignores ScalingWidth and ScalingHeight. One hundred percent means that the area of the scaling is the same as the area of the control window. Fifty percent means that the scaling area is fifty percent of the control window. This percentage should be between the minimum scaling percentage (10) and maximum scaling percentage (100). Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM Server Core INI_SCALING_PERCENT Integer Read No No
Values
Value 100 10-99 Description Maximum scaling (percent) - Default Scaling (percent)
INI Location
N/A
Registry Location
N/A
769
ScalingWidth
Specifies the scaling factor to adjust Client window width. The purpose is to adjust the dimensions to fit the client LVB model. This is used only when ScalingMode=2. It ignores the ScalingPercent property. The width and height of the scaling area are checked against the size of the control window. The size cannot be bigger than the control window area. So if the width and height is not less than the session size, scaling should not be enabled. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM Server Core INI_SCALING_WIDTH Integer Read No No
Values
Value ) >= 0 Description No scaling is done - Default Disable audio input
INI Location
N/A
Registry Location
N/A
770
Schedule
If the value for the application pre-launch setting State is 2 (pre-launch scheduled), use this setting to schedule the application session to prelaunch on specific days and times. Section Feature Attribute Name Definition Location Data Type Access Type UNIX Specific Present in ADM PrelaunchApplication Pre-Launch PRELAUNCH_TIME prelaunch.h String Read/Write No No
Values
The value specifies the time (in 24-hour format) and the days of the week for the application session to prelaunch.
HH:MM|M:T:W:Th:F:S:Su HH:MM - Hours and Minutes in 24 hour format M:T:W:Th:F:S:Su - Days of the week. A value of 1 to enable and 0 to disable. Example: 08:30|1:1:1:1:0:0:0 - Enables Pre-Launch Monday through Thursday at 8:30 AM
Registry Location
Registry Key HKEY_LOCAL_MACHINE\Software\Citrix\ICA Client\Prelaunch HKEY_CURRENT_USER\Software\Citrix\ICA Client\Prelaunch Value
771
ScreenPercent
Specifies the size of the ICA session as a percentage of total screen size. If DesiredWinType is set to 5, this parameter is used to specify the size of the ICA session as a percentage of total screen size. Client Display Setting: Use this policy to control how the client presents remote applications and desktops to the end user. Remote applications can be seamlessly integrated with local applications, or the entire local environment can be replaced with a remote desktop. Window Percent can be used as an alternative to manually choosing the width and height. It selects a window size as a fixed percentage of the entire screen. The server may choose to ignore this value. This setting is ignored when seamless windows is in use. ADM UI Element: Citrix Components > Citrix Receiver > User experience > Client display settings > Window percent
Server Core INI_SCREENPERCENT Integer Read & Write No Yes
Values
Value 75 0 1-100 Description Default screen size when the setting is enabled. Disables the setting.
INI Location
INI File Module.ini Section Thinwire3.0 Value
772
ScreenPercent All_Regions.ini canonicalization.ini appsrv.ini Virtual Channels\Thinwire Graphics Thinwire3.0 WFClient * ScreenPercent
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Canonicalization\Thinwire3.0 HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Thinwire3.0 HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Thinwire Graphics HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Thinwire Graphics Value ScreenPercent * *
773
SecureChannelProtocol(2)
Specifies which secure channel protocol to use. Use this policy to configure the TLS/SSL options that help to ensure that the client connects to genuine remote applications and desktops. TLS and SSL encrypt the transferred data to prevent third-parties viewing or modifying the data traffic. Citrix recommends that any connections over untrusted networks use TLS/SSL or another encryption solution with at least the same level of protection. When this policy is enabled, the client will apply these settings to all TLS/SSL connections performed by the client. The Require SSL for all connections check box can be used to force the client to use the TLS or SSL protocol for all connections that it performs. TLS and SSL identify remote servers by the common name on the security certificate sent by the server during connection negotiation. Usually the common name is the DNS name of the server, for example www.citrix.com. It is possible to restrict the common names to which the client will connect by specifying a comma-separated list in the "Allowed SSL servers" setting. Note that a wildcard address, for example *.citrix.com:443 will match all common names that end with .citrix.com. The information contained in a certificate is guaranteed to be correct by the certificate`s issuer. Some security policies have requirements related to the exact choice of cryptography used for a connection. By default the client will automatically select either TLS v1.0 or SSL v3.0 (with preference for TLS v1.0) depending on what the server supports. This can be restricted to only TLS v1.0 or SSL v3.0 using the "SSL/TLS version" setting. Similarly, certain security policies have requirements relating to the cryptographic ciphersuites used for a connection. By default the client will automatically negotiate a suitable ciphersuite from the five listed below. If necessary, it is possible to restrict to just the ciphersuites in one of the two lists.
q
Government Ciphersuites:
q
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA Commercial Ciphersuites:

