Citrix Receiver for Windows

Receiver for Windows

© 2011 Citrix Systems, Inc. All rights reserved. Terms of Use | Trademarks | Privacy Statement

http://www.citrix.com/legal

http://www.citrix.com/trademark

http://www.citrix.com/legal

Contents

Receiver for Windows 21

Receiver for Windows 3.2 22


About Receiver for Windows 3.2 24

System Requirements 27

Get Started 31

Citrix Connection Center Overview 33

Providing Virtual Desktops to Receiver Users 34

Install and Uninstall 35

Installing and Uninstalling Receiver for Windows Manually 37

Upgrading the Desktop Viewer and Desktop Appliance Lock 39

To install the Citrix Desktop Lock 40

User Accounts Used to Install the Citrix Desktop Lock 41

To remove the Citrix Desktop Lock 42

To configure and install the Citrix Receiver for Windows usingcommand-line parameters 43

Delivering Receiver Using Active Directory and Sample Startup Scripts 48

Using the Per-User Sample Startup Scripts 50

Deploying CitrixReceiver.exe from Receiver for Web 51

Deploying the CitrixReceiver.exe from a Web Interface Logon Screen 52

Configure 53

Using the Group Policy Object Template to Customize Receiver 54

Configuring Access to Accounts Manually 56

To customize user preferences for the Receiver (Enterprise) 57

Configuring USB Support for XenDesktop Connections 58

How USB Support Works 59

Mass Storage Devices 60

USB Device Classes Allowed by Default 61

USB Device Classes Denied by Default 63

2

Updating the List of USB Devices Available for Remoting 64

Configuring Bloomberg Keyboards 65

Configuring User-Driven Desktop Restart 66

To prevent the Desktop Viewer window from dimming 67

To configure the Citrix Desktop Lock 68

To configure settings for multiple users and devices 70

Canadian Keyboard Layouts and Updating from Presentation ServerClients Version 10.200 71

Auto-Repair 72

Optimize 73

Improving Receiver Performance 74

Reducing Application Launch Time 75

Reconnecting Users Automatically 78

Providing HDX Broadcast Session Reliability 79

Improving Performance over Low-Bandwidth Connections 80

Connecting User Devices and Published Resources 82

Configuring Workspace Control Settings to Provide Continuity forRoaming Users 83

Making Scanning Transparent for Users 85

Mapping User Devices 86

Mapping Client Drives to XenApp Server Drive Letters 87

HDX Plug-n-Play for USB Storage Devices 89

HDX Plug-n-Play USB Device Redirection for XenAppConnections 90

Mapping Client Printers for More Efficiency 92

To map a client COM port to a server COM port 94

Mapping Client Audio to Play Sound on the User Device 95

Associating User Device File Types with PublishedApplications 96

Using the Window Manager when Connecting to Citrix XenApp forUNIX 97

Terminating and Disconnecting Sessions 98

Using ctxgrab and ctxcapture to Cut and Paste Graphics WhenConnected to XenApp for UNIX 99

Using the ctxgrab Utility to Cut and Paste Graphics 100

Using the ctxcapture Utility to Cut and Paste Graphics 101

Matching Client Names and Computer Names 103

DNS Name Resolution 104

Using Proxy Servers with XenDesktop Connections 105

User Experience 106

3

ClearType Font Smoothing in Sessions 107

Client-Side Microphone Input 108

Configuring HDX Plug-n-Play Multi-monitor Support 109

Printing Performance 111

To override the printer settings configured on the server 113

To set keyboard shortcuts 114

Keyboard Input in XenDesktop Sessions 115

Receiver Support for 32-Bit Color Icons 117

Connecting to Virtual Desktops 118

Secure Connections 119

To enable certificate revocation list checking for improved securitywith Receiver (CitrixReceiver.exe) 120

Smart Card Support for Improved Security 122

To enable pass-through authentication when sites are not in TrustedSites or Intranet zones 123

Using Security Support Provider Interface/Kerberos Pass-ThroughAuthentication for Improved Security 124

To configure Kerberos with pass-through authentication 126

Secure Communications 127

Support for Microsoft Security Templates 128

Connecting with Access Gateway Enterprise Edition 129

Connecting with Access Gateway 5.0 132

Connecting with Secure Gateway 137

Connecting the Citrix Receiver through a Proxy Server 138

Connecting with Secure Sockets Layer Relay 139

Connecting with Citrix SSL Relay 140

User Device Requirements 141

To apply a different listening port number for allconnections 142

To apply a different listening port number to particularconnections only 143

Configuring and Enabling Receivers for SSL and TLS 144

Installing Root Certificates on the User Devices 145

To configure Web Interface to use SSL/TLS for Receiver 146

To configure TLS support 147

To use the Group Policy template on Web Interface to meet FIPS140 security requirements 148

To configure the Web Interface to use SSL/TLS whencommunicating with Citrix Receiver 149

To configure Citrix XenApp to use SSL/TLS when communicatingwith Citrix Receiver 150

4

To configure Citrix Receiver to use SSL/TLS when communicatingwith the server running the Web Interface 151

ICA File Signing - Protection Against Application or Desktop LaunchesFrom Untrusted Servers 152

Selecting and Distributing a Digital Signature Certificate 154

Configuring a Web Browser and ICA File to Enable Single Sign-on andManage Secure Connections to Trusted Servers 155

To set client resource permissions 157

Enabling Smart Card Logon 159

Enforcing Trust Relations 160

Elevation Level and wfcrun32.exe 162



About Citrix Receiver for Windows 3.1 165


Get Started 173












Deploying CitrixReceiver.exe from Receiver for Web 193


Configure 195

Using the Group Policy Object Template to Customize the Receiver 196

Configuring Access to Accounts Manually 198







5








Auto-Repair 214

Optimize 215

























User Experience 248

6


















Connecting with Access Gateway Enterprise Edition 271

Connecting with Access Gateway 5.0 274

Connecting with Secure Gateway 279


Connecting with Secure Sockets Layer Relay 281







To configure Web Interface to use SSL/TLS for Receiver 288


To use the Group Policy template on Web Interface to meet FIPS140 security requirements 290



7










Citrix Receiver for Windows 3.0 306

About Receiver for Windows 3.0 307


Get Started 314

Citrix Receiver for Windows Overview 316










To extract, install, and remove the individual Receiver (Enterprise).msi files 331




Configure 337

Using the Group Policy Object Template to Customize the Receiver 338







8








Auto-Repair 355

Optimize 356







To enable pass-through authentication when sites are not inTrusted Sites or Intranet zones 366

















Providing Support for NDS Users 388

9

Specifying Windows Credentials with the NovellClient and Pass-Through Authentication 389



User Experience 392



















Connecting with the Secure Gateway or Citrix Secure Sockets LayerRelay 416

Connecting with the Secure Gateway 417







To configure Citrix Receiver to use SSL/TLS 424


To use the Group Policy template to meet FIPS 140 securityrequirements 426

10











ICA Settings Reference 440

ICA Settings Reference 447

AcceptURLType 454

Address(2) 455

AECD 457

AllowAudioInput 458

AllowVirtualDriverEx 459

AllowVirtualDriverExLegacy 460

AltProxyAutoConfigURL(2) 461

AltProxyBypassList(2) 462

AltProxyHost(2) 464

AltProxyPassword(2) 465

AltProxyType(2) 466

AlwaysSendPrintScreen 468

AppendUsername 469

AudioBandwidthLimit 470

AudioDevice(2) 472

AudioDuringDetach 473

AudioHWSection 474

AudioInWakeOnInput 475

AudioOutWakeOnOutput 476

AUTHPassword 477

AUTHUserName 478

AutoLogonAllowed 479

BrowserProtocol 480

11

BrowserRetry(2) 481

BrowserTimeout(2) 482

BUCC(2) 483

BufferLength 484

BufferLength2 485

BypassSmartcardDomain 486

BypassSmartcardPassword 487

BypassSmartcardUsername 488

CbChainInterval 489

CDMAllowed 490

CDMReadOnly 491

CFDCD 493

CGPAddress 494

ChannelName 495

ClearPassword 496

ClientAudio 497

ClientName 499

ClipboardAllowed 500

COCD 501

ColorMismatchPrompt_Have16M_Want256 502

ColorMismatchPrompt_Have16_Want256 503

ColorMismatchPrompt_Have64k_Want256 504

COMAllowed(2) 505

Command 507

CommandAckThresh 508

CommPollSize 509

CommPollWaitInc 510

CommPollWaitIncTime 511

CommPollWaitMax 512

CommPollWaitMin 513

CommWakeOnInput 514

ConnectionFriendlyName 515

ContentRedirectionScheme 516

ControlPollTime 517

ConverterSection 518

CPMAllowed 519

CRBrowserAcceptURLtype 520

12

CRBrowserCommand 521

CRBrowserPath 522

CRBrowserPercentS 523

CRBrowserRejectURLtype 524

CREnabled 525

CRPlayerAcceptURLtype 526

CRPlayerCommand 527

CRPlayerPath 528

CRPlayerPercentS 529

CRPlayerRejectURLtype 530

DataAckThresh 531

DataBits 532

DefaultHttpBrowserAddress 533

DeferredUpdateMode 534

DesiredColor(5) 535

DeviceName 537

DisableCtrlAltDel 538

DisableDrives 539

DisableMMMaximizeSupport 541

DisableSound 542

DisableUPDOptimizationFlag 543

Domain 544

DriverNameAlt 546

DriverNameAltWin32 547

DriverNameWin32(12) 548

DTR 553

DynamicCDM 554

EmulateMiddleMouseButton 555

EmulateMiddleMouseButtonDelay 556

EnableAsyncWrites 557

EnableAudioInput 558

EnableClientSelectiveTrust 559

EnableInputLanguageToggle 561

EnableOSS 562

EnableReadAhead 563

EnableRtpAudio 564

EnableSessionSharing 565

13

EnableSessionSharingClient 567

EnableSessionSharingHost(2) 568

EnableSSOThruICAFile 569

EncryptionLevelSession 571

endIFDCD 572

FONTSMOOTHINGTYPE 573

ForceLVBMode 574

FriendlyName 575

FullScreenBehindLocalTaskbar 576

FullScreenOnly 577

HotKey10Char 578

HotKey10Shift 579

HotKey1Char 581

HotKey1Shift 583

HotKey2Char 584

HotKey2Shift 586

HotKey3Char 588

HotKey3Shift 589

HotKey4Char 590

HotKey4Shift 592

HotKey5Char 594

HotKey5Shift 595

HotKey6Char 597

HotKey6Shift 599

HotKey7Char 600

HotKey7Shift 602

HotKey8Char 604

HotKey8Shift 606

HotKey9Char 608

HotKey9Shift 610

HotKeyJPN%dChar 612

HowManySkipRedrawPerPaletteChange 613

HttpBrowserAddress 614

ICAHttpBrowserAddress 616

ICAKeepAliveEnabled 617

ICAKeepAliveInterval 619

ICAPortNumber 620

14

ICAPrntScrnKey 622

ICASOCKSProtocolVersion(2) 623

ICASOCKSProxyHost(2) 625

ICASOCKSProxyPortNumber(2) 627

InitialProgram 629

InitialProgram(2) 631

InputEncoding 633

InstallColormap 634

IOBase 635

KeyboardLayout 636

KeyboardSendLocale 637

KeyboardTimer(2) 638

KeyboardType 639

Launcher 642

LaunchReference 643

LicenseType 644

LocalIME 645

LocHttpBrowserAddress 646

LockdownProfiles 648

LogAppend 649

LogConfigurationAccess 650

LogConnect 651

LogErrors 652

LogEvidence 653

LogFile 654

LogFileGlobalPath 655

LogFileWin32 656

LogFlush 657

LogonTicket 658

LogonTicketType 659

LongCommandLine 660

Lpt1 662

Lpt2 663

Lpt3 664

LPWD 665

LvbMode2 666

MaxDataBufferSize 667

15

MaxMicBufferSize 668

MaxOpenContext 669

MaxPort 670

MaxWindowSize 671

MinimizeOwnedWindows 672

MissedKeepaliveWarningMsg 673

MissedKeepaliveWarningTime 674

MouseTimer 675

MouseWheelMapping 677

MSIEnabled 678

NativeDriveMapping 679

NDS 681

NRUserName 682

NRWD 683

NumCommandBuffers 684

NumDataBuffers 685

OutBufCountClient 686

OutBufCountClient2 688

OutBufCountHost 690

OutBufCountHost2 692

OutBufLength 694

PassThroughLogoff 696

Password 697

Path 699

PCSCCodePage 700

PCSCLibraryName 701

PercentS 702

PersistentCacheEnabled 703

PersistentCacheGlobalPath 705

PersistentCacheMinBitmap(2) 706

PersistentCachePath 708

PersistentCachePercent 710

PersistentCacheSize(2) 711

PersistentCacheUsrRelPath 713

PingCount 714

PlaybackDelayThresh 715

PNPDeviceAllowed 716

16

pnStartSCD 717

Port1 718

Port2 719

POSDeviceAllowed 720

PrinterFlowControl 722

PrinterResetTime 723

PrinterThreadPriority 724

PrintMaxRetry 725

ProxyAuthenticationBasic(2) 726

ProxyAuthenticationKerberos 728

ProxyAuthenticationNTLM(2) 729

ProxyAuthenticationPrompt(2) 731

ProxyAutoConfigURL(2) 733

ProxyBypassList 735

ProxyFallback(2) 737

ProxyFavorIEConnectionSetting(2) 739

ProxyHost(3) 741

ProxyPassword(2) 743

ProxyPort 745

ProxyTimeout 746

ProxyType 747

ProxyUseDefault 749

ProxyUseFQDN(2) 750

ProxyUsername 752

ReadersStatusPollPeriod 754

RECD(2) 756

RegionIdentification 757

RejectURLType 759

RemoveICAFile 760

ResMngrRunningPollPeriod 762

REWD(2) 763

RtpAudioHighestPort 764

RtpAudioLowestPort 765

ScalingHeight 766

ScalingMode 767

ScalingPercent 769

ScalingWidth 770

17

Schedule 771

ScreenPercent 772

SecureChannelProtocol(2) 774

SecurityTicket 777

SessionReliabilityTTL 778

SessionSharingKey 779

SessionSharingLaunchOnly 780

SFRAllowed 781

SkipRedrawPerPaletteChange 782

SmartCardAllowed 783

SpeedScreenMMA 784

SpeedScreenMMAAudioEnabled 786

SpeedScreenMMAMaxBufferThreshold 787

SpeedScreenMMAMaximumBufferSize 788

SpeedScreenMMAMinBufferThreshold 789

SpeedScreenMMASecondsToBuffer 790

SpeedScreenMMAVideoEnabled 791

SSLCACert 792

SSLCertificateRevocationCheckPolicy(2) 793

SSLCiphers 796

SSLCommonName 798

SSLEnable 800

SSLProxyHost(2) 803

SSOnCredentialType(3) 805

SSOnDetected 807

SSOnUserSetting 808

SSPIEnabled 810

startIFDCD(3) 812

startSCD(2) 813

State 814

SucConnTimeout 815

SwapButtons 816

TransparentKeyPassthrough 817

TransportReconnectDelay 819

TransportReconnectEnabled 821

TransportReconnectRetries 823

TransportSilentDisconnect 825

18

TRWD 826

Tw2CachePower 827

TW2StopwatchMinimum 828

TW2StopwatchScale 829

TwainAllowed 830

TWIEmulateSystray 831

TWIFullScreenMode 832

TWIIgnoreWorkArea 834

TWIMode 836

TWISeamlessFlag 838

TWIShrinkWorkArea 839

TWISuppressZZEcho 840

TWITaskbarGroupingMode 841

UnicodeEnabled 843

UseAlternateAddress(3) 844

UseDefaultEncryption 847

UseLocalUserAndPassword(2) 849

UseMRUBrowserPrefs 851

Username(3) 852

UserOverride 854

UsersShareIniFiles 855

UseSSPIOnly 856

VariantName 858

VirtualChannels 859

VirtualCOMPortEmulation 860

VirtualDriver 862

VirtualDriverEx 864

VSLAllowed(2) 865

Win32FavorRetainedPrinterSettings 867

WindowManagerMoveIgnored 869

WindowManagerMoveTimeout 870

WindowsCache 871

WindowSize 872

WindowSize 874

WindowSize 876

WindowSize2 878

WindowsPrinter 879

19

WindowsPrinter 880

WorkDirectory 881

WpadHost 882

XmlAddressResolutionType 883

ZLAutoHiLimit 884

ZLAutoLowLimit 885

ZLDiskCacheSize 886

ZLFntMemCacheSize 887

ZLKeyboardMode 888

ZLMouseMode 890

20

21

Receiver for Windows

Citrix Receiver for Windows delivers a common user interface whether using only Receiveror with any other Citrix Plug-ins and provides secure, simple, high-performance, on-demandaccess to virtual desktops, enterprise applications, and IT services by enabling:

● Delivery of business applications to any user on any device

● Secure access and complete IT control and visibility

Quick Links● Receiver for Windows 3.2

● About Receiver for Windows 3.2

● System Requirements and Compatibility for Receiver for Windows 3.2

● Receiver for Windows Overview

22

Receiver for Windows 3.2

Quick Links

About this Release Using the Receiver with XenDesktopConnections

Issues Fixed in Receiver for Windows 3.2 Optimizing the Receiver Environment

System Requirements and Compatibility Improving the Receiver User Experience

Licensing Your Product Securing Your Connections

Overview of Citrix Receiver for WindowsInstallation Packages

Securing Citrix Receiver Communication

To configure and install the Citrix Receiverfor Windows using command-lineparameters

http://support.citrix.com/help/receiver/en/receiverHelpWin.htm


http://support.citrix.com/article/CTX124164

http://support.citrix.com/proddocs/index.jsp?lang=en&topic=/technologies/lic-library-node-wrapper.html

23


Quick Links


Issues Fixed in Receiver for Windows 3.2 Optimizing the Receiver Environment

System Requirements and Compatibility Improving the Receiver User Experience

Licensing Your Product Securing Your Connections








24

About Receiver for Windows 3.2

What's New in this ReleaseWhen used with Citrix Storefront 1.1, this release of Receiver for Windows (standard,CitrixReceiver.exe) supports single authentication to Receiver and the browser for Web andSaaS apps published through AppController 1.1. Receiver users will now authenticate withthose apps as they have for published Windows apps. No Receiver-specific administration isneeded to use the additional single authentication support.

The Receiver Enterprise package did not change for this release. It is required only tosupport applications that use Smart Card authentication.

Known IssuesThis section contains:

● General issues

● Known issues - Desktop connections

● Third-party issues

Caution: Editing the Registry incorrectly can cause serious problems that may require youto reinstall your operating system. Citrix cannot guarantee that problems resulting fromthe incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk.Be sure to back up the registry before you edit it.

General Issues

● When configured with multiple stores, Receiver might confuse the gateways required toconnect to a store causing incorrect apps being available to users. Work around:Configure only one store. [#263165]

● When Receiver Storefront is configured with multiple external beacon points, Receiverfor Windows does not enumerate applications if all of the beacons respond with thesame URL. Workaround: Retain the configuration for only one external beacon.Alternatively, keep all beacons and add a beacon that points to a non-existing URL.[#299560]

● If you use the Receiver with XenApp 5.0 Feature Pack 2 for Windows Server 2003 (32- or64-bit editions), the Receiver plays audio even when you configure the Turn offspeakers policy setting to disable the audio. [#242703]

● You might receive an error message when trying to launch an application with WebInterface after installing a previous version of the Receiver (Online plug-in) while

logged in as one user, upgrading with CitrixReceiver.exe as another user, logging off theReceiver, and logging back on with the previous user name. The error message is: Citrixonline plug-in Configuration Manager: No value could be found for (ClientHostedApps)that satisfies all lock down requirements. The lockdown requirements in force may beconflicting. [#261877]

As a workaround, set the following registry key:

HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\AllRegions\Lockdown\Virtual Channels\Control

Name: ClientHostedApps

Value: FALSE (or set to * / TRUE if you have overridden the defaults inHKEY_LOCAL_MACHINE)

● If you use Web Interface with Internet Explorer 8 and Windows 7 to upgrade to thisversion of Citrix Receiver, the upgrade finishes, but the Upgrade in Progress messageremains on the screen and the log on screen does not appear. Workaround: Restart thebrowser [#247858]

● When you launch applications using the Web Interface, Connection Center does notenumerate the sessions. [#261177]

● After you launch a published application that is filtered by XenApp for Access Gateway,other published applications do not launch. [#263003]

● In some environments, content redirection may not work until the published applicationis launched for the first time. [#252515]

● Before installing Receiver for Windows on a Windows XP Embedded thin client device,increase the RAM disk limit of the device to 100 MB. [#266384]

● When versions of Receiver are localized in Traditional Chinese, Korean, or Russian andintegrated with Access Gateway Standard Edition, the Receiver log on screen displays inEnglish because of an Access Gateway Standard Edition language limitation. [#263442]

● After a silent installation of Receiver, the Receiver Preferences > Plug-in status pagemight not list the plug-ins. [302588]

● When the offline plug-in is not installed and a streamed application is configured tofallback to ICA and the XenApp server is down, an incorrect error message appearsinforming you that the correct plug-in is not installed. [#273813]

● If Certificate Revocation List (CRL) checking is disabled in Internet Options on the userdevice, this overrides the CertificateRevocationCheck registry setting for Receiver forWindows. This means users may be able to access Web sites that do not have validcertificates. As a workaround, ensure that the Check server revocation option locatedat Settings > Control Panel > Internet Options > Advanced is enabled. [#32682]

● Receiver does not support the VPN keyword in Access Gateway ClientChoices mode.[#274828]

● If the VPN keyword is removed from an application after a user subscribes to it,Receiver continues to attempt an Access Gateway connection for the application.Workaround: Unsubscribe and then re-subscribe to the application to synchronize the


25

VPN keyword removal on Receiver. [#298387]

Desktop Connections

● Loss of video is experienced if files are being played with a published version ofWindows Media Player through a virtual desktop session, and the Desktop Viewerwindow is changed from full-screen to window mode. As a workaround, minimize andrestore the Media Player window, and then pause and resume the application (or stopand restart it). [#246230]

● You cannot log off normally from Windows XP 32-bit virtual desktops if you start (but donot log on to) the Receiver in the desktop session. If the Receiver logon dialog box isnot completed, you cannot log off from the desktop. To work around the issue,complete the logon dialog box or close it. This issue is not observed on other virtualdesktop operating systems. [#246516]

● If virtual desktops are installed with the Virtual Desktop Agent supplied withXenDesktop 5.0, Receiver for Windows 3.0 displays an error if the user starts apublished application from the desktop. The workaround is to use the Virtual DesktopAgent supplied with XenDesktop 5.5. [#263079]

● The Citrix Desktop Lock does not redirect Adobe Flash content to domain-joined userdevices. The content can be viewed but is rendered on the server, not locally. As aworkaround, Adobe Flash redirection can be configured for server-side content fetchingto pass the content from the server to the user device. This issue does not occur onnon-domain-joined devices or when the content is viewed with the Desktop Viewer.[#263092]

● The Desktop Viewer Devices menu may not close when the user clicks the Devices icon.It also may remain open after its corresponding dialog box closes. If this occurs, clickthe Devices icon again. [#262202]

● Windows Media Player, when displayed in the non-primary monitor of a two-monitorWindows user device, may not work as expected. Due to an issue with the DirectX videomixing renderer filter VMR-9, the screen is black and there is no sound, although theplayer's progress bar advances. To correct this issue, edit the registry on the userdevice from which the XenDesktop connection is launched. In theHKEY_CURRENT_USER\Software\Citrix subkey, create the HdxMediaStream key. Namethe key DisableVMRSupport. Set the type as REG_DWORD. Give the key the value 3.[#262852]

Third-Party Issues

● When using Internet Explorer to open a Microsoft Office document in Edit mode fromSharePoint, Microsoft Office might display the message, “Access denied.” Workaround:Go to the SharePoint site and check out the document, edit it, and check the file backin to SharePoint. [#258725]


26

27

System Requirements and Compatibilityfor Receiver for Windows

● Supported Windows Operating Systems:

● Windows 7, 32-bit and 64-bit editions (including Embedded Edition)

● Windows XP Professional, 32-bit and 64-bit editions

● Windows XP Embedded

● Windows Vista, 32-bit and 64-bit editions

● Windows Thin PC

● Windows Server 2008 R1, 32-bit and 64-bit editions (not supported by XenDesktopconnections)

● Windows Server 2008 R2, 64-bit edition (not supported by XenDesktop connections)

● Windows Server 2003, 32-bit and 64-bit editions (not supported by XenDesktopconnections)

Important: For XenDesktop connections, be aware that the Citrix Desktop Lock isonly supported on Windows XP Professional, Windows XP Embedded, Windows 7,and Windows Embedded Standard 7. If your deployment includes smart cards, andWindows 7 or Windows Embedded Standard 7, see the additional requirements inthis topic.

● Server support:

● XenApp (any of the following products):

● Citrix XenApp 6.5 for Windows Server 2008 R2

● Citrix XenApp 6 for Windows Server 2008 R2

● Citrix XenApp 5 for Windows Server 2008

● Citrix XenApp 5 for Windows Server 2003● XenDesktop (any of the following products):

● XenDesktop 5.5

● XenDesktop 5

● XenDesktop 4● To manage connections to apps and desktops, Citrix Receiver supports Cloud

Gateway or Web Interface :

● CloudGateway Express, with Receiver Storefront 1.1 or 1.0 and, for optionalaccess to resources from a web page, Receiver for Web

● CloudGateway Enterprise 1.0, with Receiver Storefront 1.1 or 1.0, for appshosted on a network, on an Infrastructure as a Service (IaaS) platform, orconfigured as Software as a Service (SaaS)

● Web Interface 5.x for Windows with a XenApp Services and XenDesktop Web site

● Merchandising Server 2.x

● Connectivity

Citrix Receiver supports HTTPS and ICA-over-SSL connections through any one of thefollowing configurations.

● For LAN connections:

● Receiver Storefront 1.1 or 1.0, using Storefront services or Receiver for Websites

Single sign on to Web and SaaS apps published through AppController requiresReceiver Storefront 1.1.

● Web Interface 5.x for Windows, using XenApp Services and XenDesktop Websites (Program Neighborhood Agent sites are also supported for legacyinstallations)

● For secure remote or local connections:

● Citrix Access Gateway VPX

● Citrix Access Gateway 5.0

● Citrix Access Gateway Enterprise Edition 9.x

● Citrix Secure Gateway 3.xYou can use Access Gateway with Receiver Storefront or Web Interface. You can useSecure Gateway only with Web Interface.

● Authentication

Receiver for Windows 3.2, when used with Receiver Storefront 1.1 or 1.0, supports thefollowing authentication methods:

● Domain

● Domain pass-through

Receiver for Web sites do not support domain pass-through authentication.

● Security token

● Two-factor (domain plus security token)*

● Client certificate (requires Access Gateway Enterprise Edition; can be used alone orwith other authentication methods)

System Requirements

28

Receiver for Windows 3.2, when used with Web Interface 5.X, supports the followingauthentication methods:

● Domain

● Security token


● SMS*

● Smart card (with or without Access Gateway)

Requires Receiver (Enterprise)

● Client certificate (requires Access Gateway Enterprise Edition; can be used alone orwith other authentication methods)

* Available only in deployments that include Access Gateway.

For more information about authentication, refer to the Access Gateway documentationand the "Manage" topics in the Receiver Storefront documentation in eDocs. Forinformation about other authentication methods supported by Web Interface, refer to"Configuring Authentication for the Web Interface" in the Web Interface documentationin eDocs.

● Certificates

For information about security certificates, refer to topics under Secure Connectionsand Secure Communications.

● Upgrades. Upgrades are supported only for Citrix XenApp Plugin for Hosted Apps 11.0,Desktop Receiver 11.1, and Citrix online plug-in 11.1,11.2, 12.0, and 12.1, and Receiverfor Windows 3.0 releases.

● Availability of the Receiver for Windows 3.2 features. Some of the features andfunctionality of Receiver are available only when connecting to newer XenApp andXenDesktop versions and might require the latest hotfixes for XenApp, XenDesktop, andSecure Gateway.

● Previous versions of the Presentation Server Client/Online Plug-in and the currenticaclient.adm file. Previous versions of the Presentation Server Client and OnlinePlug-in are not compatible with the Receiver for Windows 3.2 icaclient.adm file.

● Supported Browsers:

● Internet Explorer Version 6.0 through 9.0

● Mozilla Firefox Version 1.x through 5.x

● Google Chrome Version 10.0 and later● .NET Framework Requirements

● The Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package is required toensure that the Receiver icon displays correctly. The package is included with .NET2.0 Service Pack 1, .NET 3.5, and .NET 3.5 Service Pack 1; it is also availableseparately.

System Requirements

29

● For XenDesktop connections: To use the Desktop Viewer, .NET 2.0 Service Pack 1 orlater is required. This version is required because, if Internet access is notavailable, certificate revocation checks slow down connection startup times. Thechecks can be turned off and startup times improved with this version of theFramework but not with .NET 2.0. Use of the Citrix Desktop Lock does not requirethe .NET Framework to be installed.

● Hardware Requirements:

● VGA or SVGA video adapter with color monitor

● Windows-compatible sound card for sound support (optional)

● For network connections to the server farm, a network interface card (NIC) and theappropriate network transport software

● Supported Connection Methods and Network Transports:

● TCP/IP+HTTP

● SSL/TLS+HTTPS● HDX MediaStream Multimedia Acceleration

Applications and media formats supported by HDX MediaStream Multimedia Accelerationare:

● Applications based on Microsoft’s DirectShow, DirectX Media Objects (DMO), andMedia Foundation filter technologies such as Windows Media Player and RealPlayer.

● Applications like Internet Explorer and Microsoft Encarta are also supported, as theyleverage Windows Media Player.

● Both file-based and streaming (URL-based) media formats: WAV, all variations ofMPEG, unprotected Windows Media Video (WMV), and Windows Media Audio (WMA).

Note: HDX MediaStream Multimedia Acceleration does not support media filesprotected with Digital Rights Management (DRM).

Smart Cards and the Citrix Desktop Lock

The Citrix Desktop Lock can be used with smart cards connected to domain-joined userdevices running Windows XP or Windows XPe but not Windows 7 or Windows EmbeddedStandard 7. This limitation does not apply to non-domain-joined user devices.

System Requirements

30

31

Citrix Receiver for Windows Overview

Citrix Receiver for Windows (Citrix Receiver) delivers apps, desktops, and IT services toWindows PCs. Citrix Receiver supports Citrix CloudGateway:

● CloudGateway Express enables XenApp and XenDesktop customers to deliver Windowsapps and desktops by using a unified Storefront with self-service.

● CloudGateway Enterprise enables enterprises to aggregate, control, and deliver all oftheir Windows, web and SaaS apps.

Receiver also supports Citrix Web Interface for legacy deployments.

Receiver handles the following functions:

● User authentication. Receiver provides user credentials to CloudGateway or WebInterface when users try to connect and every time they launch published resources.

● Application and content enumeration. Receiver presents users with their individualset of published resources.

● Application launching. Receiver is the local engine used to launch publishedapplications.

● Desktop integration. Receiver integrates a user’s set of published resources (includingvirtual desktops) with the user’s physical desktop.

● User preferences. Receiver validates and implements local user preferences.

Two Citrix Receiver packages are available.

● Citrix Receiver (standard, CitrixReceiver.exe) supports Citrix CloudGateway and, forlegacy deployments, Web Interface. Standard Receiver features include:

● Receiver Experience, enabling users to seamlessly transition between devices andconnection types

● Web plug-in

● Authentication Manager

● Single sign-on/pass-through authentication

● Self-service

● Generic USB (XenDesktop)

● Desktop Viewer (XenDesktop)

● HDX Media Stream for Flash

● Aero desktop experience (for operating systems that support it)

● Citrix Receiver (enterprise, CitrixReceiverEnterprise.exe) is required only forapplications that use Smart Card authentication. It supports Web Interface only andincludes the same features as the standard package except for Authentication Managerand self-service.

Using the Citrix CloudGatewayCitrixReceiver.exe enables access to Storefront published resources and virtual desktopsfrom anywhere. Configure a provisioning file to provide native self-service access orconfigure a Receiver for Web site to provide web browser access to Storefront-publishedresources and virtual desktops.

Using with XenAppBoth Receiver packages support the XenApp feature set. Centrally administer and configurethe Receiver in the Receiver Storefront management console (or, if using Web Interface, inthe Web Interface Management Console using a Receiver site created in association with asite for the server running the Web Interface).

You can use both Receiver packages with the Citrix offline plug-in to provide applicationstreaming to the user desktop. For more information about the streamed applicationfeature, see the Application Streaming documentation in eDocs.

The Desktop Viewer is not supported with XenApp connections.

Using with XenDesktopReceiver includes the Desktop Viewer, the client-side software that supports XenDesktop.Users running the Desktop Viewer on their devices access virtual desktops created withXenDesktop in addition to their local desktop. Users running the Citrix Desktop Lock (whichyou install in addition to the Desktop Viewer) interact only with the virtual desktop not thelocal desktop.

Get Started

32

33

Citrix Connection Center Overview

The Citrix Connection Center displays all connections established from the Receiver.

The ICA Connections window displays a list of active sessions. Each server entry in the listrepresents a session. For each seamless session, below each server entry, a list of thepublished resources you are running on that server appears.

After you launch a published resource, you can access the Connection Center by rightclicking the Receiver icon in your Windows notification area and choose Online Sessions >Connection Center. You can also access the Connection Center from the Preferences >Plug-in Status screen.

The Connection Center offers various options to view statistics and control sessions andapplications:

● Disconnect a session from a server but leave the session running on it

● End a server session

● Switch from seamless mode to full screen mode

● Seamless mode. Published applications and desktops are not contained within asession window. Each published application and desktop appears in its ownresizable window, as if it is physically installed on your user device. You can switchbetween published applications and the local desktop.

● Full screen mode. Published applications are placed in a full screen-sized desktop.● Show connection status details like frames sent and received

● Terminate an indivual published application

● Set access permissions

34

Providing Virtual Desktops to ReceiverUsers

This topic applies to XenDesktop deployments only.

Different enterprises have different corporate needs, and your requirements for the wayusers access virtual desktops may vary from user to user, and as your corporate needsevolve. The user experience of connecting to virtual desktops and the extent of userinvolvement in configuring the connections depend on how you set up the Citrix Receiverfor Windows. You have two options for providing users with access to virtual desktops: usingthe Desktop Viewer or the Citrix Desktop Lock.

Important: Do not attempt to use the Desktop Viewer or the Desktop Lock to connect todesktops published with XenApp.

Desktop ViewerUse the Desktop Viewer when users need to interact with their local desktop as well as thevirtual one. In this access scenario, the Desktop Viewer toolbar functionality allows the userto open a virtual desktop in a window and pan and scale that desktop inside their localdesktop. Users can set preferences and work with more than one desktop using multipleXenDesktop connections on the same user device.

Citrix Desktop LockUse the Desktop Lock when users do not need to interact with the local desktop. In thisaccess scenario, the Desktop Viewer is not available and the virtual desktop effectivelyreplaces the local one, allowing the user to interact with the virtual desktop as if it is local.This provides the best user experience in a XenDesktop environment.

To decide which option best suits your deployment, consider how you want users to accessand interact with virtual desktops.

To understand the user experience of connecting to desktops created with XenDesktop,consult the planning topics in the XenDesktop documentation.

http://support.citrix.com/proddocs/topic/xendesktop/xd-library-wrapper.html

35


This release contains two installation packages and offers several options for installing theCitrix Receiver for Windows. You can install the two Receiver installer packages with almostno user interaction.

● CitrixReceiver.exe - This Receiver (standard) does not require administrator rights toinstall unless it will use pass-through authentication. It can be installed:

● Automatically from Receiver for Web or from Web Interface

● By the user

● Using an Electronic Software Distribution (ESD) tool● CitrixReceiverEnterprise.exe - This Receiver (Enterprise) requires administrator rights

to install. Although the user can install Receiver (Enterprise), it is usually installed withan ESD tool. Uninstall other Receiver versions before installing Receiver (Enterprise).

Important: Upgrades are supported only from Citrix online plug-in 11.2 and 12.x. Removeany earlier versions before installing this version.

Considerations When UpgradingBecause there are two Citrix Receiver installation packages and there were two onlineplug-in packages (web and full) in previous releases, each having different options, youhave to consider the previously installed package when planning your upgrade. Use thistable to determine how to proceed with your upgrade.

Currently installed Upgrade Package Result

No Online plug-in installed CitrixReceiverEnterprise.exe Citrix Receiver(Enterprise) - web access- but manuallyconfigurable for PNA

No Online plug-in installed CitrixReceiver.exe Citrix Receiver (standard)- web access

Online plug-in fullconfigured for PNA or SSO

CitrixReceiverEnterprise.exe Citrix Receiver(Enterprise) configuredfor PNA or SSO

Online plug-in web CitrixReceiver.exe Citrix Receiver (standard)- web access

Online plug-in web CitrixReceiverEnterprise.exe Citrix Receiver(Enterprise) - web access- but manuallyconfigurable for PNA

The CitrixReceiver.exe upgrade package cannot be used to upgrade the online plug-in fullconfigured for PNA or Citrix Receiver (Enterprise). In both cases, the installer displays anerror message and does not alter the previously installed client.

How Installation Outcomes Differ Based on theOperating System, User Type, and InstallationPackage

The outcome of CitrixReceiver.exe or CitrixReceiverEnterprise.exe package installationsdiffers based on the combination of the operating system on the user device, user type,whether User Account Control (UAC) is enabled or disabled on Windows Vista, Windows 7,and Windows 2008 computers, and which installation package is used.

Operating system and usertype

CitrixReceiver.exe CitrixReceiverEnterprise.exe

OS: Windows XP, andWindows Server 2003

User: Administrator

Installation type:per-computer



User: Standard user

Installation type: per-user Not supported

OS: Windows Vista,Windows 7, and WindowsServer 2008

User: Administrator with orwithout UAC disabled




User: Standard user


Install and Uninstall

36

37

Installing and Uninstalling Receiver forWindows Manually

Users can install the Receiver from Receiver for Web, the Web Interface, the installationmedia, a network share, Windows Explorer, or a command line by running theCitrixReceiverEnterprise.exe or CitrixReceiver.exe installer package. Because the installerpackages are self-extracting installations that extract to the user's temp directory beforelaunching the setup program, ensure that there is enough free space available in the%temp% directory.

When the user runs one of the Receiver installation .exe files, a message box immediatelyappears displaying the progress of the installation.

When you cancel the installation before completion, some components might be installed.In that case, remove the Receiver with the Add/Remove Programs utility from the ControlPanel on Windows XP or Windows Server 2003 (Programs and Features utility from theControl Panel on Windows Vista, Windows 7, and Windows Server 2008).

Upgrades are supported only from the Citrix XenApp Plugin for Hosted Apps 11.0, DesktopReceiver 11.1, and Citrix online plug-in 11.1, 11.2, and 12.x. Remove any earlier versionsbefore installing this current version.

For command line installation parameters, see To configure and install the Citrix Receiverfor Windows using command-line parameters.

If company policies prohibit you from using an .exe file, refer to How to Manually Extract,Install, and Remove Individual .msi Files from ReceiverEnterprise.exe.

Removing the ReceiverYou can also use the Citrix Receiver Updater to install and uninstall Receiver. If CitrixReceiver Updater was not used to install the Receiver, you can uninstall Receiver byrunning the Add/Remove Programs utility from the Control Panel on Windows XP orWindows Server 2003 (Programs and Features utility from the Control Panel on WindowsVista, Windows 7, and Windows Server 2008).

If you delete Receiver related files or registry entries just before uninstalling Receiver withAdd/Remove Programs or Programs and Features, uninstall might fail. The MicrosoftWindows Installer (MSI) is trying to repair and uninstall at the same time. If this occurs, usethe Receiver to start an auto-repair. After the auto-repair completes, you can cleanlyuninstall Receiver from Add/Remove Programs or Programs and Features.

Auto-repair occurs if there is a problem with Receiver; however, there is no Add/RemovePrograms or Programs and Features Repair option.

To remove Receiver using the command line



You can also uninstall Receiver from a command line by typing the appropriate command.

CitrixReceiverEnterprise.exe /uninstall

or

CitrixReceiver.exe /uninstall

Caution: Using Registry Editor incorrectly can cause serious problems that can requireyou to reinstall the operating system. Citrix cannot guarantee that problems resultingfrom incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk.Make sure you back up the registry before you edit it.

After uninstalling the Receiver software from a user device, the custom Receiver-settingregistry keys created by icaclient.adm remain in the Software\Policies\Citrix\ICA Clientdirectory under HKEY_LOCAL_MACHINE and HKEY_LOCAL_USER. If you reinstall Receiver,these policies might be enforced, possibly causing unexpected behavior. If you want toremove these customizations, delete them manually.

Installing and Uninstalling Receiver for Windows Manually

38

39

Upgrading the Desktop Viewer andDesktop Appliance Lock

You can upgrade the Desktop Viewer component contained in Citrix online plug-in 12.1 byinstalling this version of the Citrix Receiver for Windows.

To upgrade the Desktop Appliance Lock, remove Citrix online plug-in 12.1 and the DesktopAppliance Lock, and then install this version of the Receiver and the Citrix Desktop Lock.

40

To install the Citrix Desktop Lock

Important: Log on using a local administrator account to carry out this installationprocedure. In addition, consult About Citrix Receiver for Windows 3.1 for workarounds toany known issues with the Desktop Lock.

This procedure installs the plug-in so that virtual desktops are displayed using the CitrixDesktop Lock. Do not use this procedure if you want the Desktop Viewer to be available tousers.

1. On the installation media, navigate to the folder called Citrix Receiver andPlug-ins\Windows\Receiver, and run CitrixReceiverEnterprise.exe from the commandline using the following syntax:

CitrixReceiverEnterprise.exe ADDLOCAL="ICA_Client,SSON,USB,DesktopViewer,Flash,PN_Agent,Vd3d" SERVER_LOCATION="my.server" ENABLE_SSON="Yes"

For information about the properties used in this command, see To configure and installthe Citrix Receiver for Windows using command-line parameters

2. Enter the URL of the XenDesktop Services site where your virtual desktops are located.The URL must be in the format http://servername or https://servername. If you areusing hardware or software for load balancing or failover, you can enter aload-balanced address.

Important: Check that the URL you enter is correct. If the URL is incorrectly typed,or you leave the field empty and the user does not enter a valid URL when promptedafter installation, no virtual desktop or local desktop will be available.

3. On the XenDesktop installation media, navigate to the Citrix Receiver andPlug-ins\Windows\Receiver folder and double-click CitrixDesktopLock.msi. The CitrixDesktop Lock wizard appears.

4. On the License Agreement page, read and accept the Citrix license agreement andclick Install. The Installation Progress page appears.

5. In the Installation Completed dialog box, click Close.

6. When prompted, restart the user device. If you have been granted access to a desktopand you log on as a domain user, the restarted device is displayed using the DesktopLock.

http://support.citrix.com/proddocs/index.jsp?lang=en&topic=/receiver-windows-32/ica-about-31-wrapper.html

41

User Accounts Used to Install the CitrixDesktop Lock

When you install the Citrix Desktop Lock, a replacement shell is used. To allowadministration of the user device after you complete the installation, the account used toinstall CitrixDesktopLock.msi is excluded from the shell replacement. If the account used toinstall CitrixDesktopLock.msi is later deleted, you will not be able to log on and administerthe device.

Note that because a replacement shell is used, Citrix does not recommend the use ofcustom shells with desktops accessed through the Desktop Lock.

42

To remove the Citrix Desktop Lock

If you installed the Citrix Desktop Lock, two separate items are displayed in Add/RemovePrograms. You must remove both to complete the removal process.

1. Log on with the same local administrator credentials that were used to install theDesktop Lock.

2. Run the Add/Remove programs utility from the Control Panel.

3. Remove Citrix Desktop Lock.

4. Remove Citrix Receiver or Citrix Receiver (Enterprise).

43

To configure and install the CitrixReceiver for Windows usingcommand-line parameters

You or your users can customize the Receiver installer by specifying command line options.Because the installer packages are self-extracting installations that extract to the user'stemp directory before launching the setup program, ensure that there is enough free spaceavailable in the %temp% directory.

Space Requirements

Receiver (standard) - 78.8 Mbytes

Receiver (Enterprise) - 93.6 Mbytes

This includes program files, user data, and temp directories after launching severalapplications.

1. On the computer where you want to install the Receiver for Windows package, type thefollowing at a command prompt:

CitrixReceiver.exe [Options]

or

CitrixReceiverEnterprise.exe [Options]

2. Set your options as needed.

● /? or /help displays usage information.

● /noreboot suppresses reboot during UI installations. This option is not necessaryduring silent installs.

● /silent disables the error and progress dialogs to execute a completely silentinstallation.

● /includeSSON enables single sign on for Receiver (standard, CitrixReceiver.exe).This option is not supported for Receiver (enterprise, CitrixReceiverEnterprise.exe),which installs single sign on by default. If you are using ADDLOCAL= to specifyfeatures and you want to install single sign on, you must also specify the SSONvalue. Requires administrator rights.

● PROPERTY=Value

Where PROPERTY is one of the following all-uppercase variables (keys) and Value isthe value the user should specify.

● INSTALLDIR=Installation directory, where Installation directory is the locationwhere the Receiver software is installed. The default value is C:\ProgramFiles\Citrix\ICA Client. If you use this option and specify an Installationdirectory, you must install the RIInstaller.msi in the Installationdirectory\Receiver directory and the other .msi files in the Installationdirectory.

● CLIENT_NAME=ClientName, where ClientName is the name used to identify theuser device to the server farm. The default value is %COMPUTERNAME%.

● ENABLE_DYNAMIC_CLIENT_NAME={Yes | No} The dynamic client name featureallows the client name to be the same as the computer name. When userschange their computer name, the client name changes to match. To enabledynamic client name support during silent installation, the value of theproperty ENABLE_DYNAMIC_CLIENT_NAME in your installation file must be Yes.To disable dynamic client name support, set this property to No.

● ADDLOCAL=feature[,...] Install one or more of the specified components. Whenspecifying multiple parameters, separate each parameter with a comma andwithout spaces. The names are case sensitive. If you do not specify thisparameter, all components included in the CitrixReceiverEnterprise.exe orCitrixReceiver.exe are installed by default.

Note: ReceiverInside and ICA_Client are prerequisites for all othercomponents and must be installed.

ReceiverInside – Installs the Receiver experience. (Required)

ICA_Client – Installs the standard Receiver. (Required)

SSON – Installs single sign on. Requires administrator rights.

AM – Installs the Authentication Manager. This value is supported only withCitrixReceiver.exe.

SELFSERVICE – Installs the Self-Service Plug-in. This value is supported onlywith CitrixReceiver.exe. The AM value must be specified on the command lineand .NET 3.5 Service Pack 1 must be installed.

USB – Installs USB.

DesktopViewer – Installs the Desktop Viewer.

Flash – Installs HDX media stream for flash.

PN_Agent – Installs Receiver (Enterprise). This value is supported only withCitrixReceiverEnterprise.exe.

Vd3d – Enables the Windows Aero experience (for operating systems thatsupport it)

● ALLOWADDSTORE={N | S | A} – The default depends on the followingsituations:

To configure and install the Citrix Receiver for Windows using command-line parameters

44

N if Merchandising Server is used or stores are specified on the installationcommand line.

S if Receiver is installed per machine.

A if Receiver is installed per user.

Specifies whether or not users can add and remove stores not configuredthrough Merchandising Server deliveries. (Users can enable or disable storesconfigured through Merchandising Server deliveries, but they cannot removethese stores or change the names or the URLs.) This option is supported onlywith CitrixReceiver.exe.

● ALLOWSAVEPWD={N | S | A} – The default is the value specified from thePNAgent server at run time. Specifies whether or not users can save credentialsfor stores locally on their computers and applies only to stores using thePNAgent protocol. Setting this argument to N prevents users from saving theircredentials. If the argument is set to S, users can only save credentials forstores accessed through HTTPS connections. Using the value A allows users tosave credentials for all their stores. This option is supported only withCitrixReceiver.exe.