q q
TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_RC4_128_MD5 Certificate Revocation List (CRL) checking is an advanced feature supported by some certificate issuers. It allows security certificates to be revoked (invalidated before their expiry date) in the case of cryptographic compromise of the certificate private key, or simply an unexpected change in DNS name.
q
Valid CRLs must be downloaded periodically from the certificate issuer and stored locally. This can be controlled through the selection made in "CRL verification."
774
q
Disabled: When selected, no CRL checking will be performed. Only check locally stored CRLs: When selected, any CRLs that have been previously installed or downloaded will be used in certificate validation. If a certificate is found to be revoked, the connection will fail. Retrieve CRLs from network: When selected, the client will attempt to retrieve CRLs from the relevant certificate issuers. If a certificate is found to be revoked, the connection will fail. Require CRLs for connection: When selected, the client will attempt to retrieve CRLs from the relevant certificate issuers. If a certificate is found to be revoked, the connection will fail. If the client is unable to retrieve a valid CRL, the connection will fail.
ADM UI Element: Citrix Components > Citrix Receiver > Network routing Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM WFClient,Server SSL INI_SSLPROTOCOLS String Read No Yes
Values
Value Detect TLS SSL Description Protocol value - Default Protocol value Protocol value
INI Location
INI File All_Regions.ini Section Network\SSL Value
775
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\SSL HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\SSL Value
Troubleshooting
Error Message: "SSL Error 61: You have not chosen to trust "<xxx>" the issuer of the server`s security certificate". The common name and other information on a security certificate is guaranteed to be accurate by the certificate`s issuer. For a connection to be successful, the client must trust the certificate`s issuer to make that guarantee. Error Message: "SSL Error 59: The server sent a security certificate identifying `xxx`. The SSL connection was to `yyy`". The common name did not match the server the client was expecting to connect to.
776
SecurityTicket
Specifies whether (On) or not (Off) CGP security ticket is turned on. When CGPSecurityTicket is turned on, use CGP through SG. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM Server CPG INI_CGPSECURITYTICKET inc\cgpini.h Read No No
Values
Value Off On Description CGP security ticket is turned off - Default CGP security ticket is on
INI Location
INI File All_Regions.ini Section Network\CGP Value *
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\CGPHKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\CGP HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\CGP Value *
777
SessionReliabilityTTL
Specifies the session reliability timeout in number of seconds. This attribute allows you to configure Session Reliability Time To Live (TTL). Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM WFClient SessionReliability INI_SESSIONRELIABILITY_TTL Integer Read No No
Values
Value 180 Description Seconds - Default
INI Location
INI File All_Regions.ini Module.ini Section Network\CGP WFClient Value *
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\CGP HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\CGP Value 3 * *
778
SessionSharingKey
Specifies the session sharing key. Session sharing key takes priority over all other checks. If it matches you share, if it does not you do not. It is up to the server to set the session sharing key correctly. Session sharing key is created from (Neighborhood Name, Color Depth, Username/Domain, Encryption Level, Audio BandWidth). If the key is not present, go through the old checks. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM Server SessionSharing INI_SESSIONKEY_NAME String Read No No
Values
Value oLdWaY Off Description Default Launch failed because session key is set to Off
INI Location
Registry Location
779
SessionSharingLaunchOnly
Specifies the name of the session to be shared. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM Server SessionSharing INI_SESSION_SHARING_NAME String Read No No
Values
Value "" Description If present then any string representing the name of the session
INI Location
Registry Location
780
SFRAllowed
Specifies whether Special folder direction is allowed or not. If it is enabled, client sends the Desktop and Documents folder paths to the server side SFR as part of CDM VC data. SFR redirects the logged on users document and desktop folders to clients document and desktop folders respectively. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM ClientDrive SFR INI_SFRALLOWED Boolean Read No Yes
Values
Value Off On Description Disables SFR - Default Enables SFR
INI Location
INI File All_Regions.ini Canonicalization.ini Module.ini Section Virtual Channels\ Drives ClientDrive ClientDrive Value * SFRAllowed FALSE
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientDrive HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Drives HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Canonicalization\ClientDrive Value FALSE * SFRALLOWED
781
SkipRedrawPerPaletteChange
Specifies whether (On) or not (Off) to skip redrawing the screen after a palette change. If this parameter is enabled, HowManySkipRedrawPerPaletteChange specifies how many palette changes are skipped before each redraw. Use this only as directed by Citrix Technical Support. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM WFClient Graphics INI_SKIPREDRAWPERPALETTECHANGE Boolean Reed No No
Values
Value 0 1 Description Does not skip redrawing the screen after a palette change - Default Skips redrawing the screen after a palette change
INI Location
N/A
Registry Location
N/A
782
SmartCardAllowed
Specifies whether or not Smartcard virtual channel has been enabled. When enabled, this policy allows the remote server to access smart cards attached to the client device for authentication and other purposes. When disabled, the server cannot access smart cards attached to the client device. ADM UI Element: Citrix Components > Citrix Receiver > User authentication > Smart card authentication > Allow smart card authentication Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM Smartcard,Server SmartCard INI_SMARTCARDSWITCH Boolean Read No No
Values
Value FALSE NO Description Disable the requirement for a smart card. - Default Enable the requirement for a smart card.
INI Location
N/A
Registry Location
N/A
783
SpeedScreenMMA
Specifies whether(On) or not(Off) to enable the HDX MediaStream Multimedia Acceleration. It is used to decide the default value of Tw2CachePower. If SpeedScreenMMA = On then Tw2CachePower = 19 else Tw2CachePower = 22. Remote Video: The remote video option allows the server to directly stream certain video data to the client. This provides better performance than decompressing and recompressing video data on the computer running Citrix XenApp. ADM UI Element : Citrix Components > Citrix Receiver > User experience > Client graphics settings Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM Server RAVE INI_MM String Read No No
Values
Value oLdWaY Off Description Default Launch failed because session key is set to Off
INI Location
784
SpeedScreenMMA
Registry Location
785
SpeedScreenMMAAudioEnabled
Specifies whether (True) or not (False) audio playback will occur through HDX MediaStream Multimedia Acceleration. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM Server RAVE INI_MM_AUDIO_ENABLED Boolean Read No No
Values
Value TRUE FALSE Description Audio playback will occur through HDX MediaStream Multimedia Acceleration - Default Audio playback will not occur through HDX MediaStream Multimedia Acceleration
INI Location
INI File All_Regions.ini Section Virtual Channels\Multimedia Value *
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Multimedia HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Multimedia Value * *
786
SpeedScreenMMAMaxBufferThreshold
Specifies (as a percentage) the amount of data in the media queue before the client requests that the server stops sending data until the data in the queue levels off. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM Server RAVE INI_MM_MAX_THRESHOLD Integer Read No No
Values
Value 90 85-90 Description Percent - Default Percent
INI Location
Registry Location
787
SpeedScreenMMAMaximumBufferSize
Specifies the maximum size in kilobytes of the media queue that the client can create. This is per stream, so the client could create a 30240KB queue for audio and a 30240 queue for video. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM Server RAVE INI_MM_MAX_BUFFER_SIZE Integer Read No No
Values
Value 30240 Description Size in KB - Default
INI Location
Registry Location
788
SpeedScreenMMAMinBufferThreshold
Specifies what percent value the data in the media queue will be when the client requests a burst from the server to replenish its media queue. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM Server RAVE INI_MM_MIN_THRESHOLD Integer Read No No
Values
Value 10 5-15 Description Default
INI Location
Registry Location
789
SpeedScreenMMASecondsToBuffer
Specifies the number of seconds of MMA data to buffer. The value is set on both the server and client and the connection is set up with the smaller of these values. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM Server RAVE INI_MM_SECONDS_TO_BUFFER Integer Read No No
Values
Value 1 10 1-10 Description Default (wince default)
INI Location
Registry Location
790
SpeedScreenMMAVideoEnabled
Specifies whether (True) or not (False) video playback will occur through HDX MediaStream Multimedia Acceleration. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM Server RAVE INI_MM_VIDEO_ENABLED Boolean Read No No
Values
Value TRUE FALSE Description Video playback will occur through HDX MediaStream Multimedia Acceleration - Default Video playback will not occur through HDX MediaStream Multimedia Acceleration
INI Location
Registry Location
791
SSLCACert
Specifies a Certificate Authority Certificates count and a string. The attribute CACerts (Certificate Authority Certificates) is stored and read with the current CACerts count and string containing the certificate name. Specific to SSL (Secure Sockets Layer). Only present if there are any Certificate Authority Certificates to store.
Server SSL INI_SSLCACERT String Read & Write No No
INI Location
Registry Location
792
SSLCertificateRevocationCheckPolicy(2)
Governs how a given trusted root certificate authority is treated during an attempt to open a remote session through SSL when using the client for 32-bit Windows. When certificate revocation list checking is enabled, the client checks whether or not the servers certificate is revoked. This feature improves the cryptographic authentication of the Citrix server and improves the overall security of the SSL/TLS connections between a client and a server. There are several levels of certificate revocation list checking. For example, the client can be configured to check only its local certificate list, or to check the local and network certificate lists. In addition, certificate checking can be configured to allow users to log on only if all Certificate Revocation lists are verified. The client checks SSL certificate revocation only when the underlying operating system is Windows 2000 or later. When this setting is not configured in the Appsrv.ini and .ica files, NoCheck is used as the default value for Windows NT4/9x and CheckWithNoNetworkAccess is used as the default value for Windows 2000/XP. When the CertificateRevocationCheckPolicy setting is configured in the Appsrv.ini file of a users profile and the .ica file, the value in the Appsrv.ini file takes precedence when attempting to launch a remote session using the .ica file. This behavior is the reverse of that displayed with most other parameters shared between the two file types. Possible values for the parameter SSLCertificateRevocationCheckPolicy in the Appsrv.ini/.ica file are as follows:
q
NoCheck. No Certificate Revocation List check is performed. CheckWithNoNetworkAccess. Certificate revocation list check is performed. Only local certificate revocation list stores are used. All distribution points are ignored. Finding a Certificate Revocation List is not critical for verification of the server certificate presented by the target SSL Relay/Secure Gateway server. FullAccessCheck. Certificate Revocation List check is performed. Local Certificate Revocation List stores and all distribution points are used. Finding a Certificate Revocation List is not critical for verification of the server certificate presented by the target SSL Relay/Secure Gateway server. FullAccessCheckAndCRLRequired. Certificate Revocation List check is performed. Local Certificate Revocation List stores and all distribution points are used. Finding all required Certificate Revocation Lists is critical for verification.
Certificate Revocation List (CRL) checking is an advanced feature supported by some certificate issuers. It allows security certificates to be revoked (invalidated before their expiry date) in the case of cryptographic compromise of the certificate private key, or simply an unexpected change in DNS name. Valid CRLs must be downloaded periodically from the certificate issuer and stored locally. This can be controlled through the selection made in "CRL verification":
793
q
ADM UI Element: Citrix Components > Citrix Receiver > Network routing Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM WFClient,Server SSL INI_SSLCERTREVCHECKPOLICY String Read No Yes
Values
Value "" NoCheck Description Policy value - Default No Certificate Revocation List check is performed
CheckWithNoNetworkAccess Only local certificate revocation list stores are used. All distribution points are ignored FullAccessCheck Certificate Revocation List stores and all distribution points are used Local FullAccessCheckAndCRLRequired Local Certificate Revocation List stores and all distribution points are used
INI Location
794
Registry Location
Troubleshooting
795
SSLCiphers
On platforms that support multiple SSL cipher suites (currently 32-bit editions of Windows only), this parameter determines which cipher suite(s) the client is permitted to use to establish an SSL connection. Non-32-bit Windows platforms are locked (hard-coded) to COM. ADM UI: Citrix Components > Citrix Receiver > Network routing > TLS/SSL data encryption and server identification > SSL ciphersuite
WFClient SSL INI_SSLCIPHERS String Read No Yes
Values
Value ALL RC4 GOV Description Either - Default COM 3DES
INI Location
INI File All_Regions.ini appsrv.ini Section Network\SSL WFClient Value ALL
796
SSLCiphers
Registry Location
797
SSLCommonName
Specifies the server name as it appears on the SSL certificate. If the value of SSLProxyHost is not identical to that of the server name as it appears on the SSL certificate, this parameter is required, and its value must specify the server name as it appears on the SSL certificate. Section name would be WFClient for all custom ICA connections unless otherwise overridden. Section name would be applicationservername for each custom ICA connection where DoNotUseDefaultCSL=On. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM Server SSL INI_SSLCOMMONNAME String Read No No
Values
Value "" Description Server name - Default
INI Location
798
SSLCommonName
Registry Location
799
SSLEnable
Specifies whether or not SSL is enabled. The value of this parameter must be On to enable SSL. This setting is ignored by network protocols other than TCP/IP. Use this policy to configure the TLS/SSL options that help to ensure that the client connects to genuine remote applications and desktops. TLS and SSL encrypt the transferred data to prevent third-parties viewing or modifying the data traffic. Citrix recommends that any connections over untrusted networks use TLS/SSL or another encryption solution with at least the same level of protection. When this policy is enabled, the client will apply these settings to all TLS/SSL connections performed by the client. The Require SSL for all connections check box can be used to force the client to use the TLS or SSL protocol for all connections that it performs. TLS and SSL identify remote servers by the common name on the security certificate sent by the server during connection negotiation. Usually the common name is the DNS name of the server, for example www.citrix.com. It is possible to restrict the common names to which the client will connect by specifying a comma-separated list in the "Allowed SSL servers" setting. Note that a wildcard address, for example, *.citrix.com:443, will match all common names that end with .citrix.com. The information contained in a certificate is guaranteed to be correct by the certificate`s issuer. Some security policies have requirements related to the exact choice of cryptography used for a connection. By default the client will automatically select either TLS v1.0 or SSL v3.0 (with preference for TLS v1.0) depending on what the server supports. This can be restricted to only TLS v1.0 or SSL v3.0 using the "SSL/TLS version" setting. Similarly, certain security policies have requirements relating to the cryptographic ciphersuites used for a connection. By default the client will automatically negotiate a suitable ciphersuite from the five listed below. If necessary, it is possible to restrict to just the ciphersuites in one of the two lists.
q
Government Ciphersuites:
q
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA Commercial Ciphersuites:

q q
TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_RC4_128_MD5 Certificate Revocation List (CRL) checking is an advanced feature supported by some certificate issuers. It allows security certificates to be revoked (invalidated before their expiry date) in the case of cryptographic compromise of the certificate private key, or simply an unexpected change in DNS name.
q
800
SSLEnable Valid CRLs must be downloaded periodically from the certificate issuer and stored locally. This can be controlled through the selection made in "CRL verification."
q
ADM UI Element: Citrix Components > Citrix Receiver > Network routing Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM Server,WFClient SSL INI_SSLNOCACERTS Integer Read & Write No No
Values
Value 0 Description Number of CACerts. (Certificate Authority Certificates) - Default
INI Location
INI File All_Regions.ini appsrv.ini Section Network\SSL WFClient Value *
801
SSLEnable
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\SSL HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\SSL Value * *
Troubleshooting
802
SSLProxyHost(2)
Specifies the server name value. By default, this parameter is not present, or, if present, the value is set to *:443. Assuming that every Citrix server in a server farm has its own SSL relay, the asterisk means that the address of the SSL relay is the same as that of the Citrix server. If not every Citrix server in a given server farm has its own relay, the value can specify an explicit server name in place of the asterisk. If the value is an explicit server name, SSL traffic enters the server farm through the server whose name is specified by the value. The server name value must match the server name in the servers SSL certificate; otherwise, SSL communications fail. For listening port numbers other than 443, the port number is appended to the server name following a colon (:):SSLProxyHost=*:SSL relay port number, where SSL relay port number is the number of the listening port. Related parameter: SSLCommonName. ADM UI Element: Citrix Components > Citrix Receiver > Network routing Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM Server,WFClient SSL INI_SSLPROXYHOST String Read & Write No Yes
Values
Value *.443 Description SSL Proxy host string - Default
INI Location
INI File All_Regions.ini appsrv.ini Section Network\SSL WFClient Value *:443
803
SSLProxyHost(2)
Registry Location
804
SSOnCredentialType(3)
Specifies the credential type to used with pass-through authentication. Allows particular credentials (Windows, NetWare, either) to be used with pass-through authentication on client devices that have the Novell Client installed. Local user name and password: Use this policy to instruct the client to use the same logon credentials (pass-through authentication) for Citrix XenApp as the client machine. When this policy is enabled, the client can be prevented from using the current user`s logon credentials to authenticate to the remote server by clearing the Enable pass-through authentication check box. When run in a Novell Directory Server environment, selecting the Use Novell Directory Server credentials check box requests that the client uses the users NDS credentials. ADM UI Element: Citrix Components > Citrix Receiver > User authentication > Local user name and password -> Use Novell Directory Server credentials Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM WFClient,dynamic,Server SSON INI_SSON_CREDENTIAL_TYPE String Read No Yes
Values
Value Any NT NDS Description Windows, NetWare, either - Default
INI Location
INI File All_Regions.ini appsrv.ini Section Logon\Local Credentials WFClient Value Any
805
SSOnCredentialType(3)
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon\Local Credentials HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon\Local Credentials Value
806
SSOnDetected
A boolean setting enabled when (Single Sign-On) is being used. (Single Sign-On) setting handles authentication to servers. SSOnDetected Citrix pass-through authentication (Single Sign-On) is being used. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM Server SSON INI_SSON_DETECTED Boolean Read & Write No No
Values
Value FALSE TRUE Description Disable single sign-on detected - Default Enable single sign-on detected
INI Location
INI File All_Regions.ini Section Logon Value *
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon Value * *
807
SSOnUserSetting
Selects (On) or clears (Off) the Use local credentials to log on option. Choose use pass-through authentication when installing the ICA Client for this parameter to have an effect. This attribute is used for 3 types of User authentications in ADM file: "Smart Card Authentication", "Kerberos authentication" and "Local user name and password".
q
"Smart Card Authentication": Use Smart Card Authentication to control how the client uses smart cards attached to the client device. When enabled, this policy allows the remote server to access smart cards attached to the client device for authentication and other purposes. When disabled, the server cannot access smart cards attached to the client device. ADM UI Element: Citrix Components > Citrix Receiver > User authentication > Smart card authentication > Use pass-through authentication for PIN
"Kerberos authentication": Use this policy to control how the client uses Kerberos to authenticate the user to the remote application or desktop. When enabled, this policy allows the client to authenticate the user using the Kerberos protocol. Kerberos is a Domain Controller authorised authentication transaction that avoids the need to transmit the real user credential data to the server. When disabled, the client will not attempt Kerberos authentication. ADM UI Element: Citrix Components > Citrix Receiver > User authentication > Kerberos authentication
"Local user name and password": Use this policy to instruct the client to use the same logon credentials (pass-through authentication) for Citrix XenApp as the client machine. When this policy is enabled, the client can be prevented from using the current user`s logon credentials to authenticate to the remote server by clearing the Enable pass-through authentication check box. ADM UI Element: Citrix Components > Citrix Receiver > User authentication > Local user name and password
WFClient SSON INI_USER_SETTING_SINGLE_SIGN_ON Boolean Read & Write No Yes
808
SSOnUserSetting
Values
Value Off On Description Clear the user local credentials to log on option - Default Selects the use local credentials to log on option
INI Location
INI File All_Regions.ini appsrv.ini Section Logon\Local Credentials WFClient Value * On
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon\Local Credentials HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon\Local Credentials Value * *
809
SSPIEnabled
Enables and disables Kerberos authentication protocol. Use this policy to control how the client uses Kerberos to authenticate the user to the remote application or desktop. When enabled, this policy allows the client to authenticate the user using the Kerberos protocol. Kerberos is a Domain Controller authorised authentication transaction that avoids the need to transmit the real user credential data to the server. When disabled, the client will not attempt Kerberos authentication. ADM UI Element: Citrix Components > Citrix Receiver > Network routing > User authentication Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM WFClient SSPI INI_SSPI_ENABLED Boolean Read & Write No Yes
Values
Value On Off Description Enable Kerberos authentication protocol- Default Disable Kerberos authentication protocol
INI Location
INI File All_Regions.ini wfclient.ini Section Logon\Kerberos WFClient Value * On
810
SSPIEnabled
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon\Kerberos 0x1 HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon\Kerberos Value 0x1 * *
Troubleshooting
The machine running the client and the server running the remote application must be in domains that have a trust relationship. The Domain Controller must be aware that Citrix XenApp will be performing a full user logon (interactive logon) using Kerberos. This is configured using the "Trust for Delegated Authentication" settings on the Domain Controller. When connecting using Web Interface, Web Interface server must be aware that the client will connect using Kerberos authentication. This is necessary because by default Web Interface server will use an IP address for the destination server whereas Kerberos authentication requires a Fully Qualified Domain Name. Both client and server machines must have correctly registered DNS entries. This is necessary because endpoints will authenticate each other during connection.
811
startIFDCD(3)
This is an End User Experience Monitoring (EUEM) metric. This metric tracks the time it takes the client to download the ICA file from the Web server for Program Neighborhood Agent or Web Interface. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM qwerty,dynamic,Server EUEM INI_EUEM_STARTIFDCD Integer Read & Write No No
Values
INI Location
Registry Location
812
startSCD(2)
New session creation time (SCD), from the moment wfica32.exe is launched to when the connection is established An ICA session may be started by different launchers, all of the launchers use the same engine wfica32.exe. This is specific to the ICA launcher when it is not Program Neighborhood Classic. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM dynamic,Server EUEM INI_EUEM_STARTSCD Integer Read & Write No No
Values
Value 0 Description Session Creation Time (ms) - Default
INI Location
Registry Location
813
State
Specifies whether or not to launch a pre-launched application session at user logon. When set to 1 (default setting), the session is enabled at user logon. When set to 2, the pre-launched application session is launched at the When set to 2, the pre-launched application session launches at the specified Schedule; if the schedule is not set, the session is disabled. To enable users to override this administrator's configuration, enable the UserOverride setting. Section Feature Attribute Name Definition Location Data Type Access Type UNIX Specific Present in ADM PrelaunchApplication Pre-Launch PRELAUNCH_STATE prelaunch.h string Read/Write No No
Values
Value 1 0 2 Description Pre-Launch enabled Pre-Launch disabled Pre-Launch scheduled default
Registry Location
Registry Key HKEY_LOCAL_MACHINE\Software\Citrix\ICA Client\PreLaunch HKEY_CURRENT_USER\Software\Citrix\ICA Client\PreLaunch Value
814
SucConnTimeout
Specifies the number of seconds to wait for a recently started session to become available for session sharing. Multiple sessions can be opened if multiple configured seamless Window applications are started in rapid succession and the server has custom logon scripts that take longer than 20 seconds to complete. To extend this time-out value, enter this setting in the Appsrv.ini file under the [WFClient] section. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM WFClient SessionSharing INI_SUCCONNTIMEOUT Integer Read No No
Values
Value 20 Description Wait for Session Sharing (seconds) - Default
INI Location
N/A
Registry Location
N/A
815
SwapButtons
Specifies whether (On) or not (Off) to swap the function of the client devices mouse buttons within the ICA session. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM WFClient Mouse INI_SWAPBUTTONS Boolean Read No No
Values
Value Off On Description Disable swap function - Default Enable the swap function
INI Location
N/A
Registry Location
N/A
816
TransparentKeyPassthrough
Determines how the mapping of certain Windows key combinations are used when connecting to ICA sessions. This setting appears in the Citrix Receiver user interface under Session Options page and in the Web Interface for Citrix XenApp Settings page.
q
When Local is set, the key combinations apply to the local desktop. When Remote is set, the key combinations apply to seamless and non-seamless ICA sessions when their windows have the keyboard focus. When FullScreenOnly is set, the key combinations apply to the non-seamless ICA session in full screen mode.
The default value is FullScreenOnly. When no TransparentKeyPassthrough setting in the ICA file is passed to the ICA Engine, the keyboard transparent feature behaves as if FullScreenOnly is set. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM WFClient Keyboard INI_TPKEYPASSTHRU String Read No No
Values
Value Description FullScreenOnly Default Local Remote
INI Location
INI File All_Regions.ini wfclient.ini appsrv.ini 817 Section Virtual Channels\Keyboard WFClient WFClient Value FullScreenOnly FullScreenOnly
TransparentKeyPassthrough
Registry Location
818
TransportReconnectDelay
Specifies the number of seconds to wait before attempting to reconnect to the disconnected session. When a network error occurs, the auto client reconnect feature normally displays a dialog box asking whether or not to try to reconnect. The TransportReconnectDelay=delay setting replaces this display with a delay (in seconds) followed by an automatic reconnection attempt. Specifies the number of retries the client will attempt to reconnect to the disconnected session. If the TransportReconnectEnabled value is set to On or is not present in the .ini file, the number that is specified for this value is used. Use "Session reliability and automatic reconnection" policy to control how the client behaves when a network failure causes the connection to be dropped. When this policy is enabled, the client will attempt to reconnect to a server only if "Enable reconnection" is selected. By default three reconnection attempts are made, but this can be altered using the "Number of retries" setting. Similarly the delay between retries can be altered from the default of 30 seconds using the "Retry delay" setting. ADM UI Element: Citrix Components > Citrix Receiver > Network routing > Session reliability and automatic reconnection > Retry delay (seconds) Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM WFClient ACR INI_TRANSPORT_RECONNECT_DELAY Integer Read No Yes
Values
Value 30 Description Seconds - Default
INI Location
INI File All_Regions.ini Section Network\Reconnection Value *
819
TransportReconnectDelay
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Reconnection HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Reconnection Value * *
Troubleshooting
Some proxy servers will automatically disconnect connections that are idle for a certain length of time. This can cause client sessions to be disconnected when not in use. A server-side option "ICA Keep-Alive" is available to send extra data packets during periods of inactivity that can be used prevent proxies from closing connections.
820
TransportReconnectEnabled
Specifies whether (On) or not (Off) the Auto Client Reconnect is enabled. By default if the client connects to a server that is enabled for AutoClientReconnect and a disconnection occurs, the client tries indefinitely to reconnect to the disconnected session until the user clicks the Cancel button in the AutoClientReconnect dialog box. Session reliability and automatic reconnection: Use this policy to control how the client behaves when a network failure causes the connection to be dropped. When this policy is enabled, the client will attempt to reconnect to a server only if "Enable reconnection" is selected. By default three reconnection attempts are made, but this can be altered using the "Number of retries" setting. Similarly the delay between retries can be altered from the default of 30 seconds using the "Retry delay" setting. ADM UI Element: Citrix Components > Citrix Receiver > Network routing > Session reliability and automatic reconnection > Enable reconnection Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM WFClient ACR INI_TRANSPORT_RECONNECT_ENABLED Boolean Read No Yes
Values
Value 1 0 On Off true false yes no Description Enables Auto Client Reconnect - Default Disables Auto Client Reconnect Enables Auto Client Reconnect Disables Auto Client Reconnect Enables Auto Client Reconnect Disables Auto Client Reconnect Enables Auto Client Reconnect Disables Auto Client Reconnect
821
TransportReconnectEnabled
INI Location
Registry Location
822
TransportReconnectRetries
Specifies the number of times the client will attempt to reconnect to the disconnected session. If the TransportReconnectEnabled value is set to On or is not present in the .ini file, the number that is specified for this value is used. Use the Session reliability and automatic reconnection policy settings to control how the client behaves when a network failure causes the connection to be dropped. When these policy settings are enabled, the client will attempt to reconnect to a server only if Enable Reconnection is selected in the Citrix User policy setting for Auto Client Reconnect. By default three reconnection attempts are made, but this can be altered using the Number of retries setting. Similarly the delay between retries can be altered from the default of 30 seconds using the Retry delay setting. Retry delay is supported only on WinCE. ADM UI Element: Citrix Components > Citrix Receiver > Network routing > Session reliability and automatic reconnection > Number of retries Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM WFClient ACR INI_TRANSPORT_RECONNECT_RETRIES Integer Read No Yes
Values
Value Description 0xFFFFFFFF For Win32 (infinite) - Default 3 (default for non-windows)
11 or higher 0xFFFFFFFF
INI Location
823
TransportReconnectRetries
Registry Location
Troubleshooting
Some proxy servers will automatically disconnect connections that are idle for a certain length of time. This can cause client sessions to be disconnected when not in use. The server-side policy setting for ICA Keep Alives is available to send extra data packets during periods of inactivity that can be used to prevent proxies from closing connections.
824
TransportSilentDisconnect
Specifies whether or not silent disconnect is enabled. This setting hides the network error message that appears when the client is disconnected. Instead of showing the error message, the client just exits silently. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM WFClient ACR INI_TRANSPORT_SILENT_DISCONNECT Boolean Read No No
Values
Value FALSE TRUE Description Disable silent disconnect - Default Enable silent disconnect
INI Location
N/A
Registry Location
N/A
825
TRWD
EUEM: End User Experience Monitoring . TRWD: TICKET_RESPONSE_WEB_SERVER The time it takes to get a ticket (if required) from the STA server or XML Service. This metric is collected when the application is launched via the Citrix Receiver or Web Interface. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM Server EUEM INI_EUEM_TRWD Integer Read & Write No No
Values
INI Location
Registry Location
826
Tw2CachePower
Specifies, in powers of 2 bytes, the size of the ThinWire cache. For example, a TW2CachePower value of 23 creates an 8MB (2^23 bytes) ThinWire cache. Set it in the range of 19 to 25. Any value less than 19 is reset to 19; any value greater than 25 is reset to 25. If you do not specify a value, the ThinWire driver automatically computes the initial size based on connection resolution and color depth, applying a value in the range of 22 to 25. If the required memory space cannot be allocated, the value is gradually lowered until it matches the actual amount of available memory space. If memory space equivalent to a value of 19 (512KB) cannot be allocated, the connection is dropped. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM Thinwire3.0 Graphics INI_TW2_CACHE_POWER Integer Read No No
Values
Value 19 19-25 Description Default
INI Location
N/A
Registry Location
N/A
827
TW2StopwatchMinimum
Sets a minimum return value for TW2 stopwatch timers. TW2`s stopwatch timers can return meaningless results when the underlying graphics system is not synchronous, for example X11 on Unix. This option allows an implementation to set a minimum value that will be returned for a stopwatch timer period. The minimum value used is taken from the configuration files and scaled by the size of the last image copy. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM Thinwire3.0 Graphics INI_TW2_STOPWATCH_MINIMUM String Read No No
Values
INI Location
INI File All_Regions.ini canonicalization.ini Section Virtual Channels\Thinwire Graphics Thinwire3.0 Value * TW2StopwatchMinimum
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Canonicalization\Thinwire3.0 HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Thinwire Graphics HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Thinwire Graphics Value TW2StopwatchMinimum * *
828
TW2StopwatchScale
Sets a scale factor to be applied to TW2 stopwatch timers. TW2`s stopwatch timers can return over-optimistic results when there is a large disparity between the speed of different graphics operations; for example, some WinCE terminals can scroll quickly but draw relatively slowly. This option allows a scale factor to be applied to values returned by the stopwatch timers in an attempt to correct this. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM Thinwire3.0 Graphics INI_TW2_STOPWATCH_SCALE Integer Read No No
Values
Value 1 Description Scale Factor - Default
INI Location
N/A
Registry Location
N/A
829
TwainAllowed
Specifies whether (TRUE) or not (FALSE) Image capture is enabled. Image Capture: Use this policy to enable and restrict the remote application or desktop`s access to scanners, webcams, and other imaging devices on the client device (TWAIN). ADM UI Element: Citrix Components > Citrix Receiver > Remoting client devices > Image capture Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM WFClient Twain INI_TWAINALLOWED Boolean Read No Yes