● ENABLE_SSON={Yes | No} – The default value is Yes. Note that users must logoff and log back onto their devices after an installation with pass-throughauthentication enabled. Requires administrator rights.

Important: If you disable single sign on pass-through authentication, usersmust reinstall Receiver if you decide to use pass-through authentication at alater time.

● ENABLE_KERBEROS={Yes | No} – The default value is No. Specifies thatKerberos should be used; applies only when pass-through authentication (SSON)is enabled.

● DEFAULT_NDSCONTEXT=Context1 [,…] – Include this parameter to set a defaultcontext for Novell Directory Services (NDS). To include more than one context,place the entire value in quotation marks and separate the contexts by acomma. This option is supported only with CitrixReceiverEnterprise.exe.Examples of correct parameters:

DEFAULT_NDSCONTEXT="Context1"

DEFAULT_NDSCONTEXT=“Context1,Context2”

● LEGACYFTAICONS={False | True} – The default value is False. Specifieswhether or not application icons are displayed for documents that have filetype associations with subscribed applications. When the argument is set tofalse, Windows generates icons for documents that do not have a specific iconassigned to them. The icons generated by Windows consist of a genericdocument icon overlaid with a smaller version of the application icon. Citrixrecommends enabling this option if you plan on delivering Microsoft Officeapplications to users running Windows 7. This option is supported only withCitrixReceiver.exe.

● SERVER_LOCATION=Server_URL – The default value is blank. Provide the URL of the server running the Web Interface. The URL must be in the format


45

http://servername or https://servername.

The Receiver appends the default path and file name of the configuration fileto the server URL. If you change the default location of the configuration file,enter the entire new path in the SERVER_LOCATION key. This option issupported only with CitrixReceiverEnterprise.exe.

● STARTMENUDIR=Text string – The default is to put applications under Start >All Programs. Specifies the name of the default folder added to users' Startmenus to hold the shortcuts to their subscribed applications. Users can changethe folder name and/or move the folder at any time. This option is supportedonly with CitrixReceiver.exe.

● STOREx="storename;http[s]://servername.domain/IISLocation/resources/v1;[On| Off];[storedescription]"[ STOREy="..."] – Specifies up to 10 stores to use withReceiver. Values:

● x and y – Integers 0 through 9.

● storename – Defaults to store. This must match the name configured on theStorefront server.

● servername.domain – The fully qualified domain name of the server hostingthe store.

● IISLocation – the path to the store within IIS. The store URL must match theURL in Storefront provisioning files. The store URLs are of the form“/Citrix/MyStore/resources/v1” (for Storefront 1.0). To obtain the URL,export a provisioning file from Storefront, open it in notepad and copy theURL from the <Address> element.

● On | Off – The optional Off configuration setting enables you to deliverdisabled stores, giving users the choice of whether or not they access them.When the store status is not specified, the default setting is On.

● storedescription – An optional description of the store, such as Apps onXenApp.

If there is a problem with the installation, search in the user's %TEMP% directory for the logswith the prefix CtxInstall- or TrollyExpress- . For example:

CtxInstall-ICAWebWrapper.log

TrollyExpress-20090807-123456.log

Examples of a Command-Line Installation

CitrixReceiver.exe /includeSSONSTORE0="AppStore;https://testserver.net/Citrix/MyStore/resources/v1;on;Appson XenApp"STORE1="BackUpAppStore;https://testserver.net/Citrix/MyBackupStore/resources/v1;on;BackupStore Apps on XenApp"

This example:

● Installs Receiver (standard).


46

● Installs single sign on.

● Specifies two application stores.

CitrixReceiverEnterprise.exe /silentADDLOCAL="ReceiverInside,ICA_Client,PN_Agent" ENABLE_SSON=noINSTALLDIR="c:\test" ENABLE_DYNAMIC_CLIENT_NAME=YesDEFAULT_NDSCONTEXT="Context1,Context2"SERVER_LOCATION="http://testserver.net" CLIENT_NAME="Modified"

This example:

● Installs Receiver (Enterprise) without visible progress dialog boxes.

● Installs only Receiver Inside, the standard Receiver (ICA_Client), and enterpriseReceiver (PN_Agent).

● Disables pass-through authentication.

● Specifies the location where the software is installed.

● Enables dynamic client naming.

● Specifies the default context for NDS.

● Specifies the URL (http://testserver.net) of the server running the Web Interface,which Receiver will reference.

● Specifies the name used to identify the user device to the server farm.


47

48

Delivering Receiver Using ActiveDirectory and Sample Startup Scripts

You can use Active Directory Group Policy scripts to pre-deploy Receiver on systems basedon your Active Directory organizational structure. Citrix recommends using the scriptsrather than extracting the .msi files because the scripts allow for a single point forinstallation, upgrade, and uninstall, they consolidate the Citrix entries in Programs andFeatures, and make it easier to detect the version of Receiver that is deployed. Use theScripts setting in the Group Policy Management Console (GPMC) under ComputerConfiguration or User Configuration. Microsoft documents the advantages anddisadvantages of using scripts at Microsoft Technet - Use Group Policy to assign computerstartup scripts.

Citrix includes sample per-computer startup scripts to install and uninstallCitrixReceiver.exe and Citrix ReceiverEnterprise.exe. The scripts are located on the XenAppmedia in the Citrix Receiver and Plug-ins\Windows\Receiver\Startup_Logon_Scripts folder.

● CheckAndDeployReceiverEnterpriseStartupScript.bat

● CheckAndDeployReceiverPerMachineStartupScript.bat

● CheckAndRemoveReceiverEnterpriseStartupScript.bat

● CheckAndRemoveReceiverPerMachineStartupScript.bat

When the scripts are executed during Startup or Shutdown of an Active Directory GroupPolicy, custom configuration files might be created in the Default User profile of a system.If not removed, these configuration files can prevent some users from accessing theReceiver logs directory. The Citrix sample scripts include functionality to properly removethese configuration files.

To use the startup scripts to deploy Receiver with Active Directory

1. Create the Organizational Unit (OU) for each script.

2. Create a Group Policy Object (GPO) for the newly created OU.

To modify the sample scriptsModify the scripts by editing these parameters in the header section of each file:

● Current Version of package. The specified version number is validated and if it is notpresent, the deployment proceeds. For example, set DesiredVersion=3.0.0.XXXX to exactly match the version specified. If you specify a partial version, forexample 3.0.0, it matches any version with that prefix (3.0.0.1111, 3.0.0.7777, and soforth).

http://technet.microsoft.com/en-us/library/cc179134.aspx


● Package Location/Deployment directory. This specifies the network share containingthe packages and is not authenticated by the script. The shared folder must have Readpermission for EVERYONE.

● Script Logging Directory. This specifies the network share where the install logs arecopied and is not authenticated by the script. The shared folder must have Read andWrite permissions for EVERYONE.

● Package Installer Command Line Options. These command line options are passed tothe installer. For the command line syntax, see To configure and install the CitrixReceiver for Windows using command-line parameters

To add the per-computer startup scripts1. Open the Group Policy Management Console.

2. Select Computer Configuration > Policies > Windows Settings > Scripts(Startup/Shutdown).

3. In the right-hand pane of the Group Policy Management Console, select Startup.

4. In the Properties menu, click Show Files, copy the appropriate script to the folderdisplayed, and then close the window.

5. In the Properties menu, click Add and use Browse to find and add the newly createdscript.

To deploy Receiver per-computer1. Move the user devices designated to receive this deployment to the OU you created.

2. Reboot the user device and log on as any user.

3. Verify that Program and Features (Add or Remove Programs in previous OS versions)contains the newly installed package.

To remove Receiver per-computer1. Move the user devices designated for the removal to the OU you created.


3. Verify that Program and Features (Add or Remove Programs in previous OS versions)removed the previously installed package.

Delivering Receiver Using Active Directory and Sample Startup Scripts

49

50

Using the Per-User Sample StartupScripts

Citrix recommends using per-computer startup scripts but does include two Citrix Receiverper-user scripts on the XenApp media in the Citrix Receiver andPlug-ins\Windows\Receiver\Startup_Logon_Scripts folder for situations where you requireReceiver (standard) per-user deployments.

● CheckAndDeployReceiverPerUserLogonScript.bat

● CheckAndRemoveReceiverPerUserLogonScript.bat

To set up the per-user startup scripts1. Open the Group Policy Management Console.

2. Select User Configuration > Policies > Windows Settings > Scripts.

3. In the right-hand pane of the Group Policy Management Console, select Logon

4. In the Logon Properties menu, click Show Files, copy the appropriate script to thefolder displayed, and then close the window.

5. In the Logon Properties menu, click Add and use Browse to find and add the newlycreated script.

To deploy Receiver per-user1. Move the users designated to receive this deployment to the OU you created.

2. Reboot the user device and log on as the specified user.


To remove Receiver per-user1. Move the users designated for the removal to the OU you created.



51

Deploying CitrixReceiver.exe fromReceiver for Web

You can deploy CitrixReceiver.exe from Receiver for Web to ensure that users have theReceiver installed before they try to connect to an application from a browser. For details,refer to the Receiver Storefront documentation on Citrix eDocs.

52

Deploying the CitrixReceiver.exe from aWeb Interface Logon Screen

You can deploy the CitrixReceiver.exe from a Web page to ensure that users have theReceiver installed before they try to use the Web Interface. Create a home page and run anInternet Explorer script to download the CitrixReceiver.exe package automatically from theWeb server and install it for the user.

To install the Receiver software using CitrixReceiver.exe, the Windows Installer Servicemust be installed on the user device. This service is present by default on systems runningWindows XP, Windows Vista, Windows 7, Windows Server 2003, or Windows Server 2008.

Add the sites from which the CitrixReceiver.exe file is downloaded to the Trusted Siteszone.

In the webinterface.conf file for your XenApp websites, edit the ClientIcaWin32= line tospecify the CitrixReceiver.exe installation file and remove the comment character (#).

For more information, see the Web Interface documentation.

53

Configuring Citrix Receiver for Windows

You can configure Citrix Receiver operations for deployments that use Receiver Storefrontor a legacy PNA Services site. For information about configuring deployments using ReceiverStorefront, refer to the Storefront documentation on Citrix eDocs.

From the Citrix management console for the XenApp server, configure the options andsettings for Receiver using the associated Receiver site. Each time users log on to theReceiver, they see the most recent configuration. Changes made while users are connectedtake effect when the Receiver configuration is refreshed manually or automatically after adesignated interval.

54

Using the Group Policy Object Templateto Customize Receiver

Citrix recommends using the Group Policy Object icaclient.adm template file to configurerules for securing Receiver connections. The rules include network routing, proxy servers,trusted server configuration, user routing, remote client devices, and the user experience.

You can use the icaclient.adm template file with domain policies and local computerpolicies. For domain policies, import the template file using the Group Policy ManagementConsole. This is especially useful for applying Receiver settings to a number of differentuser devices throughout the enterprise. To affect a single user device, import the templatefile using the local Group Policy Editor on the device.

For details about Group Policy management, see the Microsoft Group Policy documentation.

To import the icaclient template using the GroupPolicy Management Console

To affect domain-based group policies, import the icaclient.adm file with the Group PolicyManagement Console.

1. As an administrator, open the Group Policy Management Console.

2. In the left pane, select a group policy and from the Action menu, choose Edit.

3. In the left pane of the Group Policy Editor, select the Administrative Templates folder.

4. From the Action menu, choose Add/Remove Templates.

5. Choose Add and browse to the Configuration folder for Receiver (usually C:\ProgramFiles\Citrix\ICA Client\Configuration) and select icaclient.adm.

6. Select Open to add the template and then Close to return to the Group Policy Editor.

To import the icaclient template using the local GroupPolicy Editor

To affect the policies on a local computer, import the icaclient.adm file with the localGroup Policy Editor.

1. As an administrator, open the Group Policy Editor by running gpedit.msc from the Startmenu.

2. In the left pane, select the Administrative Templates folder.




Using the Group Policy Object Template to Customize Receiver

55

56

Configuring Access to Accounts Manually

When users launch Receiver for the first time, they have the option to set up a newaccount, unless Receiver was distributed using Merchandising Server, a Receiver for Webconfiguration file, or a GPO or similar method. To set up a new account, a user entersinformation about the XenApp farm or XenDesktop site hosting the resources.

When a user enters the details for a new account, Receiver attempts to verify theconnection. If successful, Receiver prompts the user to log on to the account.

To add a new account1. Click the gear icon in the Receiver window and choose Edit Accounts.2. Click Add.

3. Enter the information provided by your organization and click OK.

To remove an account1. Click the gear icon in the Receiver window and choose Edit Accounts.2. Select the account from the list and click Remove and Yes.

To edit the details of an account1. Click the gear icon in the Receiver window and choose Edit Accounts.2. Select the account that you want to edit from the list and double-click.

3. Edit the details in Name, the Description, and/or the URL fields, as required.

4. Click OK.

57

To customize user preferences for theReceiver (Enterprise)

Users can customize their preferences. For example, they can define window sizes forpublished applications, choose when to refresh the list of available published resources,and specify where the available published resources appear.

1. In the Windows notification area, right-click the Receiver icon and choosePreferences.

2. Right-click the Online Plug-in entry in the Plug-in Status and choose Options, select aproperty, and make the desired configuration changes.

If you configure seamless windows and set the task bar to Auto-hide, you cannot access thetaskbar when you maximize published applications. To access the taskbar, resize thepublished application.

For more detailed information, see the online help for Receiver.

To change the server URL in the Receiver (Enterprise)Receiver requires that you specify the location of a configuration file (Config.xml is thedefault configuration file) on the server running the Web Interface. You can ask your usersto change the server URL as you create new configuration files or delete old ones.

Note: To prevent users from accidentally changing their server URL, disable the option.

1. In the Windows notification area, right-click the Receiver icon and choose Preferences.

2. Right-click the Online Plug-in entry in the Plug-in Status and choose Change Server.

3. Type or select the server URL in the format http://servername or, to encrypt theconfiguration data using SSL, https://servername.

58

Configuring USB Support for XenDesktopConnections

USB support enables users to interact with a wide range of USB devices when connected toa virtual desktop. Users can plug USB devices into their computers and the devices areremoted to their virtual desktop. USB devices available for remoting include flash drives,smartphones, PDAs, printers, scanners, MP3 players, security devices, and tablets. DesktopViewer users can control whether USB devices are available on the virtual desktop using apreference in the toolbar.

Isochronous features in USB devices such as webcams, microphones, speakers, and headsetsare supported in typical low latency/high speed LAN environments. This allows thesedevices to interact with packages such as Microsoft Office Communicator and Skype.

The following types of device are supported directly in a XenDesktop session, and so do notuse USB support:

● Keyboards

● Mice

● Smart cards

Note: Specialist USB devices (for example, Bloomberg keyboards and 3D mice) can beconfigured to use USB support. For information on configuring Bloomberg keyboards, seeConfiguring Bloomberg Keyboards. For information on configuring policy rules for otherspecialist USB devices, see CTX 119722.

By default, certain types of USB devices are not supported for remoting throughXenDesktop. For example, a user may have a network interface card attached to the systemboard by internal USB. Remoting this would not be appropriate. The following types of USBdevice are not supported by default for use in a XenDesktop session:

● Bluetooth dongles

● Integrated network interface cards

● USB hubs

● USB graphics adaptors

USB devices connected to a hub can be remoted, but the hub itself cannot be remoted.

For instructions on modifying the range of USB devices that are available to users, seeUpdating the List of USB Devices Available for Remoting.

For instructions on automatically redirecting specific USB devices, see CTX123015.

http://support.citrix.com/article/ctx119722


59

How USB Support Works

When a user plugs in a USB device, it is checked against the USB policy, and, if allowed,remoted to the virtual desktop. If the device is denied by the default policy, it is availableonly to the local desktop.

The user experience depends upon the type of desktop to which users are connecting.

For desktops accessed through the Citrix Desktop Lock, when a user plugs in a USB device,that device is automatically remoted to the virtual desktop. No user interaction is required.The virtual desktop is responsible for controlling the USB device and displaying it in the userinterface.

For desktops accessed through the Desktop Viewer, when a user plugs in a USB device, adialog box appears asking the user if they want that device remoted to the virtual desktop.The user can decide which USB devices are remoted to the virtual desktop by selectingdevices from the list each time they connect. Alternatively, the user can configure USBsupport so that all USB devices plugged in both before and/or during a session areautomatically remoted to the virtual desktop that is in focus.

60

Mass Storage Devices

For mass storage devices only, in addition to USB support, remote access is availablethrough client drive mapping, which you configure through the Citrix Mappings rule. Whenthis rule is applied, the drives on the user device are automatically mapped to drive letterson the virtual desktop when users log on. The drives are displayed as shared folders withmapped drive letters. The Citrix Mappings rule is in the Drives subfolder of the ClientDevices Resources folder in the Presentation Server Console.

The main differences between the two types of remoting policy are:

Feature Client Drive Mapping USB Rule

Enabled by default Yes No

Read-only accessconfigurable

Yes No

Safe to remove deviceduring a session

No Yes, if the user clicksSafely Remove Hardwarein the notification area

If both USB support and the Citrix Mappings rule are enabled and a mass storage device isinserted before a session starts, it will be redirected using client drive mapping first, beforebeing considered for redirection through USB support. If it is inserted after a session hasstarted, it will be considered for redirection using USB support before client drive mapping.

61

USB Device Classes Allowed by Default

Different classes of USB device are allowed by the default USB policy rules.

Although they are on this list, some classes are only available for remoting in XenDesktopsessions after additional configuration. These are noted below.

● Audio (Class 01). Includes audio input devices (microphones), audio output devices,and MIDI controllers. Modern audio devices generally use isochronous transfers, which issupported by XenDesktop 4 or later.

Note: Some specialty devices (for example, VOIP phones) require additionalconfiguration. For instructions on this, see CTX123015.

● Physical Interface Devices(Class 05). These devices are similar to Human InterfaceDevices (HIDs), but generally provide "real-time" input or feedback and include forcefeedback joysticks, motion platforms, and force feedback exoskeletons.

● Still Imaging (Class 06). Includes digital cameras and scanners. Digital cameras oftensupport the still imaging class which uses the Picture Transfer Protocol (PTP) or MediaTransfer Protocol (MTP) to transfer images to a computer or other peripheral. Camerasmay also appear as mass storage devices and it may be possible to configure a camerato use either class, through setup menus provided by the camera itself.

Note that if a camera appears as a mass storage device, client drive mapping is usedand USB support is not required.

● Printers (Class 07). In general most printers are included in this class, although someuse vendor-specific protocols (class ff). Multi-function printers may have an internalhub or be composite devices. In both cases the printing element generally uses thePrinters class and the scanning or fax element uses another class; for example, StillImaging.

Printers normally work appropriately without USB support.

Note: This class of device (in particular printers with scanning functions) requiresadditional configuration. For instructions on this, see CTX123015.

● Mass Storage (Class 08). The most common mass storage devices are USB flash drives;others include USB-attached hard drives, CD/DVD drives, and SD/MMC card readers.There are a wide variety of devices with internal storage that also present a massstorage interface; these include media players, digital cameras, and mobile phones.Known subclasses include:

● 01 Limited flash devices

● 02 Typically CD/DVD devices (ATAPI/MMC-2)

● 03 Typically tape devices (QIC-157)

● 04 Typically floppy disk drives (UFI)



● 05 Typically floppy disk drives (SFF-8070i)

● 06 Most mass storage devices use this variant of SCSI

Mass storage devices can often be accessed through client drive mapping, and so USBsupport is not required.

Important: Some viruses are known to propagate actively using all types of massstorage. Carefully consider whether or not there is a business need to permit the useof mass storage devices, either through client drive mapping or USB support.

● Content Security (Class 0d). Content security devices enforce content protection,typically for licensing or digital rights management. This class includes dongles.

● Video (Class 0e). The video class covers devices that are used to manipulate video orvideo-related material, such as webcams, digital camcorders, analog video converters,some television tuners, and some digital cameras that support video streaming.

Note: Most video streaming devices use isochronous transfers, which is supported byXenDesktop 4 or later. Some video devices (for example webcams with motiondetection) require additional configuration. For instructions on this, see CTX123015.

● Personal Healthcare (Class 0f). These devices include personal healthcare devices suchas blood pressure sensors, heart rate monitors, pedometers, pill monitors, andspirometers.

● Application and Vendor Specific (Classes fe and ff). Many devices use vendor specificprotocols or protocols not standardized by the USB consortium, and these usuallyappear as vendor-specific (class ff).


62


63

USB Device Classes Denied by Default

Different classes of USB device are denied by the default USB policy rules.

● Communications and CDC Control (Classes 02 and 0a). The default USB policy doesnot allow these devices, because one of them may be providing the connection to thevirtual desktop itself.

● Human Interface Devices (Class 03). Includes a wide variety of both input and outputdevices. Typical Human Interface Devices (HIDs) are keyboards, mice, pointing devices,graphic tablets, sensors, game controllers, buttons, and control functions.

Subclass 01 is known as the "boot interface" class and is used for keyboards and mice.

The default USB policy does not allow USB keyboards (class 03, subclass 01, protocol 1),or USB mice (class 03, subclass 01, protocol 2). This is because most keyboards andmice are handled appropriately without USB support and it is normally necessary to usethese devices locally as well remotely when connecting to a virtual desktop.

● USB Hubs (Class 09). USB hubs allow extra devices to be connected to the localcomputer. It is not neccessary to access these devices remotely.

● Smart Card (Class 0b). Smart card readers include contactless and contact smart cardreaders, and also USB tokens with an embedded smart card-equivalent chip.

Smart card readers are accessed using smart card remoting and do not require USBsupport.

● Wireless Controller (Class e0). Some of these devices may be providing criticalnetwork access, or connecting critical peripherals such as Bluetooth keyboards or mice.

The default USB policy does not allow these devices. However, there may be particulardevices it is appropriate to provide access to using USB support.

64

Updating the List of USB DevicesAvailable for Remoting

You can update the range of USB devices available for remoting to desktops by editing thefile icaclient_usb.adm. This allows you to make changes to the Receiver using Group Policy.The file is located in the following installed folder:

<root drive>:\Program Files\Citrix\ICA Client\Configuration\en

Alternatively, you can edit the registry on each user device, adding the following registrykey:

HKLM\SOFTWARE\Policies\Citrix\ICA Client\GenericUSB Type=String Name="DeviceRules"Value=


The product default rules are stored in:

HKLM\SOFTWARE\Citrix\ICA Client\GenericUSB Type=MultiSz Name=“DeviceRules” Value=

Do not edit the product default rules.

For details of the rules and their syntax, see http://support.citrix.com/article/ctx119722/.

http://support.citrix.com/article/ctx119722/

65

Configuring Bloomberg Keyboards

Bloomberg keyboards are supported by XenDestkop sessions (but not other USB keyboards).The required components are installed automatically when the plug-in is installed, but youmust enable this feature either during the installation or later by changing a registry key.

On any one user device, multiple sessions to Bloomberg keyboards are not recommended.The keyboard only operates correctly in single-session environments.

To turn Bloomberg keyboard support on or off


1. Locate the following key in the registry:

HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\GenericUSB

2. Do one of the following:

● To turn on this feature, for the entry with Type DWORD and NameEnableBloombergHID, set Value to 1.

● To turn off this feature, set the Value to 0.

66

Configuring User-Driven Desktop Restart

You can allow users to restart their desktops themselves. They may need to do this if adesktop fails to connect or becomes unresponsive.

This feature is disabled by default. You enable user-driven desktop restart for a desktopgroup in Desktop Studio. For information on this, see the XenDesktop documentation.

The procedures for restarting desktops differ depending on whether users are connecting todesktops through the Desktop Viewer or the Citrix Desktop Lock.


67

To prevent the Desktop Viewer windowfrom dimming

If users have multiple Desktop Viewer windows, by default the desktops that are not activeare dimmed. If users need to view multiple desktops simultaneously, this can make theinformation on them unreadable. You can disable the default behavior and prevent theDesktop Viewer window from dimming by editing the Registry.


1. On the user device, create a REG_DWORD entry called DisableDimming in one of thefollowing keys, depending on whether you want to prevent dimming for the current userof the device or the device itself. An entry already exists if the Desktop Viewer hasbeen used on the device:

● HKCU\Software\Citrix\XenDesktop\DesktopViewer

● HKLM\Software\Citrix\XenDesktop\DesktopViewerOptionally, instead of controlling dimming with the above user or device settings, youcan define a local policy by creating the same REG_WORD entry in one of the followingkeys:

● HKCU\Software\Policies\Citrix\XenDesktop\DesktopViewer

● HKLM\Software\Policies\Citrix\XenDesktop\DesktopViewerThe use of these keys is optional because XenDesktop administrators, rather thanplug-in administrators or users, typically control policy settings using Group Policy. So,before using these keys, check whether your XenDesktop administrator has set a policyfor this feature.

2. Set the entry to any non-zero value such as 1 or true.

If no entries are specified or the entry is set to 0, the Desktop Viewer window is dimmed. Ifmultiple entries are specified, the following precedence is used. The first entry that islocated in this list, and its value, determine whether the window is dimmed:

1. HKCU\Software\Policies\Citrix\...

2. HKLM\Software\Policies\Citrix\...

3. HKCU\Software\Citrix\...

4. HKLM\Software\Citrix\...

68

To configure the Citrix Desktop Lock

This topic contains instructions for configuring USB preferences, drive mappings, andmicrophones for a virtual desktop accessed through the Citrix Desktop Lock. In addition,some general advice on configuring the Desktop Lock is also provided.

Typically, this is used in non-domain-joined environments such as on a thin client ordesktop appliance. In this access scenario, the Desktop Viewer is unavailable, so onlyadministrators (not users) can perform the configuration.

Two .adm files are provided that allow you to perform this task using policies:

● icaclient.adm. For information on obtaining this file, see To configure settings formultiple users and devices.

● icaclient_usb.adm. The file is located in the following installed folder: <rootdrive>:\Program Files\Citrix\ICA Client\Configuration\en.

This topic assumes you have loaded both files into Group Policy, where the policies appearin Computer Configuration or User Configuration > Administrative Templates > ClassicAdministrative Templates (ADM) > Citrix Components.

To configure USB preferencesAs a prerequisite, you must turn on USB support in XenDesktop deployments by enabling theUSB policy rule. For information on this, see the XenDesktop documentation.

In Citrix Receiver > Remoting client devices > Generic USB Remoting, enable andconfigure as desired the Existing USB Devices, New USB Devices, and USB Devices List InDesktop Viewer policies. You can use the Show All Devices policy to display all connectedUSB devices, including those using the Generic USB virtual channel (for example, webcamsand memory sticks).

To configure drive mappingIn Citrix Receiver > Remoting client devices, enable and configure as desired the Clientdrive mapping policy.

To configure a microphoneIn Citrix Receiver > Remoting client devices, enable and configure as desired the Clientmicrophone policy.

General Advice On Configuring the Desktop LockGrant access to only one virtual desktop running the Desktop Lock per user.

Do not allow users to hibernate virtual desktops. Use Active Directory policies appropriatelyto prevent this.


69

70

To configure settings for multiple usersand devices

In addition to the configuration options offered by the Receiver user interface, you can usethe Group Policy Editor and the icaclient.adm template file to configure settings. Using theGroup Policy Editor, you can:

● Extend the icaclient template to cover any Receiver setting by editing theicaclient.adm file. See the Microsoft Group Policy documentation for more informationabout editing .adm files and about applying settings to a particular computer.

● Make changes that apply only to either specific users or all users of a client device.

● Configure settings for multiple user devices

Citrix recommends using Group Policy to configure user devices remotely; however you canuse any method, including the Registry Editor, which updates the relevant registry entries.

1. As an administrator, open the Group Policy Editor by either running gpedit.msc locallyfrom the Start menu when applying policies to a single computer or by using the GroupPolicy Management Console when applying domain policies.

Note: If you already imported the icaclient template into the Group Policy Editor,you can omit Steps 2 to 5.





6. Under the User Configuration node or the Computer Configuration node, edit therelevant settings as required.

71

Canadian Keyboard Layouts andUpdating from Presentation ServerClients Version 10.200

The Canadian keyboard layouts are aligned with those supported by Microsoft. If usersinstall Receivers without uninstalling the Presentation Server Clients Version 10.200 first,they must manually edit the module.ini file (usually in C:\Program Files\Citrix\ICA Client) toupgrade the keyboard layout settings:

Replace:

Canadian English (Multilingual)=0x00001009

Canadian French=0x00000C0C

Canadian French (Multilingual)=0x00010C0C

With:

Canadian French=0x00001009

Canadian French (Legacy)=0x00000C0C

Canadian Multilingual Standard=0x00011009

72

Auto-Repair File Locations

Auto-repair occurs if there is a problem with Receiver; however, there is no Add/RemovePrograms or Programs and Features Repair option. If the Receiver repair option prompts forthe location of the .msi file, browse to one of these locations to find the file:

● For CitrixReceiverEnterprise.exe

● Operating system: Windows XP and Windows 2003

C:\Documents and Settings\All Users\application data\Citrix\Citrix Receiver(Enterprise)\

● Operating system: Windows Vista and Windows 7

C:\ProgramData\Citrix\Citrix Receiver (Enterprise)\● For CitrixReceiver.exe installed per computer


C:\Documents and Settings\All Users\Application Data\Citrix\Citrix Receiver\


C:\ProgramData\Citrix\Citrix Receiver\● For CitrixReceiver.exe installed per user


%USERPROFILE%\Local Settings\Application Data\Citrix\Citrix Receiver\


%USERPROFILE%\Appdata\local\Citrix\Citrix Receiver\

73

Optimizing the Receiver Environment

The ways you can optimize the environment in which your Receiver operates for your usersinclude:

● Improving performance

● Improving performance over low bandwidth

● Facilitating the connection of numerous types of client devices to published resources

● Providing support for NDS users

● Using connections to Citrix XenApp for UNIX

● Supporting naming conventions

● Supporting DNS naming resolution


74

Improving Receiver Performance

You can improve the performance of your Receiver software by:

● Reducing Application Launch Time

● Reconnecting Users Automatically

● Providing session reliability

● Improving Performance over Low-Bandwidth Connections

75

Reducing Application Launch Time

Use the session pre-launch feature to reduce application launch time during normal or hightraffic periods; thus, giving the user a better experience. The pre-launch feature allows apre-launch session to be created when a user logs on to Receiver, or at a scheduled time ifthe user is already logged on. This pre-launch session reduces the launch time of the firstapplication. The default application ctxprelaunch.exe is running in the session, but it is notvisible to the user.

There are two types of pre-launch:

● Just-in-time pre-launch. Pre-Launch starts immediately after the user's credentials areauthenticated whether or not it is a high-traffic period.

● Scheduled pre-launch. Pre-launch starts at a scheduled time. Scheduled pre-launchstarts only when the user device is already running and authenticated. If those twoconditions are not met when the scheduled pre-launch time arrives, a session does notlaunch. To spread network and server load, the session launches within a window ofwhen it is scheduled. For example, if the scheduled pre-launch is scheduled for 1:45p.m., the session actually launches between 1:15 p.m. and 1:45 p.m.

Typically, you can use just-in-time pre-launch for normal traffic periods and scheduledpre-launch for known high-traffic periods.

An example of a high-traffic period - if your environment includes a large number of userswho launch applications during peak periods such as when users start work or return fromlunch, the rapid succession of logon requests might overwhelm servers and slow downapplication launch for all users.

Configuring pre-launch on the XenApp server consists of creating, modifying, or deletingpre-launch applications, as well as updating user policy settings that control the pre-launchapplication. See To pre-launch applications to user devices for information aboutconfiguring session pre-launch on the XenApp server.


Customizing the pre-launch feature using the icaclient.adm file is not supported. However,you can change the pre-launch configuration by modifying registry values during or afterReceiver installation.

Registry value for Windows 7, 64-bit

The value for Windows 7, 64-bit, is:HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Citrix\ICA Client\Prelaunch.

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Citrix\ICA Client\Prelaunch - Enablesdifferent users on the same user device to have different settings. It also allows a user tochange the configuration without administrative permission. You can provide your userswith scripts to accomplish this.

http://support.citrix.com/proddocs/index.jsp?lang=en&topic=/xenapp65-publishing/ps-pub-prelaunch.html

Name: State

Values:

0 - Disable pre-launch.

1 - Enable just-in-time pre-launch. (Pre-Launch starts after the user's credentials areauthenticated.)

2 - Enable scheduled pre-launch. (Pre-launch starts at the time scheduled in Schedule.)

Name: Schedule

Value:

The time (24 hour format) and days of week for scheduled pre-launch entered in thefollowing format:

HH:MM|M:T:W:TH:F:S:SU where HH and MM are hours and minutes. M:T:W:TH:F:S:SU arethe days of the week. For example, to enable scheduled pre-launch on Monday, Wednesday,and Friday at 1:45 p.m., set Schedule as Schedule=13:45|1:0:1:0:1:0:0 . The sessionactually launches between 1:15 p.m. and 1:45 p.m.

Registry values for other Windows systems

The values for all other supported Windows operating systems are:HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Prelaunch andHKEY_CURRENT_USER\Software\Citrix\ICA Client\Prelaunch.

HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Prelaunch - Written at installation,with default values.

Name: UserOverride

Values:

0 - Use the HKEY_LOCAL_MACHINE values even if HKEY_CURRENT_USER values are alsopresent.

1 - Use HKEY_CURRENT_USER values if they exist; otherwise, use the HKEY_LOCAL_MACHINEvalues.

Name: State

Values:




Name: Schedule

Value:


76


HH:MM|M:T:W:TH:F:S:SU where HH and MM are hours and minutes. M:T:W:TH:F:S:SU arethe days of the week. For example to enable scheduled pre-launch on Monday, Wednesday,and Friday at 1:45 p.m., set Schedule as Schedule=13:45|1:0:1:0:1:0:0 . The sessionactually launches between 1:15 p.m. and 1:45 p.m.

HKEY_CURRENT_USER\SOFTWARE\Citrix\ICA Client\Prelaunch - Enables different users onthe same user device to have different settings. It also allows a user to change theconfiguration without administrative permission. You can provide your users with scripts toaccomplish this.

Name: State

Values:




Name: Schedule

Value:




77

78

Reconnecting Users Automatically

Users can be disconnected from their sessions because of unreliable networks, highlyvariable network latency, or range limitations of wireless devices. With the HDX Broadcastauto-client reconnection feature, Receiver can detect unintended disconnections of ICAsessions and reconnect users to the affected sessions automatically.

When this feature is enabled on the server, users do not have to reconnect manually tocontinue working. The Receiver attempts to reconnect to the session until there is asuccessful reconnection or the user cancels the reconnection attempts. If userauthentication is required, a dialog box requesting credentials appears to a user duringautomatic reconnection. Automatic reconnection does not occur if users exit applicationswithout logging off. Users can reconnect only to disconnected sessions.

To disable HDX Broadcast auto-client reconnect for a particular user





4. Choose Add and browse to the Receiver Configuration folder (usually C:\ProgramFiles\Citrix\ICA Client\Configuration) and select icaclient.adm.


6. From the Group Policy Editor, expand Administrative Templates and navigate throughCitrix Components > Citrix Receiver > Network Routing > Session reliability andautomatic reconnection. In Windows 7 and Windows Server 2008, expandAdministrative Templates and navigate through Classic Administrative Templates(ADM) > Citrix Components to the desired configuration option.

7. From the Action menu, choose Properties and select Disabled.

79

Providing HDX Broadcast SessionReliability

With the HDX Broadcast Session Reliability feature, users continue to see a publishedapplication’s window if the connection to the application experiences an interruption. Forexample, wireless users entering a tunnel may lose their connection when they enter thetunnel and regain it when they emerge on the other side. During such interruptions, thesession reliability feature enables the session window to remain displayed while theconnection is being restored.

You can configure your system to display a warning dialog box to users when the connectionis unavailable.

You set HDX Broadcast Session Reliability with policy settings on the server. Receiver userscannot override the server settings for HDX Broadcast Session Reliability.

Important: If HDX Broadcast Session Reliability is enabled, the default port used forsession communication switches from 1494 to 2598.

80

Improving Performance overLow-Bandwidth Connections

Citrix recommends that you use the latest version of XenApp or XenDesktop on the server.Citrix continually enhances and improves performance with each release. Manyperformance features require the latest Receiver and server software to function.

If you are using a low-bandwidth connection, you can make a number of changes to yourReceiver configuration and the way you use the Receiver to improve performance.

Changing Your Receiver ConfigurationOn devices with limited processing power or in circumstances where only limited bandwidthis available, there is a trade-off between performance and functionality. Receiver providesboth user and administrator with the ability to choose an acceptable mixture of richfunctionality and interactive performance. Making one or more of these changes on theserver or user device can reduce the bandwidth your connection requires and improveperformance:

● Enable SpeedScreen Latency Reduction. SpeedScreen Latency Reduction improvesperformance over high latency connections by providing instant feedback to the user inresponse to typed data or mouse clicks.

User's side: icaclient.adm file.

Server side: SpeedScreen Latency Reduction Manager.

● Reduce the window size. Change the window size to the minimum size you cancomfortably use.

User side: icaclient.adm file or use the Receiver icon in the notification area andchoose Preferences and right-click the Online Plug-in entry in the Plug-in Status andchoose Options > Session Options.

Server side: XenApp services site > Session Options.

● Reduce the number of colors. Reduce the number of colors to 256.



● Reduce sound quality. If Receiver audio mapping is enabled, reduce the sound qualityto the minimum setting.


Server side: Citrix Audio quality policy setting.

Changing Receiver UseICA technology is highly optimized and typically does not have high CPU and bandwidthrequirements. However, if you are using a very low-bandwidth connection, the followingtasks can impact performance:

● Accessing large files using client drive mapping. When you access a large file withclient drive mapping, the file is transferred over the ICA connection. On slowconnections, this may take a long time.

● Playing multimedia content. Playing multimedia content uses a lot of bandwidth andcan cause reduced performance.

Improving Performance over Low-Bandwidth Connections

81

82

Connecting User Devices and PublishedResources

You can facilitate sessions and optimize the connection of your user devices to resourcespublished in the server farm by:

● Configuring workspace control settings to provide continuity for roaming users

● Making scanning transparent for users

● Mapping client devices

● Associating user device file types with published applications

83

Configuring Workspace Control Settingsto Provide Continuity for Roaming Users

The workspace control feature provides users with the ability to disconnect quickly from allrunning applications, reconnect to applications, or log off from all running applications. Youcan move among user devices and gain access to all of your applications when you log on.For example, health care workers in a hospital can move quickly among workstations andaccess the same set of applications each time they log on to XenApp. These users candisconnect from multiple applications at one user device and open all the same applicationswhen they reconnect at a different user device.

Workspace control is available only to users connecting to published resources with CitrixXenApp or through Storefront, Receiver for Web, or the Web Interface.

Policies and client drive mappings change appropriately when you move to a new userdevice. Policies and mappings are applied according to the user device where you arecurrently logged on to the session. For example, if a health care worker logs off from a userdevice in the emergency room of a hospital and then logs on to a workstation in thehospital’s X-ray laboratory, the policies, printer mappings, and client drive mappingsappropriate for the session in the X-ray laboratory go into effect for the session as soon asthe user logs on to the user device in the X-ray laboratory.

Important: Workspace control is not available for Online Plug-in versions earlier than11.x; it works only with sessions connected to computers running Citrix PresentationServer Version 3.0, 4.0, or 4.5 or Citrix XenApp 5.0, 6.0, or 6.5.

If workspace control configuration settings allow users to override the server settings, userscan configure workspace control on the Receiver Reconnect Options page:

● Enable automatic reconnection at logon allows users to reconnect to onlydisconnected applications or to both disconnected and active applications

● Enable reconnection from the menu allows users to reconnect to only disconnectedapplications or to both disconnected and active sessions

To configure workspace control settings through Storefront or Receiver for Web

For information about configuring Receiver Storefront and Receiver for Web for workspacecontrol and user roaming, refer to the "Manage" topics in the Receiver Storefrontdocumentation in Citrix eDocs.

To configure workspace control settings through Web Interface

For users launching applications through the Web Interface, these options are in Settings:

● Enable automatic reconnection at logon allows users to reconnect to onlydisconnected applications or both disconnected and active applications

● Enable automatic reconnection from Reconnect menu allows users to reconnect toonly disconnected applications or both disconnected and active sessions

● Customize Log Off button allows users to configure whether or not the log offcommand will include logging them off from applications that are running in the session

If users log on with smart cards or smart cards with pass-through authentication, set up atrust relationship between the server running the Web Interface and any other server in thefarm that the Web Interface accesses for published applications. For more informationabout workspace control requirements, see the Citrix XenApp and Web InterfaceAdministrator documentation.

Configuring Workspace Control Settings to Provide Continuity for Roaming Users

84

85

Making Scanning Transparent for Users

If you enable HDX Plug-n-Play TWAIN image scanning device support, users can controlclient-attached TWAIN imaging devices transparently with applications that reside on theserver farm. To use this feature, a TWAIN device must be attached to the user device andthe associated 32-bit TWAIN driver must also be installed on the user device.

To enable or disable this feature, configure the Citrix policy Client TWAIN deviceredirection setting.

The following policy settings allow you to specify the maximum amount of bandwidth (inkilobits per second or as a percentage) and the compression level of images from client toserver used for TWAIN redirection:

● TWAIN device redirection bandwidth limit

● TWAIN device redirection bandwidth limit percent

● TWAIN compression level

86

Mapping User Devices

The Receiver supports mapping devices on user devices so they are available from within asession. Users can:

● Transparently access local drives, printers, and COM ports

● Cut and paste between the session and the local Windows clipboard

● Hear audio (system sounds and .wav files) played from the session

During logon, Receiver informs the XenApp server of the available client drives, COM ports,and LPT ports. By default, client drives are mapped to server drive letters and server printqueues are created for client printers so they appear to be directly connected to theXenApp server. These mappings are available only for the current user during the currentsession. They are deleted when the user logs off and recreated the next time the user logson.

You can use the the Citrix policy redirection settings on the XenApp server to map userdevices not automatically mapped at logon. For more information, see the XenAppadministration documentation.

Turning off User Device MappingsYou can configure user device mapping including options for drives, printers, and ports,using the Windows Server Manager tool. For more information about the available options,see your Remote Desktop Services documentation.

87

Mapping Client Drives to XenApp ServerDrive Letters

Client drive mapping allows drive letters on the XenApp server to be redirected to drivesthat exist on the client device. For example, drive H in a Citrix user session can be mappedto drive C of the local device running the plug-in.

Client drive mapping is built into the standard Citrix device redirection facilitiestransparently. To File Manager, Windows Explorer, and your applications, these mappingsappear like any other network mappings.

Note that Client drive mapping is not supported when connecting to MetaFrame Server 1.0for UNIX operating systems.

The XenApp server can be configured during installation to map client drives automaticallyto a given set of drive letters. The default installation mapping maps drive letters assignedto client drives starting with V and works backward, assigning a drive letter to each fixeddrive and CD-ROM drive. (Floppy drives are assigned their existing drive letters.) Thismethod yields the following drive mappings in a session:

Client drive letter Is accessed by the XenApp server as:

A A

B B

C V

D UThe XenApp server can be configured so that the server drive letters do not conflict withthe client drive letters; in this case the server drive letters are changed to higher driveletters. For example, changing server drives C to M and D to N allows client devices toaccess their C and D drives directly. This method yields the following drive mappings in asession:


A A

B B

C C

D DThe drive letter used to replace the server drive C is defined during Setup. All other fixeddrive and CD-ROM drive letters are replaced with sequential drive letters (for example; C >M, D > N, E > O). These drive letters must not conflict with any existing network drivemappings. If a network drive is mapped to the same drive letter as a server drive letter, thenetwork drive mapping is not valid.

When a client device connects to a XenApp server, client mappings are reestablished unlessautomatic client device mapping is disabled. You can use the Terminal ServicesConfiguration tool to configure automatic client device mapping for ICA connections andusers. You can also use policies to give you more control over how client device mapping isapplied. For more information about policies, see the Citrix XenApp Administrator'sdocumentation at Citrix eDocs.

Mapping Client Drives to XenApp Server Drive Letters

88

http://support.citrix.com/proddocs/index.jsp

89

HDX Plug-n-Play for USB StorageDevices

HDX Plug-n-Play for USB storage devices enables users to interact with USB mass storagedevices connected to their user devices when connected to XenApp sessions. When HDXPlug-n-Play for USB storage devices is enabled, users can connect or disconnect a USBdevice from a session at anytime, regardless of whether the session was started before orafter the drive connection.

HDX Plug-n-Play for USB storage devices is enabled by default and can be disabled orenabled by editing the ICA\File Redirection - Client removable drives policy setting. Formore information, see the XenApp documentation.

Supported Mass Storage Devices with XenAppMass storage devices, including USB thumbdrives, USB-attached hard drives, CD-DVD drives,and SD card readers are supported.

Not supported:

● U3 smart drives and devices with similar autorun behavior

● Explorer.exe published as a seamless application


Important: Some viruses are known to propagate actively using all types of mass storage.Carefully consider whether or not there is a business need to permit the use of massstorage devices, either through client drive mapping or USB support.

90

HDX Plug-n-Play USB Device Redirectionfor XenApp Connections

HDX Plug-n-Play USB Device Redirection on computers running Vista and Windows 7 enablesdynamic redirection of media devices, including cameras, scanners, media players, andpoint of sale (POS) devices to the server. You or the user can restrict redirection of all orsome of the devices. Edit policies on the server or apply group policies on the user deviceto configure the redirection settings. Three methods can enforce HDX Plug-n-Play USBdevice redirection policies:

● Server side. The administrator can enable or disable all device redirections for aspecific user or user group using the Active Directory policies available in XenApp. Thepolicy controls redirection of all devices and is not specific to a device. For moreinformation, see the XenApp administration documentation.

● Plug-in side. The administrator can enable or disable all device redirection for aspecific user or computer by using the group policy editor. There are two policy settings- the USB Plug-n-Play Devices policy setting controls redirection of all devices and theUSB Point of Sale Devices policy setting controls POS devices only. If USB Plug-n-PlayDevices allows devices to be redirected, you can use the USB Point of Sale Devices,which is a subset of USB Plug-n-Play Devices, to control only POS devices.

● Plug-in side. The user can allow or reject device redirection. When a device is going tobe redirected, the permission set by the user in the Connection Center is applied (thesetting applies to the current session). If the permission is set to Full Access, devicesare always redirected. If the permission is set to No Access, devices are not redirected.If the permission is set to Ask Permission, a dialog box appears before redirectionoccurs requiring the user to make a selection. Depending on the answer, the device isredirected or not. If the user is prompted with any of the device security dialog boxes(for example, file security or audio security) and instructs the system to remember thedecision, applications launched in subsequent ICA sessions load and use these settings.

This setting affects only devices plugged in after the user changes the setting. Devicesthat are already plugged in when the user changes the setting are unaffected by thenew setting.

Important: If you prohibit Plug-n-Play USB device redirection in a server policy, theuser cannot override that policy setting with the plug-in side policy.

Plug-in Group PoliciesAccess the plug-in policies using the Group Policy Editor available through gpedit.msc fromthe Start menu's Run dialog box. You can apply the policies to both users and computers.Two policies are available:

● USB Plug-n-Play Devices is the main policy that turns HDX Plug-n-Play USB deviceredirection on or off. Enabling redirection allows any Media Transfer Protocol (MTP),Picture Transfer Protocol (PTP), and Point of Sale (POS) device connected to the userdevice to be redirected in the session. The policy has three values: Not Configured,Enabled, and Disabled. The default is Not Configured, which allows redirection.

● USB Point of Sale Devices controls the redirection of POS devices and USB Plug-n-PlayDevices must be Enabled to enable this policy. The policy can have three values: NotConfigured, Enabled, and Disabled. The default is Not Configured, which allowsredirection of POS devices.

HDX Plug-n-Play USB Device Redirection for XenApp Connections

91

92

Mapping Client Printers for MoreEfficiency

The Receiver support printing to network printers and printers that are attached locally touser devices. By default, unless you create policies to change this, XenApp lets users:

● Print to all printing devices accessible from the user device

● Add printers (but it does not retain settings configured for these printers or save themfor the next session)

However, these settings might not be the optimum in all environments. For example, thedefault setting that allows users to print to all printers accessible from the user device isthe easiest to administer initially, but might create slower logon times in someenvironments.

Likewise, your organization’s security policies might require that you prevent users frommapping local printing ports. To do so, configure the Citrix policy Auto connect client COMports setting to Disabled.

To change default printing settings, configure policy settings on the server. For moreinformation, see the XenApp administration topics.

To view mapped client printersWhile connected to the XenApp server, from the Start menu, choose Printers in the ControlPanel.

The Printers window displays the local printers mapped to the session. When connecting toservers running Citrix Presentation Server 4.0 or 4.5 or Citrix XenApp, by default the nameof the printer takes the form:

printername (from clientname) in session x

where:

● printername is the name of the printer on the user device.

● clientname is the unique name given to the user device or the Web Interface.

● x is the SessionID of the user’s session on the server.

For example, printer01 (from computer01) in session 7

When connecting to servers running Presentation Server 3.0 or earlier, or when the Legacy printer name option from the Citrix policy Client printer names setting is enabled on the

server, a different naming convention is used. The name of the printer takes the form:

Client/clientname#/printername

where:

● clientname is the unique name given to the user device during client setup.

● printername is the Windows printer name. Because the Windows printer name is usedand not the port name, multiple printers can share a printer port without conflict.

For more information about printing, and about managing printing using policies, see theCitrix XenApp Administrator's documentation.

Mapping Client Printers for More Efficiency

93

94

To map a client COM port to a serverCOM port

Client COM port mapping allows devices attached to the COM ports of the user device to beused during sessions on a XenApp server. These mappings can be used like any othernetwork mappings.

Important: Client COM port mapping is not supported when connecting to MetaFrameServer 1.0 and 1.1 for UNIX Operating Systems.

You can map client COM ports at the command prompt. You can also control client COMport mapping from the Terminal Services Configuration tool or using policies. See the CitrixXenApp Administrator’s documentation for more information about policies.

1. Start Receiver and log on to the XenApp server.

2. At a command prompt, type: net use comx: \\client\comz: where x is the number ofthe COM port on the server (ports 1 through 9 are available for mapping) and z is thenumber of the client COM port you want to map.

3. To confirm the operation, type: net use at a command prompt. The list that appearscontains mapped drives, LPT ports, and mapped COM ports. To use this COM port in asession on a XenApp server, install your device to the mapped name. For example, ifyou map COM1 on the client to COM5 on the server, install your COM port device onCOM5 during the session on the server. Use this mapped COM port as you would a COMport on the user device.

Important: COM port mapping is not TAPI-compatible. TAPI devices cannot bemapped to client COM ports.

95

Mapping Client Audio to Play Sound onthe User Device

Client audio mapping enables applications executing on the XenApp server to play soundsthrough Windows-compatible sound devices installed on the user device. You can set audioquality on a per-connection basis on the XenApp server and users can set it on their device.If the user device and server audio quality settings are different, the lower setting is used.

Client audio mapping can cause excessive load on servers and the network. The higher theaudio quality, the more bandwidth is required to transfer the audio data. Higher qualityaudio also uses more server CPU to process.

Important: Client sound support mapping is not supported when connecting to CitrixXenApp for UNIX.

96

Associating User Device File Types withPublished Applications

Receiver supports HDX Plug-n-Play content redirection. Functionally equivalent to extendedparameter passing, content redirection allows you to enforce all underlying file typeassociations from the server, eliminating the need to configure extended parameter passingon individual user devices.

To associate file types on the user device with applications published on the server,configure Plug-n-Play content redirection on the server. For more information, see theXenApp adminstration topics.

97

Using the Window Manager whenConnecting to Citrix XenApp for UNIX

This topic does not apply to XenDesktop connections.

You can use the window manager to change the session display when connecting topublished resources on XenApp servers for UNIX. With the window manager, users canminimize, resize, position, and close windows, as well as access full screen mode.

About Seamless WindowsIn seamless window mode, published applications and desktops are not contained within asession window. Each published application and desktop appears in its own resizablewindow, as if it is physically installed on the user device. Users can switch betweenpublished applications and the local desktop.

You can also display seamless windows in “full screen” mode, which places the publishedapplication in a full screen-sized desktop. This mode lets you access the ctxwm menusystem.

To switch between seamless and full screen modes

Press SHIFT+F2 to switch between seamless and full screen modes.

Minimizing, Resizing, Positioning, and ClosingWindows

When users connect to published resources, window manager provides buttons to minimize,resize, position, and close windows. Windows are minimized as buttons on the taskbar.

When the user closes the last application in a session, the session is logged offautomatically after twenty seconds.

98

Terminating and Disconnecting Sessions


In remote desktop and seamless full screen windows, you can use the ctxwm menu systemto log off, disconnect, and exit from published applications and connection sessions.

To access the ctxwm menu system1. On a blank area of the remote desktop window, click and hold down the left mouse

button. The ctxwm menu appears.

2. Drag the mouse pointer over Shutdown to display the shutdown options.

To choose an option from the ctxwm menuDrag the pointer over the required option to select it. Release the mouse button to selectthe option.

To Choose

Terminate the connection and all running applications Logoff

Disconnect the session but leave the application running Disconnect

Disconnect the session and terminate the application Exit

Note: The server can be configured to terminate any applications that are running if asession is disconnected.

99

Using ctxgrab and ctxcapture to Cut andPaste Graphics When Connected toXenApp for UNIX

If you are connected to an application published on a XenApp server for UNIX, use ctxgrabor ctxcapture to cut and paste graphics between the session and the local desktop. Theseutilities are configured and deployed from the server.

Important: You might need to deploy UNIX applications that are designed for use with a3‑button mouse. Use ctx3bmouse on the XenApp for UNIX server to configure 3-buttonmouse emulation. For more information, see the XenApp for UNIX administrationdocumentation.

● ctxgrab

● ctxcapture

100

Using the ctxgrab Utility to Cut and PasteGraphics


The ctxgrab utility is a simple tool you use to cut and paste graphics from publishedapplications to applications running on the local user device. This utility is available from acommand prompt or, if you are using a published application, from the ctxwm windowmanager.

Important: Use ctx3bmouse on the XenApp for UNIX server to configure 3-button mouseemulation. For more information, see the XenApp for UNIX administrationdocumentation.

To access the ctxgrab utility from the windowmanager

● In seamless mode, right-click the ctxgrab button in the top, left-hand corner of thescreen to display a menu and choose the grab option

● In full screen mode, left-click to display the ctxwm menu and choose the grab option

To copy from an application in a plug-in window to alocal application

1. From the ctxgrab dialog box, click From screen.

2. To select a window, move the cursor over the window you want to copy and click themiddle mouse button. To select a region, hold down the left mouse button and drag thecursor to select the area you want to copy. To cancel the selection, click the rightmouse button. While dragging, click the right mouse button before releasing the leftbutton.

3. Use the appropriate command in the local application to paste the object.

101

Using the ctxcapture Utility to Cut andPaste Graphics


The ctxcapture utility is a more fully-featured utility for cutting and pasting graphicsbetween published applications and applications running on the local user device.

With ctxcapture you can:

● Grab dialog boxes or screen areas and copy them between an application in a Receiverwindow and an application running on the local user device, includingnon-ICCCM-compliant applications

● Copy graphics between the Receiver and the X graphics manipulation utility xvf

If you are connected to a published desktop, ctxcapture is available from a commandprompt. If you are connected to a published application and the administrator makes itavailable, you can access ctxcapture through the ctxwm window manager.


To access the ctxcapture utility from the windowmanager

Left-click to display the ctxwm menu and choose the screengrab option.

To copy from a local application to an application in aReceiver window

1. From the ctxcapture dialog box, click From screen.

2. To select a window, move the cursor over the window you want to copy and click themiddle mouse button. To select a region, hold down the left mouse button and drag thecursor to select the area you want to copy. To cancel the selection: click the rightmouse button. While dragging, click the right mouse button before releasing the leftbutton.

3. From the ctxcapture dialog box, click To ICA. The xcapture button changes color toindicate that it is processing the information.

4. When the transfer is complete, use the appropriate command in the publishedapplication window to paste the information.

To copy from an application in a Receiver window to alocal application

1. From the application in the Receiver window, copy the graphic.

2. From the ctxcapture dialog box, click From ICA.

3. When the transfer is complete, use the appropriate command in the local application topaste the information.

To copy from xv to an application in a Receiverwindow or local application

1. From xv, copy the graphic.

2. From the ctxcapture dialog box, click From xv and To ICA.

3. When the transfer is complete, use the appropriate command in the Receiver windowto paste the information.

To copy from an application in a Receiver window toxv


2. From the ctxcapture dialog box, click From ICA and To xv.

3. When the transfer is complete, use the paste command in xv.

Using the ctxcapture Utility to Cut and Paste Graphics

102

103

Matching Client Names and ComputerNames

The dynamic client name feature allows the client name to be the same as the computername. When users change their computer name, the client name changes to match. Thisallows you to name computers to suit your naming scheme and find connections more easilywhen managing your server farm.

If the client name is not set to match the computer name during installation, the clientname does not change when the computer name is changed.

Users enable dynamic client name support by selecting Enable Dynamic Client Name duringReceiver installation.

To enable dynamic client name support during silent command line installation, the valueof the property ENABLE_DYNAMIC_CLIENT_NAME must be Yes. Set the property to No todisable dynamic client name support.

104

DNS Name Resolution

You can configure Receivers that use the Citrix XML Service to request a Domain NameService (DNS) name for a server instead of an IP address.

Important: Unless your DNS environment is configured specifically to use this feature,Citrix recommends that you do not enable DNS name resolution in the server farm.

Receivers connecting to published applications through the Web Interface also use theCitrix XML Service. For Receivers connecting through the Web Interface, the Web serverresolves the DNS name on behalf of the Receiver.

DNS name resolution is disabled by default in the server farm and enabled by default on theReceiver. When DNS name resolution is disabled in the farm, any Receiver request for a DNSname returns an IP address. There is no need to disable DNS name resolution on Receiver.

To disable DNS name resolution for specific clientdevices

If you are using DNS name resolution in the server farm and are having problems withspecific user devices, you can disable DNS name resolution for those devices.


1. Add a string registry key xmlAddressResolutionType toHKEY_LOCAL_MACHINE\Software\Wow6432Node\Citrix\ICA Client\Engine\LockdownProfiles\All Regions\Lockdown\Application Browsing.

2. Set the value to IPv4-Port.

3. Repeat for each user of the user devices.

105

Using Proxy Servers with XenDesktopConnections

If you do not use proxy servers in your environment, correct the Internet Explorer proxysettings on any user devices running Internet Explorer 7.0 on Windows XP. By default, thisconfiguration automatically detects proxy settings. If proxy servers are not used, users willexperience unnecessary delays during the detection process. For instructions on changingthe proxy settings, consult your Internet Explorer documentation. Alternatively, you canchange proxy settings using the Web Interface. For more information, consult the WebInterface documentation.

http://support.citrix.com/proddocs/index.jsp?lang=en&topic=/technologies/wi-library-wrapper-all-versions.html


106

Improving the Receiver User Experience

You can improve your users’ experiences with the following supported features:

● ClearType font smoothing

● Client-side microphone input for digital dictation

● Multiple monitor support

● Printing performance enhancements

● To set keyboard shortcuts

● 32-bit color icons

Topics that support users with the Desktop Viewer and the Desktop Lock are available athttp://support.citrix.com/help/receiver/en/receiverHelpWin.htm.


107

ClearType Font Smoothing in Sessions


XenApp server supports ClearType font smoothing with Receiver for users on computersrunning Windows XP, Windows 7, and Windows Vista. ClearType font smoothing is set bydefault in Windows 7 and Windows Vista, but Standard font smoothing is set by default inWindows XP.

If you enable ClearType font smoothing on Receiver, you are not forcing the user devices touse ClearType font smoothing. You are enabling the server to support ClearType fontsmoothing on user devices that have it set and are using Receiver. By disabling it forsessions, you are specifying that sessions launched from that Receiver do not remote thefont smoothing setting.

Receiver automatically detects the user device’s font smoothing setting and sends it to theserver. The session connects using this setting. When the session is disconnected orterminated, the user's profile setting on the server is set to original setting unless the userspecifically changed it in the control panel in the session; then the server uses the newsetting.

Older Receivers (plug-ins) connect using the font smoothing setting configured in that user’sprofile on the server.

When ClearType font smoothing is enabled, three times more data is sent across the virtualchannel, which might cause a decrease in performance.

Font smoothing must be enabled on users’ operating systems, the Receiver, the WebInterface site, and the server farm.

To enable or disable ClearType font smoothing forsessions

In Web Interface environments, use the Session Preferences task in the Citrix WebInterface Management console to enable or disable font smoothing for XenApp Web sitesand the Session Options task for XenApp Services sites.

108

Client-Side Microphone Input

Receiver supports multiple client-side microphone input. Locally installed microphones canbe used for:

● Real-time activities, such as softphone calls and Web conferences.

● Hosted recording applications, such as dictation programs.

● Video and audio recordings.

Digital dictation support is available with Receiver. For information about configuring thisfeature, see the administrator's documentation for Citrix XenApp or Citrix XenDesktop.

Receiver (Enterprise) users can disable their microphones by selecting No Access in theMicrophones/Webcams menu choice available from the Citrix Connection Center, or fromthe Receiver’s system menu (for non-seamless connections). Receiver (standard) users arepresented with the same dialog box automatically at the beginning of their sessions.XenDesktop users can also use the XenDesktop Viewer Preferences to disable theirmicrophones.

Note: Selecting No Access also disables any attached Webcams.

On the user device, users control audio input and output in a single step—by selecting anaudio quality level from the Options dialog box.

109

Configuring HDX Plug-n-PlayMulti-monitor Support

Multiple monitors are fully supported by Receiver. As many as eight monitors are supported.

Each monitor in a multiple monitor configuration has its own resolution designed by itsmanufacturer. Monitors can have different resolutions and orientations during sessions.

Sessions can span multiple monitors in two ways:

● Full screen mode, with multiple monitors shown inside the session; applications snap tomonitors as they would locally.

XenDesktop: If users access a desktop through the Citrix Desktop Lock, the desktop isdisplayed across all monitors. The primary monitor on the device becomes the primarymonitor in the XenDesktop session. You can display the Desktop Viewer toolbar acrossany rectangular subset of monitors by resizing the window across any part of thosemonitors and pressing the Maximize button.

● Windowed mode, with one single monitor image for the session; applications do notsnap to individual monitors.

XenDesktop: When any desktop in the same assignment (formerly "desktop group") islaunched subsequently, the window setting is preserved and the toolbar is displayed acrossthe same monitors. Multiple virtual desktops can be displayed on one device provided themonitor arrangement is rectangular. If the primary monitor on the device is used by theXenDesktop session, it becomes the primary monitor in the session. Otherwise, thenumerically lowest monitor in the session becomes the primary monitor.

To enable multi-monitor support, ensure the following:

● The user device must have a single video board that can support connections to morethan one monitor or multiple video boards compatible with the Receiver on theappropriate platform.

● The user device operating system must be able to detect each of the monitors. OnWindows platforms, to verify that this detection occurs, on the user device, view theSettings tab in the Display Settings dialog box and confirm that each monitor appearsseparately.

● After your monitors are detected:

● XenDesktop: Configure the graphics memory limit using the Citrix Machine Policysetting Display memory limit.

● XenApp: Depending on the version of the XenApp server you have installed:

● Configure the graphics memory limit using the Citrix Computer Policy settingDisplay memory limit.

● From the Citrix management console for the XenApp server, select the farm andin the task pane, select Modify Server Properties > Modify all properties >Server Default > HDX Broadcast > Display (or Modify Server Properties >Modify all properties > Server Default > ICA > Display) and set the Maximummemory to use for each session’s graphics.

Ensure the setting is large enough (in kilobytes) to provide sufficient graphic memory. Ifthis setting is not high enough, the published resource is restricted to the subset of themonitors that fits within the size specified.

For information about calculating the session's graphic memory requirements for XenAppand XenDesktop, see ctx115637.

Configuring HDX Plug-n-Play Multi-monitor Support

110


111

Printing Performance

Printing performance can play a vital role in your users’ experiences. The printingconfiguration you create affects these aspects of the user’s experience:

● User ease and comfort level

● Logon times

● Ability to print to a nearby printer when traveling or when moving between clientdevices in a building

You configure printer policy settings on the server.

User Ease and Comfort LevelIn environments with novice users, consider changing the following potentially confusingdefault printing behaviors:

● Printer names change at the start of each session. When, by default, client printersare auto-created, the printer name is appended with the name of the user device andsession. For example, auto-created client printers appear in the Print dialog box with aname like HP LaserJet 1018 (from clientname) in session 35.

To resolve this problem, you can either reduce the number of printers auto-created orprovision printers using another method. To control printer auto-creation, configure theCitrix policy setting Auto-create client printers and select one of the followingoptions:

● Do not auto-create client printers. Client printers are not auto-created.

● Auto-create the client’s default printer only. Only the client’s default printerattached to or mapped from the client preconfigured in the Control Panel isauto-created in the session.

● Auto-create local (non-network) client printers only. Any non-network printersattached to the client device preconfigured in the Control Panel are auto-createdin the session.

● Auto-create all client printers. All network printers and any printers attached to ormapped from the user device preconfigured in the Control Panel are auto-createdin the session.

● If many printers are installed by default on user devices, your users might be confusedby the large number of available printers. You can limit the printers that appear tothem in sessions.

● HDX Plug-n-Play Universal Printer uses a nonstandard printing dialog box. If your users have trouble learning new features on their own, you might not want to use the

the Universal Printer as the default printer in a session. The user interface for thisprinter is slightly different from the standard Windows print dialog box.

Logon TimesThe printing configuration you select can impact how long it takes users to start a session.When Receiver is configured to provision printers by creating them automatically at thebeginning of each session, it increases the amount of time to build the session environment.In this case, Receiver has to rebuild every printer found on the user device. You candecrease logon time by specifying any of the following on the XenApp server:

● Auto-create only the the Universal Printer. This is done automatically when youconfigure the the Universal Printer.

● Auto-create only the default printer for the client device by using the Auto-createclient printers policy setting.

● Do not auto-create any client printers through the Auto-create client printers policysetting and route print jobs to network printers by configuring the Session printerspolicy setting

Configuring Printers for Mobile WorkersIf you have users who move among workstations in the same building (for example, in ahospital setting) or move among different offices, you might want to configure ProximityPrinting. The Proximity Printing solution ensures that the closest printer is presented to theusers in their sessions, even when they change user devices during a session.


112

113

To override the printer settings configuredon the server

To improve printing performance, you can configure various printing policy settings on theserver:

● Universal printing optimization defaults

● Universal printing EMF processing mode

● Universal printing image compression limit

● Universal printing print quality limit

● Printer driver mapping and compatibility

● Session printers

If you enabled Allow non-admins to modify these settings in the Universal printingoptional defaults policy setting on the server, users on their user devices can override theImage Compression and Image and Font Caching options specified in that policy setting.

To override the printer settings on the user device

1. From the Print menu available from an application on the user device, chooseProperties.

2. On the Client Settings tab, click Advanced Optimizations and make changes to theImage Compression and Image and Font Caching options.

114

To set keyboard shortcuts

You can configure combinations of keys that Receiver interprets as having specialfunctionality. When the keyboard shortcuts policy is enabled, you can specify Citrix Hotkeymappings, behavior of Windows hotkeys, and keyboard layout for sessions.







6. From the Group Policy Editor, expand Administrative Templates and navigate throughCitrix Components > Citrix Receiver > User Experience > Keyboard shortcuts. InWindows 7 and Windows Server 2008, expand Administrative Templates and navigatethrough Classic Administrative Templates (ADM) > Citrix Components to the desiredconfiguration option.

7. From the Action menu, choose Properties, select Enabled, and choose the desiredoptions.

115

Keyboard Input in XenDesktop Sessions

Note the following about how keyboard combinations are processed in XenDesktop sessions:

● Windows logo key+L is directed to the local computer.

● CTRL+ALT+DELETE is directed to the local computer except in some cases if you use theCitrix Desktop Lock.

● Key presses that activate StickyKeys, FilterKeys, and ToggleKeys (Microsoft accessibilityfeatures) are normally directed to the local computer.

● As an accessibility feature of the Desktop Viewer, pressing CTRL+ALT+BREAK displaysthe Desktop Viewer toolbar buttons in a pop-up window.

● Windows key combinations (for example, CTRL+ESC and ALT+TAB) are directedaccording to the settings that your helpdesk has selected. For more information, seethe table below.

Note: By default, if the Desktop Viewer is maximized, ALT+TAB switches focusbetween windows inside the session. If the Desktop Viewer is displayed in a window,ALT+TAB switches focus between windows outside the session.

Hotkey sequences are key combinations designed by Citrix. For example, the CTRL+F1sequence reproduces CTRL+ALT+DELETE, and SHIFT+F2 switches applications betweenfull-screen and windowed mode. You cannot use hotkey sequences with virtual desktopsdisplayed in the Desktop Viewer (that is, with XenDesktop sessions), but you can use themwith published applications (that is, with XenApp sessions).

The table shows the remoting behavior of other Windows key combinations. The behaviordepends on whether a Desktop Viewer or a Desktop Lock session is used, and is controlledby the Local resources setting, avaliable from the Session Options task on the XenDesktopsite. XenApp settings are also shown for reference. For more information on configuring thissetting, see the Web Interface documentation.

With Localresources set to

Desktop Viewersessions have thisbehavior

Desktop Locksessions have thisbehavior

XenApp (or disabledDesktop Viewer)sessions have thisbehavior

Full screen desktopsonly

Key combinationsare sent to theremote, virtualdesktop only if theDesktop Viewerwindow has focusand is maximized(full-screen).

Key combinationsare always sent tothe remote, virtualdesktop.

Key combinationsare sent to theremote XenAppserver if the sessionis maximized(full-screen).


Remote desktop Key combinationsare sent to theremote, virtualdesktop only if theDesktop Viewerwindow has focus.


Key combinationsare sent to theremote XenAppserver if the sessionor application hasfocus.

Local desktop Key combinationsare always kept onthe local userdevice.

Key combinationsare always kept onthe local userdevice.

Citrix does notrecommend settingLocal resources toLocal desktop if theDesktop Lock isused.



116

117

Receiver Support for 32-Bit Color Icons

Receiver supports high color icons (32x32 bit) and automatically selects the color depth forapplications visible in the Citrix Connection Center dialog box, the Start menu, and task barto provide for seamless applications.


To set a preferred depth, you can add a string registry key named TWIDesiredIconColor toHKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Citrix\ICA Client\Engine\LockdownProfiles\All Regions\Preferences and set it to the desired value. The possible color depthsfor icons are 4, 8, 16, 24, and 32 bits-per-pixel. The user can select a lower color depth foricons if the network connection is slow.

118

Connecting to Virtual Desktops

From within a desktop session, users cannot connect to the same virtual desktop.Attempting to do so will disconnect the existing desktop session. Therefore, Citrixrecommends:

● Administrators should not configure the clients on a desktop to point to a site thatpublishes the same desktop

● Users should not browse to a site that hosts the same desktop if the site is configured toautomatically reconnect users to existing sessions

● Users should not browse to a site that hosts the same desktop and try to launch it

Be aware that a user who logs on locally to a computer that is acting as a virtual desktopblocks connections to that desktop.

If your users connect to virtual applications (published with XenApp) from within a virtualdesktop and your organization has a separate XenApp administrator, Citrix recommendsworking with them to define device mapping such that desktop devices are mappedconsistently within desktop and application sessions. Because local drives are displayed asnetwork drives in desktop sessions, the XenApp administrator needs to change the drivemapping policy to include network drives.

119

Securing Your Connections

To maximize the security of your environment, the connections between Receiver and theresources you publish must be secured. You can configure various types of authenticationfor your Receiver software, including enabling certificate revocation list checking, enablingsmart card support, and using Security Support Provider Interface/Kerberos Pass-ThroughAuthentication.

Windows NT Challenge/Response (NTLM) Support forImproved Security

Windows NT Challenge/Response (NTLM) authentication is supported by default oncomputers running Windows NT, Windows 2000, Windows XP, Windows 7, Windows Vista,Windows Server 2003, and Windows Server 2008.

120

To enable certificate revocation listchecking for improved security withReceiver (CitrixReceiver.exe)

When certificate revocation list (CRL) checking is enabled, Receiver checks whether or notthe server’s certificate is revoked. By forcing Receiver to check this, you can improve thecryptographic authentication of the server and the overall security of the SSL/TLSconnections between a user device and a server.

You can enable several levels of CRL checking. For example, you can configure Receiver tocheck only its local certificate list or to check the local and network certificate lists. Inaddition, you can configure certificate checking to allow users to log on only if all CRLs areverified.

Important: This option is available only with the standard Receiver (CitrixReceiver.exe)and not Receiver (Enterprise).

If you are making this change on a local computer, exit Receiver if it is running. Make sureall Receiver components, including the Connection Center, are closed.





4. Choose Add and browse to the Configuration folder for the Receiver (usually C:\ProgramFiles\Citrix\ICA Client\Configuration) and select icaclient.adm.


6. From the Group Policy Editor, expand Administrative Templates and navigate throughCitrix Components > Citrix Receiver > Network routing > TLS/SSL data encryptionand server identification. In Windows 7 and Windows Server 2008, expandAdministrative Templates and navigate through Classic Administrative Templates(ADM) > Citrix Components to the desired configuration option.

7. From the Action menu, choose Properties and select Enabled.

8. From the CRL verification drop-down menu, select one of the options.

● Disabled. No certificate revocation list checking is performed.

● Only check locally stored CRLs. CRLs that were installed or downloaded previouslyare used in certificate validation. Connection fails if the certificate is revoked.

● Require CRLs for connection. CRLs locally and from relevant certificate issuers onthe network are checked. Connection fails if the certificate is revoked or not found.

● Retrieve CRLs from network. CRLs from the relevant certificate issuers arechecked. Connection fails if the certificate is revoked.

If you do not set CRL verification, it defaults to Only check locally stored CRLs.

To enable certificate revocation list checking for improved security with Receiver (CitrixReceiver.exe)

121

122

Smart Card Support for Improved Security

You must use Receiver (Enterprise) for Smart Card support.

Receiver smart card support is based on Microsoft Personal Computer/Smart Card (PC/SC)standard specifications. Receiver supports only smart cards and smart card devices thatare, themselves, supported by the underlying Windows operating system. A discussion ofsecurity issues related to PC/SC standards compliance is beyond the scope of thisdocument.

Enabling smart card support for Receiver is done through the Web Interface. For moreinformation, see the Web Interface documentation.

Note: Microsoft strongly recommends that only smart card readers tested and approvedby the Microsoft Windows Hardware Quality Lab (WHQL) be used on computers runningqualifying Windows operating systems. See http://www.microsoft.com for additionalinformation about hardware PC/SC compliance.

Receiver does not control smart card PIN management. PIN management is controlled bythe cryptographic service provider for your cards.

http://www.microsoft.com

123

To enable pass-through authenticationwhen sites are not in Trusted Sites orIntranet zones

Your users might require pass-through authentication to the server using their user logoncredentials but cannot add sites to the Trusted Sites or Intranet zones. Enable this settingto allow pass-through authentication on all but Restricted sites.







6. From the Group Policy Editor, expand Administrative Templates and navigate throughCitrix Components > Citrix Receiver > User authentication > Local user name andpassword. In Windows 7 and Windows Server 2008, expand Administrative Templatesand navigate through Classic Administrative Templates (ADM) > Citrix Components tothe desired configuration option.

7. From the Local user name and password Properties menu, select Enabled, and thenselect the Enable pass-through authentication and Allow pass-through authenticationfor all ICA connections check boxes.

124

Using Security Support ProviderInterface/Kerberos Pass-ThroughAuthentication for Improved Security


Rather than sending user passwords over the network, Kerberos pass-through authenticationleverages Kerberos authentication in combination with Security Support Provider Interface(SSPI) security exchange mechanisms. Kerberos is an industry-standard networkauthentication protocol built into Microsoft Windows operating systems.

Kerberos logon offers security-minded users or administrators the convenience ofpass-through authentication combined with secret-key cryptography and data integrityprovided by industry-standard network security solutions. With Kerberos logon, the Receiverdoes not need to handle the password and thus prevents Trojan horse-style attacks on theuser device to gain access to users’ passwords.

Users can log on to the user device with any authentication method; for example, abiometric authenticator such as a fingerprint reader, and still access published resourceswithout further authentication.

System requirements. Kerberos logon requires Citrix Presentation Server 3.0, 4.0, or 4.5,Citrix XenApp 5.0, 6.x and Citrix Presentation Server Clients for Windows 8.x, 9.x, 10.x,XenApp Hosted Plug-in 11.x, online plug-in 12.0, 12.1, or Receiver 3.x. Kerberos works onlybetween Client/plug-ins/Receiver and servers that belong to the same or to trustedWindows 2000, Windows Server 2003, or Windows Server 2008 domains. Servers must alsobe trusted for delegation, an option you configure through the Active Directory Users andComputers management tool.

Kerberos logon is not available in the following circumstances:

● Connections configured with any of the following options in Remote Desktop Services(formerly known as Terminal Services) Configuration:

● On the General tab, the Use standard Windows authentication option

● On the Logon Settings tab, the Always use the following logon information optionor the Always prompt for password option

● Connections you route through the Secure Gateway

● If the server requires smart card logon

● If the authenticated user account requires a smart card for interactive logon

Important: SSPI requires XML Service DNS address resolution to be enabled for the serverfarm, or reverse DNS resolution to be enabled for the Active Directory domain. For moreinformation, see the Citrix XenApp administrator documentation.

Configuring Kerberos AuthenticationReceiver, by default, is not configured to use Kerberos authentication when logging on tothe server. You can set the Receiver configuration to use Kerberos with pass-throughauthentication or Kerberos with smart card pass-through authentication.

To use Kerberos authentication for your connections, you can either specify Kerberos usinga command line installation or configure Receiver using the Group Policy Editor. See theMicrosoft Group Policy documentation for more information about editing .adm files

Using Security Support Provider Interface/Kerberos Pass-Through Authentication for Improved Security

125

126

To configure Kerberos with pass-throughauthentication


Use Kerberos with pass-through authentication if you want to use Kerberos with Receiver.

When Receiver configurations are set to use Kerberos with pass-through authentication,Receiver uses Kerberos authentication first and uses pass-through authentication if Kerberosfails.

The user cannot disable this Receiver configuration from the user interface.







6. From the Group Policy Editor, expand Administrative Templates, navigate throughCitrix Components > Citrix Receiver > User authentication, double click Kerberosauthentication and select Enabled. In Windows 7 and Windows Server 2008, expandAdministrative Templates and navigate through Classic Administrative Templates(ADM) > Citrix Components to the desired configuration option.


8. From the Action menu, choose Properties and select Enabled > Enable pass-throughauthentication.

To apply the setting, close and restart Receiver on the user device.

127


To secure the communication between your server farm and Receiver, you can integrateyour Receiver connections to the server farm with a range of security technologies,including:

● Citrix Access Gateway. For information about configuring Access Gateway with ReceiverStorefront, refer to the "Manage" topics in the Receiver Storefront documentation ineDocs. For information about configuring Access Gateway or Secure Gateway with WebInterface, refer to topics in this section.

● A SOCKS proxy server or secure proxy server (also known as security proxy server,HTTPS proxy server, or SSL tunneling proxy server). You can use proxy servers to limitaccess to and from your network and to handle connections between Receiver andservers. Receiver supports SOCKS and secure proxy protocols.

● SSL Relay solutions with Secure Sockets Layer (SSL) and Transport Layer Security (TLS)protocols.

● A firewall. Network firewalls can allow or block packets based on the destinationaddress and port. If you are using Receiver through a network firewall that maps theserver's internal network IP address to an external Internet address (that is, networkaddress translation, or NAT), configure the external address.

● Trusted server configuration.

Note: For information about increasing security in application streaming for desktops, seethe Citrix Knowledge Base article Enhancing Security in Application Streaming forDesktops.

Receiver is compatible with and functions in environments where the Microsoft SpecializedSecurity - Limited Functionality (SSLF) desktop security templates are used. Thesetemplates are supported on the Microsoft Windows XP, Windows Vista, and Windows 7platforms. Refer to the Windows XP, Windows Vista, and Windows 7 security guidesavailable at http://technet.microsoft.com for more information about the templates andrelated settings.

http://technet.microsoft.com

128

Support for Microsoft Security Templates



129

Connecting with Access GatewayEnterprise Edition

This topic applies only to deployments using the Web Interface.

Configure the XenApp Services site for the Receiver to support connections from an AccessGateway connection.

1. In the XenApp Services site, select Manage secure client access > Edit secure clientaccess settings.

2. Change the Access Method to Gateway Direct.

3. Enter the FQDN of the Access Gateway appliance.

4. Enter the Secure Ticket Authority (STA) information.

To configure the Access Gateway appliance1. Configure authentication policies to authenticate users connecting to the Access

Gateway by using the Access Gateway Plug-in. Bind each authentication policy to avirtual server.

● If double-source authentication is required (such as RSA SecurID and ActiveDirectory), RSA SecurID authentication must be the primary authentication type.Active Directory authentication must be the secondary authentication type.

● RSA SecurID uses a RADIUS server to enable token authentication.

● Active Directory authentication can use either LDAP or RADIUS.Test a connection from a user device to verify that the Access Gateway is configuredcorrectly in terms of networking and certificate allocation.

2. Create a session policy on the Access Gateway to allow incoming XenApp connectionsfrom the Receiver, and specify the location of your newly created XenApp Services site.

● Create a new session policy to identify that the connection is from the Receiver. Asyou create the session policy, configure the following expression and select MatchAll Expressions as the operator for the expression:

REQ.HTTP.HEADER User-Agent CONTAINS CitrixReceiver

Connecting with Access Gateway Enterprise Edition

130

● In the associated profile configuration for the session policy, on the Security tab,set Default Authorization to Allow.

On the Published Applications tab, if this is not a global setting (you selected theOverride Global check box), ensure the ICA Proxy field is set to ON.

In the Web Interface Address field, enter the URL including the config.xml for theXenApp Services site that the device users use, such ashttp://XenAppServerName/Citrix/PNAgent/config.xml orhttp://XenAppServerName/CustomPath/config.xml.

● Bind the session policy to a virtual server.

● Create authentication policies for RADIUS and Active Directory.

● Bind the authentication policies to the virtual server.

Important: If the server certificate used on the Access Gateway is part of acertificate chain (with an intermediate certificate), make sure that the intermediatecertificates are also installed correctly on the Access Gateway. For information aboutinstalling certificates, see the Access Gateway documentation.


131

132

Connecting with Access Gateway 5.0


Access Gateway setup requires that you configure a basic or a SmartAccess logon point onAccess Gateway and use the Web address for the XenApp Services site.

Before you configure a logon point, install the Web Interface and verify that it iscommunicating with the network. When you configure a logon point, you must alsoconfigure at least one Secure Ticket Authority (STA) server and ICA Access Control in AccessGateway. For more information, expand Access Gateway 5.0 in eDocs, and locate the topicTo configure Access Gateway to use the Secure Ticket Authority.

To configure the Access Gateway 5.0 appliance1. Configure Authentication profiles to authenticate users connecting to the Access

Gateway using the Receiver.

● If double source authentication is required (such as Active Directory and RSASecurID), Active Directory authentication must be the primary authentication type.RSA SecurID authentication must be the secondary authentication type.

● RSA SecurID can use either RADIUS or an sdconf.rec file to enable tokenauthentication.

● You can configure Active Directory authentication on Access Controller. You can useActive Directory on the Access Gateway appliance by using either an LDAP orRADIUS authentication profile.

Test a connection from a user device to verify that the Access Gateway is configuredcorrectly in terms of networking and certificate allocation.

2. To establish communication with XenApp servers and the Web Interface, configure theAccess Gateway with STA servers and the ICA Access Control list on Access Gateway. Formore information, see the Access Gateway section of eDocs.

3. Configure logon points on the Access Gateway. Configure the Access Gateway to allowincoming XenApp connections from the Receiver, and specify the location of your WebInterface site.

a. In the Access Gateway Management Console, click Management.

b. Under Access Control, click Logon Points > New.

c. In the Logon Points Properties dialog box, in Name, type a unique name for thelogon point.

d. Select the Type:

● For a Basic logon point, in the Web Interface field, type the fully qualifieddomain name (FQDN) of the Web Interface, such ashttp://xenapp.domain.com/citrix/apps. You cannot configure aSmartGroup with a basic logon point. Select the authentication type, or clickAuthenticate with the Web Interface.

If you select Authenticate with the Web Interface, when users type the URL toAccess Gateway and enter credentials, the credentials are passed to the WebInterface for authentication.

● For a SmartGroup to use the settings in a SmartAccess logon point, you mustselect the logon point within the SmartGroup. Select the authenticationprofiles. If you configure a SmartAccess logon point, Access Gatewayauthenticates users. You cannot configure authentication by using the WebInterface.

If you select Single Sign-on to Web Interface, users do not have to log on tothe Web Interface after logging on to the Access Gateway. If not selected, usersmust log on to both the Access Gateway and Web Interface.


133

e. Under Applications and Desktops, click Secure Ticket Authority and add the STAdetails. Make sure the STA information is the same as the Web Interface site.

f. Finally, under Applications and Desktops, click XenApp or XenDesktop to add theICA control list (required for Access Gateway 5.0). For more information, expandAccess Gateway 5.0 in eDocs, and locate To configure ICA Access Control.

Important: If the server certificate used on the Access Gateway is part of acertificate chain (with an intermediate certificate), make sure that the intermediatecertificates are also installed correctly on the Access Gateway. For information aboutinstalling certificates, see the Access Gateway section on Configuring IntermediateCertificates.


134

To configure Access Controller1. Configure Authentication profiles to authenticate users connecting to the Access






2. To establish communication with XenApp servers and the Web Interface, configureAccess Controller to recognize the servers. Configure Access Controller to allowincoming XenApp connections from the Receiver and specify the location of your WebInterface site.

a. In the Deliver Services Console, expand Citrix Resources > Access Gateway, andthen click the Access Controller on which you want to create the Web resource.

b. Expand Resources, click Web Resources, and then under Common tasks, clickCreate Web resource. In the wizard, enter a unique name. On the New WebAddress page, enter the Web address URL of the XenApp Web site.

c. In Application type, select Citrix Web Interface and click the Enable SingleSign-on check box.

d. After you click OK, click Publish for users in their list of resources , and then inHome page, enter the URL of the XenApp Web Site, such ashttp://xenapp.domain.com/citrix/apps, and finish the wizard.

e. In the navigation pane, click Logon Points, click Create logon point, and in thewizard, enter a unique name, and select the type:

● For a Basic logon point, in the Web Interface field, type the fully qualifieddomain name (FQDN) of the Web Interface, such ashttp://xenapp.domain.com/citrix/apps. Select the Home page, andthen select the authentication profile. Leave the remaining options as defaultvalues, and click Enable this logon point check box at the end of the wizard.

● For a SmartAccess logon point, on Select Home Page, select the Display theWeb resource with the highest priority. Click Set Display Order, and movethe Web Interface Web resource to the top.

Select the Authentication Profiles for both authentication and group extraction.Leave the remaining options as default values, and click Enable this logonpoint check box at the end of the wizard.

f. In the navigation pane, under Policies > Access Policies, select Create access policy and on the Select Resources page, expand Web Resources to select the


135

Web Interface web resource.

g. In Configure Policy Settings, select the settings, click Enable this policy to controlthis setting, and select Extended access, unless denied by another policy. Addthe users allowed to access this resource and finish the wizard.

h. In the navigation pane, under Access Gateway appliances, select Edit AccessGateway appliance properties, click Secure Ticket Authority and add the STAdetails. Make sure the STA information is the same as the Web Interface site.

i. Finally, click ICA Access Control to add the ICA control list (required for AccessGateway 5.0). For more information, expand Access Gateway 5.0 in eDocs, andlocate To configure ICA Access Control in the Access Controller documentation.



136

137

Connecting with Secure Gateway


You can use the Secure Gateway in either Normal mode or Relay mode to provide a securechannel for communication between Receiver and the server. No Receiver configuration isrequired if you are using the Secure Gateway in Normal mode and users are connectingthrough the Web Interface.

Receiver uses settings that are configured remotely on the server running the Web Interfaceto connect to servers running the Secure Gateway. See the topics for the Web Interface forinformation about configuring proxy server settings for Receiver.

If the Secure Gateway Proxy is installed on a server in the secure network, you can use theSecure Gateway Proxy in Relay mode. See the topics for the Secure Gateway for moreinformation about Relay mode.

If you are using Relay mode, the Secure Gateway server functions as a proxy and you mustconfigure Receiver to use:

● The fully qualified domain name (FQDN) of the Secure Gateway server.

● The port number of the Secure Gateway server. Note that Relay mode is not supportedby Secure Gateway Version 2.0.

The FQDN must list, in sequence, the following three components:

● Host name

● Intermediate domain

● Top-level domain

For example: my_computer.my_company.com is an FQDN, because it lists, in sequence, ahost name (my_computer), an intermediate domain (my_company), and a top-level domain(com). The combination of intermediate and top-level domain (my_company.com) isgenerally referred to as the domain name.

138

Connecting the Citrix Receiver through aProxy Server

Proxy servers are used to limit access to and from your network, and to handle connectionsbetween Receivers and servers. Receiver supports SOCKS and secure proxy protocols.

When communicating with the server farm, Receiver uses proxy server settings that areconfigured remotely on the server running Receiver for Web or the Web Interface. Forinformation about proxy server configuration, refer to Receiver Storefront or Web Interfacedocumentation.

In communicating with the Web server, Receiver uses the proxy server settings that areconfigured through the Internet settings of the default Web browser on the user device.You must configure the Internet settings of the default Web browser on the user deviceaccordingly.

139

Connecting with Secure Sockets LayerRelay

You can integrate Receiver with the Secure Sockets Layer (SSL) Relay service. Receiversupports both SSL and TLS protocols.

● SSL provides strong encryption to increase the privacy of your ICA connections andcertificate-based server authentication to ensure the server you are connecting to is agenuine server.

● TLS (Transport Layer Security) is the latest, standardized version of the SSL protocol.The Internet Engineering Taskforce (IETF) renamed it TLS when it took overresponsibility for the development of SSL as an open standard. TLS secures datacommunications by providing server authentication, encryption of the data stream, andmessage integrity checks. Because there are only minor technical differences betweenSSL Version 3.0 and TLS Version 1.0, the certificates you use for SSL in your softwareinstallation will also work with TLS. Some organizations, including U.S. governmentorganizations, require the use of TLS to secure data communications. Theseorganizations may also require the use of validated cryptography, such as FIPS 140(Federal Information Processing Standard). FIPS 140 is a standard for cryptography.

140

Connecting with Citrix SSL Relay

By default, Citrix SSL Relay uses TCP port 443 on the XenApp server for SSL/TLS-securedcommunication. When the SSL Relay receives an SSL/TLS connection, it decrypts the databefore redirecting it to the server, or, if the user selects SSL/TLS+HTTPS browsing, to theCitrix XML Service.

If you configure SSL Relay to listen on a port other than 443, you must specify thenonstandard listening port number to the plug-in.

You can use Citrix SSL Relay to secure communications:

● Between an SSL/TLS-enabled client and a server. Connections using SSL/TLS encryptionare marked with a padlock icon in the Citrix Connection Center.

● With a server running the Web Interface, between the XenApp server and the Webserver.

For information about configuring and using SSL Relay to secure your installation, see theCitrix XenApp administrator’s documentation. For information about configuring the serverrunning the Web Interface to use SSL/TLS encryption, see the Web Interface administrator’sdocumentation.

141

User Device Requirements

In addition to the System Requirements, you also must ensure that:

● The user device supports 128-bit encryption

● The user device has a root certificate installed that can verify the signature of theCertificate Authority on the server certificate

● Receiver is aware of the TCP listening port number used by the SSL Relay service in theserver farm

● Any service packs or upgrades that Microsoft recommends are applied

If you are using Internet Explorer and you are not certain about the encryption level of yoursystem, visit the Microsoft Web site at http://www.microsoft.com to install a service packthat provides 128-bit encryption.

Important: Receiver supports certificate key lengths of up to 4096 bits. Ensure that thebit lengths of your Certificate Authority root and intermediate certificates, and those ofyour server certificates, do not exceed the bit length your Receiver supports orconnection might fail.


142

To apply a different listening port numberfor all connections

If you are changing this on a local computer, close all Receiver components, including theConnection Center.





4. Choose Add and browse to the plug-in Configuration folder (usually C:\ProgramFiles\Citrix\ICA Client\Configuration) and select icaclient.adm.



7. From the Action menu, choose Properties, select Enabled, and type a new portnumber in the Allowed SSL servers text box in the following format: server:SSL relayport number where SSL relay port number is the number of the listening port. You canuse a wildcard to specify multiple servers. For example, *.Test.com:SSL relay portnumber matches all connections to Test.com through the specified port.

143

To apply a different listening port numberto particular connections only



Note: If you already added the icaclient template to the Group Policy Editor, you canomit Steps 2 to 5.






7. From the Action menu, choose Properties, select Enabled, and type acomma-separated list of trusted servers and the new port number in the Allowed SSLservers text box in the following format: servername:SSL relay portnumber,servername:SSL relay port number where SSL relay port number is the numberof the listening port. You can specify a comma-separated list of specific trusted SSLservers similar to this example:

csghq.Test.com:443,fred.Test.com:443,csghq.Test.com:444

which translates into the following in an example appsrv.ini file: [Word]SSLProxyHost=csghq.Test.com:443

[Excel]

SSLProxyHost=csghq.Test.com:444

[Notepad]

SSLProxyHost=fred.Test.com:443

144

Configuring and Enabling Receivers forSSL and TLS

SSL and TLS are configured in the same way, use the same certificates, and are enabledsimultaneously.

When SSL and TLS are enabled, each time you initiate a connection, Receiver tries to useTLS first and then tries SSL. If it cannot connect with SSL, the connection fails and an errormessage appears.

To force Receiver to connect with TLS, you must specify TLS on the Secure Gateway serveror SSL Relay service. See the topics for the Secure Gateway or your SSL Relay servicedocumentation for more information.

In addition, make sure the user device meets all system requirements.

To use SSL/TLS encryption for all Receiver communications, configure the user device,Receiver, and, if using Web Interface, the server running the Web Interface. Forinformation about securing Receiver Storefront communications, refer to topics under"Secure" in the Receiver Storefront documentation in eDocs.

145

Installing Root Certificates on the UserDevices

To use SSL/TLS to secure communications between a SSL/TLS-enabled Receiver and theserver farm, you need a root certificate on the user device that can verify the signature ofthe Certificate Authority on the server certificate.

Receiver supports the Certificate Authorities that are supported by the Windows operatingsystem. The root certificates for these Certificate Authorities are installed with Windowsand managed using Windows utilities. They are the same root certificates that are used byMicrosoft Internet Explorer.

If you use your own Certificate Authority, you must obtain a root certificate from thatCertificate Authority and install it on each user device. This root certificate is then usedand trusted by both Microsoft Internet Explorer and Receiver.

You might be able to install the root certificate using other administration or deploymentmethods, such as:

● Using the Microsoft Internet Explorer Administration Kit (IEAK) Configuration Wizard andProfile Manager

● Using third-party deployment tools

Make sure that the certificates installed by your Windows operating system meet thesecurity requirements for your organization or use the certificates issued by yourorganization’s Certificate Authority.

146

To configure Web Interface to useSSL/TLS for Receiver

1. To use SSL/TLS to encrypt application enumeration and launch data passed betweenReceiver and the server running the Web Interface, configure the appropriate settingsusing the Web Interface. You must include the computer name of the XenApp serverthat is hosting the SSL certificate.

2. To use secure HTTP (HTTPS) to encrypt the configuration information passed betweenReceiver and the server running the Web Interface, enter the server URL in the formathttps://servername. In the Windows notification area, right-click the Receiver icon andchoose Preferences.


147

To configure TLS support


1. As an administrator, open the Group Policy Editor by running gpedit.msc locally fromthe Start menu when applying this to a single computer or by using the Group PolicyManagement Console when using Active Directory.