Values
Value TRUE FALSE Description Enables Image capture (TWAIN) - Default Disables Image capture (TWAIN)
INI Location
INI File All_Regions.ini Section Virtual Channels\Image Capture Value *
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Image Capture HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Image Capture Value * *
830
TWIEmulateSystray
Specifies whether (TRUE) or not (FALSE) to do system tray emulation on non-windows clients. Controls the creation of a system emulation window to display notification area icons when using seamless mode. Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM Server Seamless INI_TWI_SYSTRAY_EMULATION Boolean Read No No
Values
Value TRUE FALSE Description Do system tray emulation on non-Windows clients - Default Does not do system tray emulation on non-Windows clients
INI Location
N/A
Registry Location
N/A
831
TWIFullScreenMode
This setting switches the client to full screen mode. The server display will completely cover the client display. ADM UI Element: Citrix Components > Citrix Receiver > User experience > Client display settings Section Feature Attribute Name Data Type Access Type UNIX Specific Present in ADM Thinwire3.0 Keyboard INI_FULLSCREENMODE Boolean Read No Yes
Values
Value 0 1 Description Disable client full screen mode - Default Enable client full screen mode
INI Location
INI File All_Regions.ini Module.ini canonicalization.ini Section Virtual Channels\Thinwire Graphics Thinwire3.0 Thinwire3.0 Value * TWIFullScreenMode
832
TWIFullScreenMode
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Canonicalization\Thinwire3.0 HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Thinwire3.0 HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Thinwire Graphics HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Thinwire Graphics Value TWIFullScreenMode * *
833
TWIIgnoreWorkArea
Enable/Disable sending only desktop work area. Specifies whether (True) or not (False) the entire desktop area will be sent to the server. By default when the client connects to the server it sends the entire desktop area (including the taskbar) of the client display to the server. Setting this value to True sends only the desktop work area (area where shortcuts are placed, for example).
WFClient Seamless INI_OVERRIDE_WORKAREA_SETTING Boolean Read No No
Values
Value 0 1 Description Disable sending only desktop work area. Enable sending only desktop work area.
INI Location
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Seamless Windows Value *
834
TWIIgnoreWorkArea HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Seamless Windows *
835
TWIMode
Specifies whether (On) or not (Off) to use seamless mode for all connections in the associated application set or for the associated custom ICA connection. Set the parameters DesiredVRES, DesiredHRES, and DesiredWinType accordingly. Client display settings: Use this policy to control how the client presents remote applications and desktops to the end user. Remote applications can be seamlessly integrated with local applications, or the entire local environment can be replaced with a remote desktop. Seamless windows: When set to False this setting allows the client to disable the use of seamless windows, instead displaying a fixed size window. When set to True it forces the client to request seamless windows, although the server may choose to reject this request. ADM UI Element: Citrix Components > Citrix Receiver > User experience > Client display settings > Seamless windows
Server Seamless INI_TWI_MODE Boolean Read & Write No Yes
Values
Value FALSE TRUE Off On Description Disables the seamless mode for all connections - default Enables the seamless mode for all connections Disables seamless mode for all connections Enables seamless mode for all connections
INI Location
INI File Section Value
836
TWIMode All_Regions.ini Virtual Channels\Seamless Windows *
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Seamless Windows HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Seamless Windows Value * *
837
TWISeamlessFlag
Enable/Disable seamless applications launch. Starting with Version 9.x of the Citrix Receiver for Windows, when an application launches seamlessly, if focus is shifted away from the Logon Status dialog boxes before the application is displayed, the application launches behind whichever window has focus. By setting this value to 1, seamless applications launch in the foreground and have focus, even if the focus shifted away from the Logon Status dialog boxes.
WFClient Seamless INI_SEAMLESS_FLAG Integer Read No No
Values
Value 0 1 Description Disable seamless application launch - default Enable seamless application launch.
INI Location
Registry Location
838
TWIShrinkWorkArea
Specifies the value that the work area will be minimized. By specifying this users can make work area for seamless windows smaller. Seamless applications cover the local taskbar on Windows 2000, 2003, and XP workstation computers when Auto hide is selected in the taskbar and Start Menu Properties dialog box. If the user selects to auto hide the local taskbar and a seamless ICA session is run, the local taskbar may not be accessible. If the seamless application is minimized, the local taskbar can be accessed. To avoid this problem, set the setting to a value of 3 or more.
WFClient Seamless INI_WORKAREA_TOSHRINK Integer Read No No
Values
Value 0 greater than 0 Description Default
INI Location
Registry Location
839
TWISuppressZZEcho
Suppress post-move jiggle of seamless window. By setting this property to True, any attempt by the server to move a seamless window to the top left corner of the screen is ignored after the window is moved locally. This affects Windows servers only.
Server Seamless INI_TWI_SUPPRESS_ZZ_ECHO Boolean Read No No
Values
Value FALSE TRUE Description Does not suppress post-move jiggle - default Suppress post move jiggle
INI Location
Registry Location
840
TWITaskbarGroupingMode
Mode used for Seamless Taskbar Grouping of hosted, published applications. Set this parameter to the desired value for Seamless Taskbar Grouping support. If GroupAll is specified, hosted, published app instances are grouped together on the Windows Taskbar by app. Likewise, these app instances are grouped together with corresponding local app instances. If GroupNone is specified, the Seamless Taskbar Grouping feature is disabled. As a result, all instances of all hosted apps are grouped together in the Windows Taskbar in the same group, and not with local apps.
Server Seamless INI_TWI_TASKBAR_GRP_MODE String Read No No
Values
Value GroupAll GroupNone Description Specifies that published app instances should be grouped with corresponding local app instances on the Windows Taskbar - default Disables taskbar button grouping support
INI Location
Registry Location
Registry Key Value
841
TWITaskbarGroupingMode HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Seamless Windows HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Seamless Windows * *
Troubleshooting
Not applicable.
842
UnicodeEnabled
Enable UNICODE printer names.
ClientPrinterQueue Printing INI_CPMUNICODEENABLED Integer Read Yes No
Values
Value TRUE FALSE Description Default
INI Location
Registry Location
843
UseAlternateAddress(3)
Selects (1) or clears (0) the Use alternate address for firewall connection option. Selects (1) or clears (0) the Use alternate address for firewall connection option. Used to perform Network Address Translation (NAT). Firewalls use IP address translation to convert public (Internet) IP addresses into private (intranet) IP addresses. Public IP addresses are called external addresses because they are external to the firewall, while private IP addresses are called internal addresses. In this context, alternate means external. A client configured to use the TCP/IP server location network protocol sends a directed UDP datagram to the server IP address, using TCP/IP port 1604. Any intervening firewall must be configured to allow UDP packets to pass port 1604 or client-server communication fails. If a fixed server location address is specified, the client contacts that server to determine the address of the ICA master browser. When the client connects by server or published application name, the ICA master browser returns the address of the requested server or published application. You can use UseAlternateAddress for TCP/IP connections only. To specify the servers IP address, you must include the following statement in the [WFClient] section of the ICA file: TcpBrowserAddress=ipaddress, where ipaddress is the IP address of the Citrix server. You must also use the ALTADDR command on the Citrix server with the IP address that is accessed by the ICA file (specified byipaddress). See the XenApp Administration guide for more information about the ALTADDR command. Note: WFClient is used as section for all custom ICA connections unless otherwise overridden. Corresponding UI Element:
q
For applicationsetname: Settings dialog box > Connection tab > Firewalls > Use alternate address for firewall connection option For applicationservername: Properties dialog box > Connection tab > Firewalls > Usealternate address for firewall connection option
Section Feature Attribute Name Data Type Access Type UNIX Specific 844
WFClient,dynamic,Server NATSupport INI_USEALTERNATEADDRESS String Read No
UseAlternateAddress(3) Present in ADM No
Values
Value 0 1 Description Do not use the alternate address for firewall connection option - default Use alternate address for firewall connection option.
INI Location
INI File Module.ini Module.ini Module.ini Module.ini Module.ini All_Regions.ini Module.ini Section TCP/IP TCP/IP - FTP TCP/IP - Novell Lan WorkPlace TCP/IP - Microsoft TCP/IP - VSL Network\Protocols WFClient Value *
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP - FTP HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP - Microsoft HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP - Novell Lan WorkPlace HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP - VSL HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\WFClient HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Protocols Value
845
UseAlternateAddress(3) HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Protocols *
846
UseDefaultEncryption
Specifies from where to use the default encryption setting. In applicationsetname: Specifies whether to use the server-side default encryption setting (On) or the setting specified in applicationsetname (Off). EncryptionLevel must be specified in applicationsetname if the value of UseDefaultEncryption in applicationsetname is Off. In applicationservername: Specifies whether to use the custom default encryption setting in WFClient (On) or the setting specified in applicationservername (Off). EncryptionLevel must be specified in applicationservername if the value of UseDefaultEncryption in applicationservername is Off. Interface Element:
q
For applicationsetname: Settings dialog box > Default Options tab > Encryption Level > Use Server Default option For applicationservername: Properties dialog box > Options tab > Encryption Level > Use Custom Default option
Server Misc INI_USEDEFENCRYPT Boolean Read No No
Values
Value FALSE TRUE Description Use the default encrypting setting from applicationsetname / applicationservername - default Use default encryption setting from server side or from WFClient
INI Location
847
UseDefaultEncryption
Registry Location
848
UseLocalUserAndPassword(2)
Specifies whether (On) or not (Off) to use the same user name and password the user used to log on to the client computer for authentication to the Citrix server. SSOnUserSetting must be set to On. Use the Local username and password policy to instruct the client to use the same logon credentials (pass-through authentication) for the XenApp server as the client machine. When this policy is enabled, the client can be prevented from using the current user`s logon credentials to authenticate to the remote server by clearing the Enable pass-through authentication check box. ADM UI Element : Citrix Components > Citrix Receiver > User authentication > Local user name and password > Enable pass-through authentication
Server,Server SSON INI_USE_LOCAL_USER_AND_PASSWORD Boolean Read No Yes
Values
Value On Off Description Use pass-through authentication Does not use pass-through authentication
INI Location
INI File All_Regions.ini Section Logon\Local Credentials Value *
Registry Location
849
UseLocalUserAndPassword(2)
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon\Local Credentials HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon\Local Credentials
Value * *
850
UseMRUBrowserPrefs
Specifies how it will be determined which browser's preferences will be used for the proxy settings. It is used when the client finds more than one browser preferences file when processing the ProxyType=Auto setting to find network proxy settings. If this is set, it uses the one that changed most recently. If the parameter is False the client uses its old method: it looks first for Firefox browser settings, then Mozilla, then Netscape, and uses the first one found.
Server Proxy INI_USEMRUBROWSERPREFS Boolean Read Yes No
Values
Value True False Description Proxy setting is the one changed most recently - default Uses old method: look first for Firefox browser settings, then Mozilla, the Netscape, and use the first one found
INI Location
Registry Location
851
Username(3)
Specifies the user name that appears in the User name text box if the user selects the User-specified credentials option for the associated custom ICA connection. Use this policy to control how user credentials data stored on users machines or placed in ICA files is used to authenticate the user to the remote published application or desktop. When this policy is enabled, you can prevent locally stored passwords being automatically sent to remote servers by clearing the Allow authentication using locally stored credentials check box. This causes any password fields to be replaced with dummy data. In addition, the User name and Domain options can be used to restrict or override which users can be automatically authenticate to servers. These can be specified as comma-separated lists. Properties dialog box > Logon Information tab > User-specified credentials option > User name text box ADM UI Element : Citrix Component > Citrix Receiver > User Authentication > Locally stored credential > User name
Smartcard,dynamic,Server Core INI_USERNAME String Read No Yes
Values
Value "" Description User name - Default
INI Location
852
Username(3)
Registry Location
853
UserOverride
Specifies whether the users can override the Pre-Launch configuration set by the administrator (see settings State and Schedule). If enabled, but the user configuration setting is not present on the client, the Pre-Launch configuration specified by the administrator is enabled. Section Feature Attribute Name Definition Location Data Type Access Type UNIX Specific Present in ADM PrelaunchApplication Pre-Launch PRELAUNCH_USER_OVERRIDE prelaunch.h string Read/Write No No
Values
Value 0 1 Description Disable users override Enable users override default
Registry Location
Registry Key HKEY_LOCAL_MACHINE\Software\Citrix\ICA Client\PreLaunch Value
854
UsersShareIniFiles
Specifies whether (On) or not (Off) users shares .ini files or they have their own .ini files.
WFClient Core INI_USERS_SHAREINIFILES Boolean Read No No
Values
Value Off On Description Users have their own ini files - default Users shares ini file
INI Location
Registry Location
Troubleshooting
Not applicable.
855
UseSSPIOnly
Specifies whether to use only Kerberos authentication or to get credentials from the Single sign-on service. Authentication will fail if Kerberos authentication fails. This prevents fallback to using passthrough. If set to True, only Kerberos authentication is used and credentials are not retrieved from the Single sign-on service.
WFClient SSPI INI_SSPI_ONLY Boolean Read No No
Values
Value FALSE TRUE Description Use Kerberos authentication or get credentials from Single sign-on service Default Use only Kerberos authentication
INI Location
INI File All_Regions.ini Section Logon\Kerberos Value *
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon\Kerberos Value *
856
UseSSPIOnly HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon\Kerberos *
857
VariantName
Identify that the client is a variant of the regular client. If Module.ini or Appsrv.ini contain a line named "VariantName=[ ]" it designates the client is not a regular Win32 client (OEMs).
ClientAudio Core INI_CM_VARIANTNAME String Write No No
Values
Value Base Description Default
INI Location
Registry Location
858
VirtualChannels
List of virtual channel names to create. Specifies the virtual channels to be opened on connection. You can specify multiple channel names as a comma separated list. Names must be restricted to seven characters or less.
Server Core INI_VIRTUALCHANNELS String Read No No
Values
Value "" Description If present then any possible virtual channel list
INI Location
Registry Location
859
VirtualCOMPortEmulation
Specifies whether virtual COM ports are enabled or not. Remote PDA synchronization uses virtual COM ports. These are serial port connections that are routed through USB connections. It is necessary to enable serial port access to use PDA synchronization for this reason. ADM UI: Citrix Receiver > Remote Client Devices > Client hardware Access > Allow PDA Synchronizaton.
WFClient PDASync INI_VCOM_EMULATION Boolean Read No Yes
Values
Value On Off Description Virtual COM ports are enabled - Default Virtual COM ports are not enabled
INI Location
INI File All_Regions.ini Section Virtual Channels\Serial Port Value *
Registry Location
Registry Key Value
860
VirtualCOMPortEmulation HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Serial Port HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Serial Port * *
861
VirtualDriver
Specifies a list of virtual drivers to load, in sequence. The listed items correspond to section names containing parameters for each specific virtual driver. Individual features can be disabled by removing their drivers from this list (for example, remove ClientDrive to disable client drive mapping).
ICA 3.0 Core INI_VIRTUALDRIVER String Read No No
Values
Value Description
Thinwire3.0, ClientDrive, Default ClientPrinterQueue, ClientPrinterPort, Clipboard, ClientComm, ClientAudio, LicenseHandler, ProgramNeighborhood,TWI,ZL_FONT,ZLC,SmartCard,Multimedia,ICACTL,SpeechMike,SSPI,TwainRdr,UserExp
INI Location
INI File Module.ini Section ICA 3.0 Value
Thinwire3.0, ClientDrive, ClientPrinterQueue, ClientPrinterPort, Clipboard, ClientComm, ClientAudio, LicenseHandler, ProgramNeighborhood,TWI,ZL_FONT,ZLC,SmartCar
Registry Location
862
VirtualDriver Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ICA 3.0 Value
Thinwire3.0, ClientDrive, ClientPrinterQueue, ClientPrinterPort, Clipboard, ClientComm, ClientAudio, LicenseHandler, ProgramNeighborhood,TWI,ZL_FONT,ZLC,SmartCard
863
VirtualDriverEx
Specifies the list of third party virtual channels. Set AllowVirtualDriverEx to True to append the third party virtual channel list to the current virtual drivers.
ICA 3.0 Core INI_VIRTUALDRIVER_THIRDPARTY String Read No No
Values
Value "" Description If present then any possible virtual channels
INI Location
INI File Module.ini Section ICA 3.0 Value
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ICA 3.0 Value
864
VSLAllowed(2)
Specifies whether or not client printer queue mapping has been enabled. Enables (On) or disables (Off) client printer spooling by controlling whether (On) or not (Off) the client printer mapping virtual driver in ClientPrinterQueue is loaded. Use this policy to enable and restrict the remote application or desktop`s access to client printers. When this policy is disabled, the client prevents the server from accessing or printing to printers available to the client device. ADM UI Element : Citrix Components > Citrix Receiver > Remoting client devices > Client printers
WFClient,ClientPrinterQueue Printing INI_VSLALLOWED Boolean Read No Yes
Values
Value TRUE FALSE Description Enables client printer queue mapping - Default Disable client printer queue mapping
INI Location
INI File All_Regions.ini appsrv.ini Section Virtual Channels\Printing WFClient Value * On
865
VSLAllowed(2)
Registry Location
866
Win32FavorRetainedPrinterSettings
Specifies whether (False) or not (True) to prevent the system from retaining any changes to the properties store. The Win32FavorRetainedPrinterSettings=Off setting in the clients appsrv.ini file (under the [WFClient] section) prevents the system from retaining any changes to the properties store. For certain printer drivers, changes made to printer properties or advanced printer settings within a session do not persist between sessions. This is the server-side component of an enhancement that allows to modify the client-side appsrv.ini file to set the client to always use the printer settings from the actual printer rather than the retained settings in the properties store. This setting also forces the client to attempt to write settings modified within a client session to the client printer if the drivers are determined to be equivalent. Win32FavorRetainedPrinterSettings = TRUE implies that the client shall service properties requests from the client's private printer properties store in the client-side user profile at HKCU\Software\Citrix\PrinterProperties. If there are no retained properties for the printer in question, real properties should be returned from the real Windows printer object instead. FALSE implies client shall service properties enumerations and saves to/from the real printer first. When client and server drivers are equivalent, all properties would be read from (written to) the real printer. When server and client driver are not equivalent, device dependent properties will still be serviced from retained settings since the device specific settings of the real printer are not useable.