Note: If you already imported the icaclient template into the Group Policy Editor,you can omit Steps 2 to 5





6. From the Group Policy Editor, expand Administrative Templates and navigate throughCitrix Components > Citrix Receiver > Network routing > TLS/SSL data encryptionand server identification.

7. From the Action menu, choose Properties, select Enabled, and from the drop-downmenus, select the TLS settings.

● Set SSL/TLS Version to TLS or Detect all to enable TLS. If Detect all is selected,Receiver connects using TLS encryption. If a connection using TLS fails, Receiverconnects using SSL.

● Set SSL ciphersuite to Detect version to have Receiver negotiate a suitableciphersuite from the Government and Commercial ciphersuits. You can restrict theciphersuites to either Government or Commercial.

● Set CRL verification to Require CRLs for connection requiring Receiver to try toretrieve Certificate Revocation Lists (CRLs) from the relevant certificate issuers.

148

To use the Group Policy template on WebInterface to meet FIPS 140 securityrequirements


To meet FIPS 140 security requirements, use the Group Policy template to configure theparameters or include the parameters in the Default.ica file on the server running the WebInterface. See the information about Web Interface for additional information about theDefault.ica file.








7. From the Action menu, choose Properties, select Enabled, and from the drop-downmenus, select the correct settings.

● Set SSL/TLS Version to TLS or Detect all to enable TLS. If Detect all is selected,Receiver tries to connect using TLS encryption. If a connection using TLS fails,Receiver tries to connect using SSL.

● Set SSL ciphersuite to Government.● Set CRL verification to Require CRLs for connection.

149

To configure the Web Interface to useSSL/TLS when communicating with CitrixReceiver

When using the Web Interface, specify the computer name of the server hosting the SSLcertificate. See the information about Web Interface for more details about using SSL/TLSto secure communications between Receiver and the Web server.

1. From the Configuration settings menu, select Server Settings.

2. Select Use SSL/TLS for communications between clients and the Web server.

3. Save your changes.

Selecting SSL/TLS changes all URLs to use HTTPS protocol.

150

To configure Citrix XenApp to useSSL/TLS when communicating with CitrixReceiver

You can configure the XenApp server to use SSL/TLS to secure the communications betweenReceiver and the server.

1. From the Citrix management console for the XenApp server, open the Properties dialogbox for the application you want to secure.

2. Select Advanced > Client options and ensure that you select Enable SSL and TLSprotocols.

3. Repeat these steps for each application you want to secure.


151

To configure Citrix Receiver to useSSL/TLS when communicating with theserver running the Web Interface

You can configure Receiver to use SSL/TLS to secure the communications between Receiverand the server running the Web Interface.

Ensure that a valid root certificate is installed on the user device. For more information,see Installing Root Certificates on the User Devices.



3. The Change Server screen displays the currently configured URL. Enter the server URLin the text box in the format https://servername to encrypt the configuration datausing SSL/TLS.

4. Click Update to apply the change.

5. Enable SSL/TLS in the client device browser. For more information about enablingSSL/TLS in the browser, see the online Help for the browser.

152

ICA File Signing - Protection AgainstApplication or Desktop Launches FromUntrusted Servers

The ICA File Signing feature helps protect users from unauthorized application or desktoplaunches.Citrix Receiver verifies that a trusted source generated the application or desktoplaunch based on administrative policy and protects against launches from untrusted servers.You can configure this Receiver security policy for application or desktop launch signatureverification using Group Policy Objects, Receiver Storefront, or Citrix Merchandising Server.ICA file signing is not enabled by default. For information about enabling ICA file signing forReceiver Storefront, refer to the Receiver Storefront documentation.

For Web Interface deployments, the Web Interface enables and configures application ordesktop launches to include a signature during the launch process using the Citrix ICA FileSigning Service. The service can sign ICA files using a certificate from the computer'spersonal certificate store.

The Citrix Merchandising Server with Receiver enables and configures launch signatureverification using the Citrix Merchandising Server Adminstrator Console > Deliverieswizard to add trusted certificate thumbprints.

To use Group Policy Objects to enable and configure application or desktop launchsignature verification, follow this procedure:


Note: If you already imported the ica-file-signing.adm template into the Group PolicyEditor, you can omit Steps 2 to 5.



4. Choose Add and browse to the Receiver Configuration folder (usually C:\ProgramFiles\Citrix\ICA Client\Configuration) and select ica-file-signing.adm.


6. From the Group Policy Editor, expand Administrative Templates and navigate throughCitrix Components > Enable ICA File Signing. In Windows 7 and Windows Server 2008,expand Administrative Templates and navigate through Classic AdministrativeTemplates (ADM) > Citrix Components to the desired configuration option.

7. If you choose Enabled, you can add signing certificate thumbprints to the white list of trusted certificate thumbprints or remove signing certificate thumbprints from the

white list by clicking Show and using the Show Contents screen. You can copy andpaste the signing certificate thumbprints from the signing certificate properties. Usethe Policy drop-down menu to select Only allow signed launches (more secure) orPrompt user on unsigned launches (less secure).

Option Description

Only allow signed launches (moresecure)

Allows only properly signed applicationor desktop launches from a trustedserver. The user sees a Security Warningmessage in Receiver if an application ordesktop launch has an invalid signature.The user cannot continue and theunauthorized launch is blocked.

Prompt user on unsigned launches (lesssecure)

Prompts the user every time an unsignedor invalidly signed application or desktopattempts to launch. The user can eithercontinue the application launch or abortthe launch (default).

ICA File Signing - Protection Against Application or Desktop Launches From Untrusted Servers

153

154

Selecting and Distributing a DigitalSignature Certificate

When selecting a digital signature certificate, Citrix recommends you choose from thisprioritized list:

1. Buy a code-signing certificate or SSL signing certificate from a public CertificateAuthority (CA).

2. If your enterprise has a private CA, create a code-signing certificate or SSL signingcertificate using the private CA.

3. Use an existing SSL certificate, such as the Web Interface or Self-service Plug-in servercertificate.

4. Create a new root CA certificate and distribute it to user devices using GPO or manualinstallation.

155

Configuring a Web Browser and ICA Fileto Enable Single Sign-on and ManageSecure Connections to Trusted Servers

To use Single sign-on (SSO) and to manage secure connections to trusted servers, add theCitrix server's site address to the Local intranet or Trusted sites zones in Internet Explorerunder Tools > Internet Options > Security on the user device. The address can include thewildcard (*) formats supported by the Internet Security Manager (ISM) or be as specific asprotocoll://URL[:port].

The same format must be used in both the ICA file and the sites entries. For example, if youuse a fully qualified domain name (FQDN) in the ICA file, you must use an FQDN in the siteszone entry. XenDesktop connections use only a desktop group name format.

Supported Formats (Including Wildcards)http[s]://10.2.3.4

http[s]://10.2.3.*

http[s]://hostname

http[s]://fqdn.example.com

http[s]://*.example.com

http[s]://cname.*.example.com

http[s]://*.example.co.uk

desktop://group-20name

ica[s]://xaserver1

ica[s]://xaserver1.example.com

Launching SSO or Using Secure Connections with aweb site

Add the exact address of the Receiver for Web or the Web Interface site in the sites zone.

Example Web Site Addresses

https://my.company.com

http://10.20.30.40

http://server-hostname:8080

https://SSL-relay:444

XenDesktop Connections with Desktop ViewerAdd the address in the form desktop://Desktop Group Name. If the desktop group namecontains spaces, replace each space with -20.

Custom ICA Entry FormatsUse one of the following formats in the ICA file for the Citrix server site address. Use thesame format to add it to the Local intranet or Trusted sites zones in Internet Explorerunder Tools > Internet Options > Security on the user device:

Example of ICA File HttpBrowserAddress Entry

HttpBrowserAddress=XMLBroker.XenappServer.example.com:8080

Examples of ICA File XenApp Server Address Entry

If the ICA file contains only the XenApp server Address field, use one of the following entryformats:

icas://10.20.30.40:1494

icas://my.xenapp-server.company.com

ica://10.20.30.40

Configuring a Web Browser and ICA File to Enable Single Sign-on and Manage Secure Connections to Trusted Servers

156

157

To set client resource permissions

You can set client resource permissions using trusted and restricted site regions by:

● Adding the Receiver for Web or the Web Interface site to the Trusted Site list

● Making changes to new registry settings

Note: Due to enhancements to Receiver, the .ini procedure available in earlier versionsof the plug-in/Receiver is replaced with these procedures.


To add the web site to the trusted site list1. From the Internet Explorer Tools menu, choose Internet Options > Security.

2. Select the Trusted sites icon and click the Sites button.

3. In the Add this website to the zone text field, type the URL to your Receiver for Webor Web Interface site and click Add.

4. Download the registry settings from http://support.citrix.com/article/CTX124871.htmland make any registry changes. Use SsonRegUpx86.reg for Win32 user devices andSsonRegUpx64.reg for Win64 user devices.

5. Log off and then log on to the user device.

http://support.citrix.com/article/CTX124871.html

To change client resource permissions in the registry1. Download the registry settings from http://support.citrix.com/article/CTX124871.html

and import the settings on each user device. Use SsonRegUpx86.reg for Win32 userdevices and SsonRegUpx64.reg for Win64 user devices.

2. In the registry editor, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICAClient\Client Selective Trust and in the appropriate regions, change the default value tothe required access values for any of the following resources:

Resource key Resource description

FileSecurityPermission Client drives

MicrophoneAndWebcamSecurityPermission Microphones and webcams

PdaSecurityPermission PDA devices

ScannerAndDigitalCameraSecurityPermission USB and other devices

Value Description

0 No Access

1 Read-only access

2 Full access

3 Prompt user for access


158


159

Enabling Smart Card Logon

You must use Receiver (Enterprise) for smart card support.

Enabling smart card logon allows users to use smart cards instead of passwords toauthenticate to XenApp servers. You can use smart card logon either with or withoutpass-through authentication.

You must enable smart card support on the server and set up and configure the user deviceproperly with third-party smart card hardware and software. Refer to the documentationthat came with your smart card equipment for instructions about deploying smart cardswithin your network.

The smart card removal policy set on XenApp determines what happens if you remove thesmart card from the reader during an ICA session. The smart card removal policy isconfigured through and handled by the Windows operating system.

● Kerberos pass-through authentication requires a smart card inserted in the smart cardreader at logon time only. With this logon mode selected, the plug-in prompts the userfor a smart card PIN (Personal Identification Number) when it starts up. Kerberospass-through authentication then caches the PIN and passes it to the server every timethe user requests a published resource. The user does not have to subsequently reentera PIN to access published resources or have the smart card continuously inserted. Ifauthentication based on the cached PIN fails or if a published resource itself requiresuser authentication, the user continues to be prompted for a PIN.

● Disabling pass-through authentication requires a smart card to be present in the smartcard reader whenever the user accesses a server. With pass-through disabled, theplug-in prompts the user for a smart card PIN when it starts up and every time the userrequests a published resource.

160

Enforcing Trust Relations

Trusted server configuration is designed to identify and enforce trust relations involved inReceiver connections. This trust relationship increases the confidence of Receiveradministrators and users in the integrity of data on user devices and prevents the malicioususe of Receiver connections.

When this feature is enabled, Receivers can specify the requirements for trust anddetermine whether or not they trust a connection to the server. For example, a Receiverconnecting to a certain address (such as https://*.citrix.com) with a specific connectiontype (such as SSL) is directed to a trusted zone on the server.

When trusted server configuration is enabled, XenApp servers or the Access Gateway mustreside in a Windows Trusted Sites zone. (For step-by-step instructions about adding serversto the Windows Trusted Sites zone, see the Internet Explorer online help.)

If you connect using SSL, add the server name in the format https://CN, where CN is theCommon Name shown on the SSL certificate. Otherwise, use the format that Receiver usesto connect; for example if Receiver connects using an IP address, add the server’s IPaddress.

To enable trusted server configuration








6. Expand the Administrative Templates folder under the User Configuration node.

7. From the Group Policy Editor, expand Administrative Templates and navigate throughCitrix Components > Citrix Receiver > Network Routing > Configure trusted serverconfiguration. In Windows 7 and Windows Server 2008, expand AdministrativeTemplates and navigate through Classic Administrative Templates (ADM) > CitrixComponents to the desired configuration option.



161

162

Elevation Level and wfcrun32.exe

When User Access Control (UAC) is enabled on devices running Windows Vista or Windows 7,only processes at the same elevation/integrity level as wfcrun32.exe can launch publishedapplications.

Example 1:

When wfcrun32.exe is running as a normal user (un-elevated), other processes such asReceiver must be running as a normal user to launch applications through wfcrun32.

Example 2:

When wfcrun32.exe is running in elevated mode, other processes such as ConnectionCenter, Receiver, and third party applications using the ICA Client Object that are runningin non-elevated mode cannot communicate with wfcrun32.exe.

163


Quick Links


System Requirements and Compatibility forReceiver for Windows 3.1


Licensing Your Product Improving the Receiver User Experience








164


Quick Links












165

About Citrix Receiver for Windows 3.1

What's New in the Citrix Receiver Standard PackageCitrix Receiver (CitrixReceiver.exe) has been enhanced for on-demand access to Windows,Web, and Software as a Service (SaaS) applications. You can now configure it for use withCitrix CloudGateway.

● CloudGateway Express Interoperability - Enables existing XenApp and XenDesktopcustomers to deliver all their Windows apps and desktops to any device using a unifiedStoreFront with self-service.

● CloudGateway Enterprise Interoperability - Enables enterprises to aggregate, control,and deliver all of their Windows, web and SaaS apps to any user on any device.

● Flexible installation methods - You can install CitrixReceiver.exe from Receiver forWeb and Web Interface with or without administrator rights or you can use electronicsoftware distribution (ESD) tools like Active Directory Group Policy Objects (GPO) orSCCM. Administrator rights are required to install CitrixReceiver.exe if it will usepass-through authentication. (Receiver for Web sites do not support domainpass-through authentication.)

● Self-service - Citrix Receiver displays all the resources that you make available tousers. Users can browse the list or search for the resources they require and subscribewith a single click. Enabled using one-click configuration and CloudGateway.

● One-click configuration - Opening a configuration file after installing Citrix Receiveractivates self-service access to CloudGateway-published resources. You can publish theconfiguration file on a web site or email it to multiple users.

● Secure, remote access through Access Gateway - Integration with Access Gatewayprovides users with secure access to all enterprise applications, virtual desktops, anddata.

● Domain pass-through authentication - Users already logged on to their domain accountdo not need to authenticate to access applications.

Enable this functionality using a command line switch.

● Auto-provisioned applications - Receiver automatically adds administrator-designatedapplications when users first authenticate. Requires CloudGateway StoreFront.

● CloudGateway internal URL redirection - When a URL is redirected, Receiver checks akeyword to determine if the URL requires an Access Gateway VPN connection foraccess. If the VPN client is installed, it starts the VPN client and opens the page.

● Receiver for all devices - User experience is consistent across Receiver platforms anddevices.

● Follow-me subscriptions - Users selected applications follow them across devices.Requires CloudGateway StoreFront.

● Work space control improvements - Active sessions follow users as they roam from onedevice to another. Previously, the Self-Service Plug-in disabled workspace control.

● Multiple account support - Users can access applications and desktops from multipledata centers using different security provisions.

● Expanded browser support - Chrome versions 10.0 and later are supported.Pre-installation of Firefox is no longer required.

Citrix Receiver supports Web Interface for legacy deployments.

What's New in the Citrix Receiver Enterprise PackageThe Citrix Receiver Enterprise package does not contain any new features. With theupgrade in features in the standard Receiver, the Receiver Enterprise package is requiredonly to support applications that use Smart Card authentication.


● General issues




General Issues

● When configured with multiple stores, Receiver might confuse the gateways required toconnect to a store causing incorrect apps being available to users. Work around:Configure only one store. [#0263165]


● You might receive an error message when trying to launch an application with WebInterface after installing a previous version of the Receiver (Online plug-in) whilelogged in as one user, upgrading with CitrixReceiver.exe as another user, logging off theReceiver, and logging back on with the previous user name. The error message is: Citrixonline plug-in Configuration Manager: No value could be found for (ClientHostedApps)that satisfies all lock down requirements. The lockdown requirements in force may beconflicting. [#261877]


166








● In some environments, content redirection may not work until the published applicationis launched for the first time. [#0252515]

● When versions of Receiver are localized in Traditional Chinese, Korean, or Russian andintegrated with Access Gateway Standard Edition, the Receiver log on screen displays inEnglish because of an Access Gateway Standard Edition language limitation. [#0263442]

● When the offline plug-in is not installed and a streamed application is configured tofallback to ICA and the XenApp server is down, an incorrect error message appearsinforming you that the correct plug-in is not installed. [#0273813]

● If Certificate Revocation List (CRL) checking is disabled in Internet Options on the userdevice, this overrides the CertificateRevocationCheck registry setting for Receiver forWindows. This means users may be able to access Web sites that do not have validcertificates. As a workaround, ensure that the Check server revocation option locatedat Settings > Control Panel > Internet Options > Advanced is enabled. [#0032682]

● Receiver does not support the VPN keyword in Access Gateway ClientChoices mode.[#0274828]

Desktop Connections


● You cannot log off gracefully from Windows XP 32-bit virtual desktops if you start (butdo not log on to) the Receiver in the desktop session. If the Receiver logon dialog box isnot completed, you cannot log off from the desktop. To work around the issue,complete the logon dialog box or close it. This issue is not observed on other virtual


167

desktop operating systems. [#246516]

● If virtual desktops are installed with the Virtual Desktop Agent supplied withXenDesktop 5.0, Receiver for Windows 3.0 displays an error if the user starts apublished application from the desktop. The workaround is to use the Virtual DesktopAgent supplied with XenDesktop 5.5. [#263079]

● The Citrix Desktop Lock does not redirect Adobe Flash content to domain-joined userdevices. The content can be viewed but is rendered on the server, not locally. As aworkaround, Adobe Flash redirection can be configured for server-side content fetchingto pass the content from the server to the user device. This issue does not occur onnon-domain-joined devices or when the content is viewed with the Desktop Viewer.[#263092]



Third-Party Issues

When using Internet Explorer to open a Microsoft Office document in Edit mode fromSharePoint, Microsoft Office might display the message, “Access denied.” Workaround:Go to the SharePoint site and check out the document, edit it, and check the file backin to SharePoint. [#258725]


168

169

System Requirements and Compatibilityfor the Citrix Receiver for Windows






● Windows Thin PC





● Server support:






● XenDesktop 5.5

● XenDesktop 5

● XenDesktop 4● To manage connections to apps and desktops, Citrix Receiver supports Cloud

Gateway or Web Interface :

● CloudGateway Express, with Receiver Storefront 1.0 and, for optional access toresources from a web page, Receiver for Web 1.0

● CloudGateway Enterprise 1.0, for apps hosted on a network, on anInfrastructure as a Service (IaaS) platform, or configured as Software as aService (SaaS)

● Web Interface 5.x for Windows with a XenApp Services and XenDesktop Web site


● Connectivity

Citrix Receiver supports HTTPS and ICA-over-SSL connections through any one of thefollowing configurations.

● For LAN connections:

● Receiver StoreFront 1.0, using StoreFront services or Receiver for Web sites

● Web Interface 5.x for Windows, using XenApp Services and XenDesktop Websites (Program Neighborhood Agent sites are also supported for legacyinstallations)

● For secure remote or local connections:

● Citrix Access Gateway VPX

● Citrix Access Gateway 5.0

● Citrix Access Gateway Enterprise Edition 9.x

● Citrix Secure Gateway 3.xYou can use Access Gateway with Receiver StoreFront or Web Interface. You can useSecure Gateway only with Web Interface.

● Authentication

Receiver for Windows 3.1, when used with Receiver StoreFront 1.0, supports thefollowing authentication methods:

● Domain

● Domain pass-through**

● Security token

● Two-factor (domain plus security token)*Receiver for Windows 3.1, when used with Web Interface 5.X, supports the followingauthentication methods:

● Domain

● Security token


System Requirements

170

● SMS*

● Smart card (with or without Access Gateway)

* These authentication methods are available only in deployments that include AccessGateway.

** Receiver for Web sites do not support domain pass-through authentication.

For more information about authentication, including certificate requirements, refer tothe "Manage" topics in the Receiver StoreFront documentation.

If your site requires Smart Card authentication for connections to applications, useReceiver (Enterprise) with Web Interface. For information about other authenticationmethods supported by Web Interface, refer to "Configuring Authentication for the WebInterface" in the Web Interface documentation.

● Certificates

For information about security certificates, refer to topics under Secure Connectionsand Secure Communications.

● Upgrades. Upgrades are supported only for Citrix XenApp Plugin for Hosted Apps 11.0,Desktop Receiver 11.1, and Citrix online plug-in 11.1,11.2, 12.0, and 12.1, and Receiverfor Windows 3.0 releases.





● Mozilla Firefox Version 1.x through 5.x

● Google Chrome Version 10.0 and later● .NET Framework Requirements (XenDesktop Connections Only)

To use the Desktop Viewer, .NET 2.0 Service Pack 1 or later is required. This version isrequired because, if Internet access is not available, certificate revocation checks slowdown connection startup times. The checks can be turned off and startup timesimproved with this version of the Framework but not with .NET 2.0. Use of the CitrixDesktop Lock does not require the .NET Framework to be installed.




System Requirements

171



● TCP/IP+HTTP

● SSL/TLS+HTTPS● HDX MediaStream Multimedia Acceleration






● Smart Cards and the Citrix Desktop Lock


System Requirements

172

173


Citrix Receiver for Windows (Citrix Receiver) delivers apps, desktops, and IT services toWindows PCs. Citrix Receiver supports Citrix CloudGateway:

● CloudGateway Express enables XenApp and XenDesktop customers to deliver Windowsapps and desktops by using a unified StoreFront with self-service.

● CloudGateway Enterprise enables enterprises to aggregate, control, and deliver all oftheir Windows, web and SaaS apps.

Receiver also supports Citrix Web Interface for legacy deployments.


● User authentication. Receiver provides user credentials to CloudGateway or WebInterface when users try to connect and every time they launch published resources.





Two Citrix Receiver packages are available.

● Citrix Receiver (standard, CitrixReceiver.exe) supports Citrix CloudGateway and, forlegacy deployments, Web Interface. Standard Receiver features include:

● Receiver Experience, enabling users to seamlessly transition between devices andconnection types

● Web plug-in

● Authentication Manager


● Self-service





● Citrix Receiver (enterprise, CitrixReceiverEnterprise.exe) is required only forapplications that use Smart Card authentication. It supports Web Interface only andincludes the same features as the standard package except for Authentication Managerand self-service.

Using the Citrix CloudGatewayCitrixReceiver.exe enables access to StoreFront published resources and virtual desktopsfrom anywhere. Configure a provisioning file to provide native self-service access orconfigure a Receiver for Web site to provide web browser access to StoreFront-publishedresources and virtual desktops.

Using with XenAppBoth Receiver packages support the XenApp feature set. Centrally administer and configurethe Receiver in the Receiver Storefront management console (or, if using Web Interface, inthe Web Interface Management Console using a Receiver site created in association with asite for the server running the Web Interface).

You can use both Receiver packages with the Citrix offline plug-in to provide applicationstreaming to the user desktop. For more information about the streamed applicationfeature, see the Application Streaming documentation in eDocs.


Using with XenDesktopReceiver includes the Desktop Viewer, the client-side software that supports XenDesktop.Users running the Desktop Viewer on their devices access virtual desktops created withXenDesktop in addition to their local desktop. Users running the Citrix Desktop Lock (whichyou install in addition to the Desktop Viewer) interact only with the virtual desktop not thelocal desktop.

Get Started

174

175













176










177



● CitrixReceiver.exe - This Receiver (standard) does not require administrator rights toinstall unless it will use pass-through authentication. It can be installed:

● Automatically from Receiver for Web or from Web Interface

● By the user

● Using an Electronic Software Distribution (ESD) tool● CitrixReceiverEnterprise.exe - This Receiver (Enterprise) requires administrator rights

to install. Although the user can install Receiver (Enterprise), it is usually installed withan ESD tool. Uninstall other Receiver versions before installing Receiver (Enterprise).

Important: Upgrades are supported only from Citrix online plug-in 11.2 and 12.x. Removeany earlier versions before installing this version.

Considerations When UpgradingBecause there are two Citrix Receiver installation packages and there were two onlineplug-in packages (web and full) in previous releases, each having different options, youhave to consider the previously installed package when planning your upgrade. Use thistable to determine how to proceed with your upgrade.








The CitrixReceiver.exe upgrade package cannot be used to upgrade the online plug-in fullconfigured for PNA or Citrix Receiver (Enterprise). In both cases, the installer displays anerror message and does not alter the previously installed client.






User: Administrator




User: Standard user







User: Standard user



178

179


Users can install the Receiver from Receiver for Web, the Web Interface, the installationmedia, a network share, Windows Explorer, or a command line by running theCitrixReceiverEnterprise.exe or CitrixReceiver.exe installer package. Because the installerpackages are self-extracting installations that extract to the user's temp directory beforelaunching the setup program, ensure that there is enough free space available in the%temp% directory.





If company policies prohibit you from using an .exe file, refer to How to Manually Extract,Install, and Remove Individual .msi Files from ReceiverEnterprise.exe.









or





180

181




182


Important: Log on using a local administrator account to carry out this installationprocedure. In addition, consult About Citrix Receiver for Windows 3.1 for workarounds toany known issues with the Desktop Lock.











183




184







185



Space Requirements






or






● /includeSSON enables single sign on for Receiver (standard, CitrixReceiver.exe).This option is not supported for Receiver (enterprise, CitrixReceiverEnterprise.exe),which installs single sign on by default. If you are using ADDLOCAL= to specifyfeatures and you want to install single sign on, you must also specify the SSONvalue. Requires administrator rights.

● PROPERTY=Value





● ADDLOCAL=feature[,...] Install one or more of the specified components. Whenspecifying multiple parameters, separate each parameter with a comma andwithout spaces. The names are case sensitive. If you do not specify thisparameter, all components included in the CitrixReceiverEnterprise.exe orCitrixReceiver.exe are installed by default.


ReceiverInside – Installs the Receiver experience. (Required)

ICA_Client – Installs the standard Receiver. (Required)

SSON – Installs single sign on. Requires administrator rights.

AM – Installs the Authentication Manager. This value is supported only withCitrixReceiver.exe.

SELFSERVICE – Installs the Self-Service Plug-in. This value is supported onlywith CitrixReceiver.exe. The AM value must be specified on the command lineand .NET 3.5 Service Pack 1 must be installed.

USB – Installs USB.

DesktopViewer – Installs the Desktop Viewer.

Flash – Installs HDX media stream for flash.

PN_Agent – Installs Receiver (Enterprise). This value is supported only withCitrixReceiverEnterprise.exe.

Vd3d – Enables the Windows Aero experience (for operating systems thatsupport it)

● ALLOWADDSTORE={N | S | A} – The default depends on the followingsituations:


186

N if Merchandising Server is used or stores are specified on the installationcommand line.

S if Receiver is installed per machine.

A if Receiver is installed per user.

Specifies whether or not users can add and remove stores not configuredthrough Merchandising Server deliveries. (Users can enable or disable storesconfigured through Merchandising Server deliveries, but they cannot removethese stores or change the names or the URLs.) This option is supported onlywith CitrixReceiver.exe.

● ALLOWSAVEPWD={N | S | A} – The default is the value specified from thePNAgent server at run time. Specifies whether or not users can save credentialsfor stores locally on their computers and applies only to stores using thePNAgent protocol. Setting this argument to N prevents users from saving theircredentials. If the argument is set to S, users can only save credentials forstores accessed through HTTPS connections. Using the value A allows users tosave credentials for all their stores. This option is supported only withCitrixReceiver.exe.

● ENABLE_SSON={Yes | No} – The default value is Yes. Note that users must logoff and log back onto their devices after an installation with pass-throughauthentication enabled. Requires administrator rights.


● ENABLE_KERBEROS={Yes | No} – The default value is No. Specifies thatKerberos should be used; applies only when pass-through authentication (SSON)is enabled.

● DEFAULT_NDSCONTEXT=Context1 [,…] – Include this parameter to set a defaultcontext for Novell Directory Services (NDS). To include more than one context,place the entire value in quotation marks and separate the contexts by acomma. This option is supported only with CitrixReceiverEnterprise.exe.Examples of correct parameters:



● LEGACYFTAICONS={False | True} – The default value is False. Specifieswhether or not application icons are displayed for documents that have filetype associations with subscribed applications. When the argument is set tofalse, Windows generates icons for documents that do not have a specific iconassigned to them. The icons generated by Windows consist of a genericdocument icon overlaid with a smaller version of the application icon. Citrixrecommends enabling this option if you plan on delivering Microsoft Officeapplications to users running Windows 7. This option is supported only withCitrixReceiver.exe.

● SERVER_LOCATION=Server_URL – The default value is blank. Provide the URL of the server running the Web Interface. The URL must be in the format


187

http://servername or https://servername.

The Receiver appends the default path and file name of the configuration fileto the server URL. If you change the default location of the configuration file,enter the entire new path in the SERVER_LOCATION key. This option issupported only with CitrixReceiverEnterprise.exe.

● STARTMENUDIR=Text string – The default is to put applications under Start >All Programs. Specifies the name of the default folder added to users' Startmenus to hold the shortcuts to their subscribed applications. Users can changethe folder name and/or move the folder at any time. This option is supportedonly with CitrixReceiver.exe.

● STOREx="storename;http[s]://servername.domain/IISLocation/resources/v1;[On| Off];[storedescription]"[ STOREy="..."] – Specifies up to 10 stores to use withReceiver. Values:

● x and y – Integers 0 through 9.

● storename – Defaults to store. This must match the name configured on theStoreFront server.

● servername.domain – The fully qualified domain name of the server hostingthe store.

● IISLocation – the path to the store within IIS. The store URL must match theURL in StoreFront provisioning files. The store URLs are of the form“/Citrix/MyStore/resources/v1” (for StoreFront 1.0). To obtain the URL,export a provisioning file from StoreFront, open it in notepad and copy theURL from the <Address> element.

● On | Off – The optional Off configuration setting enables you to deliverdisabled stores, giving users the choice of whether or not they access them.When the store status is not specified, the default setting is On.

● storedescription – An optional description of the store, such as Apps onXenApp.




Examples of a Command-Line Installation

CitrixReceiver.exe /includeSSONSTORE0="AppStore;https://testserver.net/Citrix/MyStore/resources/v1;on;Appson XenApp"STORE1="BackUpAppStore;https://testserver.net/Citrix/MyBackupStore/resources/v1;on;BackupStore Apps on XenApp"

This example:

● Installs Receiver (standard).


188

● Installs single sign on.

● Specifies two application stores.


This example:

● Installs Receiver (Enterprise) without visible progress dialog boxes.

● Installs only Receiver Inside, the standard Receiver (ICA_Client), and enterpriseReceiver (PN_Agent).

● Disables pass-through authentication.

● Specifies the location where the software is installed.

● Enables dynamic client naming.

● Specifies the default context for NDS.

● Specifies the URL (http://testserver.net) of the server running the Web Interface,which Receiver will reference.

● Specifies the name used to identify the user device to the server farm.


189

190































191

192
















193

Deploying CitrixReceiver.exe fromReceiver for Web

You can deploy CitrixReceiver.exe from Receiver for Web to ensure that users have theReceiver installed before they try to connect to an application from a browser. For details,refer to the Receiver StoreFront documentation on Citrix eDocs.

194







195

Configuring Citrix Receiver for Windows

You can configure Citrix Receiver operations for deployments that use Receiver StoreFrontor a legacy PNA Services site.


196

Using the Group Policy Object Templateto Customize the Receiver

Citrix recommends using the Group Policy Object icaclient.adm template file to configurethe Receiver options and settings.


















Using the Group Policy Object Template to Customize the Receiver

197

198

Configuring Access to Accounts Manually

When users launch Receiver for the first time, they have the option to set up a newaccount. To do this, they must enter information about the XenApp farm or XenDesktop sitehosting the resources they want to access.

When a user enters the details for a new account, Receiver attempts to verify theconnection. If successful, Receiver prompts the user to log on to the account.

To add a new account1. Click the gear icon in the Receiver window and choose Edit Accounts.2. Click Add.

3. Enter the information provided by your organization and click OK.

To remove an account1. Click the gear icon in the Receiver window and choose Edit Accounts.2. Select the account from the list and click Remove and Yes.

To edit the details of an account1. Click the gear icon in the Receiver window and choose Edit Accounts.2. Select the account that you want to edit from the list and double-click.

3. Edit the details in Name, the Description, and/or the URL fields, as required.

4. Click OK.

199












200





● Keyboards

● Mice

● Smart cards





● USB hubs







201






202







Yes No




203





























204


205












206












207











208






209















210















211

212














213



Replace:




With:




214
















215











216







217















Name: State

Values:




Name: Schedule

Value:






Name: UserOverride

Values:



Name: State

Values:




Name: Schedule

Value:


218




Name: State

Values:




Name: Schedule

Value:




219

220













221






222





















223

224







225



Workspace control is available only to users connecting to published resources with CitrixXenApp or through StoreFront, Receiver for Web, or the Web Interface.


Important: Workspace control can be used only with Version 11.x and later of theclient/plug-in/Receiver, and works only with sessions connected to computers runningCitrix Presentation Server Version 3.0, 4.0, or 4.5 or Citrix XenApp 5.0, 6.0, or 6.5.

If workspace control configuration settings allow users to override the server settings, userscan configure workspace control on the Receiver Reconnect Options page:

● Enable automatic reconnection at logon allows users to reconnect to onlydisconnected applications or to both disconnected and active applications

● Enable reconnection from the menu allows users to reconnect to only disconnectedapplications or to both disconnected and active sessions

To configure workspace control settings through StoreFront or Receiver for Web

For information about configuring Receiver StoreFront and Receiver for Web for workspacecontrol and user roaming, refer to the "Manage" topics in the Receiver StoreFrontdocumentation in Citrix eDocs.

To configure workspace control settings through Web Interface

For users launching applications through the Web Interface, these options are in Settings:






226

227








228









229







A A

B B

C V



A A

B B

C C




230


231





Not supported:





232












233

234











where:





When connecting to servers running Presentation Server 3.0 or earlier, or when the Legacy printer name option from the Citrix policy Client printer names setting is enabled on the

server, a different naming convention is used. The name of the printer takes the form:


where:





235

236









237





238




239











240








To Choose





241




● ctxgrab

● ctxcapture

242












243





























244

245






246

DNS Name Resolution











247





248











249






Older Receivers (plug-ins) connect using the font smoothing setting configured in that user’sprofile on the server.




In Web Interface environments, use the Session Preferences task in the Citrix WebInterface Management console to enable or disable font smoothing for XenApp Web sitesand the Session Options task for XenApp Services sites.

250










251




















252


253




● Logon times



















254

255













256











257




























258

259





260








261





262





















263

264


You must use Receiver (Enterprise) for Smart Card support.


Enabling smart card support for Receiver is done through the Web Interface. For moreinformation, see the Web Interface documentation.




265











266






System requirements. Kerberos logon requires Citrix Presentation Server 3.0, 4.0, or 4.5,Citrix XenApp 5.0, 6.x and Citrix Presentation Server Clients for Windows 8.x, 9.x, 10.x,XenApp Hosted Plug-in 11.x, online plug-in 12.0, 12.1, or Receiver 3.x. Kerberos works onlybetween Client/plug-ins/Receiver and servers that belong to the same or to trustedWindows 2000, Windows Server 2003, or Windows Server 2008 domains. Servers must alsobe trusted for delegation, an option you configure through the Active Directory Users andComputers management tool.












267

268
















269



● Citrix Access Gateway. For information about configuring Access Gateway with ReceiverStoreFront, refer to the "Manage" topics in the Receiver StoreFront documentation ineDocs. For information about configuring Access Gateway or Secure Gateway with WebInterface, refer to topics in this section.


● SSL Relay solutions with Secure Sockets Layer (SSL) and Transport Layer Security (TLS)protocols.






270




271

Connecting with Access GatewayEnterprise Edition


Configure the XenApp Services site for the Receiver to support connections from an AccessGateway connection.

1. In the XenApp Services site, select Manage secure client access > Edit secure clientaccess settings.

2. Change the Access Method to Gateway Direct.

3. Enter the FQDN of the Access Gateway appliance.

4. Enter the Secure Ticket Authority (STA) information.

To configure the Access Gateway appliance1. Configure authentication policies to authenticate users connecting to the Access

Gateway by using the Access Gateway Plug-in. Bind each authentication policy to avirtual server.

● If double-source authentication is required (such as RSA SecurID and ActiveDirectory), RSA SecurID authentication must be the primary authentication type.Active Directory authentication must be the secondary authentication type.

● RSA SecurID uses a RADIUS server to enable token authentication.

● Active Directory authentication can use either LDAP or RADIUS.Test a connection from a user device to verify that the Access Gateway is configuredcorrectly in terms of networking and certificate allocation.

2. Create a session policy on the Access Gateway to allow incoming XenApp connectionsfrom the Receiver, and specify the location of your newly created XenApp Services site.

● Create a new session policy to identify that the connection is from the Receiver. Asyou create the session policy, configure the following expression and select MatchAll Expressions as the operator for the expression:

REQ.HTTP.HEADER User-Agent CONTAINS CitrixReceiver


272

● In the associated profile configuration for the session policy, on the Security tab,set Default Authorization to Allow.

On the Published Applications tab, if this is not a global setting (you selected theOverride Global check box), ensure the ICA Proxy field is set to ON.

In the Web Interface Address field, enter the URL including the config.xml for theXenApp Services site that the device users use, such ashttp://XenAppServerName/Citrix/PNAgent/config.xml orhttp://XenAppServerName/CustomPath/config.xml.

● Bind the session policy to a virtual server.

● Create authentication policies for RADIUS and Active Directory.

● Bind the authentication policies to the virtual server.

Important: If the server certificate used on the Access Gateway is part of acertificate chain (with an intermediate certificate), make sure that the intermediatecertificates are also installed correctly on the Access Gateway. For information aboutinstalling certificates, see the Access Gateway documentation.


273

274



Access Gateway setup requires that you configure a basic or a SmartAccess logon point onAccess Gateway and use the Web address for the XenApp Services site.

Before you configure a logon point, install the Web Interface and verify that it iscommunicating with the network. When you configure a logon point, you must alsoconfigure at least one Secure Ticket Authority (STA) server and ICA Access Control in AccessGateway. For more information, expand Access Gateway 5.0 in eDocs, and locate the topicTo configure Access Gateway to use the Secure Ticket Authority.

To configure the Access Gateway 5.0 appliance1. Configure Authentication profiles to authenticate users connecting to the Access






2. To establish communication with XenApp servers and the Web Interface, configure theAccess Gateway with STA servers and the ICA Access Control list on Access Gateway. Formore information, see the Access Gateway section of eDocs.

3. Configure logon points on the Access Gateway. Configure the Access Gateway to allowincoming XenApp connections from the Receiver, and specify the location of your WebInterface site.

a. In the Access Gateway Management Console, click Management.

b. Under Access Control, click Logon Points > New.

c. In the Logon Points Properties dialog box, in Name, type a unique name for thelogon point.

d. Select the Type:

● For a Basic logon point, in the Web Interface field, type the fully qualifieddomain name (FQDN) of the Web Interface, such ashttp://xenapp.domain.com/citrix/apps. You cannot configure aSmartGroup with a basic logon point. Select the authentication type, or clickAuthenticate with the Web Interface.

If you select Authenticate with the Web Interface, when users type the URL toAccess Gateway and enter credentials, the credentials are passed to the WebInterface for authentication.

● For a SmartGroup to use the settings in a SmartAccess logon point, you mustselect the logon point within the SmartGroup. Select the authenticationprofiles. If you configure a SmartAccess logon point, Access Gatewayauthenticates users. You cannot configure authentication by using the WebInterface.

If you select Single Sign-on to Web Interface, users do not have to log on tothe Web Interface after logging on to the Access Gateway. If not selected, usersmust log on to both the Access Gateway and Web Interface.


275

e. Under Applications and Desktops, click Secure Ticket Authority and add the STAdetails. Make sure the STA information is the same as the Web Interface site.

f. Finally, under Applications and Desktops, click XenApp or XenDesktop to add theICA control list (required for Access Gateway 5.0). For more information, expandAccess Gateway 5.0 in eDocs, and locate To configure ICA Access Control.



276

To configure Access Controller1. Configure Authentication profiles to authenticate users connecting to the Access






2. To establish communication with XenApp servers and the Web Interface, configureAccess Controller to recognize the servers. Configure Access Controller to allowincoming XenApp connections from the Receiver and specify the location of your WebInterface site.

a. In the Deliver Services Console, expand Citrix Resources > Access Gateway, andthen click the Access Controller on which you want to create the Web resource.

b. Expand Resources, click Web Resources, and then under Common tasks, clickCreate Web resource. In the wizard, enter a unique name. On the New WebAddress page, enter the Web address URL of the XenApp Web site.

c. In Application type, select Citrix Web Interface and click the Enable SingleSign-on check box.

d. After you click OK, click Publish for users in their list of resources , and then inHome page, enter the URL of the XenApp Web Site, such ashttp://xenapp.domain.com/citrix/apps, and finish the wizard.

e. In the navigation pane, click Logon Points, click Create logon point, and in thewizard, enter a unique name, and select the type:

● For a Basic logon point, in the Web Interface field, type the fully qualifieddomain name (FQDN) of the Web Interface, such ashttp://xenapp.domain.com/citrix/apps. Select the Home page, andthen select the authentication profile. Leave the remaining options as defaultvalues, and click Enable this logon point check box at the end of the wizard.

● For a SmartAccess logon point, on Select Home Page, select the Display theWeb resource with the highest priority. Click Set Display Order, and movethe Web Interface Web resource to the top.

Select the Authentication Profiles for both authentication and group extraction.Leave the remaining options as default values, and click Enable this logonpoint check box at the end of the wizard.

f. In the navigation pane, under Policies > Access Policies, select Create access policy and on the Select Resources page, expand Web Resources to select the


277

Web Interface web resource.

g. In Configure Policy Settings, select the settings, click Enable this policy to controlthis setting, and select Extended access, unless denied by another policy. Addthe users allowed to access this resource and finish the wizard.

h. In the navigation pane, under Access Gateway appliances, select Edit AccessGateway appliance properties, click Secure Ticket Authority and add the STAdetails. Make sure the STA information is the same as the Web Interface site.

i. Finally, click ICA Access Control to add the ICA control list (required for AccessGateway 5.0). For more information, expand Access Gateway 5.0 in eDocs, andlocate To configure ICA Access Control in the Access Controller documentation.



278

279

Connecting with Secure Gateway









● Host name




280



When communicating with the server farm, Receiver uses proxy server settings that areconfigured remotely on the server running Receiver for Web or the Web Interface. Forinformation about proxy server configuration, refer to Receiver StoreFront or Web Interfacedocumentation.


281

Connecting with Secure Sockets LayerRelay

You can integrate Receiver with the Secure Sockets Layer (SSL) Relay service. Receiversupports both SSL and TLS protocols.



282








283


In addition to the System Requirements, you also must ensure that:








284











285













[Excel]


[Notepad]


286






To use SSL/TLS encryption for all Receiver communications, configure the user device,Receiver, and, if using Web Interface, the server running the Web Interface. Forinformation about securing Receiver Storefront communications, refer to topics under"Secure" in the Receiver StoreFront documentation in eDocs.

287









288

To configure Web Interface to useSSL/TLS for Receiver




289














290

To use the Group Policy template on WebInterface to meet FIPS 140 securityrequirements













291







292







293









294


The ICA File Signing feature helps protect users from unauthorized application or desktoplaunches.Citrix Receiver verifies that a trusted source generated the application or desktoplaunch based on administrative policy and protects against launches from untrusted servers.You can configure this Receiver security policy for application or desktop launch signatureverification using Group Policy Objects, Receiver StoreFront, or Citrix Merchandising Server.ICA file signing is not enabled by default. For information about enabling ICA file signing forReceiver StoreFront, refer to the Receiver StoreFront documentation.

For Web Interface deployments, the Web Interface enables and configures application ordesktop launches to include a signature during the launch process using the Citrix ICA FileSigning Service. The service can sign ICA files using a certificate from the computer'spersonal certificate store.










7. If you choose Enabled, you can add signing certificate thumbprints to the white list of trusted certificate thumbprints or remove signing certificate thumbprints from the

white list by clicking Show and using the Show Contents screen. You can copy andpaste the signing certificate thumbprints from the signing certificate properties. Usethe Policy drop-down menu to select Only allow signed launches (more secure) orPrompt user on unsigned launches (less secure).

Option Description






295

296







297





http[s]://10.2.3.*

http[s]://hostname






ica[s]://xaserver1


Launching SSO or Using Secure Connections with aweb site

Add the exact address of the Receiver for Web or the Web Interface site in the sites zone.

Example Web Site Addresses


http://10.20.30.40









icas://10.20.30.40:1494


ica://10.20.30.40


298

299



● Adding the Receiver for Web or the Web Interface site to the Trusted Site list




To add the web site to the trusted site list1. From the Internet Explorer Tools menu, choose Internet Options > Security.


3. In the Add this website to the zone text field, type the URL to your Receiver for Webor Web Interface site and click Add.












Value Description

0 No Access

1 Read-only access

2 Full access



300


301


You must use Receiver (Enterprise) for smart card support.






302


















303

304


When User Access Control (UAC) is enabled on devices running Windows Vista or later, onlyprocesses at the same elevation/integrity level as wfcrun32.exe can launch publishedapplications.

Example 1:


Example 2:


305

Citrix Receiver for Windows 3.0

About this Release To configure and install Receiver usingcommand-line parameters

Issues fixed in Receiver for Windows 3.0 Using the Receiver with XenDesktopConnections




Deciding Which Receiver to Use Securing Your Connections

Overview of Receiver Installation Packages Securing Receiver Communication





306

Citrix Receiver for Windows 3.0

About this Release To configure and install Receiver usingcommand-line parameters

Issues fixed in Receiver for Windows 3.0 Using the Receiver with XenDesktopConnections




Deciding Which Receiver to Use Securing Your Connections

Overview of Receiver Installation Packages Securing Receiver Communication





307

About the Citrix Receiver for Windows 3.0

Version 1.0

Notes:

For Issues Fixed in Citrix Receiver for Windows 3.0, go to:http://support.citrix.com/article/CTX124164


What's New● Citrix Receiver for Windows.The Citrix Receiver replaces the Citrix Online Plug-in for

Windows. The Online Plug-in 13.0 is embedded in Receiver.

● Unified user experience. Gives end users a common user interface whether using onlyCitrix Receiver or with any other Citrix Plug-ins.

● Improved user experience. Improved application launching and reconnection.

● Internet Explorer 9 support.

● Simplified listing of devices in the Desktop Viewer. To simplify the display of USBdevices, by default any that use the Generic USB virtual channel (for example,webcams and memory sticks) are not displayed on the Devices tab of the DesktopViewer Preferences dialog box. Users can view the complete list of devices using acheckbox on the tab.

● Enhanced Desktop Viewer user interface. The Preferences dialog box in the DesktopViewer has been redesigned, and the USB button on the toolbar is now called Devices.

● Windows 7 support. The Citrix Desktop Lock (formerly called the Desktop ApplianceLock) now supports Windows 7.

● RemoteFX support. As an alternative to the Desktop Viewer UI, you can formconnections to XenDesktop VDAs using Microsoft RemoteFX. For instructions on this, seeCTX129509.

● Session pre-launch. Reduced application launch time at high-traffic periods. Configurethis feature on the server and client sides.

● Multi-stream ICA. Improved QoS support by allowing Branch Repeater and third partyrouters to apply QoS policies across multiple ICA connections.

● Multiple audio device redirection. Enables remoting of multiple audio devices presenton the user device.

● New Single Sign-On Plug-in. Simplified password management.

● Seamless Taskbar Grouping. Taskbar icons associated with applications published withXenApp 6 or later are grouped by application similar to how local application icons aregrouped.

● Aero support. Receiver now supports the display of Windows Aero theme on virtualdesktops. A new .msi file is included that works with the Virtual Desktop Agent (part ofXenDesktop) to provide the support.

● User documentation. Topics that describe how users interact with their virtualdesktops and control the Desktop Viewer have been moved from eDocs to the Receiverfor Windows online help, which also includes the Connection Center help. This isavailable at http://support.citrix.com/help/receiver/en/receiverHelpWin.htm.


308




● General issues




General Issues


● You might receive an error message when trying to launch an application with WebInterface after installing a previous version of the Receiver (Online plug-in) whilelogged in as one user, upgrading with CitrixReceiver.exe as another user, logging off theReceiver, and logging back on with the previous user name. The error message is: Citrixonline plug-in Configuration Manager: No value could be found for (ClientHostedApps)that satisfies all lock down requirements. The lockdown requirements in force may beconflicting. [#261877]









309

Desktop Connections


● You cannot log off gracefully from Windows XP 32-bit virtual desktops if you start (butdo not log on to) the Receiver in the desktop session. If the Receiver logon dialog box isnot completed, you cannot log off from the desktop. To work around the issue,complete the logon dialog box or close it. This issue is not observed on other virtualdesktop operating systems. [#246516]

● When using Receiver for Windows 3.0 with a Windows XP virtual desktop created withXenDesktop 5, an error occurs if the user starts a published application from thedesktop. This issue does not occur on desktops created with XenDesktop 5.5 or on otherdesktop operating systems created with XenDesktop 5. The workaround is to useReceiver for Windows 3.0 with XenDesktop 5.5. [#263079]

● The Citrix Desktop Lock (formerly the Citrix Desktop Appliance Lock), which is installedusing DesktopApplianceLock.msi, does not redirect Adobe Flash content todomain-joined user devices. The content can be viewed but is rendered on the server,not locally. As a workaround, Adobe Flash redirection can be configured for server-sidecontent fetching to pass the content from the server to the user device. This issue doesnot occur on non-domain-joined devices or when the content is viewed with theDesktop Viewer. [#263092]



Third-Party Issues● When using Internet Explorer to open a Microsoft Office document in Edit mode from

SharePoint, Microsoft Office might display the message, “Access denied.” Workaround:Go to the SharePoint site and check out the document, edit it, and check the file backin to SharePoint. [#258725]


310

311

System Requirements and Compatibilityfor the Citrix Receiver for Windows






● Windows Thin PC





● Server support:

● Web Interface 5.x for Windows with a XenApp Services or XenDesktop Web site






● XenDesktop 5.5

● XenDesktop 5

● XenDesktop 4● Delivery Services 1.0


● Dazzle and ICA File Signing Support. ICA File Signing is not supported with Dazzle 1.1.

● Upgrades. Upgrades are supported only for Citrix XenApp Plugin for Hosted Apps 11.0,Desktop Receiver 11.1, and Citrix online plug-in 11.1,11.2, 12.0, and 12.1 releases.





● Mozilla Firefox Version 1.x through 5.x● .NET Framework Requirements (XenDesktop Connections Only)

To use the Desktop Viewer, .NET 2.0 Service Pack 1 or later is required. This version isrequired because, if Internet access is not available, certificate revocation checks slowdown connection startup times. The checks can be turned off and startup timesimproved with this version of the Framework but not with .NET 2.0. Use of the CitrixDesktop Lock does not require the .NET Framework to be installed.






Protocol Citrix Receiver

TCP/IP+HTTP X

SSL/TLS+HTTPS X● HDX MediaStream Multimedia Acceleration




System Requirements

312



● Smart Cards and the Citrix Desktop Lock


System Requirements

313

314

Deciding Which Receiver to Use

Different enterprises have different corporate needs, and your expectations andrequirements for the way users access your published resources and virtual desktops canshift as your corporate needs evolve and grow.

The Receivers and their internal features are:

● Citrix Receiver ( CitrixReceiver.exe) - Smaller package that you can deploy from a Webpage.

● Receiver Experience

● Web plug-in





Important: To use single sign-on, you must install CitrixReceiverEnterprise.exe.

● Citrix Receiver (Enterprise) (CitrixReceiverEnterprise.exe)

● Receiver Experience

● Web plug-in

● PNA plug-in





● Aero desktop experience (for operating systems that support it)See the specific product documentation for information about Receivers for other userdevices and operating systems.

The Receivers differ in terms of:

● Access method by which published resources and virtual desktops are delivered tousers. Resources and desktops can be delivered to users on the desktop or through aWeb browser.

● Installation packages. For more information about the installation packages, seeOverview of Receiver Installation Packages.

To decide which Receiver best fits your needs, consider the way you want users to accessyour published resources and virtual desktops, the way you want to manage this access, andthe feature set that your users will need.

Receiver Access method User involvement Receiver features

CitrixReceiver

Web browser-basedaccess to publishedresources and virtualdesktops.

● Minimal userinteractionduringinstallation

● Centraladministration ofuser settings

● Does not requireadministratorprivileges toinstall

● Hosted applicationsand desktops

● Desktop Viewer USB

● HDX Media Streamfor Flash

● Integration withother Plug-ins

CitrixReceiver(Enterprise)

Transparentintegration ofpublished resourcesand virtual desktopsinto user’s desktop.

● Minimal userinteractionduringinstallation

● Centraladministration ofuser settings

● Requiresadministratorprivileges toinstall

● Hosted applicationsand desktops

● Desktop Viewer USB

● HDX Media Streamfor Flash

● Applications in theStart menu

● PNAgent support

● Pass-throughauthenticationintegration withother Plug-ins

Get Started

315

316


Citrix Receiver supports XenApp and XenDesktop connections.

XenApp ConnectionsCitrix Receiver for Windows supports the XenApp feature set. Centrally administer andconfigure the Receiver in the Delivery Services Console or the Web Interface ManagementConsole using a Receiver site created in association with a site for the server running theWeb Interface.

Citrix Receiver (standard) is a smaller package that is installed with the CitrixReceiver.exeinstaller file. Administrative rights are not required to install this package, enablinginstallation by standard users.

Citrix Receiver (Enterprise) operates with the Citrix offline plug-in, to provide applicationstreaming to the user desktop. Install the Receiver (Enterprise) on user devices running theoffline plug-in to take advantage of the full set of application streaming features of theplug-in and Citrix XenApp. For more information about the streamed application feature,see the Application Streaming documentation.


Important: The Receiver requires the Citrix Web Interface.

XenDesktop ConnectionsCitrix Receiver includes the Desktop Viewer, the client-side software that supportsXenDesktop. Users running the Desktop Viewer on their devices access virtual desktopscreated with XenDesktop in addition to their local desktop. Users running the Citrix DesktopLock (which you install in addition to the Desktop Viewer) interact only with the virtualdesktop not the local desktop.

How Published Resources are Accessed withReceiver (standard)

If you want users to access published resources and virtual desktops from within a familiarbrowser environment, use this Receiver. Users access published resources and desktops byclicking links on a Web page you publish on your corporate intranet or the Internet. Thepublished resource or desktop launches either in the same window or in a new, separatebrowser window. This version of Receiver does not require user configuration and does nothave a user interface.

How Published Resources are Accessed withReceiver (Enterprise)

The Receiver (Enterprise) allows your XenApp users to access all of their publishedresources from a familiar Windows desktop environment. Users work with publishedresources the same way they work with local applications and files. Published resources arerepresented throughout the user desktop, including the Start menu and by icons thatbehave just like local icons. Users can double-click, move, and copy icons, and createshortcuts in their locations of choice. The Receiver (Enterprise) works in the background.Except for a menu available from the notification area and the Start menu, Receiver(Enterprise) does not have a user interface.

Receiver (standard) Management and AdministrationYou can use this Receiver to access resources and desktops available from the WebInterface and for access to resources published with traditional Application Launching andEmbedding (ALE). Publish links to your resources with the Web Interface or by using anHTML wizard.


This Receiver requires the presence on user devices of any of these browsers: MicrosoftInternet Explorer 6.0 through 9.0; or Mozilla Firefox 1.0 through 3.x.

Receiver (Enterprise) Management and AdministrationYou configure the Receiver (Enterprise) at a site created in the consoles and associatedwith the site for the server running the Web Interface. By using the consoles in this way,you can manage and control your Receiver (Enterprise) population dynamically throughoutyour network from a single location and in real time.


317

318













319










320



● CitrixReceiver.exe - General purpose package that enables web access to hostedapplications and desktops. This Receiver (standard) does not require administratorrights to install and can be installed:

● Automatically from Web Interface

● By the user

● Using an Electronic Software Distribution (ESD) tool● CitrixReceiverEnterprise.exe - Specific purpose package that enables native Windows

access to hosted applications and pass-through authentication. Requires administratorrights to install and though the user can install it, Receiver (Enterprise) is usuallyinstalled with an ESD tool.

Important: Upgrades are supported only from the Citrix XenApp Plugin for Hosted Apps11.0, Desktop Receiver 11.1, and Citrix online plug-in 11.1, 11.2, and 12.x. Remove anyearlier versions before installing this version.

Considerations When UpgradingBecause there are two Citrix Receiver installation packages and there were two onlineplug-in packages (web and full) in previous releases, each having different options, youhave to consider the previously installed package when planning your upgrade. Use thistable to determine how to procede with your upgrade.








The following upgrade scenarios are not supported:



CitrixReceiver.exe Installer displays an errormessage and does not alterthe previously installedclient.

Citrix Receiver (Enterprise) CitrixReceiver.exe Installer displays an errormessage and does not alterthe previously installedclient.






User: Administrator




User: Standard user







User: Standard user



321

322


Users can install the Receiver from the Web Interface, the installation media, a networkshare, Windows Explorer, or a command line by running the CitrixReceiverEnterprise.exe orCitrixReceiver.exe installer package. Because the installer packages are self-extractinginstallations that extract to the user's temp directory before launching the setup program,ensure that there is enough free space available in the %temp% directory.





Important: For Firefox to work correctly with Receiver for Windows, ensure that you orthe user install Firefox before installing Receiver. If Receiver is already installed,uninstall it, install Firefox, and reinstall Receiver. Also ensure that the whitelists oftrusted and untrusted servers contain the XenApp and Web Interface server names.







or





323

324




325


Important: Log on using a local administrator account to carry out this installationprocedure. In addition, consult About the Citrix Receiver for Windows 3.0 forworkarounds to any known issues with the Desktop Lock.











326




327







328



Important: For Firefox to work correctly with Receiver for Windows, ensure that you orthe user install Firefox before installing Receiver. If Receiver is already installed,uninstall it, install Firefox, and reinstall Receiver. Also ensure that the whitelists oftrusted and untrusted servers contain the XenApp and Web Interface server names.

Space Requirements






or






● PROPERTY=Value





● ADDLOCAL=feature[,...]. Install one or more of the specified components.When specifying multiple parameters, separate each parameter with a commaand without spaces. The names are case sensitive. If you do not specify thisparameter, all components included in the CitrixReceiverEnterprise.exe orCitrixReceiver.exe are installed by default.


ReceiverInside. Installs the Receiver experience. (Required)

ICA_Client. Installs the standard Receiver. (Required)

SSON. Installs single sign on. This value is supported only withCitrixReceiverEnterprise.exe. For more information, seehttp://support.citrix.com/article/CTX122676.

USB. Installs USB.

DesktopViewer. Installs the Desktop Viewer.

Flash. Installs HDX media stream for flash.

PN_Agent. Installs Receiver (Enterprise). This value is supported only withCitrixReceiverEnterprise.exe.

Vd3d. Enables the Windows Aero experience (for operating systems thatsupport it)

● ENABLE_SSON={Yes | No}. The default value is Yes. Note that users must logoff and log back onto their devices after an installation with pass-throughauthentication enabled.


● ENABLE_KERBEROS={Yes | No}. The default value is No. Specifies that Kerberos should be used; applies only when pass-through authentication (SSON)


329


is enabled.

● DEFAULT_NDSCONTEXT=Context1 [,…]. Include this parameter to set a defaultcontext for Novell Directory Services (NDS). To include more than one context,place the entire value in quotation marks and separate the contexts by acomma. Examples of correct parameters:



● SERVER_LOCATION=Server_URL. The default value is blank. Provide the URL ofthe server running the Web Interface. The URL must be in the formathttp://servername or https://servername.

The Receiver appends the default path and file name of the configuration fileto the server URL. If you change the default location of the configuration file,enter the entire new path in the SERVER_LOCATION key.




Example of a Command-Line Installation


This example:

● Installs Receiver (Enterprise) without visible progress dialog boxes

● Installs only Receiver Inside, the standard Receiver (ICA_Client), and enterpriseReceiver (PN_Agent)

● Disables pass-through authentication

● Specifies the location where the software is installed

● Enables dynamic client naming

● Specifies the default context for NDS

● Specifies the URL (http://testserver.net) of the server running the Web Interface,which Receiver will reference

● Specifies the name used to identify the user device to the server farm


330

331

To extract, install, and remove theindividual Receiver (Enterprise) .msi files

Citrix does not recommend extracting the .msi files in place of running the installerpackages. However, there might be times when you have to extract the Receiver(Enterprise) .msi files from CitrixReceiverEnterprise.exe manually, rather than running theinstaller package (for example, company policy prohibits using the .exe file). If you use theextracted .msi files for your installation, using the .exe installer package to upgrade oruninstall and reinstall might not work properly.

For Citrix-recommended Receiver (Enteprise) installation information, see To configure andinstall Receiver for Windows using the command-line parameters and Delivering ReceiverUsing Active Directory and Sample Startup Scripts.

1. To extract the .msi files, type the following at a command prompt:

CitrixReceiverEnterprise.exe /extract [Destination_name]

where Destination _name is a complete pathname to the directory into which the .msifiles are extracted. The directory must exist already and /extract adds a subfoldercalled extract to that directory. For example, you create a C:\test directory and whenyou run /extract, the extracted .msi files are put in C:\test\extract.

2. To install the .msi files, double click each file.

Note: If User Access Control (UAC) is enabled, Citrix advises that you install the .msifiles in elevated mode. The .msi files are supported per-machine and requireadministrator privileges to deploy them.

When installing the Receiver (Enterprise) components, run the .msi files in this order:

a. RIInstaller.msi

b. ICAWebWrapper.msi

c. SSONWrapper.msi

d. GenericUSB.msi

e. DesktopViewer.msi

f. CitrixHDXMediaStreamForFlash-ClientInstall.msi

g. PNAWrapper.msi

h. Vd3d.msi

To remove the componentsWhen removing the components, remove them in this order:

1. Vd3d.msi

2. PNAWrapper.msi

3. CitrixHDXMediaStreamForFlash-ClientInstall.msi

4. DesktopViewer.msi

5. GenericUSB.msi

6. SSONWrapper.msi

7. ICAWebWrapper.msi

8. RIInstaller.msi

Each .msi file has an Add/Remove (Control Panel on Windows XP or Windows Server 2003)or Programs and Features (Control Panel on Windows Vista, Windows 7, and Windows Server2008) entry in the following format:

Name of package Name displayed in Add/Remove orPrograms and Features

RIInstaller.msi Citrix Receiver Inside

ICAWebWrapper.msi Online Plug-in

PNAWrapper.msi Citrix Receiver (PNA)

SSONWrapper.msi Citrix Receiver (SSON)

CitrixHDXMediaStreamForFlash-ClientInstall.msi Citrix Receiver (HDX FlashRedirection)

DesktopViewer.msi Citrix Receiver (DV)

GenericUSB.msi Citrix Receiver (USB)

Vd3d.msi Citrix Receiver (Aero)

To extract, install, and remove the individual Receiver (Enterprise) .msi files

332

333































334

335
















336







337

Configuring the Citrix Receiver forWindows

After the Receiver software is deployed to your users and they install it, there areconfiguration steps that can be performed for the Receiver. The Receiver (standard,CitrixReceiver.exe) does not require configuration.


Important: Receiver requires the Citrix Web Interface.


● User authentication. Receiver provides user credentials to the Web Interface whenusers try to connect and every time they launch published resources.





338

Using the Group Policy Object Templateto Customize the Receiver

Citrix recommends using the Group Policy Object icaclient.adm template file to configurethe Receiver options and settings.


















Using the Group Policy Object Template to Customize the Receiver

339

340












341





● Keyboards

● Mice

● Smart cards





● USB hubs







342






343







Yes No




344





























345


346












347












348











349






350















351















352

353














354



Replace:




With:




355
















356










357







358















Name: State

Values:




Name: Schedule

Value:






Name: UserOverride

Values:



Name: State

Values:




Name: Schedule

Value:


359




Name: State

Values:




Name: Schedule

Value:




360

361













362






363





















364

365







366











367



Workspace control is available only to users connecting to published resources with CitrixXenApp or through the Web Interface.


Important: Workspace control can be used only with Version 11.x and later of theclient/plug-in/Receiver, and works only with sessions connected to computers runningCitrix Presentation Server Version 3.0, 4.0, or 4.5 or Citrix XenApp 5.0, 6.0, or 6.5.

If the workspace control configuration settings of the Web Interface are configured to allowusers to override the server settings, users can configure workspace control in the AccountSettings options of the Web Interface Preference menu or the Reconnect Options page ofthe Receiver Options. The following options are available in the Receiver Options on theReconnect Options page:


● Enable reconnection from the menu allows users to reconnect to only disconnectedapplications or both disconnected and active sessions

To configure workspace control settings

For users launching applications through the Web Interface, similar options are availablefrom the Settings page:






368

369








370









371







A A

B B

C V



A A

B B

C C




372


373





Not supported:





374












375

376











where:





When connecting to servers running Presentation Server 3.0 or earlier, or when the Legacyprinter name option from the Citrix policy Client printer names setting is enabled on theserver, a different naming convention is used. The name of the printer takes the form:


where:





377

378









379





380




381











382








To Choose





383




● ctxgrab

● ctxcapture

384












385





























386

387






388

Providing Support for NDS Users


When launching Receiver software, users can log on and be authenticated using their NovellDirectory Services (NDS) credentials. Supported NDS credentials are user name (ordistinguished name), password, directory tree, and context.

NDS support is integrated into the following:

● Citrix Receiver. If NDS is enabled in the server farm, NDS users enter their credentialson an NDS tab on the Receiver logon screen. If users have the Novell Client (Version 4.8)installed, they can browse the NDS tree to choose their context.

● Pass-Through Authentication. If users have the Novell Client (Version 4.8) installed,you can pass their credentials to the XenApp server, eliminating the need for multiplesystem and application authentications.

To enable pass-through authentication, configure the following policy options in theUser Package in ZENworks for Desktops:

● Enable the Dynamic Local User policy option

● Set the Use NetWare Credentials value to On● The Citrix Web Interface. NDS users enter their credentials on an NDS logon screen

provided by the Web Interface. See the Web Interface Administrator’s documentationfor information about configuring your server for NDS.

Note: To use NDS logon information with earlier versions of the clients, enter the NDStree name in the Domain field and a distinguished name in the User field on theclient logon screen.

Setting a Default Context for NDSYou can set a default context for NDS for Receiver. To set a default context for NDS, youmust configure the particular installer file you are using to deploy Receiver.

389

Specifying Windows Credentials with theNovellClient and Pass-Through Authentication


If the Novell client is installed and you want the Receiver to use the user’s Windowscredentials with pass-through authentication rather than the Novell Directory Server (NDS)credentials, use the Group Policy Editor to enable pass-through authentication without NDScredentials.

To configure Receiver after installation







6. From the Group Policy Editor, expand Administrative Templates, navigate throughCitrix Components > Citrix Receiver > User authentication, double click Local username and password and select Enabled > Enable pass-through authentication. InWindows 7 and Windows Server 2008, expand Administrative Templates and navigatethrough Classic Administrative Templates (ADM) > Citrix Components to the desiredconfiguration option.

Do not select Use Novell Directory Server credentials.

390

DNS Name Resolution











391



http://support.citrix.com/proddocs/index.jsp?lang=en&topic=/web-interface/wi-library-wrapper-all-versions.html

http://support.citrix.com/proddocs/index.jsp?lang=en&topic=/web-interface/wi-library-wrapper-all-versions.html

392











393






An older Receiver (plug-in) connects using the font smoothing setting configured in thatuser’s profile on the server.




Use the Session Preferences task in the Citrix Web Interface Management console toenable or disable font smoothing for XenApp Web sites and the Session Options task forXenApp Services sites.

394










395




















396


397




● Logon times



















398

399













400











401




























402

403





404








405





406





















407

408



Enabling smart card support for Receiver is done through the Web Interface. For moreinformation, see the Web Interface Administrator’s documentation.




409











410






System requirements. Kerberos logon requires Citrix Presentation Server 3.0, 4.0, or 4.5,Citrix XenApp 5.0, 6.x and Citrix Presentation Server Clients for Windows 8.x, 9.x, 10.x,XenApp Hosted Plug-in 11.x, online plug-in 12.0, 12.1, or Receiver 3.0. Kerberos works onlybetween Client/plug-ins/Receiver and servers that belong to the same or to trustedWindows 2000, Windows Server 2003, or Windows Server 2008 domains. Servers must alsobe trusted for delegation, an option you configure through the Active Directory Users andComputers management tool.












411

412
















413




● Secure Gateway for Citrix XenApp or SSL Relay solutions with Secure Sockets Layer (SSL)and Transport Layer Security (TLS) protocols.






414




415



When communicating with the server farm, Receiver uses proxy server settings that areconfigured remotely on the server running the Web Interface. See the topics for WebInterface for information about configuring proxy server settings.


416

Connecting with the Secure Gateway orCitrix Secure Sockets Layer Relay

You can integrate Receiver with the Secure Gateway or Secure Sockets Layer (SSL) Relayservice. Receiver supports both SSL and TLS protocols.



417

Connecting with the Secure Gateway








● Host name




418








419


In addition to the requirements contained in the System Requirements and Compatibility forCitrix Receiver for Windows 3.0, you also must ensure that:







http://support.citrix.com/proddocs/index.jsp?lang=en&topic=/receiver-30-windows/online-plugin-sys-reqs.html

http://support.citrix.com/proddocs/index.jsp?lang=en&topic=/receiver-30-windows/online-plugin-sys-reqs.html


420











421













[Excel]


[Notepad]


422






To use SSL/TLS encryption for all Receiver communications, configure the user device,Receiver, and the server running the Web Interface.

423









424

To configure Citrix Receiver to useSSL/TLS




425














426

To use the Group Policy template to meetFIPS 140 security requirements













427







428







429









430


The ICA File Signing feature helps protect users from unauthorized application or desktoplaunches.Citrix Receiver verifies that a trusted source generated the application or desktoplaunch based on administrative policy and protects against launches from untrusted servers.You can configure this Receiver security policy for application or desktop launch signatureverification using Group Policy Objects or Citrix Merchandising Server. ICA file signing is notenabled by default and is not supported with Dazzle 1.1 or earlier.

The Web Interface enables and configures application or desktop launches to include asignature during the launch process using the Citrix ICA File Signing Service. The service cansign ICA files using a certificate from the computer's personal certificate store.










7. If you choose Enabled, you can add signing certificate thumbprints to the white list of trusted certificate thumbprints or remove signing certificate thumbprints from the white list by clicking Show and using the Show Contents screen. You can copy and paste the signing certificate thumbprints from the signing certificate properties. Use

the Policy drop-down menu to select Only allow signed launches (more secure) orPrompt user on unsigned launches (less secure).

Option Description






431

432







433





http[s]://10.2.3.*

http[s]://hostname






ica[s]://xaserver1


Launching SSO or Using Secure Connections withWeb Interface

Add the exact address of the Web Interface site in the sites zone.

Example Web Interface Site Addresses


http://10.20.30.40









icas://10.20.30.40:1494


ica://10.20.30.40


434

435



● Adding the Web Interface site to the Trusted Site list




To add the Web Interface site to the trusted site list1. From the Internet Explorer Tools menu, choose Internet Options > Security.


3. In the Add this website to the zone text field, type the URL to your Web Interface siteand click Add.












Value Description

0 No Access

1 Read-only access

2 Full access



436


437







438

















439


When User Access Control (UAC) is enabled on devices running Windows Vista or later, onlyprocesses at the same elevation/integrity level as wfcrun32.exe can launch publishedapplications.

Example 1:


Example 2:


440

ICA Settings Reference

ChannelNameChannelName

ClientAudioAudioDevice(2) AudioHWSection AudioInWakeOnInput AudioOutWakeOnOutput

CommandAckThresh ControlPollTime ConverterSection DataAckThresh

MaxDataBufferSize MaxMicBufferSize NumCommandBuffers NumDataBuffers

PlaybackDelayThresh VariantName

ClientCommCOMAllowed(2) CommPollSize CommPollWaitInc CommPollWaitIncTime

CommPollWaitMax CommPollWaitMin CommWakeOnInput MaxPort, WindowSize

ClientDriveCDMReadOnly DisableDrives EnableAsyncWrites EnableReadAhead

MaxOpenContext MaxWindowSize NativeDriveMapping SFRAllowed

ClientPrinterPortPrinterThreadPriority PrintMaxRetry WindowSize WindowsPrinter

ClientPrinterQueuePrinterResetTime UnicodeEnabled VSLAllowed(2) WindowSize

WindowsPrinter WindowSize2

CompressDriverNameWin32(12)

DefaultSerialConnectionDTR

DelegationLockdownProfiles, RegionIdentification

DynamicAcceptURLType Address(2) BUCC(2) Command

DesiredColor(5) DriverNameAlt DriverNameAltWin32 DriverNameWin32(12)

InitialProgram(2) LongCommandLine(2) Path ProxyHost(3)

RECD(2) RejectURLType REWD(2) RtpAudioLowestPort

SessionSharingLaunchOnly SSOnCredentialType(3) startIFDCD(3) startSCD(2)

UseAlternateAddress(3) Username(3)

EncodingInputEncoding

EncRC-5-0, EncRC-5-40, EncRC-5-56, andEncRC-5-128

DriverNameWin32(12)

ICA 3.0BufferLength BufferLength2 DriverNameWin32(12) VirtualDriver

VirtualDriverEx

LoggingLogConfigurationAccess, LogEvidence, LogFile

PingPingCount


441

PrelaunchApplicationState Schedule UserOverride

qwertyLicenseType, startIFDCD(3)


442

ServerAddress(2) InitialProgram(2) ScalingWidth

AECD IOBase Schedule

AltProxyAutoConfigURL(2) KeyboardTimer(2) ScreenPercent

AltProxyBypassList(2) Launcher SecureChannelProtocol(2)

AltProxyHost(2) LaunchReference SecurityTicket

AltProxyPassword(2) LocHttpBrowserAddress SessionSharingKey

AltProxyType(2) LogFlush SessionSharingName

AudioBandwidthLimit LogonTicket SmartcardRequired(2)

AudioDuringDetach LogonTicketType SpeedScreenMMA

AUTHPassword LongCommandLine(2) SpeedScreenMMAAudioEnabled

AUTHUserName LPWD SpeedScreenMMAMaxBufferThreshold

AutoLogonAllowed LVBMode(2) SpeedScreenMMAMaximumBufferSize

BrowserProtocol MouseTimer SpeedScreenMMAMinBufferThreshold

BUCC(2) MSIEnabled SpeedScreenMMASecondsToBuffer

CFDCD NDS SpeedScreenMMAVideoEnabled

ClearPassword NRUserName SSLCACert

ClientAudio NRWD SSLCertificateRevocationCheckPolicy(2)

Password SSLCommonName

COCD PersistentCacheEnabled SSLEnable

ConnectionFriendlyName pnStartSCD SSLNoCACerts(2)

DataBits ProxyAuthenticationBasic(2) SSLProxyHost(2)

DesiredColor(5) ProxyAuthenticationNTLM(2) SSOnCredentialType(3)

DeviceName ProxyAuthenticationPrompt(2) SSOnDetected

DisableCtrlAltDel ProxyAutoConfigURL(2) startIFDCD(3)

DisableMMMaximizeSupport ProxyBypassList startSCD(2)

Domain ProxyFallback(2) TRWD

DoNotUseDefaultCSL ProxyFavorIEConnectionSetting(2) TWIEmulateSystray

EnableAudioInput ProxyHost(3) TWIMode

EnableClientSelectiveTrust ProxyPassword(2) TWISuppressZZEcho

EnableOSS ProxyTimeout TWITaskbarGroupingMode

EnableRtpAudio ProxyUseDefault UseAlternateAddress(3)

EnableSessionSharing ProxyUseFQDN(2) UseDefaultEncryption

EnableSessionSharingClient ProxyUsername UseLocalUserAndPassword(2)

EnableSessionSharingHost(2) RECD(2) UseMRUBrowserPrefs

EncryptionLevelSession REWD(2) Username(3)


443

endIFDCD RtpAudioHighestPort VirtualChannels

FONTSMOOTHINGTYPE WorkDirectory

FriendlyName ScalingHeight ZLAutoHiLimit

ICASOCKSProtocolVersion(2) ScalingHeight ZLAutoLowLimit

ICASOCKSProxyHost(2) ScalingMode ZLKeyboardMode

ICASOCKSProxyPortNumber(2) ScalingPercent ZLMouseMode

InitialProgram

SmartcardBypassSmartcardDomain BypassSmartcardPassword BypassSmartcardUsername PCSCCodePage

PCSCLibraryName SmartcardRequired(2) Username(3)

TCP/IPDefaultHttpBrowserAddress, DriverNameWin32(12), ICAPortNumber

Thinwire 3.0DesiredColor(5) InstallColormap PersistentCacheMinBitmap(2) PersistentCacheSize(2)

Tw2CachePower TW2StopwatchMinimum TW2StopwatchScale TWIFullScreenMode

WindowManagerMoveIgnored WindowManagerMoveTimeout WindowsCache

TransportBrowserRetry(2) BrowserTimeout(2) HttpBrowserAddress OutBufCountClient

OutBufCountClient2 OutBufCountHost OutBufCountHost2 OutBufLength


444

WFClientAllowAudioInput Hotkey1Shift PNPDeviceAllowed

AllowVirtualDriverEx Hotkey2Char Port1

AllowVirtualDriverExLegacy Hotkey2Shift Port2

AltProxyAutoConfigURL(2) Hotkey3Char POSDeviceAllowed

AltProxyBypassList(2) Hotkey3Shift PrinterFlowControl

AltProxyHost(2) Hotkey4Char ProxyAuthenticationBasic(2)

AltProxyPassword(2) Hotkey4Shift ProxyAuthenticationKerberos

AltProxyType(2) Hotkey5Char ProxyAuthenticationNTLM(2)

AlwaysSendPrintScreen Hotkey5Shift ProxyAuthenticationPrompt(2)

AppendUsername Hotkey6Char ProxyAutoConfigURL(2)

BrowserRetry(2) Hotkey6Shift ProxyBypassList

BrowserTimeout(2) Hotkey7Char ProxyFallback(2)

CbChainInterval Hotkey7Shift ProxyFavorIEConnectionSetting(2)

CDMAllowed Hotkey8Char ProxyHost(3)

CGPAddress Hotkey8Shift ProxyPassword(2)

ClientName Hotkey9Char ProxyPort

ClipboardAllowed Hotkey9Shift ProxyType

ColorMismatchPrompt_Have16_Want256 HotkeyJPN%dChar ProxyUseFQDN(2)

ColorMismatchPrompt_Have16M_Want256 HowManySkipRedrawPerPaletteChange ReadersStatusPollPeriod

ColorMismatchPrompt_Have64K_Want256 ICAHttpBrowserAddress RemoveICAFile

COMAllowed(2) ICAKeepAliveEnabled ResMngrRunningPollPeriod

ContentRedirectionScheme ICAKeepAliveInterval SecureChannelProtocol(2)

CPMAllowed ICAPrntScrnKey SessionReliabilityTTL

CRBrowserAcceptURLtype ICASOCKSProtocolVersion(2) SkipRedrawPerPaletteChange

CRBrowserCommand ICASOCKSProxyHost(2) SmartCardAllowed

CRBrowserPath ICASOCKSProxyPortNumber(2) SSLCertificateRevocationCheckPolicy(2)

CRBrowserPercentS KeyboardLayout SSLCiphers

CRBrowserRejectURLtype KeyboardSendLocale SSLNoCACerts(2)

CREnabled KeyboardType SSLProxyHost(2)

CRPlayerAcceptURLtype KeyboardTimer(2) SSOnCredentialType(3)

CRPlayerCommand LocalIME SSOnUserSetting

CRPlayerPath LogAppend SSPIEnabled

CRPlayerPercentS LogConnect SucConnTimeout

CRPlayerRejectURLtype LogErrors SwapButtons

CustomConnectionsIconOff LogFileGlobalPath TransparentKeyPassthrough


445

DeferredUpdateMode LogFileWin32 TransportReconnectDelay

DesiredColor(5) Lpt1 TransportReconnectEnabled

DisableSound Lpt2 TransportReconnectRetries

DisableUPDOptimizationFlag Lpt3 TransportSilentDisconnect

DynamicCDM LVBMode(2) TwainAllowed

EmulateMiddleMouseButton MinimizeOwnedWindows TWIIgnoreWorkArea

EmulateMiddleMouseButtonDelay MissedKeepaliveWarningMsg TWISeamlessFlag

EnableInputLanguageToggle MissedKeepaliveWarningTime TWIShrinkWorkArea

EnableSessionSharingHost(2) MouseWheelMapping UseAlternateAddress(3)

EnableSSOnThruICAFile PassThroughLogoff UsersShareIniFiles

FastIdlePollDelay PercentS VirtualCOMPortEmulation

ForceLVBMode PersistentCacheGlobalPath VSLAllowed(2)

FullScreenBehindLocalTaskbar PersistentCacheMinBitmap(2) Win32FavorRetainedPrinterSettings

FullScreenOnly PersistentCachePath WpadHost

Hotkey10Char PersistentCachePercent XmlAddressResolutionType

Hotkey10Shift PersistentCacheSize(2) ZLDiskCacheSize

Hotkey1Char PersistentCacheUsrRelPath ZLFntMemCacheSize


446

447


ChannelNameChannelName

ClientAudioAudioDevice(2) AudioHWSection AudioInWakeOnInput AudioOutWakeOnOutput

CommandAckThresh ControlPollTime ConverterSection DataAckThresh

MaxDataBufferSize MaxMicBufferSize NumCommandBuffers NumDataBuffers

PlaybackDelayThresh VariantName

ClientCommCOMAllowed(2) CommPollSize CommPollWaitInc CommPollWaitIncTime

CommPollWaitMax CommPollWaitMin CommWakeOnInput MaxPort, WindowSize

ClientDriveCDMReadOnly DisableDrives EnableAsyncWrites EnableReadAhead

MaxOpenContext MaxWindowSize NativeDriveMapping SFRAllowed

ClientPrinterPortPrinterThreadPriority PrintMaxRetry WindowSize WindowsPrinter

ClientPrinterQueuePrinterResetTime UnicodeEnabled VSLAllowed(2) WindowSize

WindowsPrinter WindowSize2

CompressDriverNameWin32(12)

DefaultSerialConnectionDTR

DelegationLockdownProfiles, RegionIdentification

DynamicAcceptURLType Address(2) BUCC(2) Command

DesiredColor(5) DriverNameAlt DriverNameAltWin32 DriverNameWin32(12)

InitialProgram(2) LongCommandLine(2) Path ProxyHost(3)

RECD(2) RejectURLType REWD(2) RtpAudioLowestPort

SessionSharingLaunchOnly SSOnCredentialType(3) startIFDCD(3) startSCD(2)

UseAlternateAddress(3) Username(3)

EncodingInputEncoding

EncRC-5-0, EncRC-5-40, EncRC-5-56, andEncRC-5-128

DriverNameWin32(12)

ICA 3.0BufferLength BufferLength2 DriverNameWin32(12) VirtualDriver

VirtualDriverEx

LoggingLogConfigurationAccess, LogEvidence, LogFile

PingPingCount


448

PrelaunchApplicationState Schedule UserOverride

qwertyLicenseType, startIFDCD(3)


449

ServerAddress(2) InitialProgram(2) ScalingWidth

AECD IOBase Schedule

AltProxyAutoConfigURL(2) KeyboardTimer(2) ScreenPercent

AltProxyBypassList(2) Launcher SecureChannelProtocol(2)

AltProxyHost(2) LaunchReference SecurityTicket

AltProxyPassword(2) LocHttpBrowserAddress SessionSharingKey

AltProxyType(2) LogFlush SessionSharingName

AudioBandwidthLimit LogonTicket SmartcardRequired(2)

AudioDuringDetach LogonTicketType SpeedScreenMMA

AUTHPassword LongCommandLine(2) SpeedScreenMMAAudioEnabled

AUTHUserName LPWD SpeedScreenMMAMaxBufferThreshold

AutoLogonAllowed LVBMode(2) SpeedScreenMMAMaximumBufferSize

BrowserProtocol MouseTimer SpeedScreenMMAMinBufferThreshold

BUCC(2) MSIEnabled SpeedScreenMMASecondsToBuffer

CFDCD NDS SpeedScreenMMAVideoEnabled

ClearPassword NRUserName SSLCACert

ClientAudio NRWD SSLCertificateRevocationCheckPolicy(2)

Password SSLCommonName

COCD PersistentCacheEnabled SSLEnable

ConnectionFriendlyName pnStartSCD SSLNoCACerts(2)

DataBits ProxyAuthenticationBasic(2) SSLProxyHost(2)

DesiredColor(5) ProxyAuthenticationNTLM(2) SSOnCredentialType(3)

DeviceName ProxyAuthenticationPrompt(2) SSOnDetected

DisableCtrlAltDel ProxyAutoConfigURL(2) startIFDCD(3)

DisableMMMaximizeSupport ProxyBypassList startSCD(2)

Domain ProxyFallback(2) TRWD

DoNotUseDefaultCSL ProxyFavorIEConnectionSetting(2) TWIEmulateSystray

EnableAudioInput ProxyHost(3) TWIMode

EnableClientSelectiveTrust ProxyPassword(2) TWISuppressZZEcho

EnableOSS ProxyTimeout TWITaskbarGroupingMode

EnableRtpAudio ProxyUseDefault UseAlternateAddress(3)

EnableSessionSharing ProxyUseFQDN(2) UseDefaultEncryption

EnableSessionSharingClient ProxyUsername UseLocalUserAndPassword(2)

EnableSessionSharingHost(2) RECD(2) UseMRUBrowserPrefs

EncryptionLevelSession REWD(2) Username(3)


450

endIFDCD RtpAudioHighestPort VirtualChannels

FONTSMOOTHINGTYPE WorkDirectory

FriendlyName ScalingHeight ZLAutoHiLimit

ICASOCKSProtocolVersion(2) ScalingHeight ZLAutoLowLimit

ICASOCKSProxyHost(2) ScalingMode ZLKeyboardMode

ICASOCKSProxyPortNumber(2) ScalingPercent ZLMouseMode

InitialProgram

SmartcardBypassSmartcardDomain BypassSmartcardPassword BypassSmartcardUsername PCSCCodePage

PCSCLibraryName SmartcardRequired(2) Username(3)

TCP/IPDefaultHttpBrowserAddress, DriverNameWin32(12), ICAPortNumber

Thinwire 3.0DesiredColor(5) InstallColormap PersistentCacheMinBitmap(2) PersistentCacheSize(2)

Tw2CachePower TW2StopwatchMinimum TW2StopwatchScale TWIFullScreenMode

WindowManagerMoveIgnored WindowManagerMoveTimeout WindowsCache

TransportBrowserRetry(2) BrowserTimeout(2) HttpBrowserAddress OutBufCountClient

OutBufCountClient2 OutBufCountHost OutBufCountHost2 OutBufLength


451

WFClientAllowAudioInput Hotkey1Shift PNPDeviceAllowed

AllowVirtualDriverEx Hotkey2Char Port1

AllowVirtualDriverExLegacy Hotkey2Shift Port2

AltProxyAutoConfigURL(2) Hotkey3Char POSDeviceAllowed

AltProxyBypassList(2) Hotkey3Shift PrinterFlowControl

AltProxyHost(2) Hotkey4Char ProxyAuthenticationBasic(2)

AltProxyPassword(2) Hotkey4Shift ProxyAuthenticationKerberos

AltProxyType(2) Hotkey5Char ProxyAuthenticationNTLM(2)

AlwaysSendPrintScreen Hotkey5Shift ProxyAuthenticationPrompt(2)

AppendUsername Hotkey6Char ProxyAutoConfigURL(2)

BrowserRetry(2) Hotkey6Shift ProxyBypassList

BrowserTimeout(2) Hotkey7Char ProxyFallback(2)

CbChainInterval Hotkey7Shift ProxyFavorIEConnectionSetting(2)

CDMAllowed Hotkey8Char ProxyHost(3)

CGPAddress Hotkey8Shift ProxyPassword(2)

ClientName Hotkey9Char ProxyPort

ClipboardAllowed Hotkey9Shift ProxyType

ColorMismatchPrompt_Have16_Want256 HotkeyJPN%dChar ProxyUseFQDN(2)

ColorMismatchPrompt_Have16M_Want256 HowManySkipRedrawPerPaletteChange ReadersStatusPollPeriod

ColorMismatchPrompt_Have64K_Want256 ICAHttpBrowserAddress RemoveICAFile

COMAllowed(2) ICAKeepAliveEnabled ResMngrRunningPollPeriod

ContentRedirectionScheme ICAKeepAliveInterval SecureChannelProtocol(2)

CPMAllowed ICAPrntScrnKey SessionReliabilityTTL

CRBrowserAcceptURLtype ICASOCKSProtocolVersion(2) SkipRedrawPerPaletteChange

CRBrowserCommand ICASOCKSProxyHost(2) SmartCardAllowed

CRBrowserPath ICASOCKSProxyPortNumber(2) SSLCertificateRevocationCheckPolicy(2)

CRBrowserPercentS KeyboardLayout SSLCiphers

CRBrowserRejectURLtype KeyboardSendLocale SSLNoCACerts(2)

CREnabled KeyboardType SSLProxyHost(2)

CRPlayerAcceptURLtype KeyboardTimer(2) SSOnCredentialType(3)

CRPlayerCommand LocalIME SSOnUserSetting

CRPlayerPath LogAppend SSPIEnabled

CRPlayerPercentS LogConnect SucConnTimeout

CRPlayerRejectURLtype LogErrors SwapButtons

CustomConnectionsIconOff LogFileGlobalPath TransparentKeyPassthrough


452

DeferredUpdateMode LogFileWin32 TransportReconnectDelay

DesiredColor(5) Lpt1 TransportReconnectEnabled

DisableSound Lpt2 TransportReconnectRetries

DisableUPDOptimizationFlag Lpt3 TransportSilentDisconnect

DynamicCDM LVBMode(2) TwainAllowed

EmulateMiddleMouseButton MinimizeOwnedWindows TWIIgnoreWorkArea

EmulateMiddleMouseButtonDelay MissedKeepaliveWarningMsg TWISeamlessFlag

EnableInputLanguageToggle MissedKeepaliveWarningTime TWIShrinkWorkArea

EnableSessionSharingHost(2) MouseWheelMapping UseAlternateAddress(3)

EnableSSOnThruICAFile PassThroughLogoff UsersShareIniFiles

FastIdlePollDelay PercentS VirtualCOMPortEmulation

ForceLVBMode PersistentCacheGlobalPath VSLAllowed(2)

FullScreenBehindLocalTaskbar PersistentCacheMinBitmap(2) Win32FavorRetainedPrinterSettings

FullScreenOnly PersistentCachePath WpadHost

Hotkey10Char PersistentCachePercent XmlAddressResolutionType

Hotkey10Shift PersistentCacheSize(2) ZLDiskCacheSize

Hotkey1Char PersistentCacheUsrRelPath ZLFntMemCacheSize


453

454

AcceptURLType

Specifies the acceptable URL types for the Content Redirection scheme.

Section Dynamic

Feature ContentRedirection

Attribute Name INI_CR_ACCEPT_URL_TYPE

Data Type String

Access Type Read

UNIX Specific Yes

Present in ADM No

ValuesValue Description

"" None rejected - Default

http

https

INI LocationN/A

Registry LocationN/A

455

Address(2)

Address of the target server.

Gives application server host name. It is also used to check whether it is a dialup or lanconnection. For TCP/IP connections, this can be the DNS name of a XenApp server, the IPaddress of a XenApp server, or the name of a published application.

Section Server,dynamic

Feature Misc

Attribute Name INI_ADDRESS

Data Type String

Access Type Read & Write

UNIX Specific No

Present in ADM No


"" DNS name or IP Address of a Citrix server - Default

INI LocationINI File Section Value

Module.ini TCP/IP

Module.ini TCP/IP - FTP

Module.ini TCP/IP - Novell Lan WorkPlace

Module.ini TCP/IP - Microsoft

Module.ini TCP/IP - VSL

All_Regions.ini Network\Protocols

canonicalization.ini TCP/IP Address

Registry LocationThis key must be specified for .ica files.

Registry Key Value

HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICAClient\Engine\Configuration\Advanced\Canonicalization\TCP/IP

Address

HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICAClient\Engine\Configuration\Advanced\Modules\TCP/IP

HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICAClient\Engine\Configuration\Advanced\Modules\TCP/IP - FTP

HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICAClient\Engine\Configuration\Advanced\Modules\TCP/IP - Microsoft

HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICAClient\Engine\Configuration\Advanced\Modules\TCP/IP - Novell LanWorkPlace

HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICAClient\Engine\Configuration\Advanced\Modules\TCP/IP - VSL

HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\LockdownProfiles\All Regions\Lockdown\Network\Protocols

HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\LockdownProfiles\All Regions\Lockdown\Network\Protocols

Address(2)

456

457

AECD

End User Experience Monitoring APPLICATION_ENUM_CLIENT (AECD).

End User Experience Monitoring (EUEM) startup data. The time it takes to get the list ofapplications.

Section Server

Feature EUEM

Attribute Name INI_EUEM_AECD

Data Type Integer


UNIX Specific No

Present in ADM No


-1 Initial reset value - Default


All_Regions.ini Virtual Channels\End User Experience

Registry LocationRegistry Key Value

HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\LockdownProfiles\All Regions\Lockdown\Virtual Channels\End User Experience

HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\LockdownProfiles\All Regions\Lockdown\Virtual Channels\End User Experience

458

AllowAudioInput

Allows the audio input for client audio.

Gives a boolean value specifying whether audio input is allowed or not.

Note: UNIX specific implemenation.

Section WFClient

Feature Audio

Attribute Name INI_ALLOWAUDIOINPUT

Data Type Boolean

Access Type Read

UNIX Specific Yes

Present in ADM No


False Client audio input is not allowed - Default

True Client audio input is allowed

INI LocationN/A


459

AllowVirtualDriverEx

Allows third party virtual Driver Extention.

Used to check whether virtual driver extension is allowed and if yes, appends third partyvirtual channels.

To append a third-party virtual channel list to current virtual drivers, setAllowVirtualDriverEx to TRUE.

Section WFClient

Feature Core

Attribute Name INI_ALLOW_VIRTUALDRIVER_THIRDPARTY

Data Type Boolean

Access Type Read

UNIX Specific No

Present in ADM No


TRUE Allows third-party virtual Driver Extention - Default

FALSE Does not allow third-party virtual driver extention


All_Regions.ini Virtual Channels\Third Party *


HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\LockdownProfiles\All Regions\Lockdown\Virtual Channels\Third Party

*

HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\LockdownProfiles\All Regions\Lockdown\Virtual Channels\Third Party

*

460

AllowVirtualDriverExLegacy

Allows legacy third-party virtual drivers.

Specifies whether (TRUE) or not (FALSE) to load legacy third-party virtual driver.

If this is set, the client parses the INI_ICA30 section for value INI_VIRTUALDRIVER, which is alist of Virtual Drivers separated by commas; ICA client attempts to load each Virtual Driverin this list. In order to successfully load, the .ini file must contain a section name thatmatches the Virtual Driver, and has correct Virtual Driver entries in the section.