WFClient Printing INI_VSLPROPSFROMPROFILE Boolean Read No No
Values
Value TRUE FALSE Description Client shall service properties requests from the clients private printer properties store - Default Prevents the system from retaining any changes to the properties store
867
Win32FavorRetainedPrinterSettings
INI Location
INI File All_Regions.ini Section Virtual Channels\Printing Value *
Registry Location
868
WindowManagerMoveIgnored
Flag to indicate that the Window Manager's initial move should be ignored for the UNIX client. If this flag is set to True, dubious window configuration messages from WM at start-up are acknowledged and Window Manager's initial move should be ignored.
Thinwire3.0 Graphics INI_WINDOW_MANAGER_MOVE_IGNORED Boolean Read Yes No
Values
Value False True Description Window Manager's initial move should be not be ignored - Default Window Manager's initial move should be ignored.
INI Location
Registry Location
869
WindowManagerMoveTimeout
Time period in milliseconds for WindowManagerMoveIgnored, which ignores local changes in window size and position for a short period after creation of a seamless window.
Thinwire3.0 Graphics INI_WINDOW_MANAGER_MOVE_TIMEOUT Integer Read Yes No
Values
Value 500 Description Window Manager Timeout (ms) - Default
INI Location
Registry Location
870
WindowsCache
Specifies the size of the Receiver's Thinwire memory (in 1KB chunks). The maximum size of the Thinwire cache is 8192KB.
Thinwire3.0 Graphics INI_LARGECACHE Integer Read No No
Values
Value 3072 8192 Description KB - Default Maximum cache size (KB)
INI Location
INI File Module.ini Section Thinwire3.0 Value 3072
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Thinwire3.0 Value 3072
871
WindowSize
Gives the write window size, in bytes, for flow management for ClientComm section.
ClientComm Printing INI_CCMWINDOWSIZE Integer Read No No
Values
Value 1024 512 Description Write window size in bytes - Default Write window size in bytes
INI Location
INI File Module.ini Module.ini Module.ini Section ClientPrinterQueue ClientPrinterPort ClientComm Value 1440 1024 1024
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientComm HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientPrinterPort Value 1024 1024
872
WindowSize HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientPrinterQueue 1440
873
WindowSize
Gives the maximum write window size (in bytes) for flow management; i.e., the maximum number bytes that can be written for the ClientPrinterQueue section.
ClientPrinterPort Printing INI_CPMWINDOWSIZE Integer Read No No
Values
INI Location
INI File Module.ini Module.ini Module.ini Section ClientPrinterQueue ClientComm ClientPrinterPort Value 1440 1024 1024
Registry Location
874
875
WindowSize
Specifies the write window size (in bytes) for flow management for the ClientPrinterQueue driver.
ClientPrinterQueue Graphics INI_VSLWINDOWSIZE Integer Read No No
Values
Value 512 1024 Description Window Size (Bytes) - Default Window Size (Bytes)
INI Location
INI File Module.ini Module.ini Module.ini Section ClientPrinterPort ClientComm ClientPrinterQueue Value 1024 1024 1440
Registry Location
876
877
WindowSize2
Specifies the larger window size for flow management for ClientPrinterQueue driver. This virtual driver is responsible for providing client printer queue access to supplement the ICA 3.0 driver. If this window size is not suitable, then smaller size (WindowSize) is used.
ClientPrinterQueue Printing INI_VSLWINDOWSIZE2 Integer Read No No
Values
Value 4102 Description Window Size (Bytes) - Default
INI Location
INI File Module.ini Section ClientPrinterQueue Value 4102
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientPrinterQueue Value 4102
878
WindowsPrinter
Specifies the queue name displayed for the available printer.
ClientPrinterPort Printing INI_CPMQUEUE String Read No No
Values
Value "" Description Default Windows Printer Name - Default
INI Location
INI File Module.ini Section ClientPrinterPort Value
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientPrinterPort Value
879
WindowsPrinter
Specifies a queue name to print to.
ClientPrinterQueue Printing INI_VSLQUEUE String Read No No
Values
Value "" Description Queue name - Default
INI Location
INI File Module.ini Section ClientPrinterPort Value
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientPrinterPort Value
880
WorkDirectory
Specifies the working directory after logon.
Server Core INI_WORKDIRECTORY String Read & Write No No
Values
Value "" Description Directory location of working directory
INI Location
INI File All_Regions.ini Section Client Engine\Application Launching Value
Registry Location
881
WpadHost
Specifies the URL to query for the automatic proxy detection configuration file to determine proxy settings.
WFClient Proxy INI_WPADHOST String Read No No
Values
Value Description http://wpad/wpad.dat Default
INI Location
Registry Location
882
XmlAddressResolutionType
Specifies the address resolution method used for XML requests. Address resolution is the process of resolving server and published application names to network addresses that the network driver can understand and use.
WFClient EnumRes INI_XMLADDRESSRESTYPE String Read No No
Values
Value DNS-Port IPv4-Port Description Address name - Default Address name
INI Location
INI File appsrv.ini Section WFClient Value DNS-Port
Registry Location
883
ZLAutoHiLimit
Zero-Latency Mouse Threshold Upper Limit. The Mouse Threshold Upper Limit is compared with the average response time of ICA to determine if the mouse zero latency feature playback is turned on. The zero latency feature monitors the response time of keyboard and mouse inputs on the Receiver and enables playback features to make ICA seem more responsive to the user when necessary. This is determined by keeping track of ICAs average response time and comparing the average response time to the IZLAutoLowLimit and the ZLAutoHiLimit. If the average response time is greater than or equal to ZLAutoHiLimit, then ICA is responding at an unacceptable speed and the zero latency feature turns on the mouse zero latency playback and the keyboard zero latency playback features.
Server ZLC INI_AUTO_ZLHILIMIT Integer Read No No
Values
Value 250 Description Mouse zero latency playback turns on if average response time is greater than this limit - Default
INI Location
Registry Location
884
ZLAutoLowLimit
Zero-latency Mouse Threshold Lower Limit. Mouse Threshold Lower Limit that is compared with average response time of ICA to determine if the mouse zero latency playback feature is turned off. The zero latency feature monitors the response time of keyboard and mouse inputs on the Receiver, and enables playback features to make ICA seem more responsive to the user when necessary. This is determined by keeping track of ICAs average response time and comparing the average response time to the IZLAutoLowLimit and the ZLAutoHiLimit. If the average response time is less than ZLAutoLowLimit, then ICA is responding at an acceptable speed and the zero latency feature turns off the mouse zero latency playback feature and continues to monitor the average response time.
Server ZLC INI_AUTO_ZLLOWLIMIT Integer Read No No
Values
Value 150 Description Lower limit threshold - Default
INI Location
Registry Location
885
ZLDiskCacheSize
Specifies the cache size, in bytes, on disk for latency reduction.
WFClient ZLC INI_ZLDISK_CACHE Integer Read No No
Values
Value -1 Description Disk free space will be used - Default
INI Location
Registry Location
886
ZLFntMemCacheSize
Specifies a memory size value to create a cache directory. This attribute is for Zero Latency Window - Virtual Font driver interface.
WFClient ZLC INI_ZLMEM_CACHE Integer Read No No
Values
Value 512000 0 Description Cache Directory Size (Bytes) - Default Disable audio input
INI Location
Registry Location
887
ZLKeyboardMode
Specifies whether or not to use local text echo. For 2 (Auto), local text echo is used if the connection latency exceeds the high latency threshold set using the SpeedScreen Latency Reduction Manager. The Citrix server must support SpeedScreen Latency Reduction for this setting to take effect. Corresponding UI Element:
q
For applicationsetname: Settings dialog box > Default Options tab > SpeedScreen Latency Reduction menu; Local text echo option For applicationservername: Properties dialog box > Options tab > SpeedScreen Latency Reduction menu; Local Text Echo option
ADM UI Element: XenApp server > User Experience > Client graphic settings > Speed Screen Latency Reduction - keyboard Local echo
Server ZLC INI_ZLC_MODE Integer Read No Yes
Values
Value 0 1 2 Description Always off - Default Always on Auto
INI Location
INI File All_Regions.ini 888 Section Virtual Channels\Zero Latency Value *
ZLKeyboardMode
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Zero Latency HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Zero Latency Value * *
889
ZLMouseMode
Specifies whether or not to use mouse click feedback. Set a value for mouse zero latency (mouse pointer prediction), 2, 1 or 0. For ZLMouseMode=2 (Auto), mouse click feedback is used if the connection latency exceeds the high latency threshold set using the SpeedScreen Latency Reduction Manager. The Citrix server must support SpeedScreen Latency Reduction for this setting to take effect. Interface Element:
q
For applicationsetname: Settings dialog box > Default Options tab > SpeedScreen Latency Reduction menu; Mouse Click Feedback option
Enabling SpeedScreen Latency Reduction settings allows the client to predict how mouse movement and text entry will appear on the server. This results in the user getting immediate feedback when typing or moving the mouse pointer. ADM UI Element: Citrix Components > Citrix Receiver > User experience > Client graphics settings > SpeedScreen Latency Reduction - mouse pointer prediction
Server ZLC INI_MOUSEZLMODE Integer Read No Yes
Values
Value 2 0 1 Description Auto - Default Always Off Always On
INI Location
890
ZLMouseMode INI File All_Regions.ini Section Virtual Channels\Zero Latency Value *
Registry Location
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Zero Latency HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Zero Latency Value * *
891