Section WFClient

Feature Core

Attribute Name INI_ALLOW_VIRTUALDRIVER_THIRDPARTY_LEGACY

Data Type Boolean

Access Type Read

UNIX Specific No

Present in ADM No


TRUE Allow third-party legacy virtual drivers - Default

FALSE Do not allow third-party legacy virtual drivers


All_Regions.ini Virtual Channels\Third Party *


HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\LockdownProfiles\All Regions\Lockdown\Virtual Channels\Third Party

*

HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\LockdownProfiles\All Regions\Lockdown\Virtual Channels\Third Party

*

461

AltProxyAutoConfigURL(2)

URLs for proxy auto detection script. Gives the URL (location) of proxy auto detection(.pac)script. Automatic Proxy Configuration is a proxy mode where the proxy configuration isdescribed in a file, called a PAC (.pac) file.

It must be set if the value of "AltProxyType" is Script; otherwise, it is ignored.

ADM UI Element : Citrix Components > Citrix Receiver > Network routing > Proxy > Configureclient failover proxy settings > Proxy script URLs

Section WFClient,Server

Feature Proxy

Attribute Name INI_ALTPROXYAUTOCONFIGURL

Data Type String

Access Type Read

UNIX Specific No

Present in ADM Yes


"" URL for proxy auto detection script - Default


All_Regions.ini Network\Proxy


HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\LockdownProfiles\All Regions\Lockdown\Network\Proxy

3

HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\LockdownProfiles\All Regions\Lockdown\Network\Proxy

462

AltProxyBypassList(2)

List of servers that do not traverse the failover proxy.

Specifies a list of hosts for which to bypass proxy connections. For any proxy type, you canprovide a list of servers that do not traverse the proxy. These should be placed in the"Bypass server list."

An asterisk (*) included in a host name acts as a wildcard (for example, *.widgets.com).Multiple hosts must be separated by a semicolon (;) or comma (,).

The bypass list can be up to 4096 characters. This parameter is ignored if the value ofProxyType is None or Auto.

ADM UI Element : Citrix Components > Citrix Receiver > Network routing > Proxy > Configureclient failover proxy settings > Bypass server list.

Section WFClient, Server

Feature Proxy

Attribute Name INI_ALTPROXYBYPASSLIST

Data Type String

Access Type Read

UNIX Specific No

Present in ADM Yes


"" List of hosts, seperated by semi-colon (;) or comma (,) - Default






AltProxyBypassList(2)

463

464

AltProxyHost(2)

Address of alternate (failover) proxy server.

Specifies the address of the proxy server. It is required if the value of ProxyType is any ofthe following: Socks, SocksV4, SocksV5, Tunnel(Secure); otherwise, ProxyHost is ignored.

To indicate a port number other than 1080 (default for SOCKS) or 8080 (default for Secure),append the appropriate port number to the value after a colon (:).

ADM UI Element : Citrix Components > Citrix Receiver > Network routing > Proxy > Configureclient failover proxy settings > Proxy host names


Feature Proxy

Attribute Name INI_ALTPROXYHOST

Data Type String

Access Type Read

UNIX Specific No

Present in ADM Yes


"" Proxy Server Address - Default






465

AltProxyPassword(2)

Failover proxy server password for user. Holds the clear text password to be used toautomatically authenticate the client to the failover proxy.


Feature Proxy

Attribute Name INI_ALTPROXYPASSWORD

Data Type String

Access Type Read

UNIX Specific No

Present in ADM No


"" Prompt the user for the proxy password - Default






466

AltProxyType(2)

Failover proxy type requested for connection.

Specifies what type of failover proxy server a host session uses. When AltProxyType ="Secure", the client contacts the proxy identified by the "AltProxyHost" and "AltProxyPort"settings. The negotiation protocol uses an "HTTP CONNECT" header request specifying thedesired destination.

ADM UI Element : Citrix Components > Citrix Receiver > Network routing > Proxy > Configureclient failover proxy settings > Proxy types

Section Server, WFClient

Feature Proxy

Attribute Name INI_ALTPROXYTYPE

Data Type String

Access Type Read

UNIX Specific No

Present in ADM Yes


None Use Direct Connection - Default

Auto Auto Detect from Web browser

Tunnel(Secure)

Wpad

Socks

Socks v4

Socks v5

Script Interpret proxy auto-configuration script



Trusted_Region.ini Network\Proxy Auto

Untrusted_Region.ini Network\Proxy Auto



HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\LockdownProfiles\Trusted Region\Lockdown\Network\Proxy

Auto

HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\LockdownProfiles\Untrusted Region\Lockdown\Network\Proxy

Auto


AltProxyType(2)

467

468

AlwaysSendPrintScreen

Turns on or off the " AlwaysSendPrintScreen" attrtibute in seamless application. By enablingthe key, user can use the " Print Screen" key on the keyboard while an ICA session is runningwith seamless application.

Section WFClient

Feature Seamless

Attribute Name INI_ALWAYSSENDPRNTSCRN

Data Type Boolean

Access Type Read

UNIX Specific No

Present in ADM No


Off Print Screen key cannot be used - Default

On Print Screen key can be used


All_Regions.ini Virtual Channels\Keyboard


HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\LockdownProfiles\All Regions\Lockdown\Virtual Channels\Keyboard

HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\LockdownProfiles\All Regions\

469

AppendUsername

Specifies whether or not user can append user name to the window title bar. If theattribute is non zero, user can concatenate the user name with the regular text for thewindow title bar (very long window titles will be truncated).

Section WFClient

Feature CoreUI

Attribute Name INI_APPEND_USERNAME

Data Type Integer

Access Type Read

UNIX Specific No

Present in ADM No


0 Do not append the username - Default

1 Add the username to the window title


All_Regions.ini Client Engine\GUI


HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\LockdownProfiles\All Regions\Lockdown\Client Engine\GUI

HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\LockdownProfiles\All Regions\Lockdown\Client Engine\GUI

470

AudioBandwidthLimit

Specifies the audio bandwidth limit and, by extension, the audio quality for the connection.Higher audio quality requires more bandwidth. The bandwidth requirements for high qualityaudio might make this setting unsuitable for many deployments.

Corresponding UI Element:

For applicationsetname: SETTINGS dialog box > DEFALUT OPTION tab > SOUND QUALITYmenu

For applicationservername: PROPERTIES dialog box > OPTIONS tab > SOUND QUALITY menu

ADM UI Element: Citrix Components > Citrix Receiver > User experience > Client audiosettings.

Section Server

Feature Audio

Attribute Name INI_AUDIOBANDWIDTHLIMIT

Data Type Integer

Access Type Read

UNIX Specific No

Present in ADM Yes


1 Medium: 64 kilobits per second (network Connection) - Default

2 Low: 4 Kbps (serial Connection)

0 High : 1.4 megabits per second (Mbps)


All_Regions.ini Virtual Channels


HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\LockdownProfiles\All Regions\Lockdown\Virtual Channels\Audio

*

HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\LockdownProfiles\All Regions\Lockdown\Virtual Channels\Audio

*

AudioBandwidthLimit

471

472

AudioDevice(2)

Specifies the output device when there is more than one audio device available. It shoulddefault to the name that is standard for each UNIX variant.

Section ClientAudio

Feature Audio

Attribute Name INI_AUDIODEVICE

Data Type String

Access Type Read

UNIX Specific Yes

Present in ADM No


/dev/dsp For Linux, LinuxArm, or UCLinux - Default

/dev/audio For Solaris, SolarisX86, or netbsd - Default

<none> For any other platform - Default

INI LocationN/A


473

AudioDuringDetach

Specifies audio behavior when the ICO is detached from the page. Controls the audiobehavior when a user navigates to a page with an ICA session, starts playing a wave file,and then navigates away.

If AudioDuringDetach is false and the ICO is detached from the page, the audio stops. If it istrue, the audio continues even after the detach.

Section Server

Feature Audio

Attribute Name INI_AUDIODURINGDETACH

Data Type Boolean

Access Type Read

UNIX Specific No

Present in ADM No


False The audio will stop when ICO is detached - Default

True Audio will continue even after ICO is detached

INI LocationN/A


474

AudioHWSection

Used to locate the driver module in the [AudioConverter] section.

Section ClientAudio

Feature Audio

Attribute Name INI_CAM_AUDHW_SECTIONNAME

Data Type String

Access Type Read

UNIX Specific No

Present in ADM No


AudioConverterDefault


Module.ini AudioConverter AudioHardware

Module.ini ClientAudio AudioConverter


HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICAClient\Engine\Configuration\Advanced\Modules\AudioConverter

AudioHardware

HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICAClient\Engine\Configuration\Advanced\Modules\ClientAudio

AudioConverter

475

AudioInWakeOnInput

Enable/Disable audio input. Audio is on when audio is detected on input channel.

Linux only platform.

Section ClientAudio

Feature Audio

Attribute Name INI_CAM_AUDIOIN_WAKE_ON_INPUT

Data Type Boolean


UNIX Specific No

Present in ADM No


1 Enable audio input - Default

0 Disable audio input

INI LocationN/A


476

AudioOutWakeOnOutput

Enable/Disable audio output. Audio is enabled when audio is detected on output channel.

Linux only platform.

Section ClientAudio

Feature Audio

Attribute Name INI_CAM_AUDIOOUT_WAKE_ON_OUTPUT

Data Type Boolean

Access Type Read

UNIX Specific No

Present in ADM No


1 Enable audio input - Default


INI LocationN/A


477

AUTHPassword

Specifies SSL authorization password.

Section Server

Feature SSL

Attribute Name INI_AUTHPASSWORD

Data Type String

Access Type Read

UNIX Specific No

Present in ADM No


"" If present, any valid string representing password for authentication -Default

INI LocationN/A


478

AUTHUserName

Specifies the SSL authorization username.

Section Server

Feature SSL

Attribute Name INI_AUTHUSERNAME

Data Type String

Access Type Read

UNIX Specific No

Present in ADM No


"" If present, the valid string representing username for authentication -Default

INI LocationN/A


479

AutoLogonAllowed

Specifies whether or not autologon is allowed for Secure ICA client; specifies whether (Off)or not (On) to require users to enter their user name, domain name, and password whenconnecting using encryption levels greater than Basic. By default, users are required toenter this information, even if it is present in appsrv.ini.

Section Server

Feature SSL

Attribute Name AUTOLOGON

Data Type Boolean

Access Type Read

UNIX Specific No

Present in ADM No


FALSE Does not allow autologon for secure ICA client - Default

TRUE Allows autologon for secure ICA client


All_Regions.ini Login *


HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICAClient\Engine\Lockdown Profiles\All Regions\Lockdown\Logon

*

HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\LockdownProfiles\All Regions\Lockdown\Logon

*

480

BrowserProtocol

Specifies the network protocol used for ICA browsing.

Value contains the borwser-s protocol to use of either HTTP on TCP or UDP.

Note: IPX, SPX, and NetBIOS are no longer supported.

Section Server

Feature EnumRes

Attribute Name INI_BROWSEPROTOCOL

Data Type String

Access Type Read/Write

UNIX Specific No

Present in ADM No


UDP Default

HTTPonTCP


All_Regions.ini Application Browsing


HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\LockdownProfiles\All Regions\Lockdown\Application Browsing

HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\LockdownProfiles\All Regions\Lockdown\Application Browsing

481

BrowserRetry(2)

Specifies the number of times the ICA Client device will resubmit an ICA Master Browserrequest that has timed out.

Section Transport,WFClient

Feature EnumRes

Attribute Name INI_BROWSERRETRY

Data Type Integer

Access Type Read

UNIX Specific No

Present in ADM No


3 Default


Module.ini TCP/IP 3

All_Regions.ini Application Browsing *

appsrv.ini WFClient 3



3


*


*

482

BrowserTimeout(2)

Specifies the number of milliseconds the ICA Client will wait for a response after making arequest to the ICA Master Browser.

Section Transport,WFClient

Feature EnumRes

Attribute Name INI_BROWSERTIMEOUT

Data Type Integer

Access Type Read

UNIX Specific No

Present in ADM No


1000 Timeout (ms) - Default


Module.ini TCP/IP 1000

All_Regions.ini Application Browsing *




1000


*


*

483

BUCC(2)

The number of backup URL retries before success. This is one of the Session Client startupdata while End User Experience Monitoring (EUEM) metrics are stored.

Note: This is the only start-up metric that is a count of attempts, rather than a duration.

Section Server, Dynamic

Feature EUEM

Attribute Name INI_EUEM_BUCC

Data Type Integer


UNIX Specific No

Present in ADM No


0 Number of backup URL retries before success - Default






484

BufferLength

Specifies the input buffer length in bytes for connections to MetaFrame XP, Feature Release1 or earlier servers.

Section ICA 3.0

Feature Core

Attribute Name INI_BUFFERLENGTH

Data Type Integer

Access Type Read

UNIX Specific No

Present in ADM No


2048 Buffer Length (Bytes) - Default


Module.ini ICA 3.0 2048


HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICAClient\Engine\Configuration\Advanced\Modules\ICA 3.0

2048

485

BufferLength2

Specifies the input buffer length in bytes for connections to MetaFrame XP, Feature Release2 or later servers.

Section ICA 3.0

Feature Core

Attribute Name INI_BUFFERLENGTH2

Data Type Integer

Access Type Read

UNIX Specific No

Present in ADM No


5000 Buffer Length (Bytes) - Default


Module.ini ICA 3.0 5000



5000

486

BypassSmartcardDomain

Enable/Disable bypass switch for domain name. Specifies whether (FALSE) or not (TRUE) touse smartcard to get the domain name or get it from appsrv.ini file.

Section Smartcard

Feature Smartcard

Attribute Name INI_DOMAINBYPASS

Data Type Boolean

Access Type Read

UNIX Specific No

Present in ADM No


False Does not bypass smartcard to get domain information - Default

True Bypass smartcard for domain information

INI LocationN/A


487

BypassSmartcardPassword

Specifies whether (FALSE) or not (TRUE) to get password from smartcard.

Section Smartcard

Feature Smartcard

Attribute Name INI_DOMAINBYPASS

Data Type String

Access Type Read

UNIX Specific No

Present in ADM No


False Does not bypass smartcard to get user information - Default

True Bypass smartcard for user information

INI LocationN/A


488

BypassSmartcardUsername

Specifies whether (FALSE) or not (TRUE) to use smartcard to get username or get it fromappsrv.ini file.

Section Server

Feature Smartcard

Attribute Name INI_USERNAMEBYPASS

Data Type String

Access Type Read

UNIX Specific No

Present in ADM No


False Does not bypass smartcard to get user information - Default

True Bypass smartcard for user information

INI LocationN/A


489

CbChainInterval

Specifies the number of milliseconds before testing if clipboard viewer chain is broken. Setto a positive number or to 0 to disable testing.

Copying content from the user device and pasting it in a published application failed. Thisissue was caused by a third party application that prevented the client from receivingnotification when new content was copied to the local clipboard. This attribute introducessupport for a mechanism to check at periodic intervals the client`s ability to receiveclipboard change notifications. If the mechanism finds the client cannot receive thenotifications, the client attempts to register itself to receive future notifications. To enablethis functionality, add in appsrv.ini files as follows:

[WFClient]

CbChainInterval=<value>, where value is the interval, in milliseconds, at which checks areto be performed.

Section WFClient

Feature Clipboard

Attribute Name INI_VCLIPBOARD_VIEWER_CHAIN_TEST_INTERVAL

Data Type Integer

Access Type Read

UNIX Specific No

Present in ADM No


0 Disable testing - Default

2000 Minimum (ms)

INI LocationN/A


490

CDMAllowed

Specifies whether Client Drive Mapping is allowed or not.

ADM UI Element : Citrix Components > Citrix Receiver > Remoting client devices > Clientdrive mapping > Enable client drive mapping

Section WFClient

Feature CDM

Attribute Name INI_CDMALLOWED

Data Type Boolean

Access Type Read

UNIX Specific No

Present in ADM Yes


True Allow Client Drive Mapping - Default

False Do not allow Client Drive Mapping


All_Regions.ini Virtual Channels\Drives *

appsrv.ini WFClient On


HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\LockdownProfiles\All Regions\Lockdown\Virtual Channels\Drives

*

HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\LockdownProfiles\All Regions\Lockdown\Virtual Channels\Drives

*

491

CDMReadOnly

Specifies that the CDM virtual channel permits read-only access to client drives.

ADM UI Element : Citrix Components > Citrix Receiver > Remoting client devices > Clientdrive mapping > Read-only client drives

Section ClientDrive

Feature CDM

Attribute Name INI_CDMREADONLY

Data Type Boolean

Access Type Read

UNIX Specific No

Present in ADM Yes


False CDM is not read-only - Default

True CDM is read-only



Module.ini ClientDrive False

canonicalization.ini ClientDrive CDMReadOnly


HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICAClient\Engine\Configuration\Advanced\Canonicalization\ClientDrive

CDMReadOnly

HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICAClient\Engine\Configuration\Advanced\Modules\ClientDrive

False


*


*

CDMReadOnly

492

493

CFDCD

Configuration File Download Client Duration (CFDCD) is the time it takes to get theconfiguration file from the XML server.

This is one of the Session Client startup data while End User Experience Monitoring (EUEM)metrics are stored.

Section Server

Feature EUEM

Attribute Name INI_EUEM_CFDCD

Data Type Integer


UNIX Specific No

Present in ADM No


-1 Default






494

CGPAddress

Specifies the CGP address. It is in "hostname:port" form. Rather than specifying thehostname, you can type an asterisk (*) to use the Address parameter value as the host(session reliability server).

The port value is optional. If you do not specify a port value, the default 2598 is used. If aconnection on port 2598 fails, the client tries to establish a standard (non-sessionreliability) connection on port 1494.

Section WFClient

Feature CGP

Attribute Name INI_CGPADDRESS

Data Type String


UNIX Specific No

Present in ADM No


"" If present, some valid CGP address - Default

0.0.0.0 Bad CGP Address, use it as a marker for testing

INI LocationN/A


495

ChannelName

Specifies a name for the static virtual channel to use for a specific DVC plug-in. By defaultthe static channel name is automatically generated using the module file name of the DVCplug-in. To ensure that a unique name is generated, upon collision one or two digits can beused at the end of the name to make it unique while keeping the name length at amaximum of seven characters.

Section ChannelName

Feature DVC

Attribute Name INI_DVC_PLUGIN_<DVC plugin name>

Data Type String

Access Type Read

UNIX Specific No

Present in ADM No


Static virtual channel name


Module.ini [DVC_Plugin_<DVC plugin name> ]


HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICAClient\Engine\Configuration\Advanced\Modules\DVC_Plugin_<DVC pluginname>

*

496

ClearPassword

Specifies the clear password to automatically authenticate the client. It is a plain textpassword. It overrides the Password parameter, but it only overrides the Passwordparameter if the EncryptionLevel of Password is basic or the AutoLogonAllowed = On in theINI file.

Legacy Web Interface ticketing was implemented by passing a single-use authenticationcookie to the server in the Clear Text password field.

ADM UI Element : Citirix Components > Citrix Receiver > User authentication > WebInterface authentication ticket > Legacy ticket handling

Section Server

Feature Core

Attribute Name INI_CLEAR_PASSWORD

Data Type String

Access Type Read

UNIX Specific No

Present in ADM Yes


"" Clear Password - Default


All_Regions.ini Logon\Saved Credentials


HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\LockdownProfiles\All Regions\Lockdown\Logon\Saved Credentials

HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\LockdownProfiles\All Regions\Lockdown\Logon\Saved Credentials

497

ClientAudio

Specifies whether (On) or not (Off) to enable client audio mapping.

Use this policy to control how sound effects and music produced by remote applications ordesktops are directed to the client computer. When this policy is enabled, the "Enableaudio" check box can be used to completely disable client audio mapping. This does notaffect the client to server audio data, which is controlled through the "Remoting clientdevices" policy. It is also possible to control the audio quality.

Three quality levels are supported: low, medium, and high. This setting affects both serverto client and client to server audio quality. Note that the bandwidth requirements for highquality audio could make this setting unsuitable for many deployments.

ADM UI Element : Citrix Components > Citrix Receiver > User experience > Client audiosettings > Enable audio

Section Server

Feature Audio

Attribute Name INI_CAM

Data Type Boolean

Access Type Read

UNIX Specific No

Present in ADM Yes


Off Disables client audio mapping - Default

On Enables client audio mapping


Module.ini VirtualDriver

All_Regions.ini Virtual Channels\Audio *


HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICAClient\Engine\Configuration\Advanced\Modules\VirtualDriver


*


*

ClientAudio

498

499

ClientName

Specifies the client name used to get serial number.

Clients prior to Version 6.30 store the client name in the [WFClient] section of wfcname.ini.As of Version 6.30, clients retrieve the client name from the system registry. As of Version6.03 or later, any ClientName setting in wfcname.ini is used only for migrating the clientname to the registry during client install; for example, when upgrading from orauto-updating a pre-Version 6.30 client.

The ClientName setting in the .ica file overrides the default way of retrieving the clientname as described in Default Value.

Section WFClient

Feature Core

Attribute Name INI_CLIENTNAME

Data Type String

Access Type Read

UNIX Specific No

Present in ADM No


"" Client name - Default


All_Regions.ini Client Engine


HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\LockdownProfiles\All Regions\Lockdown\Client Engine

HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\LockdownProfiles\All Regions\Lockdown\Client Engine

500

ClipboardAllowed

Enable or disable access to the client clipboard. Use this policy to enable and restrict theremote application or desktop`s access to the client clipboard contents.

ADM UI Element: Citrix Components > Citrix Receiver > Remoting client devices > Clipboard> Enable/Disable

Section WFClient

Feature Clipboard

Attribute Name INI_CLIPBOARDALLOWED

Data Type Boolean

Access Type Read

UNIX Specific No

Present in ADM Yes


True Enable access to clipboard - default

False Disable access to clipboard


All_Regions.ini Virtual Channels\Clipboard *


HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\LockdownProfiles\All Regions\Lockdown\Virtual Channels\Clipboard

*

HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\LockdownProfiles\All Regions\Lockdown\Virtual Channels\Clipboard

*

501

COCD

End User Experience Monitoring (EUEM) COCD - CREDENTIALS_OBTENTION_CLIENT

The time it takes to get the user credentials. COCD is measured only when credentials areentered manually by the user.

Section Server

Feature EUEM

Attribute Name INI_EUEM_COCD

Data Type Integer


UNIX Specific No

Present in ADM No


-1 Initial reset value - default






502

ColorMismatchPrompt_Have16M_Want256

Specifies whether or not to display a warning if the client device’s color depth is high color(16-bit) and the connection configuration is for 256 colors.

Section WFClient

Feature Core

Attribute Name INI_HAVE16M_WANT256

Data Type Boolean


UNIX Specific No

Present in ADM No


On Enable device color depth warning display - default

Off Disable device color depth warning display




503

ColorMismatchPrompt_Have16_Want256

Specifies whether or not to display a warning if the client device’s color depth is 16 colorsand the connection configuration is for 256 colors.

Not implemented in Program Neighborhood Client.

Section WFClient

Feature Core

Attribute Name INI_HAVE16_WANT256

Data Type Boolean

Access Type Read

UNIX Specific No

Present in ADM No


On Displays a warning message in case of color depth error - default

Off Does not display a warning message in case of color depth error




504

ColorMismatchPrompt_Have64k_Want256

Specifies whether or not to display a warning if the client device’s color depth is true color(32-bit) and the connection configuration is for 256 colors.

Not implemented in Program Neighborhood Client.

Section WFClient

Feature Core

Attribute Name INI_HAVE64K_WANT256

Data Type Boolean

Access Type Read

UNIX Specific No

Present in ADM No


On Displays a warning message in case of low color depth error - default

Off Does not display a warning message in case of color depth error




505

COMAllowed(2)

Specifies whether or not COM port mapping is permitted.

Use this policy to enable and restrict the remote application or desktop`s access to theclient’s serial ports. This allows the server to use locally attached hardware.

Troubleshooting: Remote PDA synchronization uses "virtual COM ports." These are serialport connections that are routed through USB connections. For this reason, it is necessaryto enable serial port access to use PDA synchronization.

ADM UI Element: Citrix Components > Citrix Receiver > Remoting client devices > ClientHardware Access > Map Serial Ports

Section WFClient,ClientComm

Feature COMPortMapping

Attribute Name INI_COMALLOWED

Data Type Boolean

Access Type Read

UNIX Specific No

Present in ADM Yes


On COM Port mapping is permitted - default

Off COM Port mapping is disabled


All_Regions.ini Virtual Channels\Serial Port *



HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\LockdownProfiles\All Regions\Lockdown\Virtual Channels\Serial Port

*

HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\LockdownProfiles\All Regions\Lockdown\Virtual Channels\Serial Port

*

COMAllowed(2)

506

507

Command

Specify the command for Content Redirection.

This is the command that runs the executable used for server to client redirection. There isno default value for this attribute.

Section dynamic


Attribute Name INI_CR_CMD

Data Type String

Access Type Read

UNIX Specific Yes

Present in ADM No


"" Content Redirection Command - default

INI LocationN/A


508

CommandAckThresh

Command ACKs sent - threshold; the number of outstanding ACKs queued before aCommand ACK is sent.

ACKs are sent in the following situations:

● The time since the last ACK was sent is at or above the delay threshold (time inmilliseconds), OR

● The number of outstanding ACKs to be sent is at or above the threshold (Number ofCommand ACKs).

Section ClientAudio

Feature Audio

Attribute Name INI_CAM_CMDACK_THRESH

Data Type Integer

Access Type Read

UNIX Specific No

Present in ADM No


1 Number of command ACKs sent threshold - default


Module.ini ClientAudio 1



1

509

CommPollSize

Turns On or Off COM (communication) port polling for CCM (Citrix Client port Mapping).

Section ClientComm

Feature COMPortmapping

Attribute Name INI_CCMCOMMPOLLSIZE

Data Type String

Access Type Read

UNIX Specific No

Present in ADM No


On Enable Com port polling (for wince) - default

Off Disable com port polling (for any other


Module.ini ClientComm On


HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICAClient\Engine\Configuration\Advanced\Modules\ClientComm

On

510

CommPollWaitInc

Amount of time to slow down rate of COM polling. This setting is used to slow down the ratefor polling of the COM port by the specified number of milliseconds.

Section ClientComm


Attribute Name INI_CCMCOMMPOLLWAITINC

Data Type Integer

Access Type Read

UNIX Specific No

Present in ADM No


1 default


Module.ini ClientComm 1



1

511

CommPollWaitIncTime

Specifies the number of times to poll the COM port at the current poll rate before slowingthe poll rate by "CommPollWaitInc" milliseconds.

Section ClientComm


Attribute Name INI_CCMCOMMPOLLWAITINCTIME

Data Type Integer

Access Type Read

UNIX Specific No

Present in ADM No


20 default





20

512

CommPollWaitMax

Specifies the maximum wait time (in milliseconds) for COM polling.

Section ClientComm


Attribute Name INI_CCMCOMMPOLLWAITMAX

Data Type Integer

Access Type Read

UNIX Specific No

Present in ADM No


500 default





500

513

CommPollWaitMin

Specifies the minimum wait time (in milliseconds) for COM polling.

Section ClientComm


Attribute Name INI_CCMCOMMPOLLWAITMIN

Data Type Integer

Access Type Read

UNIX Specific No

Present in ADM No


1 1 millisecond timeout

0 No delay - default


Module.ini ClientComm



514

CommWakeOnInput

This setting is used to wake the client upon COM port activity. Only used if pooling isallowed. These settings configure the client to be a bit more responsive to incoming serialport data and information.

Setting this parameter causes the Unix clients (Linux and Solaris) to wake-up immediatelywhen the system receives a byte on a serial port.

Section ClientComm


Attribute Name INI_CCM_WAKE_ON_INPUT

Data Type Boolean

Access Type Read

UNIX Specific No

Present in ADM No


TRUE Allows wake on input from a serial line - default

FALSE Does not allow wake on input form a serial line

INI LocationN/A


515

ConnectionFriendlyName

Specifies the connection friendly name string for the server. This is the user-defined servername.

Section Server

Feature Core

Attribute Name INI_CONNECTIONFRIENDLYNAME

Data Type String

Access Type Read

UNIX Specific No

Present in ADM Yes


"" Friendly name string for the server - default


All_Regions.ini Client Engine\GUI


HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\LockdownProfiles\All Regions\Lockdown\Client Engine\GUI

HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\LockdownProfiles\All Regions\Lockdown\Client Engine\GUI

516

ContentRedirectionScheme

Specifies the list of new schemes. Each scheme is added as new scheme.

This is done as a part of setting up Content Redirection for a Unix client.

Section WFClient


Attribute Name INI_CR_SCHEME

Data Type String

Access Type Read

UNIX Specific Yes

Present in ADM No


"" default

INI LocationN/A


517

ControlPollTime

This setting is used as a timer, in milliseconds, to poll client audio control values. If anycontrol value changes, the new value is sent to the server.

Section ClientAudio

Feature Audio

Attribute Name INI_CAM_CONTROLPOLLTIME

Data Type Integer

Access Type Read

UNIX Specific No

Present in ADM No


1000 1 sec (1000 msec) - default

INI LocationN/A


518

ConverterSection

Audio converter list. Used to get the [AudioConverterList] section

Section ClientAudio

Feature Audio

Attribute Name INI_CAM_AUDCVT_LIST_SECTIONNAME

Data Type String

Access Type Read

UNIX Specific No

Present in ADM No


AudioConverterList default


Module.ini AudioConverter AudioConverterList



AudioConverterList

519

CPMAllowed

Specifies whether (On) or not (Off) parallel port mapping is allowed. Enable and restrict theremote application or desktop`s access to the client’s parallel ports. This allows the serverto use locally attached hardware.

ADM UI Element: Citrix Component > Citrix Receiver > Remoting client devices > Clienthardware access > Map parallel ports

Section WFClient

Feature ParallelPortMapping

Attribute Name INI_CPMALLOWED

Data Type Boolean

Access Type Read

UNIX Specific No

Present in ADM Yes


true Enable parallel port mapping - default

false Disable parallel port mapping


All_Regions.ini Virtual Channels\Printing *



HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\LockdownProfiles\All Regions\Lockdown\Virtual Channels\Printing

*

HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\LockdownProfiles\All Regions\Lockdown\Virtual Channels\Printing

*

520

CRBrowserAcceptURLtype

Specify the acceptable browser URL types. Provides acceptable browser URL types forspecific content redirection scheme.

Section WFClient


Attribute Name INI_CR_BROWSER_ACCEPT_URL

Data Type String

Access Type Read

UNIX Specific Yes

Present in ADM No


http,https

default

Browser

INI LocationN/A


521

CRBrowserCommand

Name of the browser executable used to handle redirected browser URLs and it is appendedwith %s (for example, netscape %s).

Section WFClient


Attribute Name INI_CR_BROWSER_CMD

Data Type String

Access Type Read

UNIX Specific Yes

Present in ADM No


$ICAROOT/util/nslaunch %s ${BROWSER:=netscape}%s mozilla %s default

INI LocationN/A


522

CRBrowserPath

Server to client content redirection browser path, that is, the directory where the browserexecutable is located.

Section WFClient


Attribute Name INI_CR_BROWSER_PATH

Data Type String

Access Type Read

UNIX Specific Yes

Present in ADM No


"" Browser path - default

INI LocationN/A


523

CRBrowserPercentS

The number of occurrences of %s in the CRBrowserCommand setting

Section WFClient


Attribute Name INI_CR_N_BROWSER_PERCENT_S

Data Type Integer

Access Type Read

UNIX Specific Yes

Present in ADM No


3 default

INI LocationN/A


524

CRBrowserRejectURLtype

Specifies the browser URL types that should be rejected for the specific content redirectionscheme.

Section WFClient


Attribute Name INI_CR_BROWSER_REJECT_URL

Data Type String

Access Type Read

UNIX Specific Yes

Present in ADM No


"" Browser URL to reject - default

INI LocationN/A


525

CREnabled

Specifies whether server to client content redirection is enabled.

Section WFClient


Attribute Name INI_CR_ENABLED

Data Type Boolean

Access Type Read

UNIX Specific Yes

Present in ADM No


TRUE Enable Content redirection - default

FALSE Disable content redirection


All_Regions.ini Virtual Channels\Control *


HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\LockdownProfiles\All Regions\Lockdown\Virtual Channels\Control

*

HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\LockdownProfiles\All Regions\Lockdown\Virtual Channels\Control

*

526

CRPlayerAcceptURLtype

Specifies which types of strings are acceptable for RealPlayer Schemes for contentredirection setting of the Unix client.

Section WFClient


Attribute Name INI_CR_PLAYER_ACCEPT_URL

Data Type String

Access Type Read

UNIX Specific Yes

Present in ADM No


"rtsp,rtspu,pnm" default

INI LocationN/A


527

CRPlayerCommand

Specifies the name of the executable used to handle the redirected multimedia URLs,appended with %s during RealPlayer content redirection for the Unix client.

Section WFClient


Attribute Name INI_CR_PLAYER_CMD

Data Type String

Access Type Read

UNIX Specific Yes

Present in ADM No


realplay %s default

INI LocationN/A


528

CRPlayerPath

Specifies the directory where the RealPlayer executable is located during contentredirection for the Unix client.

Section WFClient


Attribute Name INI_CR_PLAYER_PATH

Data Type String

Access Type Read

UNIX Specific Yes

Present in ADM No


""

INI LocationN/A


529

CRPlayerPercentS

The number of occurrences of %s in the CRPlayerCommand setting

Section WFClient


Attribute Name INI_CR_N_PLAYER_PERCENT_S

Data Type Integer

Access Type Read

UNIX Specific Yes

Present in ADM No


1 default

INI LocationN/A


530

CRPlayerRejectURLtype

Specifies which type of strings will be rejected for RealPlayer Schemes for contentredirection setting of the UNIX client.

The reason there is both an accept and reject is that the code that tests them matches justto the length of the definition. So if you accept HTTP, it also means that HTTPS will beaccepted. In case you wanted only HTTP, there is the option to explicitly reject HTTPS.

Section WFClient


Attribute Name INI_CR_PLAYER_REJECT_URL

Data Type String

Access Type Read

UNIX Specific Yes

Present in ADM No


* The type of string to reject for content redirection - No default value.

INI LocationN/A


531

DataAckThresh

Data acknowledgment threshold value, which represents the maximum number of commandacknowledgments that can accumulate before sending an acknowledgment (purging thequeue).

Section ClientAudio

Feature Audio

Attribute Name INI_CAM_DATAACK_THRESH

Data Type Integer

Access Type Read

UNIX Specific No

Present in ADM No


1 Do not send any other command until you get the ack - default





1

532

DataBits

Specifies the number of data bits used for serial connections.

Section Server

Feature SerialPort

Attribute Name INI_DATA

Data Type String


UNIX Specific No

Present in ADM No


8 Number of data bits for serial connection - default

INI LocationN/A


533

DefaultHttpBrowserAddress

Default HTTP browser address for TCP.

Section TCP/IP

Feature EnumRes

Attribute Name INI_DEFHTTPBROWSERADDRESS

Data Type String

Access Type Read

UNIX Specific No

Present in ADM No


"" Default HTTP browser address - default


Module.ini TCP/IP



534

DeferredUpdateMode

Enables or disables deferred screen update mode.

Add this value and the ForceLVBMode value to the [WFClient] section of the Appsrv.ini filelocated in the user’s profile directory on the computer running Citrix XenApp to addressrepaint issues due to a poor refresh rate. This may occur with some applications whenrunning the application in seamless mode while utilizing the pass-through client on theserver.

Section WFClient

Feature Graphics

Attribute Name INI_DEFERRED_UPDATE_MODE

Data Type Boolean

Access Type Read

UNIX Specific No

Present in ADM No


False Disable deferred screen updates - default

True Enable deferred screen updates

INI LocationN/A


535

DesiredColor(5)

Specifies the preferred color depth for a session. In general, low color depths give betterperformance over low bandwidth; however some of the compression technologies availablecan only be used with full color, so the effective performance depends on the individualapplication and usage pattern. The server may choose not to honor the color depth settingchosen because higher color depths result in heavy memory usage on the servers.

256 or greater colors are supported only for Windows clients.

The value of 8 is treated as "true color" which is 32-bit, unless the administrator explicitlyprohibits a server from supporting a 32-bit session. In that case, the session is downgradedto 24-bit.

ADM UI Element: Citrix Components > Citrix Receiver > User experience > Client graphicssettings > Color depth

Interface Element:

● For applicationsetname: Settings dialog box > Default Options tab > Window Properties> Window Colors menu

● For applicationservername: Properties dialog box > Options tab > Window Properties >Window Colors menu

Section dynamic,WFClient,Thinwire3.0,Thinwire3.0,Server

Feature Graphics

Attribute Name INI_DESIREDCOLOR

Data Type String

Access Type Read

UNIX Specific No

Present in ADM Yes


1 16 colors - default

2 256 colors

4 high color

8 true color


Module.ini Thinwire3.0 8

All_Regions.ini Virtual Channels\Thinwire Graphics *

canonicalization.ini Thinwire3.0 DesiredColor

wfclient.ini Thinwire3.0 0x0002



HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICAClient\Engine\Configuration\Advanced\Canonicalization\Thinwire3.0

DesiredColor

HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICAClient\Engine\Configuration\Advanced\Modules\Thinwire3.0

8

HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\LockdownProfiles\All Regions\Lockdown\Virtual Channels\Thinwire Graphics

*

HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\LockdownProfiles\All Regions\Lockdown\Virtual Channels\Thinwire Graphics

*

DesiredColor(5)

536

537

DeviceName

Specifies the device name for serial connections (COM1, COM2, etc). If this value is notNULL, it is assumed that a serial port connection is being used. If this value is NULL (emptystring), the network transport driver is used.

Section Server

Feature SerialPort

Attribute Name INI_DEVICE

Data Type String


UNIX Specific No

Present in ADM No


COM1 Name of COM port

INI LocationN/A


538

DisableCtrlAltDel

Enables (Off) or disables (On) the Ctrl+Alt+Del key combination within the ICA session toprevent users from shutting down the Citrix server.

ADM UI element: Citrix Components -> Presentation Server Client -> User Authentication ->Smartcard Authentication-> Passthrough Authentication for PIN

Section Server

Feature Keyboard

Attribute Name INI_CTRLALTDEL

Data Type Boolean


UNIX Specific No

Present in ADM Yes


On Disables the Ctrl+Alt+Del key combination - default

Off Enables the Ctrl+Alt+Del key combination


All_Regions.ini Virtual Channels\Smartcard *


HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\LockdownProfiles\All Regions\Lockdown\Virtual Channels\Smartcard

*

HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\LockdownProfiles\All Regions\Lockdown\Virtual Channels\Smartcard

*

539

DisableDrives

Gives the list of the client drives that should not be mapped to the server.

Access to Windows drives can be disabled by entering the relevant drive letter in the "Donot map drives" box. This is a concatenation of all drives that should not be mapped whenconnecting to a published application or desktop, for example "ABFK" disables the drives A,B, F and K. (DisableDrives = "A,B,F,K")

ADM UI Element : Citrix Components > Citrix Receiver > Remoting client devices > Clientdrive mapping > Do not map drives

Section ClientDrive

Feature CDM

Attribute Name INI_DISABLEDRIVES

Data Type String

Access Type Read

UNIX Specific No

Present in ADM Yes


"" Client drives to map - default


All_Regions.ini Virtual Channels\Drives

Module.ini ClientDrive

canonicalization.ini ClientDrive DisableDrives



DisableDrives


HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\LockdownProfiles\All Regions\Lockdown\VirtualChannels\Drives

HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\LockdownProfiles\All Regions\Lockdown\VirtualChannels\Drives

DisableDrives

540

541

DisableMMMaximizeSupport

Enable/disable desktop maximize capability. This setting is used by monitor layout todisable maximize capability. MonitorLayout is the data that is sent to the server to describethe layout of the client`s desktop in a multi-monitor environment.

Section Server

Feature MultiMonitor

Attribute Name INI_DISABLE_MAXIMIZE

Data Type Boolean

Access Type Read

UNIX Specific No

Present in ADM No


False Enables maximize capability - default

True Disables maximize capability


All_Regions.ini Virtual Channels\SeamlessWindows

*


HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\LockdownProfiles\All Regions\Lockdown\Virtual Channels\Seamless Windows

*

HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\LockdownProfiles\All Regions\Lockdown\Virtual Channels\Seamless Windows

*

542

DisableSound

Disables Windows alert sounds (the Windows "Asterisk" event). If client audio mapping isdisabled with the ClientAudio parameter, this setting has no effect.

Section WFClient

Feature Audio

Attribute Name INI_SOUND

Data Type Boolean

Access Type Read

UNIX Specific No

Present in ADM No


Off Enable windows alert sounds - default

On Disable windows alert sounds


appsrv.ini WFClient Off


543

DisableUPDOptimizationFlag

Disables the universal printer driver (UPD) bitmap compression (only) or both thecompression and optimization.

When printing to certain printers using the UPD, letters might be printed faded and barelylegible. The issue occurs because certain print drivers do not work well with XenApp UPDoptimization, which compresses the bitmap to use fewer bits whenever possible.

To disable this optimization, modify the user’s appsrv.ini file using a text editor and insertthis parameter in the [WFClient] section.

Section WFClient

Feature Printing

Attribute Name INI_UPD_OPTIMIZATION_DISABLE_FLAG

Data Type Integer

Access Type Read

UNIX Specific No

Present in ADM No


0 Do not disable UPD compression and optimization - default

1 Disables bitmap compression, which attempts to use fewer bits to encodethe bitmap

2 Disables optimization that skips spaces; it also disables bitmap compression

INI LocationN/A


544

Domain

XenApp domain name.

This is the domain name that appears in the Domain text box if the user selects theuser-specified credentials option for the associated custom ICA connection.

"Domain" can be used to restrict or override which users can be automatically authenticatedto servers. These can be specified as comma-separated lists.

Corresponding UI Element Properties dialog box > Logon Information tab > Userspecifiedcredentials option > Domain text box

ADM UI Element: Citrix Components > Citrix Receiver > User Authentication > Locally StoredCredentials > Domain

Section Server

Feature Core

Attribute Name INI_DOMAIN

Data Type String

Access Type Read

UNIX Specific No

Present in ADM Yes


"" Domain name - default






Domain

545

546

DriverNameAlt

Specifies the name of the Unix/Mac alternate virtual driver.

Section dynamic

Feature Core

Attribute Name INI_DRIVERNAMEALT

Data Type String

Access Type Read

UNIX Specific No

Present in ADM No


DriverName default

INI LocationN/A


547

DriverNameAltWin32

Specifies the name of the Win32 alternate virtual driver.

Section dynamic

Feature Core

Attribute Name INI_DRIVERNAMEALT

Data Type String

Access Type Read

UNIX Specific No

Present in ADM No


DriverNameWin32 default

INI LocationN/A


548

DriverNameWin32(12)

Specifies the name of the Win32 driver file to load for the specified driver. The driver couldbe one of the following. depending on the section name from where this attribute is beingread.

● ClientAudio HW driver

● Transport driver

● TCP/IP transport driver

● ICA 3.0 Winstation driver

● ClientAudio driver

● Compress driver

● EncRC5-0 driver

● EncRC5-128 driver



● EncryptionLevelSession driver

Section Compress,dynamic,EncRC5-56,EncRC5-40,EncRC5-128,EncRC5-0,dynamic,ICA3.0,TCP/IP,dynamic,dynamic,dynamic

Feature Core

Attribute Name INI_DRIVERNAMEWIN32

Data Type String


UNIX Specific No

Present in ADM No


"" For ClientAudio HW, Transport, TCP/IP, ICA 3.0, ClientAudio,EncryptionLevelSession drivers - default

pdcompn.dll For Compress driver - default

pdc0n.dll For EncRC5-0 driver - default





Module.ini TCP/IP TDWSTCPN.DLL

Module.ini ICA 3.0 WDICA30N.DLL

Module.ini RFrame PDRFRAMN.DLL

Module.ini Frame PDFRAMEN.DLL

Module.ini Reliable PDRELIN.DLL

Module.ini EncRC5-0 PDC0N.DLL

Module.ini Encrypt PDCRYPTN.DLL




Module.ini Thinwire3.0 VDTW30N.DLL

Module.ini ClientDrive VDCDM30N.DLL

Module.ini ClientPrinterQueue VDSPL30N.DLL

Module.ini ClientPrinterPort VDCPM30N.DLL

Module.ini ClientComm VDCOM30N.DLL

Module.ini Clipboard VDCLIPN.DLL

Module.ini TWI VDTWIN.DLL

Module.ini ZL_FONT VDFON30N.DLL

Module.ini ZLC VDZLCN.DLL

Module.ini ICACTL VDCTLN.DLL

Module.ini LicenseHandler VDLICN.DLL

Module.ini ClientAudio VDCAMN.DLL

Module.ini AudioConverter AUDCVTN.DLL

DriverNameWin32(12)

549

Module.ini AudioHardware AUDHALN.DLL

Module.ini ConverterADPCM ADPCM.DLL

Module.ini SmartCard VDSCARDN.DLL

Module.ini Multimedia VDMMN.DLL

Module.ini SpeechMike VDSPMIKE.DLL

Module.ini TwainRdr VDTWN.DLL

Module.ini SSPI VDSSPIN.DLL

Module.ini UserExperience VDEUEMN.DLL

Module.ini Compress PDCOMPN.DLL

DriverNameWin32(12)

550



AUDCVTN.DLL

HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICAClient\Engine\Configuration\Advanced\Modules\AudioHardware

AUDHALN.DLL


VDCAMN.DLL


VDCOM30N.DLL


VDCDM30N.DLL

HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICAClient\Engine\Configuration\Advanced\Modules\ClientPrinterPort

VDCPM30N.DLL

HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICAClient\Engine\Configuration\Advanced\Modules\ClientPrinterQueue

VDSPL30N.DLL

HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICAClient\Engine\Configuration\Advanced\Modules\Clipboard

VDCLIPN.DLL

HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICAClient\Engine\Configuration\Advanced\Modules\Compress

PDCOMPN.DLL

HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICAClient\Engine\Configuration\Advanced\Modules\ConverterADPCM

ADPCM.DLL

HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICAClient\Engine\Configuration\Advanced\Modules\EncRC5-0

PDC0N.DLL


PDC128N.DLL


PDC40N.DLL


PDC56N.DLL

HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICAClient\Engine\Configuration\Advanced\Modules\Encrypt

PDCRYPTN.DLL

HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICAClient\Engine\Configuration\Advanced\Modules\Frame

PDFRAMEN.DLL


WDICA30N.DLL

HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICAClient\Engine\Configuration\Advanced\Modules\ICACTL

VDCTLN.DLL

HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICAClient\Engine\Configuration\Advanced\Modules\LicenseHandler

VDLICN.DLL

HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICAClient\Engine\Configuration\Advanced\Modules\Multimedia

VDMMN.DLL

DriverNameWin32(12)

551

HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICAClient\Engine\Configuration\Advanced\Modules\Reliable

PDRELIN.DLL

HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICAClient\Engine\Configuration\Advanced\Modules\RFrame

PDRFRAMN.DLL

HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICAClient\Engine\Configuration\Advanced\Modules\SmartCard

VDSCARDN.DLL

HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICAClient\Engine\Configuration\Advanced\Modules\SpeechMike

VDSPMIKE.DLL

HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICAClient\Engine\Configuration\Advanced\Modules\SSPI

VDSSPIN.DLL


TDWSTCPN.DLL


VDTW30N.DLL

HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICAClient\Engine\Configuration\Advanced\Modules\TwainRdr

VDTWN.DLL

HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICAClient\Engine\Configuration\Advanced\Modules\TWI

VDTWIN.DLL

HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICAClient\Engine\Configuration\Advanced\Modules\UserExperience

VDEUEMN.DLL

HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICAClient\Engine\Configuration\Advanced\Modules\ZLC

VDZLCN.DLL

HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICAClient\Engine\Configuration\Advanced\Modules\ZL_FONT

VDFON30N.DLL

DriverNameWin32(12)

552

553

DTR

Set the Default state of the COM port DTR.

Section Default Serial Connection


Attribute Name INI_DTR

Data Type Boolean


UNIX Specific No

Present in ADM No


On Set DTR ON by default - default

Off Set DTR OFF by default


Module.ini Hardware Receive Flow Control


HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICAClient\Engine\Configuration\Advanced\Modules\Hardware Receive FlowControl

554

DynamicCDM

Specifies whether Dynamic Client Drive Mapping is allowed or not. This setting enables ordisables PnP support for USB thumb drives.

Section WFClient

Feature USB Thumb Drive Support

Attribute Name INI_DYNAMIC_CDM

Data Type Boolean

Access Type Read

UNIX Specific No

Present in ADM Yes


true Dynamic Client Drive Mapping is allowed - default

false Dynamic Client Drive Mapping is not allowed



Appsrv.ini WFClient On



*


*

555

EmulateMiddleMouseButton

Emulate middle mouse button on a system with a two-button mouse. This setting is usedwith EmulateMiddleMouseButtonDelay.

Section WFClient

Feature Mouse

Attribute Name INI_EMULATE_MIDDLE_MOUSE_BUTTON

Data Type Boolean

Access Type Read

UNIX Specific No

Present in ADM No


TRUE Emulate middle mouse button - default

FALSE Do not emulate middle mouse button (default for Win16)

INI LocationN/A


556

EmulateMiddleMouseButtonDelay

Specifies timer used in middle mouse button emulation. When middle-mouse buttonemulation is enabled (EmulateMiddleMouseButton set to True), holding left and right mousebuttons down together for the specified timeout emulates the pressing of the middlebutton.

Section WFClient

Feature Mouse

Attribute Name INI_EMULATE_MIDDLE_MOUSE_BUTTON_DELAY

Data Type Integer

Access Type Read

UNIX Specific No

Present in ADM No


100 Time in milliseconds.


n/a


n/a

557

EnableAsyncWrites

Section ClientDrive

Feature CDM

Attribute Name INI_ENABLE_ASYNCWRITES

Data Type Boolean

Access Type Read

UNIX Specific No

Present in ADM No


On Enable async disk write.

Off Disable disk write.


n/a


n/a

558

EnableAudioInput

Enable access to audio capture devices. Use this policy to enable and restrict the remoteapplication or desktop access to local audio capture devices (microphones).

ADM Interface Element: Remoting Client Devices->Client Microphone->Enable ClientMicrophone

Section Server

Feature Audio

Attribute Name INI_AUDIOINPUTENABLE

Data Type Boolean

Access Type Read

UNIX Specific No

Present in ADM Yes


True Allow use of audio capture devices (microphone).

False Disallow use of audio capture devices (microphone).





*


*

559

EnableClientSelectiveTrust

Enables Trusted Server Configuration.

Use this policy to control how the client identifies the published application or desktop towhich it is connecting. The client determines a trust level, known as a trust region with aconnection. The trust region then determines how the client is configured for theconnection.

When this policy is enabled, the client can perform region identification by using theEnforce trusted server configuration option.

By default, region identification is based on the address of the server the client isconnecting to. To be a member of the trusted region, the server must be a member of theWindows Trusted Sites zone. You can configure this using the Windows Internet Explorer >Internet Options > Trusted sites setting.

Alternatively, for compatibility with non-Windows clients, the server address can bespecifically trusted using the Address setting. This is a comma-separated list of servers,which also supports the use of wildcards; for example, cps*.citrix.com.

ADM UI Element : Citrix Components > Citrix Receiver > Network Routing > ConfigureTrusted Server Configuration > Enforce Trusted Server Configuration

Section Server

Feature CST

Attribute Name INI_CLIENTSELECTIVETRUST_ENABLED

Data Type Boolean

Access Type Read

UNIX Specific No

Present in ADM Yes


0 Default

1


All_Regions.ini Network\ClientSelectiveTrust *


HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\LockdownProfiles\All Regions\Lockdown\Network\ClientSelective

*

HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\LockdownProfiles\All Regions\Lockdown\Network\ClientSelectiveTrust

*

TroubleshootingIn the default configuration, when trusted server configuration prevents the client fromconnecting, the following error message is displayed:

<Server> ERROR: Cannot connect to the Citrix XenApp Server. Theserver (xxx) is not trusted for ICA connections. Connections to the(Untrusted Region) Region are not allowed by lockdown settings.Please contact your administrator.

The server identified in the "xxx" must be added to the Windows Trusted Sites zone (aseither http:// or https:// for SSL connections) for the connection to succeed.

For the SSL connections, add the certificate common name to the Windows Trusted Siteszone. For non-SSL connections, all servers that are contacted must be individually trusted.When using application browsing, include both the XML Service and the server it redirectsto in the Windows Trusted Sites zone.

EnableClientSelectiveTrust

560

561

EnableInputLanguageToggle

Allows users to define and use hotkeys, such as the grave accent or the Ctrl + Shift keycombination to switch between allowed input languages.

For Win32 only.

Section WFClient

Feature Keyboard

Attribute Name INI_INPUTLANGUAGETOGGLE

Data Type Boolean

Access Type Read

UNIX Specific No

Present in ADM No


FALSE Disabled - Default

TRUE Enabled

INI LocationN/A


562

EnableOSS

Specifies whether or not to enable Off Screen Surface (OSS). Enables the server tocommand the creation and use of X pixmaps for off-screen drawing.

Reduces bandwidth in 15 and 24-bit color at the expense of X server memory and processortime.

Section Server

Feature Graphics

Attribute Name INI_ENABLE_OSS

Data Type Boolean

Access Type Read

UNIX Specific No

Present in ADM No


TRUE Enable OSS - Default

FALSE Disable OSS





*


563

EnableReadAhead

Enables read-ahead for processing the request.

Memory-constrained clients may allocate less memory for this purpose. This attributesindicates that whether drive mapping acceleration is supported or not.

Section ClientDrive

Feature CDM

Attribute Name INI_ENABLE_READAHEAD

Data Type Boolean

Access Type Read

UNIX Specific No

Present in ADM No


TRUE Enable read-ahead - Default

FALSE Disable read-ahead

INI LocationN/A


564

EnableRtpAudio

Enables or disables the real-time transport of audio over UDP.

ADM UI Element: Citrix Components > Citrix Receiver > User experience > Client audiosettings

Section Server

Feature Audio

Attribute Name INI_RTPAUDIOENABLE

Definition Location inc\icaini.h

Data Type Boolean

Access Type Read

UNIX Specific No

Present in ADM Yes


TRUE Enables Rtp Audio Default

FALSE Disables Rtp Audio




HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Citrix\ICA Client\Engine\LockdownProfiles\All Regions\Lockdown\Virtual Channels\Audio

*

HKEY_CURRENT_USER\Software\Policies\Citrix\ICA Client\Engine\LockdownProfiles\All Regions\Lockdown\Virtual Channels\Audio

*

565

EnableSessionSharing

Use this policy to configure the client handling of remote applications. When enabled, thispolicy uses the list in the "Application" box to determine which published applications canbe directly launched by the client.

You can request that remote applications share sessions (run in a single ICA connection).This provides a better user experience, but is sometimes not desirable. The session sharingfeature can be disabled by clearing the "Session sharing" check box.

ADM UI Element : Citrix Components > Citrix Receiver > User experience > Remoteapplications

Section Server

Feature SessionSharing

Attribute Name INI_ENABLE_SESSIONSHARING

Data Type Boolean

Access Type Read

UNIX Specific No

Present in ADM Yes


On Enable session sharing - Default

Off Disable session sharing


All_Regions.ini Client Engine\Session Sharing *


HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\LockdownProfiles\All Regions\Lockdown\Client Engine\Session Sharing

*

HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\LockdownProfiles\All Regions\Lockdown\Client Engine\Session Sharing

*

TroubleshootingPublished applications are denoted by a # in front of the application name. Omitting the #symbol attempts to launch a particular program or desktop. A computer running XenAppwill not allow this by default, and rejects the connection, displaying: "You do not haveaccess to this session."

Session sharing is controlled by the SessionSharingKey that prevents applications launchedfrom different Web Interface servers from sharing sessions. In addition, applications withdifferent graphics or security settings are prevented from sharing sessions.

EnableSessionSharing

566

567

EnableSessionSharingClient

Enables or disables seamless applications to operate using the same session on the sameterminal server.

Section Server


Attribute Name INI_SESSION_SHARING_CLIENT

Data Type Boolean

Access Type Read

UNIX Specific No

Present in ADM No


FALSE Disable session sharing - Default

TRUE Enable session sharing


All_Regions.ini Client Engine\Session Sharing *



*


*

568

EnableSessionSharingHost(2)

Specifies whether or not to accept the session sharing requests from other ICA sessions onthe same X display.

Section WFClient, Server


Attribute Name INI_SESSION_SHARING_HOST

Data Type Boolean

Access Type Read

UNIX Specific No

Present in ADM No


FALSE Does not accept session sharing requests from other ICA session - Default

TRUE Accepts session sharing requests from other ICA session


All_Regions.ini Client Engine\Session Sharing




569

EnableSSOThruICAFile

Specifies whether or not to use the same user name and password the user used to log on tothe client device for authentication through .ica files. For security reasons, users cannot beauthenticated to the server unless this parameter is present and its value set to On, even ifUseLocalUserAndPassword and SSOnUserSetting are specified in the .ica file.

The EnableSSOnThruICAFile entry should be present in the APPSRV.INI file to respect theother SSON entries in the ICA File.

Used in three User Authentication policies in ADM file.

Smart card authentication: Use this policy to control how the client uses smart cardsattached to the client device.

When enabled, this policy allows the remote server to access smart cards attached to theclient device for authentication and other purposes. When disabled, the server cannotaccess smart cards attached to the client device.

ADM UI Element : Citrix Components > Citrix Receiver > User authentication > Smart cardauthentication > Use pass-through authentication for PIN

Kerberos authentication: Use this policy to control how the client uses Kerberos toauthenticate the user to the remote application or desktop. When enabled, this policyallows the client to authenticate the user using the Kerberos protocol. Kerberos is a DomainController authorised authentication transaction that avoids the need to transmit the realuser credential data to the server. When disabled, the client will not attempt Kerberosauthentication.

ADM UI Element : Citrix Components > Citrix Receiver > User authentication > Kerberosauthentication

Local user name and password: Use this policy to instruct the client to use the same logoncredentials (pass-through authentication) for the XenApp server as the client machine.When this policy is enabled, the client can be prevented from using the current user's logoncredentials to authenticate to the remote server by clearing the "Enable pass-throughauthentication" check box.

ADM UI Element : Citrix Components > Citrix Receiver > User authentication > Local username and password

Section WFClient

Feature SSON

Attribute Name INI_ENABLE_SSON_THRU_ICA_FILE

Data Type String

Access Type Read

UNIX Specific No

Present in ADM Yes


FALSE Do not use same user name and password - Default

TRUE Use same user name and password

Off Do not use same user name and password

On Use same user name and password

0 Do not use same user name and password

1 Use same user name and password

no Do not use same user name and password

yes Use same user name and password


All_Regions.ini Logon\Local Credentials *


HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\LockdownProfiles\All Regions\Lockdown\Logon\Local Credentials

*

HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\LockdownProfiles\All Regions\Lockdown\Logon\Local Credentials

*

EnableSSOThruICAFile

570

571

EncryptionLevelSession

Specifies the encryption level of the ICA connection.

Section Server

Feature SecureICA

Attribute Name INI_ENCRYPTIONLEVELSESSION

Data Type String

Access Type Read and write

UNIX Specific No

Present in ADM No


Basic Encryption level - Default

RC5 (128 bit -Logon Only)

Encryption level

RC5 (40-bit) Encryption level

RC5 (56-bit) Encryption level

RC5 (128 bit) Encryption level


All_Regions.ini Network\Encryption


HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\LockdownProfiles\All Regions\Lockdown\Network\Encryption

HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\LockdownProfiles\All Regions\Lockdown\Network\Encryption

572

endIFDCD

End User Experience Monitoring EUEM ENDIFDCD ICA File download.

ENDIFDCD the time at which the ICA file download was finished.

Section Server

Feature EUEM

Attribute Name INI_EUEM_ENDIFDCD

Data Type Integer

Access Type Read and write

UNIX Specific No

Present in ADM No


0 Initial time value - Default






573

FONTSMOOTHINGTYPE

Specifies the font smoothing type for the session. The value is only set at connection timewhether it's a new connection or for a reconnect.

The Web plug-in and Receiver only set the value to client default or none.

Section Server

Feature FontSmoothing

Attribute Name INI_FONTSMOOTHINGTYPE

Data Type Integer

Access Type Read

UNIX Specific No

Present in ADM No


0 Client default uses the user profile setting for font smoothing - Default

1 None



appsvr.ini application/server value



*


*

574

ForceLVBMode

Address repaint issues due to a poor refresh rate.

Add this value and the DeferredUpdateMode value to the [WFClient] section of theAppsrv.ini file located in the user’s profile directory on the computer running XenApp toaddress repaint issues due to a poor refresh rate. This may happen with some applicationswhen running an application in seamless mode while utilizing the pass-through client on theserver.

Section WFClient

Feature Graphics

Attribute Name INI_FORCELVB_MODE

Data Type Integer

Access Type Read

UNIX Specific No

Present in ADM No


0 Do not force LVBMode - Default

1 Force LVBMode

INI LocationN/A


575

FriendlyName

Specifies user native language type (friendly name) for communication.

Section Server

Feature Core

Attribute Name INI_FRIENDLYNAME

Data Type String

Access Type Read

UNIX Specific No

Present in ADM No


"" User's language setting - Default

INI LocationN/A


576

FullScreenBehindLocalTaskbar

Allows you to enable true full screen mode for a WBT session. Used on WINCE platform.

Section WFClient

Feature Core

Attribute Name INI_FULL_SCREEN_BEHIND_LOCAL_TASKBAR

Data Type Boolean

Access Type Read

UNIX Specific No

Present in ADM No


FALSE ICA session is sized according to the size of the local taskbar - Default

TRUE Full screen mode is enabled and the ICA session is behind the local taskbar

INI LocationN/A


577

FullScreenOnly

Specifies the default value for TransparentKeyPassthrough attribute.

When no TransparentKeyPassthrough setting in the ICA file is passed to the ICA Engine, thekeyboard transparent feature behaves as if FullScreenOnly is set.

Section WFClient

Feature Keyboard

Attribute Name INI_TPKEYPASSTHRU_FULLSCRNONLY

Data Type Integer

Access Type Read

UNIX Specific No

Present in ADM No


3 Full Screen (default). Key combinations apply to non-seamless ICA sessionsin full-screen mode.

2 Remote. Key combinations apply to seamless and non-seamless ICA sessionswhen their windows have the keyboard focus.

1 Local. Key combinations apply to the local desktop.


Module.ini TransparentKeyPassthrough 3


HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICAClient\Engine\Configuration\Advanced\Modules\TransparentKeyPassthrough

3

578

HotKey10Char

Specifies the keys to use for mapping hotkey sequence.

Each action is defined by a combination of a character and a shift state. To disable aparticular hotkey, set both its character and shift state parameters to (none).

Hotkey10 - Toggle Latency Reduction.

Section WFClient

Feature Keyboard

Attribute Name INI_HOTKEY10_CHAR

Data Type String

Access Type Read

UNIX Specific No

Present in ADM No


F10 Mac and UNIX platforms default

F5 Win32 platform default

1 WinCE platform default


All_Regions.ini Client Engine\Hot Keys

appsrv.ini WFClient F5


HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\LockdownProfiles\All Regions\Lockdown\Client Engine\Hot Keys

HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\LockdownProfiles\All Regions\Lockdown\Client Engine\Hot Keys

579

HotKey10Shift


Along with Hotkey10Char, specifies the key combinations to use for the various hotkeysequences.

Hotkey10 is used for Toggle Latency Reduction action.

Section WFClient

Feature Keyboard

Attribute Name INI_HOTKEY10_SHIFT

Data Type String

Access Type Read

UNIX Specific No

Present in ADM No


Alt+Ctrl Mac and UNIX platforms default

Ctrl Win32 platform default

Alt WinCE platform default

Shift

none



appsrv.ini WFClient Ctrl




HotKey10Shift

580

581

HotKey1Char



Hotkey1 is used for "Task List" action.

Section WFClient

Feature Keyboard


Data Type String

Access Type Read

UNIX Specific No

Present in ADM No


F1 Mac, UNIX, and Win32 platforms default


(none)

F2

F3

F4

F5

F6

F7

F8

F9

F10

F11

F12

ESC

minus

plus

star

tab







HotKey1Char

582

583

HotKey1Shift



Hotkey1 is used for "Task List" action.

Section WFClient

Feature Keyboard


Data Type String

Access Type Read

UNIX Specific No

Present in ADM No



Shift Win32 platform default

Ctrl WinCE platform default



appsrv.ini WFClient Shift




584

HotKey2Char



Hotkey2 is used for Close Remote Application action.

Section WFClient

Feature Keyboard


Data Type String

Access Type Read

UNIX Specific No

Present in ADM No





(none)

F1

F4

F5

F6

F7

F8

F9

F10

F11

F12

ESC

minus

plus

star

tab







HotKey2Char

585

586

HotKey2Shift



Hotkey2 is "Close Remote Application" action.

Section WFClient

Feature Keyboard


Data Type String

Access Type Read

UNIX Specific No

Present in ADM No





(none)

Alt







HotKey2Shift

587

588

HotKey3Char



Hotkey10 - Toggle Title Bar.

Section WFClient

Feature Keyboard


Data Type String

Access Type Read

UNIX Specific No

Present in ADM No











589

HotKey3Shift



Hotkey3 is "Toggle Title Bar" action.

Section WFClient

Feature Keyboard


Data Type String

Access Type Read

UNIX Specific No

Present in ADM No











590

HotKey4Char



Hotkey4 is "CTRL-ALT-DEL" action.

Section WFClient

Feature Keyboard


Data Type String

Access Type Read

UNIX Specific No

Present in ADM No





(none)

F2

F3

F5

F6

F7

F8

F9

F10

F11

F12

ESC

minus

plus

star

tab







HotKey4Char

591

592

HotKey4Shift



Hotkey4 is used for "CTRL-ALT-DEL" action.

Section WFClient

Feature Keyboard


Data Type String

Access Type Read

UNIX Specific No

Present in ADM No



Ctrl Win32 and WinCE platforms default

Shift

(none)

Alt







HotKey4Shift

593

594

HotKey5Char



Hotkey5 - CTRL-ESC.

Section WFClient

Feature Keyboard


Data Type String

Access Type Read

UNIX Specific No

Present in ADM No











595

HotKey5Shift



Hotkey5 is used for "CTRL-ESC" action.

Section WFClient

Feature Keyboard


Data Type String

Access Type Read

UNIX Specific No

Present in ADM No




Shift

(none)

Alt







HotKey5Shift

596

597

HotKey6Char



Hotkey6 is used for "ALT-ESC" action.

Section WFClient

Feature Keyboard


Data Type String

Access Type Read

UNIX Specific No

Present in ADM No





(none)

F1

F3

F4

F5

F7

F8

F9

F10

F11

F12

ESC

minus

plus

star

tab







HotKey6Char

598

599

HotKey6Shift



Hotkey6 - ALT-ESC

Section WFClient

Feature Keyboard


Data Type String

Access Type Read

UNIX Specific No

Present in ADM No



Alt Win32 platform default




appsrv.ini WFClient Alt




600

HotKey7Char



Hotkey7 is used for "ALT-TAB" action.

Section WFClient

Feature Keyboard


Data Type String

Access Type Read

UNIX Specific No

Present in ADM No



plus Win32 platform default


(none)

F1

F2

F3

F4

F5

F6

F8

F9

F10

F11

F12

ESC

minus

star

tab



appsrv.ini WFClient plus




HotKey7Char

601

602

HotKey7Shift



Hotkey7 is used for "ALT-TAB" action.

Section WFClient

Feature Keyboard


Data Type String

Access Type Read

UNIX Specific No

Present in ADM No





(none)

Shift







HotKey7Shift

603

604

HotKey8Char



Hotkey8 is used for ALT-BACKTAB action.

Corresponding UI element ICA Settings dialog box > Hotkeys tab > right menu column

Section WFClient

Feature Keyboard


Data Type String

Access Type Read

UNIX Specific No

Present in ADM No



minus Win32 platform default




appsrv.ini WFClient minus




HotKey8Char

605

606

HotKey8Shift



Hotkey8 is used for ALT-BACKTAB action.

Corresponding UI element ICA Settings dialog box > Hotkeys tab > right menu column

Section WFClient

Feature Keyboard


Data Type String

Access Type Read

UNIX Specific No

Present in ADM No











HotKey8Shift

607

608

HotKey9Char



Hotkey9 is used for CTRL-SHIFT-ESC action.

Section WFClient

Feature Keyboard


Data Type String

Access Type Read

UNIX Specific No

Present in ADM No





(none)

F1

F2

F4

F5

F6

F7

F8

F10

F11

F12

ESC

minus

plus

star

tab







HotKey9Char

609

610

HotKey9Shift



Hotkey9 is used for CTRL-SHIFT-ESC action.

Section WFClient

Feature Keyboard


Data Type String

Access Type Read

UNIX Specific No

Present in ADM No




(none)

Shift

Alt







HotKey9Shift

611

612

HotKeyJPN%dChar

Specifies the hotkeyJPN I key.

Used to form a strings like HotkeyJPN1Char, HotkeyJPN2Char, HotkeyJPN3Char.

Section WFClient

Feature Keyboard

Attribute Name INI_HOTKEYJPN_CHAR

Data Type String

Access Type Read

UNIX Specific No

Present in ADM No

ValuesN/A

INI LocationN/A


613

HowManySkipRedrawPerPaletteChange

Specifies the number of consecutive redraw requests to skip before redrawing the screen.See SkipRedrawPerPaletteChange for more information.

Section WFClient

Feature Graphics

Attribute Name INI_NUMSKIPREDRAWPERPALETTECHANGE

Data Type Integer

Access Type Read

UNIX Specific No

Present in ADM No


9 Number of times to skip redraw request - Default

INI LocationN/A


614

HttpBrowserAddress

Specifies the location of the browser used in conjunction with the particular networkprotocol specified for browsing in BrowserProtocol. If BrowserProtocol value is HTTPonTCP,then parameter used to locate the browser is HttpBrowserAddress orLocHttpBrowserAddress

Whether [Protocol]BrowserAddress or Loc[Protocol]BrowserAddress is used depends on thevalue of DoNotUseDefaultCSL.

● If DoNotUseDefaultCSL value is FALSE (default) then parameter used to locate thebrowser is [Protocol]BrowserAddress.

● If DoNotUseDefaultCSL value is TRUE then parameter used to locate the browser isLoc[Protocol]BrowserAddress (overriding any existing [Protocol]BrowserAddresssettings).

Section : All [Protocol]BrowserAddress settings:

WFClient for all custom ICA connections unless otherwise overridden

Section : applicationsetname for each applicable published applicationset

Corresponding UI Element For applicationsetname:

Settings dialog box > Connection tab > Server Location >Network Protocol

Published application sets do not use Loc[Protocol]BrowserAddress

Section : All Loc[Protocol]BrowserAddress settings:

applicationservername for each custom ICA connection

Corresponding UI Element For applicationservername:

Properties dialog box > Connection tab > Server Location >Network Protocol

Section Transport

Feature EnumRes

Attribute Name INI_HTTPBROWSERADDRESS

Data Type String

Access Type Read

UNIX Specific No

Present in ADM No


"" Any valid server name or address - Default


Module.ini TCP/IP

All_Regions.ini Application Browsing\HTTP Addresses

canonicalization.ini TCP/IP HttpBrowserAddress



HttpBrowserAddress


HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\LockdownProfiles\All Regions\Lockdown\Application Browsing\HTTP Addresses

HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\LockdownProfiles\All Regions\Lockdown\Application Browsing\HTTP Addresses

HttpBrowserAddress

615

616

ICAHttpBrowserAddress

Specifies the browser address. Used for HTTP or HTTPS browsing(BrowserProtocol=HTTPonTCP) if the browser address is not set through theHttpBrowserAddress or the Loc[Protocol]BrowserAddress parameters.

Section Transport

Feature EnumRes

Attribute Name INI_ICADOMAINNAME

Data Type String

Access Type Read

UNIX Specific No

Present in ADM No


ica Any valid server name or address - Default


All_Regions.ini Application Browsing

appsrv.ini WFClient ica




617

ICAKeepAliveEnabled

Use this parameter to notify users when inactive seamless applications are disconnectedfrom the server under the following scenarios:

● Users are using a published application that displays dynamic information

● The client auto-reconnect feature is disabled

● Applications for users of multi-monitors are out of focus

If ICAKeepAliveEnabled is set to On, it enables a timer in the ICA Client Engine. This timerchecks every N milliseconds (where N is set by ICAKeepAliveInterval) to determine if anydata was sent by the server. If no data was sent, the timer pings the server, to which itexpects a response after N milliseconds. If the server responds, the connection is stillpresent. If there is no response or the ping request fails, the client displays an errormessage and the connection is terminated.

To enable this enhancement, add the following two values to the [WFClient] section of theAppsrv.ini file:

● ICAKeepAliveEnabled=On

● ICAKeepAliveInterval =<time in milliseconds for an ICA ping>

If the connection to the server goes down and these values were added to the Appsrv.inifile, the user receives an error message and the session terminates. The user mustreconnect manually to the session.

Section WFClient

Feature Core

Attribute Name INI_PING_ENABLED

Data Type Boolean

Access Type Read

UNIX Specific No

Present in ADM No


Off Disable ICA Keep Alive - Default

On Enable ICA Keep Alive

INI LocationN/A


ICAKeepAliveEnabled

618

619

ICAKeepAliveInterval

Specifies the interval that is used for the ICAKeepAliveEnabled setting.

Section WFClient

Feature Core

Attribute Name INI_PING_RETRY_INTERVAL

Data Type Integer

Access Type Read

UNIX Specific No

Present in ADM No


180000 milliseconds - Default

10000 milliseconds - UNIX platform default

INI LocationN/A


620

ICAPortNumber

Specifies the TCP port used for the ICA protocol. Change the port on all Citrix servers in thefarm using the ICAPORT command-line utility before you change this parameter on clients.

Section TCP/IP

Feature Core

Attribute Name INI_ICAPORTNUMBER

Data Type Integer

Access Type Read

UNIX Specific No

Present in ADM No


1494 TCP network port number - Default






All_Regions.ini Network\Protocols


canonicalization.ini TCP/IP ICAPortNumber



ICAPortNumber


1494







ICAPortNumber

621

622

ICAPrntScrnKey

Key mapping for the hotkey for PrntScrn.

Section WFClient

Feature Keyboard

Attribute Name INI_VK_PRNTSCRN_CHAR

Data Type String

Access Type Read

UNIX Specific No

Present in ADM No


"" Default

INI LocationN/A


623

ICASOCKSProtocolVersion(2)

Specifies which version of the SOCKS protocol to use for the connection.

If ICASOCKSProtocolVersion is set, the following parameters are used to specify SOCKS proxysettings:

● ICASOCKSProxyHost

● ICASOCKSPortNumber

● ICASOCKSrfc1929Password

● ICASOCKSrfc1929UserName

● ICASOCKSTimeout

Used only if ProxyType = ProxySocks.

Configure SOCKS proxy settings: Use to configure the use of additional SOCKS proxiesrequired for some advanced network topologies.

When enabled, the client examines the "SOCKS protocol version" setting. If connection viaSOCKS is not disabled, the client connects using the SOCKS proxy specified by the "Proxyhost names" and "Proxy ports" settings.

The client supports connections using either SOCKS v4 or SOCKS v5 proxy servers.Alternatively, it can automatically detect the version being used by the proxy server.

ADM UI Element : Citrix Components > Citrix Receiver > Network routing > Proxy > ConfigureSOCKS proxy settings > SOCKS protocol version


Feature Proxy

Attribute Name INI_SOCKSPROTOCOLVERSION

Data Type Integer

Access Type Read

UNIX Specific No

Present in ADM Yes


5 Use SOCKS version 5






appsrv.ini WFClient -1




TroubleshootingThe SOCKS proxy settings are designed for traversing a proxy in addition to the primary oralternative proxy server. When traversing only a single proxy, these SOCKS proxy settingsshould be disabled.

ICASOCKSProtocolVersion(2)

624

625

ICASOCKSProxyHost(2)

Specifies the DNS name or IP address of the SOCKS proxy to use.

Configure SOCKS proxy settings : Use this policy to configure the use of additional SOCKSproxies required for some advanced network topologies.

When enabled, the client examines the "SOCKS protocol version" setting. If connection viaSOCKS is not disabled, the client connects using the SOCKS proxy specified by the "Proxyhost names" and "Proxy ports" settings.

The client supports connections using either SOCKS v4 or SOCKS v5 proxy servers.Alternatively, it can automatically detect the version being used by the proxy server.

ADM UI Element : Citrix Components > Citrix Receiver > Network routing > Proxy > ConfigureSOCKS proxy settings > Proxy host names


Feature Proxy

Attribute Name INI_SOCKSPROXYHOST

Data Type String

Access Type Read

UNIX Specific No

Present in ADM Yes


"" DNS name or IP address of proxy host



appsrv.ini WFClient





ICASOCKSProxyHost(2)

626

627

ICASOCKSProxyPortNumber(2)

Specifies the port number of the SOCKS proxy server.

This parameter is deprecated by ProxyType, but maintained to ensure backwardcompatibility with older .ini/.ica files that do not contain ProxyType.

Use this policy to configure the use of additional SOCKS proxies that are required for someadvanced network topologies.

When enabled, the client will examine the "SOCKS protocol version" setting. If connectionvia SOCKS is not disabled, the client will attempt to connect using the SOCKS proxyspecified by the "Proxy host names" and "Proxy ports" settings.

The client supports connections using either SOCKS v4 or SOCKS v5 proxy servers.Alternatively, it can attempt to automatically detect the version being used by the proxyserver.

ADM UI Element : Citrix Components > Citrix Receiver > Network routing > Proxy


Feature Proxy

Attribute Name INI_SOCKSPROXYPORTNUMBER

Data Type Integer

Access Type Read

UNIX Specific No

Present in ADM Yes


1080 Port number - Default


All_Regions.ini Network\Proxy *




*


*


ICASOCKSProxyPortNumber(2)

628

629

InitialProgram

Specifies the initial program to start after establishing the associated custom ICAconnection. For server connections, this is the full path and file name. For publishedapplications, this is the name of the published application preceded by the pound (#)symbol. Omitting the # symbol attempts to launch a particular program or desktop. Acomputer running Citrix XenApp will not allow this by default, and rejects the connection,displaying: "You do not have access to this session."

This key must be specified for .ica files. InitialProgram takes initial app and also someparameters up to the length of a single INI line length.

Syntax: InitialProgram=#<AppName> <parameters> For example: InitialProgram=#Notepad“\\Client\V:\folder\file.txt”

If longer parameters have to be passed, then the following should be used:

● LongCommandLine=”…first part..” LongCommandLine000=”continuation”

In this case anything passed after InitialProgram is ignored.

Related Parameters: LongCommandLine

Corresponding UI Element: Properties dialog box > Application tab > Application text box

ADM UI Element: Citrix Receiver > User Experience > Remote Applications > Application

Section Server

Feature Core

Attribute Name INI_INITIALPROGRAM

Data Type String


UNIX Specific No

Present in ADM Yes


"" Initial Program - Default


All_Regions.iniClient Engine\Application Launching


HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\LockdownProfiles\All Regions\Lockdown\Client Engine\Application Launching

HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\LockdownProfiles\All Regions\Lockdown\Client Engine\Application Launching

InitialProgram

630

631

InitialProgram(2)

Specifies the initial program to start after establishing the associated custom ICAconnection. For server connections, this is the full path and file name. For publishedapplications, this is the name of the published application preceded by the pound (#)symbol. Omitting the # symbol attempts to launch a particular program or desktop. Acomputer running Citrix XenApp will not allow this by default, and rejects the connection,displaying: "You do not have access to this session."

This key must be specified for .ica files.

Related Parameters: LongCommandLine

Corresponding UI Element: Properties dialog box > Application tab > Application text box

ADM UI Element: Citrix Receiver > User Experience > Remote Applications > Application

Section dynamic,Server

Feature Core

Attribute Name INI_INITIALPROGRAM

Data Type String


UNIX Specific No

Present in ADM Yes


Default Initial program


All_regions.ini Client Engine\Application Launching Notapplicable




InitialProgram(2)

632

633

InputEncoding

Describes the character encoding type of the .ica file. This information is used by the clientto convert and understand the .ica file if the Web server that created it used an encodingtype that is different from that of the the client.

Section Encoding

Feature Core

Attribute Name INI_INPUT_ENCODING

Data Type String

Access Type Read

UNIX Specific No

Present in ADM No


ISO8859_1 Default

SJIS

EUC-JP

UTF8

INI LocationNot applicable.

Registry LocationNot applicable.

634

InstallColormap

Force colormap installation on UNIX or AIX operating systems if the window has theoverride_redirect attribute. On UNIX or AIX operating systems, window managers installcolormaps rather than having the client device do it. This does not occur if the window hasthe override_redirect attribute set. In this case installation of the colormap is explicitlyforced.

Section Thinwire3.0

Feature Core

Attribute Name INI_INSTALL_COLORMAP

Data Type Boolean

Access Type Read

UNIX Specific Yes

Present in ADM No


TRUE Default - Window colormap is forced

FALSE Window colormap is not forced



635

IOBase

Specifies the standard COM port I/O base address.

Section Server


Attribute Name INI_IOADDR

Data Type String

Access Type Read

UNIX Specific No

Present in ADM No


Default Default



636

KeyboardLayout

Specifies the keyboard layout of the client device. The Citrix XenApp server uses thekeyboard layout information to configure the ICA session for the client’s keyboard layout.The default value causes the keyboard layout specified in the user profile to be used.

Section WFClient

Feature Keyboard

Attribute Name INI_KEYBOARDLAYOUT

Data Type String

Access Type Read

UNIX Specific No

Present in ADM No


"" Default is user profile


All_regions.ini Virtual Channels\Keyboard

wfclient.ini WFClient (UserProfile)

appsrv.ini WFClient (UserProfile)



HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\LockdownProfiles\All Regions\Lockdown\Virtual Channels\Keyboard

637

KeyboardSendLocale

Send keyboard locale setting. Specifies whether to make the default input locale in an ICAsession the same as the default input locale on the client operating system (Control Panel >Keyboard > Input Locales).

Section WFClient

Feature Keyboard

Attribute Name INI_KEYBOARDSENDLOCALE

Data Type Boolean

Access Type Read

UNIX Specific No

Present in ADM No


Off Default - Disable using the client operating system locale

On Use the client operating system locale






638

KeyboardTimer(2)

Specifies the amount of time, in milliseconds, the client queues keystrokes before passingthem to the server. Use keystroke queueing if bandwidth limitations require a reduction ofnetwork traffic. Queuing reduces the number of network packets sent from the client to theserver, but also reduces keyboard responsiveness during the session. Higher values improveperformance when connecting over a RAS connection.


Feature Keyboard

Attribute Name INI_KEYBOARDTIMER

Data Type Integer

Access Type Read

UNIX Specific No

Present in ADM No


0 Default - no delay

50 50 milliseconds (default for WinCE)



appsrv.ini WFClient




639

KeyboardType

Specifies the keyboard type of the client device. The Citrix XenApp server uses thisinformation to configure the ICA session for the client’s keyboard type. Use the defaultvalue for most English and European keyboards. When using a Japanese keyboard,specifying the default auto-detects the correct keyboard type.


Feature Keyboard

Attribute Name INI_KEYBRDTYPESECTION

Data Type String

Access Type Read

UNIX Specific No

Present in ADM No


" " Default - Auto-detect

IBM PC/XTorcompatiblekeyboard

101Keyboard(Japanese)

106Keyboard(Japanese)

NECPC-9800onPC98-NX(Japanese)

NECPC-9800onPC98-NX 2(Japanese)

NECPC-9800Windows95 and 98(Japanese)

NECPC-9800WindowsNT(Japanese)

JapaneseKeyboardfor 106n(Japanese)

DECLK411-JJKeyboard(Japanese)

DECLK411-AJKeyboard(Japanese)

KeyboardType

640



wfclient.ini WFClient (Default)

appsrv.ini WFClient (Default)




KeyboardType

641

642

Launcher

Specifies the name of launch mechanism (that is, the client launcher name). Thisparameter is used to launch multiple ICA windows from the startup folder at logon time.

Section Server

Feature Core

Attribute Name INI_LAUNCHER

Data Type String

Access Type Read

UNIX Specific No

Present in ADM No


ICA Client Default - launch by using the ICA client

WI Launch through the Web Interface

PN Launch through Program Neighborhood client

PNAgent Launch through Program Neighborhood agent

MSAM Launch through the Metaframe Secure Access Manager

Custom Launch through a custom client


All_regions.ini Client Engine\ICA File


HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\LockdownProfiles\All Regions\Lockdown\Client Engine\ICA File

HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\LockdownProfiles\All Regions\Lockdown\Client Engine\ICA File

643

LaunchReference

Reference token for a specific session on a Citrix XenApp server.

Section Server

Feature Core

Attribute Name INI_LAUNCHREFERENCE

Data Type String

Access Type Read

UNIX Specific No

Present in ADM No


" " Default - Session Launch Token


All_regions.ini Client Engine\Application Launching




644

LicenseType

Specifies the license type. If the user is an offline plug-in user but the requestedapplication is an online application, then add "LicenseType=offline" to the file so that theCitrix XenApp server will request an offline license.

Section qwerty

Feature Core

Attribute Name <LicenseType>

Data Type String

Access Type Write

UNIX Specific No

Present in ADM No


offline Default - an offline application license is requested

online an online application license is requested



645

LocalIME

Specifies if Local IME (Input Method Editor) is enabled. When local IME is enabled,keyevents that were processed by IME should be ignored.

Section WFClient

Feature Keyboard

Attribute Name INI_USE_LOCAL_IME

Data Type Integer

Access Type Read

UNIX Specific No

Present in ADM No


0 Default - disable local IME

1 Enable local IME






646

LocHttpBrowserAddress

Specify the location of the browser used in conjunction with the HTTP specified forbrowsing in BrowserProtocol. If the value of DoNotUseDefaultCSL is = False (default) thenthe parameter used to locate the browser is HttpBrowserAddress. If DoNotUseDefaultCSL is= true then the parameter used to locate the browser is LocHttpBrowserAddress (overridingany existing HttpBrowserAddress settings).

For applicationsetname: Settings dialog box > Connection tab > Server Location > NetworkProtocol

For applicationservername: Properties dialog box > Connection tab > Server Location >Network Protocol

Section Server

Feature EnumRes

Attribute Name INI_LOCHTTPBROWSERADDRESS

Data Type String

Access Type Read

UNIX Specific No

Present in ADM No


" " Default - Location of HTTP Browser


All_regions.ini Application Browsing\HTTP Addresses


HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\LockdownProfiles\All Regions\Lockdown\Application Browsing\HTTP Addresses

HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\LockdownProfiles\All Regions\Lockdown\Application Browsing\HTTP Addresses

LocHttpBrowserAddress

647

648

LockdownProfiles

Specifies whether lockdown profiles should be read from the administrator location or userlocation. This is ignored if there is no administrator configuration. By default lockdownprofiles are read from both locations, administrator and user.

Section Delegation

Feature ClientLockdown

Attribute Name INI_DELEGATION_LOCKDOWNPROFILES

Data Type String

Access Type Read

UNIX Specific No

Present in ADM No


administrator Read lockdown profiles from the administrator location

user Read lockdown profiles from the user location

grouppolicy_machine

grouppolicy_user


Module.ini Delegation administrator, user, grouppolicy_machine,grouppolicy_user


HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICAClient\Engine\Configuration\Advanced\Modules\Delegation

administrator,user,grouppolicy_machine,grouppolicy_user

649

LogAppend

Specifies file open mode for logs. Switches between appending new log file entries to theend of the existing log file (On) and creating a new file (Off). For 16-bit DOS client theexisting log file is the value of "LogFile" attribute and for Win32 the existing log file is thevalue of "LogFileWin32" attribute. Applies only at start of session.

Section WFClient

Feature Core

Attribute Name INI_LOGAPPEND

Data Type Boolean


UNIX Specific No

Present in ADM No


FALSE Default - Creates a new log file and writes new log entries to it

TRUE Append new log file entries to the end of the existing log file


appsrv.ini WFClient Off


650

LogConfigurationAccess

Enable or disable logging of configuration access.

Section Logging

Feature ConfigMgr

Attribute Name INI_LOG_CONFIGURATION_ACCESS

Data Type Boolean

Access Type Read

UNIX Specific No

Present in ADM No


FALSE Default

TRUE


Module.ini Logging False


HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICAClient\Engine\Configuration\Advanced\Modules\Logging

false

651

LogConnect

Enables or disables the logging of Citrix XenApp server connection status changes(connection and disconnection).

Section WFClient

Feature Core

Attribute Name INI_LOGCONNECT

Data Type Boolean


UNIX Specific No

Present in ADM No


TRUE Default - Logs connections to and disconnections from Citrix servers

FALSE Does not log connections to and disconnections from Citrix servers




652

LogErrors

Enables (On) or disables (Off) the logging of Citrix XenApp server connection errors.

Section WFClient

Feature Core

Attribute Name INI_LOGERRORS

Data Type Boolean


UNIX Specific No

Present in ADM No


On Default - Enables Citrix XenApp server connection error log

Off Disables Citrix XenApp server connection error log




653

LogEvidence

Specifies whether to return a location suitable for writing log entries. This is a log type, notan attribute for itself.

Section Logging

Feature Core

Attribute Name INI_LOG_EVIDENCE

Data Type Boolean

Access Type Read

UNIX Specific No

Present in ADM No


FALSE Default - No file to write log information.

TRUE File location found to write log information


Module.ini Logging False



false

654

LogFile

Specifies the name of the Citrix XenApp plug-in log file. The log file is generated by theplug-in at run-time and is saved in the ICA Client directory. The types of details loggeddepends on the values of the LogConnect, LogErrors, LogReceive, and LogTransmitparameters.

Section Logging

Feature Core

Attribute Name INI_LOG_File

Data Type String

Access Type Read

UNIX Specific No

Present in ADM No


" " Default - If present, then any valid file name.


Module.ini Logging

appsrv.ini WFClient C:\Program Files\Citrix\ICAClient\wfclient.log



655

LogFileGlobalPath

Specifies how log files are created. If On, a single log file is used for all users of a givenclient device. LogFileWin32 must specify the entire directory path to the log file, includingthe file name. If Off, a separate log file is created for each user and stored in the user’sprofile directory. In this case, LogFileWin32 specifies the file name only.

Section WFClient

Feature Core

Attribute Name INI_LOGFILEGLOBALPATH

Data Type Boolean

Access Type Read

UNIX Specific No

Present in ADM No


off Default - LogWinFile32 specifies the log file name only

on LogFileWin32 specifies the entire directory path to the log file



656

LogFileWin32

Specifiy the name of the log file. The types of details logged depends on the values of theLogConnect, LogErrors, LogReceive, and LogTransmit parameters. Log data can alternatelybe sent to standard out or standard error by specifying stdout or stderr instead of a filename.

If LogFileGlobalPath=On, a single log file is used for all users of a given client device.LogFileWin32 must specify the entire directory path to the log file, including the file name.If LogFileGlobalPath=Off, a separate log file is created for each user and stored in theuser’s profile directory. In this case, LogFileWin32 specifies the file name only.

Section WFClient

Feature Core

Attribute Name INI_LOGFILE32

Data Type String

Access Type Read

UNIX Specific No

Present in ADM No


" " Log file name.


appsrv.ini WFClient


657

LogFlush

Specifies whether to flush out log results for each write. All the log data is written out asquickly as possible instead of being cached in memory. This ensures that the log file iscompletely up to date at any given moment.

When set to True, the system writes each log record as it is generated. When set to False,the system buffers log records and writes them periodically for optimal performance.

The log file location is specified in the registry atHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellFolders\AppData.

Section Server

Feature Core

Attribute Name INI_LOGFLUSH

Data Type Boolean

Access Type Read

UNIX Specific No

Present in ADM No


False Default - Does not flush the log result

True Flush out the log result



658

LogonTicket

Specifies client authentication token for web interface. The client handles anauthentication token in the form of an opaque LogonTicket with an associatedinterpretation defined by the LogonTicketType. This functionality can be disabled byclearing the Web Interface 4.5 and above check box.

ADM UI Element: Citrix Receiver > User Authentication > Web Interface Authenticationticket > Web interface 4.5 and above

Section Server

Feature Core

Attribute Name INI_LOGONTICKET

Data Type String

Access Type Read

UNIX Specific No

Present in ADM Yes


" " Default.


All_regions.ini Logon\Ticket


HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICAClient\Engine\Lockdown Profiles\AllRegions\Lockdown\Logon\Ticket

HKEY_CURRENT_USER\Software\Citrix\ICAClient\Engine\Lockdown Profiles\AllRegions\Lockdown\Logon\Ticket

659

LogonTicketType

Specifies the logon ticket type for "Web interface authentication ticket". Use this policy tocontrol the ticketing infrastructure used when authenticating through the Web Interface.The client handles an authentication token in the form of an opaque LogonTicket with anassociated interpretation defined by the LogonTicketType.

Section Server

Feature Core

Attribute Name INI_LOGONTICKETTYPE

Data Type Integer

Access Type Read

UNIX Specific No

Present in ADM No


0 Default - no ticket

1 For Secure Ticketing Authority (STA) version 1 ticket

2 For STA version 4 ticket


All_regions.ini Logon\Ticket


HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICAClient\Engine\Lockdown Profiles\AllRegions\Lockdown\Logon\Ticket

HKEY_CURRENT_USER\Software\Citrix\ICAClient\Engine\Lockdown Profiles\AllRegions\Lockdown\Logon\Ticket

660

LongCommandLine

Allows passing of a very long string of parameters to the program specified inInitialProgram. The value of LongCommandLine replaces any command-line parametersspecified at the end of InitialProgram.

To provide LongCommandLine support without breaking compatibility with older XenAppplug-ins, all lines in the .ica/.ini file must be limited to 255 characters. To support longercommand lines, use a series of LongCommandLine parameters as follows:

LongCommandLine="The beginning of my long command line"

LongCommandLine000="continuation of my long command line"

LongCommandLine001="the rest of my long command line"

Each value must be in quotation marks ("") and must not exceed 224 characters. The ICAClient engine concatenates the values to create a single long command line parameter. Youcan include as many LongCommandLine parameters as necessary.

Section dynamic, Server

Feature Core

Attribute Name INI_LONGPARAMETERS

Data Type String


UNIX Specific No

Present in ADM No


" " Default


All_regions.ini Client Engine\ApplicationLaunching


HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICAClient\Engine\Lockdown Profiles\All Regions\Lockdown\ClientEngine\Application Launching

HKEY_CURRENT_USER\Software\Citrix\ICAClient\Engine\Lockdown Profiles\All Regions\Lockdown\ClientEngine\Application Launching

LongCommandLine

661

662

Lpt1

Specifies the mappping information between host lpt and client port. Both Lpt1 and Port1together specify the mapping information between host lpt and client port. Connect this(1=lpt1...8=lpt8) host lpt to the client port specified by Port1. For example, Lpt1=4 meansconnect host lpt4 to client port specified by Port1. Lpt1=0 means no mapping information isspecified by this attribute but some other attributes like Lpt2-Port2, Lpt3-Port3 may havethis information.

Section WFClient

Feature ParallelportMapping

Attribute Name INI_LPT1

Data Type Integer

Access Type Read

UNIX Specific No

Present in ADM No


0 Default - No mapping is specified by this attribute.

1 through8

Connect this host lpt to the client device port specified by Port11 entry



663

Lpt2


Section WFClient



Data Type Integer

Access Type Read

UNIX Specific No

Present in ADM No



1 through8




664

Lpt3


Section WFClient



Data Type Integer

Access Type Read

UNIX Specific No

Present in ADM No



1 through8




665

LPWD

End User Experience Monitoring EUEM LPWD - LAUNCH_PAGE_WEB_SERVER. The time ittakes to process the launch page (launch.aspx) on the Web Interface server.

Section Server

Feature EUEM

Attribute Name INI_EUEM_LPWD

Data Type Integer

Access Type Read

UNIX Specific No

Present in ADM No


-1 Initial reset value


All_regions.ini Virtual Channels\End UserExperience


HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICAClient\Engine\Lockdown Profiles\All Regions\Lockdown\VirtualChannels\End User Experience

HKEY_CURRENT_USER\Software\Citrix\ICAClient\Engine\Lockdown Profiles\All Regions\Lockdown\VirtualChannels\End User Experience

666

LvbMode2

Enables or disables local video buffer (LVB) mode. For WINCE, the attribute is read fromServer section.