Citrix Receiver For Windows

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Citrix Receiver For Windows

Uploaded by

Copyright:

Available Formats

Receiver for Windows

64 65 66 67 68 70 71 72 73 74 75 78 79 80 82 83 85 86 87 89 90 92 94 95 96 97 98 99 100 101 103 104 105 106

Receiver for Windows

Receiver for Windows 3.2

Receiver for Windows 3.2

About Receiver for Windows 3.2

General issues Known issues - Desktop connections Third-party issues

System Requirements and Compatibility for Receiver for Windows

Supported Windows Operating Systems:

XenApp (any of the following products):

XenDesktop 5.5 XenDesktop 5

Merchandising Server 2.x

For LAN connections:

Google Chrome Version 10.0 and later .NET Framework Requirements

SSL/TLS+HTTPS HDX MediaStream Multimedia Acceleration

Citrix Receiver for Windows Overview

Two Citrix Receiver packages are available.

Aero desktop experience (for operating systems that support it)

Using the Citrix CloudGateway

Using with XenApp

Using with XenDesktop

Citrix Connection Center Overview

Terminate an indivual published application Set access permissions

Providing Virtual Desktops to Receiver Users

Citrix Desktop Lock

Overview of Citrix Receiver for Windows Installation Packages

Considerations When Upgrading

Currently installed No Online plug-in installed

Upgrade Package CitrixReceiverEnterprise.exe

CitrixReceiver.exe Installation type: per-computer

CitrixReceiverEnterprise.exe Installation type: per-computer

Installation type: per-user

Installation type: per-computer

Installation type: per-computer

Installation type: per-user

Installing and Uninstalling Receiver for Windows Manually

Removing the Receiver

Upgrading the Desktop Viewer and Desktop Appliance Lock

To install the Citrix Desktop Lock

User Accounts Used to Install the Citrix Desktop Lock

To remove the Citrix Desktop Lock

ALLOWADDSTORE={N | S | A} The default depends on the following situations:

Examples of a Command-Line Installation

Installs Receiver (standard).

Installs single sign on. Specifies two application stores.

Delivering Receiver Using Active Directory and Sample Startup Scripts

CheckAndDeployReceiverEnterpriseStartupScript.bat CheckAndDeployReceiverPerMachineStartupScript.bat CheckAndRemoveReceiverEnterpriseStartupScript.bat CheckAndRemoveReceiverPerMachineStartupScript.bat

To modify the sample scripts

Delivering Receiver Using Active Directory and Sample Startup Scripts

To add the per-computer startup scripts

To deploy Receiver per-computer

To remove Receiver per-computer

Using the Per-User Sample Startup Scripts

To set up the per-user startup scripts

To deploy Receiver per-user

To remove Receiver per-user

Deploying CitrixReceiver.exe from Receiver for Web

Deploying the CitrixReceiver.exe from a Web Interface Logon Screen

Configuring Citrix Receiver for Windows

Using the Group Policy Object Template to Customize Receiver

Configuring Access to Accounts Manually

To add a new account

To edit the details of an account