Feature Graphics

Attribute Name INI_LVB_MODE

Data Type Boolean

Access Type Read

UNIX Specific No

Present in ADM No


False Default - Turns LVB mode off

True Turns LVB mode on



667

MaxDataBufferSize

Set the maximum client audio data buffer size (that is, the size of the maximum clientaudio data packet the client can accept and/or send).

Section ClientAudio

Feature Audio

Attribute Name INI_CAM_MAXDATABUFFERSIZE

Data Type Integer

Access Type Read

UNIX Specific No

Present in ADM No


2048 Default - value for maximum data buffer size for initial





668

MaxMicBufferSize

Set the maximum data buffer size for audio input (that is, the size of the maximum clientaudio input packet the client can accept and/or send).

Section ClientAudio

Feature Audio

Attribute Name INI_CAM_MAXMICBUFFERSIZE

Data Type Integer

Access Type Read

UNIX Specific No

Present in ADM No


256 Default - value for maximum input buffer size

128-256 Value for maximum input buffer size





669

MaxOpenContext

Specifies the number of files that can be opened on a client-mapped drive. "Out of filehandles" message might be encountered when an application running on the server openstoo many files on a client mapped drive and causes the ICA session to run out of filehandles. The operating system does not provide the ICA Client engine sufficient file handleson request. This can be solved by increasing the number of initial file handles available tothe Client by adding the MaxOpenContext parameter to the [ClientDrive] section in theMODULE.INI file . If the user needs to open a large number of files, increase the number ofinitial file handles to 50 or greater. The default value for MaxOpenContext is 20.

Section ClientDrive

Feature CDM

Attribute Name INI_MAXOPENCONTEXT

Data Type Integer

Access Type Read

UNIX Specific No

Present in ADM No


20 Default - Number of initial file handles available to the client



670

MaxPort

Specify the maximum number of COM ports supported by the client platform.

Section ClientComm


Attribute Name INI_CCMMAXPORT

Data Type Integer

Access Type Read

UNIX Specific No

Present in ADM No


5 Default



671

MaxWindowSize

Set the maximum write window size (in bytes) for flow management (that is, the maximumnumber of bytes writeable for the ClientDrive section).

Section ClientDrive

Feature CDM

Attribute Name INI_MAXWINDOWSIZE

Data Type Integer

Access Type Read

UNIX Specific No

Present in ADM No


6276 Default - value for maximum write window size


Module.ini ClientDrive 8650

Module.ini ClientPrinterPort 2048

Module.ini ClientPrinterQueue 8650



8650


2048


8650

672

MinimizeOwnedWindows

Specify whether all child windows are minimized when the parent window is minimized.

Section WFClient

Feature Core

Attribute Name INI_MINIMIZE_OWNED_WINDOWS

Data Type Boolean

Access Type Read

UNIX Specific No

Present in ADM No


0 Default - disable minimize

1 Enable minimize



673

MissedKeepaliveWarningMsg

Specify the message displayed when the keep-alive time has expired. It will displayaccording to the amount of time in seconds defined in MissedKeepaliveWarningTime.

Section WFClient

Feature CGP

Attribute Name INI_CGP_WARNMESSAGE

Data Type String

Access Type Read

UNIX Specific No

Present in ADM No


" " Default - Keep Alive Expiration Message


All_regions.ini Network\CGP


HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICAClient\Engine\Lockdown Profiles\AllRegions\Lockdown\Network\CGP

HKEY_CURRENT_USER\Software\Citrix\ICAClient\Engine\Lockdown Profiles\AllRegions\Lockdown\Network\CGP

674

MissedKeepaliveWarningTime

Specify the number of seconds to display the message defined inMissedKeepaliveWarningMsg after the keep-alive time has expired.

Section WFClient

Feature CGP

Attribute Name INI_CGP_WARNTIME

Data Type Integer

Access Type Read

UNIX Specific No

Present in ADM No


0 Default - off.

1 through 60 Amount of time in seconds to display the message. Maximum value is60.


All_regions.ini Network\CGP


HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICAClient\Engine\Lockdown Profiles\AllRegions\Lockdown\Network\CGP

HKEY_CURRENT_USER\Software\Citrix\ICAClient\Engine\Lockdown Profiles\AllRegions\Lockdown\Network\CGP

675

MouseTimer

Specifies the amount of time, in milliseconds, the client queues mouse events beforepassing them to the server. Use mouse event queueing if bandwidth limitations require areduction of network traffic. Queuing reduces the number of network packets sent from theclient to the server, but also reduces responsiveness to mouse movements during thesession. Higher values improve performance when connecting over a RAS connection.

It is also read from the following sections:

● Thinwire 3.0 (if the operating environment is WinCE). In WinCE, the setting for queuingthe mouse events is not in the UI, so it mustbe set in module.ini. As an internet client,it does not have access to the WFClient section of the module.ini file and is loaded itfrom the Thinwire section.

● WFClient (if the operating environment is other than WinCE)

Section Server

Feature Mouse

Attribute Name INI_MOUSETIMER

Data Type Integer

Access Type Read

UNIX Specific No

Present in ADM No


0 Default - off.

1 through 900 Amount of time in milliseconds to queue mouse events. Maximumvalue is 900.


All_regions.ini Virtual Channels\Mouse

appsrv.ini WFClient


HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICAClient\Engine\Lockdown Profiles\All Regions\Lockdown\VirtualChannels\Mouse

HKEY_CURRENT_USER\Software\Citrix\ICAClient\Engine\Lockdown Profiles\All Regions\Lockdown\VirtualChannels\Mouse

MouseTimer

676

677

MouseWheelMapping

Specifies the mouse buttons whose down events are processed as mouse wheel motion. Thisattribute is considered as specific for MacIntosh/UNIX.

Section WFClient

Feature Mouse

Attribute Name INI_MOUSEWHEELMAPPING

Data Type Integer

Access Type Read

UNIX Specific No

Present in ADM No


4,5 Default. mousewheelupmapping is assigned to button 4,mousewheeldownmapping is assigned to button 5.


All_regions.ini Virtual Channels\Mouse


HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICAClient\Engine\Lockdown Profiles\All Regions\Lockdown\VirtualChannels\Mouse

HKEY_CURRENT_USER\Software\Citrix\ICAClient\Engine\Lockdown Profiles\All Regions\Lockdown\VirtualChannels\Mouse

678

MSIEnabled

Allows Multi-Stream ICA connections. Use this setting to enable or disable the Multi-StreamICA feature on the client.

Section WFClient

Feature Multi-Stream ICA

Attribute Name INI_MSIENABLED

Definition Location Client_Ini.h

Data Type Boolean

Access Type Read

UNIX Specific No

Present in ADM Yes


TRUE Allows Multi-Stream ICAconnections.

Default

FALSE Does not allow Multi-Stream ICAconnections.


All_Regions.ini NetWork\Multi-Stream *


HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\AllRegions\Lockdown\Network\Multi-Stream

*

HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\AllRegions\Lockdown\Network\Multi-Stream

*

679

NativeDriveMapping

Specify the pass-through support for the network drive. Local or network drives configuredon the server running Citrix XenApp can now be mapped by the pass-through client in apass-through session by adding the following line to the [ClientDrive] section of theModule.ini file: NativeDriveMapping=TRUE.

When TRUE, the client drives on the client device are not mapped and are not available.The drives configured on the server are mapped and are available to the pass-throughclient.

Section ClientDrive

Feature CDM

Attribute Name INI_CDMINCLUDENETWORKDRIVEINPASSTHRU

Data Type Boolean

Access Type Read

UNIX Specific No

Present in ADM No


FALSE Default. Native drive mapping is disabled.

TRUE Native drive mapping is enabled.


All_regions.ini Virtual Channels\Drives *

Module.ini ClientDrive True

canonicalization.iniClientDrive NativeDriveMapping



NativeDriveMapping


TRUE

HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICAClient\Engine\Lockdown Profiles\All Regions\Lockdown\VirtualChannels\Drives

*

HKEY_CURRENT_USER\Software\Citrix\ICAClient\Engine\Lockdown Profiles\All Regions\Lockdown\VirtualChannels\Drives

*

NativeDriveMapping

680

681

NDS

Specifies a string representing the single sign-on credential type of NDS (for NovellDirectory Service). Other credential types are NT and Any.

Section Server

Feature SSON

Attribute Name INI_SSON_CREDENTIAL_NDS

Data Type String

Access Type Read

UNIX Specific No

Present in ADM No


NDS Default



682

NRUserName

Indicates a string representing the user name for a XenApp farm connection. If Username orINI_USERNAME for custom connections is not found, NRUserName is retrieved.

Section Server

Feature Core

Attribute Name INI_NR_USERNAME

Data Type String

Access Type Read

UNIX Specific No

Present in ADM No


" " Default



683

NRWD

Name Resolution Web server Duration (NRWD) is the time it takes the XML Service toresolve the name of a published application to an IP address. This metric is only collectedfor new sessions, and only if the ICA file does not specify a connection to a Citrix XenAppserver with the IP address already provided. This is one of the Session Client startup datawhile End User Experience Monitoring (EUEM) metrics are stored.

Section Server

Feature EUEM

Attribute Name INI_EUEM_NWRD

Data Type Integer


UNIX Specific No

Present in ADM No


-1 Default.


All_regions.ini Virtual Channels\End UserExperience


HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICAClient\Engine\Lockdown Profiles\All Regions\Lockdown\VirtualChannels\End User Experience

*

HKEY_CURRENT_USER\Software\Citrix\ICAClient\Engine\Lockdown Profiles\All Regions\Lockdown\VirtualChannels\End User Experience

*

684

NumCommandBuffers

Set the maximum number of client audio command buffers.

Section ClientAudio

Feature Audio

Attribute Name INI_CAM_NUMCOMMANDBUFFERS

Data Type Integer

Access Type Read

UNIX Specific No

Present in ADM No


64 Default. Number of command buffers.





64

685

NumDataBuffers

Set the maximum number of client audio data buffers created.

Section ClientAudio

Feature Audio

Attribute Name INI_CAM_NUMDATABUFFERS

Data Type Integer

Access Type Read

UNIX Specific No

Present in ADM No


32 Default. Number of data buffers.





32

686

OutBufCountClient

Number of outbuffers allocated on client.

Section Transport

Feature Core

Attribute Name INI_OUTBUFCOUNTCLIENT

Data Type Integer

Access Type Read

UNIX Specific No

Present in ADM No


6 Default


Module.ini TCP/IP 6

Module.ini TCP/IP – FTP 6

Module.ini TCP/IP – Novell Lan WorkPlace 6

Module.ini TCP/IP – Microsoft 6

Module.ini TCP/IP – VSL 6



6

HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICAClient\Engine\Configuration\Advanced\Modules\TCP/IP – FTP

6

HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICAClient\Engine\Configuration\Advanced\Modules\TCP/IP – Microsoft

6

HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICAClient\Engine\Configuration\Advanced\Modules\TCP/IP – Novell LanWorkPlace

6

HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICAClient\Engine\Configuration\Advanced\Modules\TCP/IP – VSL

6


6


6


6

OutBufCountClient

687

688

OutBufCountClient2

Number of outbuffers on client for high throughput.

Used only when PD drivers (Protocol Drivers) supports any high-throughput in the server.

If high throughput is supported then certain drivers should switch to large sizing. For that,OutBufCountClient2 is used.

Section Transport

Feature Core

Attribute Name INI_OUTBUFCOUNTCLIENT2

Data Type Integer

Access Type Read

UNIX Specific No

Present in ADM No


42 Default







Registry Location

Registry Key Value


44


44


44


44


44


44


44


44

OutBufCountClient2

689

690

OutBufCountHost

Specifies the number of server output buffers to allocate.

Section Transport

Feature Core

Attribute Name INI_OUTBUFCOUNTHOST

Data Type Integer

Access Type Read

UNIX Specific No

Present in ADM No


6 Default

12


Module.ini TCP/IP 6







6


6


6


6


6

OutBufCountHost

691

692

OutBufCountHost2

Specifies high performance server buffer count.

Used only when PD drivers (Protocol Drivers) supports any high-throughput in the server. Ifhigh throughput is supported then certain drivers should switch to large sizings. For that,OutBufCountHost2 is used.

Section Transport

Feature Core

Attribute Name INI_OUTBUFCOUNTHOST2

Data Type Integer

Access Type Read

UNIX Specific No

Present in ADM No


42 Default









44


44


44


44


44

OutBufCountHost2

693

694

OutBufLength

Specifies the size (in bytes) of the output buffer for transport driver.

Section Transport

Feature Core

Attribute Name INI_OUTBUFLENGTH

Data Type Integer

Access Type Read

UNIX Specific No

Present in ADM No


1460 Default for WinCE

530 Default for Wany other platform









1460


1460


1460


1460


1460

OutBufLength

695

696

PassThroughLogoff

Enables and disables the posting of a logoff message.

Section WFClient

Feature Core

Attribute Name INI_PASSTHROUGHLOGOFF

Data Type Boolean

Access Type Read

UNIX Specific No

Present in ADM No

ValuesN/A


All_Regions.ini


697

Password

Specifies the encrypted password that appears in the Password text box if the user selectsthe User- specified credentials option for the associated custom ICA connection. Use"Locally stored credentials" policy to control how user credential data stored on usermachines or placed in ICA files is used to authenticate the user to the remote publishedapplication or desktop. When this policy is enabled, you can prevent locally storedpasswords from being automatically sent to remote servers by clearing the Allowauthentication using locally stored credentials check box. This causes any password fieldsto be replaced with dummy data.

ADM UI Element: Citrix Components > Citrix Receiver > User authentication > Locally storedcredentials > Allow authentication using locally stored credentials

Section Server

Feature Core

Attribute Name INI_PASSWORD

Data Type String


UNIX Specific No

Present in ADM Yes


" " Default - Any string representing a password





KEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\AllRegions\Lockdown\Logon\Saved Credentials

Password

698

699

Path

Specify the content redirection path for the executable used for server to clientredirection.

Section dynamic

Feature FeatureRedirection

Attribute Name INI_CR_PATH

Data Type String

Access Type Read

UNIX Specific Yes

Present in ADM No


" " Content Redirection Path (no default path for this attribute)

INI LocationN/A


700

PCSCCodePage

Specifies smart card code-page identifier for an ANSI-based String encoding system.

Section SmartCard

Feature SmartCard

Attribute Name INI_PCSC_CODEPAGE

Data Type Integer

Access Type Read

UNIX Specific Yes

Present in ADM No


0 Default. Code-page identifier value

INI LocationN/A


701

PCSCLibraryName

Specifies name of smart card`s dynamic link library name.

Section SmartCard

Feature SmartCard

Attribute Name INI_PCSC_LIBRARY_NAME

Data Type String

Access Type Read

UNIX Specific Yes

Present in ADM No


libpcsclite.soDefault. Dynamic link library name.

INI LocationN/A


702

PercentS

Number of occurrences of % (percent signs) in the UNIX command settings used to handleredirected browser URLs.

Section WFClient


Attribute Name INI_CR_PERCENT_S

Data Type Integer

Access Type Read

UNIX Specific Yes

Present in ADM No


0 Default number of percent signs.

INI LocationN/A


703

PersistentCacheEnabled

Enables (On) or disables (Off) the persistent disk cache. The persistent disk cache storescommonly used graphical objects such as bitmaps on the hard disk of the client device.Using persistent disk cache increases performance across low-bandwidth connections butreduces the amount of available client disk space. For clients on high-speed LANs, usingpersistent disk cache is, therefore, not warranted. Disk caching is enabled by default fordial-in connections.

ADM UI Element : Citrix Components > Citrix Receiver > User experience > Client graphicssettings > Disk-based caching

Interface Element

For published application sets: Settings dialog box > Default Options tab > Use disk cachefor bitmaps option

For custom ICA connections: Properties dialog box > Options tab > Use disk cache forbitmaps option

For client devices with limited RAM, better compression rates can be achieved by savingtemporary graphics objects to the disk cache.

Section Server

Feature Graphics

Attribute Name INI_DIMCACHEENABLED

Data Type Boolean


UNIX Specific No

Present in ADM Yes


0 or OFF Default. Does not use persistent disk cache

1 or ON Uses the persistent disk cache


Module.ini Thinwire3.0 OFF


appsrv.ini WFClient OFF

canonicalization.ini Thinwire3.0 PersistentCacheEnabled



OFF


*


*




704

705

PersistentCacheGlobalPath

Specify the type of cache directory to use.

If On, a single cache directory is used for all users of a given client device.PersistentCachePath must specify the entire directory path to the cache directory,including the cache directory name.

If Off, a separate cache directory is created for each user and stored in the user`s profiledirectory. In this case, PersistentCachePath specifies the cache directory name only.

Note: This is a case sensitive string. Only the On string is verified; if thePersistentCacheEnabled value is "on" or "ON" then the "Off" value is the assumed default.

Section WFClient

Feature Graphics

Attribute Name INI_DIMCACHEPATHGLOBAL

Data Type String

Access Type Read

UNIX Specific No

Present in ADM No


Off Default. Disable single cache directory.

On Enable single cache directory.

INI LocationN/A


706

PersistentCacheMinBitmap(2)

Sets the minimum size, in bytes, of a bitmap that is added to the persistent disk cache.Bitmaps that are too small will not be cached.

The persistent disk cache stores commonly used graphical objects such as bitmaps on thehard disk of the client device. Using persistent disk cache increases performance across lowbandwidth connections but reduces the amount of available client disk space.

Section WFClient,Thinwire3.0

Feature Graphics

Attribute Name INI_DIMMINBITMAP

Data Type Integer

Access Type Read

UNIX Specific No

Present in ADM No


0 Size in bytes - Default



Module.ini Thinwire3.0

canonicalization.ini Thinwire3.0 PersistentCacheMinBitmap




PersistentCacheMinBitmap



*


*

PersistentCacheMinBitmap(2)

707

708

PersistentCachePath

Specifies the location of the local directory containing the cached image data.

The PersistentCachePath entry specifies where the Cache folder will be created. Create theCache folder under the user's profile under the hidden folder \Application Data\ICAClient\.

Section WFClient

Feature Graphics

Attribute Name INI_DIMCACHEPATH

Data Type String


UNIX Specific No

Present in ADM No


"" Location of Persistent Disk Cache - Default


All_Regions.ini Virtual Channels\Thinwire Graphics


canonicalization.ini Thinwire3.0 PersistentCachePath

appsrv.ini WFClient C:\DocumentsandSettings\userprofilename\ApplicationData\ICAClient\Cache



PersistentCachePath




PersistentCachePath

709

710

PersistentCachePercent

Determines what percentage of disk drive to use for persistent cache.

Functionality is obsolete.

Section WFClient

Feature Graphics

Attribute Name INI_DIMCACHEPERCENT_UI

Data Type Integer


UNIX Specific No

Present in ADM No


3 Percentage to use. (3%) - Default


appsrv.ini WFClient

Registry LocationRegistry information not found.

711

PersistentCacheSize(2)

Specifies the size of the persistent disk cache in bytes.

Section WFClient,Thinwire3.0

Feature Graphics

Attribute Name INI_DIMCACHESIZE

Data Type Integer

Access Type Read

UNIX Specific No

Present in ADM No


0 Disk cache size in bytes. - Default




canonicalization.ini Thinwire3.0 PersistentCacheSize




PersistentCacheSize



*


*

PersistentCacheSize(2)

712

713

PersistentCacheUsrRelPath

Specifies the location of the persistent disk cache.

Used only if PersistentCacheGlobalPath = Off, a separate cache directory is created foreach user and stored in the user’s profile directory, and PersistentCachePath (location ofthe persistent disk cache) specifies the cache directory name only.

Section WFClient

Feature Graphics

Attribute Name INI_DIMCACHEUSRPATH

Data Type String

Access Type Read

UNIX Specific No

Present in ADM No


"" Cache Location - Default

INI LocationINI information not found.


714

PingCount

Specifies the number of times to ping. It is a tunable parameter used by the Ping virtualchannel.

CTXPING sends PingCount separate pings. Each ping consists of a BEGIN packet and an ENDpacket.

Section Ping

Feature Ping

Attribute Name INI_PING_PINGCOUNT

Data Type Integer

Access Type Read

UNIX Specific No

Present in ADM No


3 Pings - Default



715

PlaybackDelayThresh

Delay, in milliseconds, between being asked to open audio device and actually opening it inorder to build up a backlog of sound.

Section ClientAudio

Feature Audio

Attribute Name INI_CAM_PLAYDELAY_THRESH

Data Type Integer

Access Type Read

UNIX Specific No

Present in ADM No


250 Milliseconds - Default






250

716

PNPDeviceAllowed

Use this policy to enable and restrict the remote application or desktop's access to theclient USB PNP devices.

ADM UI Element: Citrix Components > Citrix Receiver > Remoting client devices > USB PNPDevices

Section WFClient

Feature PlugNPlaySupport

Attribute Name INI_DVC_PNPDEVICE

Data Type Boolean

Access Type Read

UNIX Specific No

Present in ADM Yes


True Allows USB PnP device redirection - Default

False Does not allow USB PnP device redirection


All_Regions.ini Virtual Channels\PNPDeviceAllowed *


HKLM\Software\Citrix\ICA Client\Engine\Lockdown Profiles\AllRegions\Lockdown\Virtual Channels\DVC_PlugAndPlay\PNPDeviceAllowed

*

717

pnStartSCD

New session creation time, from the moment wfica32.exe is launched to when theconnection is established.

This is one of the Session Client startup data while End User Experience Monitoring (EUEM)metrics are captured.

Section Server

Feature EUEM

Attribute Name INI_EUEM_PNSTARTSCD

Data Type Integer

Access Type Read

UNIX Specific No

Present in ADM No


0 Default






718

Port1

Specifies the mappping information between the host LPT and client port.

Both Port1 and Lpt1 together specify the mapping information between the host LPT andclient port. Connect the host LPT specified by Lpt1 to this (1=lpt1,...,8=com4) client port.For example, if Port1=2, this means the host LPT specified by Lpt1 is connected to clientport Lpt2. If Port1=0, this means no mapping information is specified by this attribute butsome other attributes like Lpt2-Port2, Lpt3-Port3 may have this information.

Section WFClient


Attribute Name INI_PORT1

Data Type Integer

Access Type Read

UNIX Specific No

Present in ADM No


0 No mapping information specified by this attribute - Default

1-8 Connect the host lpt specified by Lpt1 to this client port



719

Port2

Specifies the mapping information between the host LPT and client port.

Both Port2 and Lpt2 together specify the mapping information between the host LPT andclient port. Connect the host LPT specified by Lpt2 to this (1=lpt1,...,8=com4) client port.For example, if Port2=1, this means the host LPT specified by Lpt2 is connected to clientport Lpt1. If Port2=0, this means no mapping information is specified by this attribute butsome other attributes like Lpt1-Port1, Lpt3-Port3 may have this information.

Section WFClient


Attribute Name INI_PORT2

Data Type Integer

Access Type Read

UNIX Specific No

Present in ADM No


0 No mapping information specified by this attribute - Default

1-8 Connect the host LPT specified by Lpt2 to this client port



720

POSDeviceAllowed

Use this policy to enable and restrict the remote application or desktop's access to theclient USB POS devices. For this setting to work PNPDeviceAllowed should be set to allowed.

If PNPDeviceAllowed is set to disallowed, POS devices won’t be available in the session,regardless of the POSDeviceAllowed value.

ADM UI Element : Citrix Components > Citrix Receiver > Remoting client devices > POS USBDevices

Section WFClient

Feature PlugNPlaySupport

Attribute Name INI_DVC_POSDEVICE

Data Type Boolean

Access Type Read

UNIX Specific No

Present in ADM Yes


True Allows USB POS device redirection - Default

False Does not allow USB POS device redirection


All_Regions.ini Virtual Channels\POSDeviceAllowed *


HKLM\Software\Citrix\ICA Client\Engine\Lockdown Profiles\AllRegions\Lockdown\Virtual Channels\DVC_PlugAndPlay\POSDeviceAllowed

*

POSDeviceAllowed

721

722

PrinterFlowControl

Specifies whether flow control on a printer virtual channel is allowed.

Section WFClient

Feature Printing

Attribute Name INI_CPM_FLOW_CONTROL

Data Type Boolean

Access Type Read

UNIX Specific No

Present in ADM No


False Disables flow control - Default

True Enable flow control



723

PrinterResetTime

Gives the amount of time (in milliseconds) that the client will wait for a printer to reset.

Section ClientPrinterQueue

Feature Printing

Attribute Name INI_VSLPRINTERRESETTIME

Data Type Integer

Access Type Read

UNIX Specific No

Present in ADM No


1100 Wait time (ms) - Default






1100


1100

724

PrinterThreadPriority

Specify the printer thread priority for CPM. Can be adjusted for performance.

Section ClientPrinterPort

Feature Printing

Attribute Name INI_CPMPRINTERTHREADPRIORITY

Data Type Integer

Access Type Read

UNIX Specific No

Present in ADM No


0 Normal - Default

1 Above Normal

2 Highest

3 Time-critical



725

PrintMaxRetry

Specify the maximum number of times to retry printing.

The number of times to retry sending data to the printer when writing data to the printerfails and elicits an ambigous LastError. Attempts that result in specific errors, such as "Outof Paper," will not be retried.


Feature Printing

Attribute Name INI_CPMPRINTMAXRETRY

Data Type Integer

Access Type Read

UNIX Specific No

Present in ADM No


0 Default

1000 PrintMaxRetry variable



726

ProxyAuthenticationBasic(2)

Specifies whether or not the Basic authentication mechanism is allowed.

Configure proxy authentication: Use this policy to control the authentication mechanismsthat the client uses when connecting to a proxy server. Authenticating proxy servers can beused to monitor data traffic in large network deployments.

In general, authentication is handled by the operating system but in some scenarios, theuser may be provided with a specific user name and password. To prevent the user frombeing specifically prompted for these credentials, clear the Prompt user for credentialscheck box. This will force the client to attempt an anonymous connection. Alternatively,you can configure the client to connect using credentials passed to it by the Web Interfaceserver, or these can be explicitly specified via Group Policy using the Explicit user nameand Explicit password options.


Feature Proxy

Attribute Name INI_PROXYAUTHBASIC

Data Type Boolean

Access Type Read

UNIX Specific No

Present in ADM Yes


True Basic authentication mechanism is allowed - Default

False Basic authentication mechanism is not enabled



Registry Location

Registry Key Value


*


*

TroubleshootingIn general, NTLM proxy authentication will be performed under the control of the domaincontroller and cannot be controlled by the client. Both client and proxy will need to beconfigured with the appropriate domain level trust relations.

Proxy authentication cannot be linked to the pass-through authentication feature of theclient. In general, the proxy password will be unrelated to users' passwords.

ADM UI Element: Citrix Components > Citrix Receiver > Network routing > Proxy > Configureproxy authentication

ProxyAuthenticationBasic(2)

727

728

ProxyAuthenticationKerberos

Specifies whether or not Kerberos authentication is allowed.

This is one of the authentication mechanisms that the client uses when connecting to aproxy server. Authenticating proxy servers can be used to monitor data traffic in largenetwork deployments.

Kerberos is a domain controller authorized authentication transaction that avoids the needto transmit the real user credential data to the server.

Section WFClient

Feature Proxy

Attribute Name INI_PROXYAUTHKERBEROS

Data Type Boolean

Access Type Read

UNIX Specific No

Present in ADM No


False Does not allow Kerberos authentication - Default

True Allows Kerberos authentication



729

ProxyAuthenticationNTLM(2)

NT Lan Manager (NTLM) proxy authentication option.

NTLM proxy authentication will be performed under the control of the domain controllerand cannot be controlled by the client. Both client and proxy will need to be configuredwith the appropriate domain level trust relations.

ADM UI Element: Citrix Components > Citrix Receiver > Network Routing > Proxy > Configureproxy authentication


Feature Proxy

Attribute Name INI_PROXYAUTHNTLM

Data Type Boolean

Access Type Read

UNIX Specific No

Present in ADM Yes


True NTLM proxy authentication option is enabled - Default

False NTLM proxy authentication option is not enabled





*


*

ProxyAuthenticationNTLM(2)

730

731

ProxyAuthenticationPrompt(2)

Specifies whether or not the Prompt proxy authentication mechanism is used.

Configure proxy authentication: Use this policy to control the authentication mechanismsthat the client uses when connecting to a proxy server. Authenticating proxy servers can beused to monitor data traffic in large network deployments.


ADM UI Element: Citrix Components > Citrix Receiver > Network routing > Proxy > Configureproxy authentication > Prompt user for credentials


Feature Proxy

Attribute Name INI_PROXYAUTHPROMPT

Data Type Boolean

Access Type Read

UNIX Specific No

Present in ADM Yes


True Prompt proxy authentication mechanism is used - Default

False Prompt proxy authentication mechanism is not used





*


*

ProxyAuthenticationPrompt(2)

732

733

ProxyAutoConfigURL(2)

Specifies the location of a proxy auto-detection (.pac) script. It must be set if the value ofProxyType is Script. Otherwise, it is ignored.

When ProxyType=Script is selected, the client will retrieve a JavaScript based .pac filefrom the URL specified in the Proxy script URLs policy option. The .pac file is executed toidentify which proxy server should be used for the connection.

ADM UI Element: Citrix Components > Citrix Receiver > Network routing > Proxy > Configureclient proxy settings > Proxy script URLs


Feature Proxy

Attribute Name INI_PROXYAUTOCONFIGURL

Data Type String

Access Type Read

UNIX Specific No

Present in ADM Yes


"" If present then any string giving location of a .pac script - Default






ProxyAutoConfigURL(2)

734

735

ProxyBypassList

Specifies a list of hosts for which to bypass proxy connections. An asterisk (*) included in ahost name acts as a wildcard (for example, *.widgets.com). Multiple hosts must beseparated by a semicolon (;) or comma (,). This parameter is ignored if the value ofProxyType is None or Auto.

Configure client proxy settings: Use this policy to configure the primary network proxiesthat the client can use when connecting to a remote application or desktop.

When this policy is not configured, the client will use its own settings to decide whether toconnect through a proxy server. When this policy is enabled, the client will use the proxyconfigured based on the proxy type selected. For any proxy type, you can provide a list ofservers that do not traverse the proxy. These should be placed in the Bypass server list.

ADM UI Element: Citrix Components > Citrix Receiver > Network routing > Proxy > Configureclient proxy settings > Bypass server list

Section Server

Feature Proxy

Attribute Name INI_PROXYBYPASSLIST

Data Type String

Access Type Read

UNIX Specific No

Present in ADM Yes


"" Lists of hosts, separated by ";" or ","



Registry Location

Registry Key Value



ProxyBypassList

736

737

ProxyFallback(2)

Allows clients to bypass the proxy to connect to servers.

If a Proxy Auto Configuration (PAC) file is used and the client is unable to download the PACfile, for example, due to the client’s location, the client cannot connect to servers. Supportfor a proxy fallback has been added that allows clients to bypass the proxy to connect toservers.

To enable the fallback:

1. Open the Appsrv.ini file in a text editor.

2. Locate the DoNotUseDefaultCSL entry.

3. Perform one of the following actions:

● If set to True, add the following parameter to the [applicationservername] and, ifapplicable, the [applicationsetname] sections:

ProxyFallback=yes

● If set to False, add the following parameter to the [WFClient] section:

ProxyFallback=yes4. Save your changes and close the file.

If both the primary and alternative proxy fail to service the connection, selecting theFailover to direct check box instructs the client to attempt a final direct connection withno proxies.

ADM UI Element: Citrix Components > Citrix Receiver > Network routing > Proxy > Configureclient failover proxy settings > Failover to direct


Feature Proxy

Attribute Name INI_PROXYFALLBACK

Data Type Boolean

Access Type Read

UNIX Specific No

Present in ADM Yes

Values

Value Description

0 Not set - Default





*


*

ProxyFallback(2)

738

739

ProxyFavorIEConnectionSetting(2)

Specifies from where the client checks the proxy settings.

Use this setting when the client is used to connect to the Internet and has a proxy serversetting set up for a LAN connection.

By default, the client checks the proxy settings for LAN connections. Setting this value toOn causes the client to check the Internet Explorer connection settings for the proxy serverinformation.

For the Windows CE platform, it will not be read from ini file and its value will be set toTrue. Otherwise, it will be read form the WFClient section. It is used when ProxyType isset to Auto.

Section Server,WFClient

Feature Proxy

Attribute Name INI_PROXYFAVORIECONNECTIONSETTING

Data Type Boolean

Access Type Read

UNIX Specific No

Present in ADM No


False Client checks the Internet Explorer connection settings for the proxy serverinformation - Default

True Causes the client to check the Internet Explorer connection settings for



Registry Location

Registry Key Value


*


*

ProxyFavorIEConnectionSetting(2)

740

741

ProxyHost(3)

Specifies the address of the proxy server. It is required if ProxyType contains any of thefollowing values:

● SOCKS

● SOCKS V4

● SOCKS V5

● Secure

ProxyHost is otherwise ignored.

To indicate a port number other than 1080 (default for SOCKS) or 8080 (default for Secure),append the appropriate port number to the value after a colon (:).

ADM UI Element: Citrix XenApp > Network Routing > Proxy > Configure client proxy settings

Section WFClient,dynamic,Server

Feature Proxy

Attribute Name INI_PROXYHOST

Data Type String

Access Type Read

UNIX Specific No

Present in ADM Yes


"" Proxy Server Address - Default






ProxyHost(3)

742

743

ProxyPassword(2)

Holds the clear text password to be used to automatically authenticate the client to theproxy.

Use this policy to control the authentication mechanisms that the client uses whenconnecting to a proxy server. Authenticating proxy servers can be used to monitor datatraffic in large network deployments.



Feature Proxy

Attribute Name INI_PROXYPASSWORD

Data Type String

Access Type Read

UNIX Specific No

Present in ADM Yes


"" Password - Default



Registry Location

Registry Key Value



TroubleshootingIn general NTLM proxy authentication will be performed under the control of the domaincontroller and cannot be controlled by the client. Both client and proxy will need to beconfigured with the appropriate domain level trust relations.


ADM UI Element: Citrix Components > Citrix Receiver > Network routing > Proxy > Configureproxy authentication > Explicit password

ProxyPassword(2)

744

745

ProxyPort

Identifies the port number for proxy support. The proxy port number must be a positiveinteger less than 65536. The port number depends on the proxy type.

ADM UI Element: Citrix Components > Citrix Receiver > Network routing > Proxy > Configureclient proxy settings > Proxy ports

Section WFClient

Feature Proxy

Attribute Name INI_PROXYPORTNUMBER

Data Type Integer

Access Type Read

UNIX Specific No

Present in ADM Yes


0 Default

65536 Maximum Port Value





*


*

746

ProxyTimeout

Specifies the time, in milliseconds (ms), to wait for browsing requests through a proxyserver to be satisfied.

Uses the value of BrowserTimeout, if specified. Otherwise, it uses the Web browser defaulttimeout (2,000 ms).

Note: This value is ignored if it is less than the Web browser default timeout.

Section Server

Feature Proxy

Attribute Name INI_PROXYTIMEOUT

Data Type Integer

Access Type Read

UNIX Specific No

Present in ADM No


3000 Proxy timeout (ms) - Default





*


*

747

ProxyType

Identifies the proxy type requested for the connection.

When AltProxyType = Secure, the client will contact the proxy identified by theAltProxyHost and AltProxyPort settings. The negotiation protocol will use a HTTPCONNECT header request specifying the desired destination.

Proxy type: None

When None is selected, the client will attempt to connect to the server directly withouttraversing a proxy server.

Proxy type: Auto

When Auto is selected, the client will use the local machine settings to determine whichproxy server to use for a connection. This is usually the settings used by the Web browserinstalled on the machine.

Proxy type: Script

When Script is selected, the client will retrieve a JavaScript based .pac file from the URLspecified in the Proxy script URLs policy option. The .pac file is executed to identifywhich proxy server should be used for the connection.

Proxy type: Secure

When Secure is selected, the client will contact the proxy identified by the Proxy hostnames and Proxy ports settings. The negotiation protocol will use a HTTP CONNECTheader request specifying the desired destination address. This proxy protocol iscommonly used for HTTP based traffic, and supports GSSAPI proxy authentication.

Proxy Type: SOCKS/SOCKS V4/SOCKS V5

When a SOCKS proxy is selected, the client will perform a SOCKS V4 or SOCKS V5handshake to the proxy identified by the Proxy hostnames and Proxy ports settings. TheSOCKS option will detect and use the correct version of SOCKS.

ADM UI Element: Citrix Components > Citrix Receiver > Network routing > Proxy > Configureclient proxy settings > Proxy types

Section WFClient

Feature Proxy

Attribute Name INI_PROXYTYPE

Data Type String


UNIX Specific No

Present in ADM Yes


None Use Direct connection - Default

Tunnel(Secure)

Use secure (HTTPS) proxy

Wpad

Auto Auto detect from Web browser

SOCKS

SOCKS V4

SOCKS V5

Script Interpret proxy auto-configuration script



Trusted_Region.ini Network\Proxy Auto

Untrusted_Region.ini Network\Proxy Auto



HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\LockdownProfiles\Trusted Region\Lockdown\Network\Proxy

Auto

HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\LockdownProfiles\Untrusted Region\Lockdown\Network\Proxy

Auto


ProxyType

748

749

ProxyUseDefault

For UNIX and Macintosh, this parameter determines from which section the default proxy ischosen.

If set to True, the section is [WFClient]; otherwise, [serversection].

Section Server

Feature Proxy

Attribute Name INI_PROXYUSEDEFAULT

Data Type Boolean

Access Type Read

UNIX Specific No

Present in ADM No


True Default proxy is chosen from WFClient - Default

False Default proxy is chosen from serversection





*


*

750

ProxyUseFQDN(2)

This setting is used in an environment that is set up to connect to applications through aproxy and Secure Gateway. If the proxy is configured to allow only FQDNs, when the clienttries to connect to the applications, the proxy may reject the request.

This happens because the client resolves the Secure Gateway server name to the IP addressbefore trying to connect to the server.

Setting this value to On ensures that the client does not try to resolve the Secure Gatewayserver name to an address but will instead send the name to the proxy. The client should beable to resolve the address and then connect to the Secure Gateway server through theproxy.


Feature Proxy

Attribute Name INI_PROXYUSEFQDN

Data Type Boolean

Access Type Read

UNIX Specific No

Present in ADM No


False Client resolves the Secure Gateway server name to an address - Default

True Client send the servername to the proxy which resove the address



Registry Location

Registry Key Value


*


*

ProxyUseFQDN(2)

751

752

ProxyUsername

Holds the user name to be used to automatically authenticate the client to the proxy.

Use this policy to control the authentication mechanisms that the client uses whenconnecting to a proxy server. Authenticating proxy servers can be used to monitor datatraffic in large network deployments.



ADM UI Element: Citrix Components > Citrix Receiver > Network routing > Proxy > Configureproxy authentication >Explicit user name

Section Server

Feature Proxy

Attribute Name INI_PROXYUSERNAME

Data Type String

Access Type Read

UNIX Specific No

Present in ADM Yes


"" User Name (prompt given) - Default






ProxyUsername

753

754

ReadersStatusPollPeriod

Specifies the delay, in milliseconds, for reading information from a smart card after thecard is inserted or removed, or a reader is disconnected, etc.

When inserting a smart card into the reader there is a two- to five-second delay before theinformation from the card is read. This delay occurs by design, but it is configurable. Theclient polls the card for events and the default value for this is five seconds.

Section WFClient

Feature SmartCard

Attribute Name INI_READERS_STATUS_POLL_PERIOD

Data Type Integer

Access Type Read

UNIX Specific No

Present in ADM No


500 For WinCE only - Default

5000 For any other platforms


All_Regions.ini Virtual Channels\Smartcard




ReadersStatusPollPeriod

755

756

RECD(2)

Reconnection Enumeration Client Duration (RECD) is the time it takes a client to get a listof reconnections.

This is one of the Session Client startup data while End User Experience Monitoring (EUEM)metrics are stored.

Section Server,dynamic

Feature EUEM

Attribute Name INI_EUEM_RECD

Data Type Integer


UNIX Specific No

Present in ADM No








757

RegionIdentification

Specifies whether regions.ini should be read from the administrator location or userlocation. This is ignored if there is no administrator configuration. Regions.ini is used toperform region identification of client connections to servers.

Section Delegation

Feature ClientLockdown

Attribute Name INI_DELEGATION_REGIONIDENTIFICATION

Data Type String

Access Type Read

UNIX Specific No

Present in ADM No


administratorDefault

user


All_Regions.ini Delegation administrator


HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICAClient\Engine\Configuration\Advanced\Modules\Delegation

administrator

TroubleshootingNot applicable.

RegionIdentification

758

759

RejectURLType

Specifies URLs that are explicitly rejected for content redirection.

The reason there is both an accepturltype and a rejecturltype setting is that the code thattests them matches just to the length of the definition. So if you accept HTTP, it alsomeans that HTTPS will also be accepted. In case you wanted only HTTP, there is the optionto explicitly reject HTTPS.

Section dynamic


Attribute Name INI_CR_REJECT_URL_TYPE

Data Type String

Access Type Read

UNIX Specific Yes

Present in ADM No


"" Reject URL



760

RemoveICAFile

Specifies whether or not the ICA file should be deleted after the session is finished.

Section WFClient

Feature Core

Attribute Name INI_REMOVEICAFILE

Data Type Boolean


UNIX Specific No

Present in ADM No


Off Does not remove ICA file - Default

On Removes ICA file

True Removes ICA file

False Does not remove ICA file

yes Removes ICA file

no Does not remove ICA file

1 Removes ICA file

0 Does not remove ICA file


All_Regions.ini Client Engine\ICA File *


HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\LockdownProfiles\All Regions\Lockdown\Client Engine\ICA File

*

HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\LockdownProfiles\All Regions\Lockdown\Client Engine\ICA File

*

RemoveICAFile

761

762

ResMngrRunningPollPeriod

Specifies the time, in milliseconds, of polling for a restart of the Smart Card ResourceManager. Used only when there is an outstanding query for that Smart Card ResourceManager availability.

Used to create a timer for polling for a restart of the Smart Card Resource Manager.

Section WFClient

Feature SmartCard

Attribute Name INI_RES_MNGR_RUNNING_POLL_PERIOD

Data Type Integer

Access Type Read

UNIX Specific No

Present in ADM No


10000 Time in milliseconds - Default


All_Regions.ini Virtual Channels\Smartcard




763

REWD(2)

Specifies the time it takes Web Interface to get the list of reconnections from the XMLService. REWD stands for Reconnection Enumeration Web server Duration.


Feature EUEM

Attribute Name INI_EUEM_REWD

Data Type Integer


UNIX Specific No

Present in ADM No


-1 Initial reset value






764

RtpAudioHighestPort

Specifies the highest UDP port that the client can attempt to use for transmission ofReal-time Transport Protocol (RTP) audio.


Section Server

Feature Audio

Attribute Name INI_RTPAUDIOHIGHESTPORT


Data Type Integer

Access Type Read

UNIX Specific No

Present in ADM Yes


16509 Default Value




HKEY_LOCAL_MACHINE\Software\Policies\Citrix\ICAClient\Engine\Lockdown Profiles\All Regions\Lockdown\VirtualChannels\Audio

RtpAudioHighestPort


RtpAudioHighestPort

765

RtpAudioLowestPort

Specifies the lowest UDP port that the client can attempt to use for transmission ofReal-time Transport Protocol (RTP) audio.


Section Dynamic, Server

Feature Audio

Attribute Name INI_RTPAUDIOLOWESTPORT


Data Type Integer

Access Type Read

UNIX Specific No

Present in ADM Yes


16500 Default Value




HKEY_LOCAL_MACHINE\Software\Policies\Citrix\ICAClient\Engine\Lockdown Profiles\All Regions\Lockdown\VirtualChannels\Audio

RtpAudioLowestPort


RtpAudioLowestPort

766

ScalingHeight

Specifies the height of scaled window. This is one of the scaling properties (ScalingMode,ScalingPercent, ScalingHeight, and ScalingWidth) which is used to determine the initial"scaled"state of the session.

Only used when ScalingMode=2. ScalingMode=2 setting instructs ICO (ICA Client Object) touse the ScalingHeight and ScalingWidth properties. It ignores the ScalingPercent property.The width and height of the scaling area are checked against the size of the controlwindow. The size cannot be bigger than the control window area. If the width and height isnot less than the session size it means that scaling should not be enabled.

This property is the initial settings. Changes made to property during a connected sessionwill not have any effect. When the session is established, use scaling methods to change thescaling attributes of the session.

Section Server

Feature Core

Attribute Name INI_SCALING_HEIGHT

Data Type Integer

Access Type Read

UNIX Specific No

Present in ADM No


0 No scaling - Default

INI LocationN/A


767

ScalingMode

Specifies the scaling mode that will be used for the initial connection. ScalingMode can beset to one of four possible initial states.

● 0 (Disabled): This is the default setting and means that scaling is not enabled atinitialization.

● 1 (Percent): This setting instructs ICO to use the ScalingPercent property to determinethe size of the scaling area. It ignores ScalingWidth and ScalingHeight. One hundredpercent means that the area of the scaling is the same as the area of the controlwindow. Fifty percent means that the scaling area is fifty percent of the controlwindow.

● 2 (Size): This setting instructs ICO to use the ScalingHeight and ScalingWidth properties.It ignores the ScalingPercent property. The width and height of the scaling area arechecked against the size of the control window. The size cannot be bigger than thecontrol window area.

● 3 (To fit Window): This setting instructs ICO to fit the session into the existing controlwindow. This is the easiest to do for a script because it forces the session to show itscomplete yet scaled area inside the control window.

This mode ignores the three other properties ScalingPercent, ScalingWidth, andScalingHeight.

This property is the initial settings. Changes made to property during a connected sessionwill not have any effect. When the session is established, use scaling methods to change thescaling attributes of the session.

Section Server

Feature Core

Attribute Name INI_SCALING_MODE

Data Type Integer

Access Type Read

UNIX Specific No

Present in ADM No


0 Disabled - Default

1 Percent

2 Size

3 To fit window (autosize)

INI LocationN/A


ScalingMode

768

769

ScalingPercent

Specifies scaling percentage to calculate the width and height of the ICA client`s window.

This setting instructs ICO to use the ScalingPercent property to determine the size of thescaling area. It ignores ScalingWidth and ScalingHeight. One hundred percent means thatthe area of the scaling is the same as the area of the control window. Fifty percent meansthat the scaling area is fifty percent of the control window.

This percentage should be between the minimum scaling percentage (10) and maximumscaling percentage (100).

Section Server

Feature Core

Attribute Name INI_SCALING_PERCENT

Data Type Integer

Access Type Read

UNIX Specific No

Present in ADM No


100 Maximum scaling (percent) - Default

10-99 Scaling (percent)

INI LocationN/A


770

ScalingWidth

Specifies the scaling factor to adjust Client window width. The purpose is to adjust thedimensions to fit the client LVB model. This is used only when ScalingMode=2.

It ignores the ScalingPercent property. The width and height of the scaling area arechecked against the size of the control window. The size cannot be bigger than the controlwindow area. So if the width and height is not less than the session size, scaling should notbe enabled.

Section Server

Feature Core

Attribute Name INI_SCALING_WIDTH

Data Type Integer

Access Type Read

UNIX Specific No

Present in ADM No


) No scaling is done - Default

>= 0 Disable audio input

INI LocationN/A


771

Schedule

If the value for the application pre-launch setting State is 2 (pre-launch scheduled), use thissetting to schedule the application session to prelaunch on specific days and times.

Section PrelaunchApplication

Feature Pre-Launch

Attribute Name PRELAUNCH_TIME

Definition Location prelaunch.h

Data Type String


UNIX Specific No

Present in ADM No

ValuesThe value specifies the time (in 24-hour format) and the days of the week for theapplication session to prelaunch.

HH:MM|M:T:W:Th:F:S:Su HH:MM - Hours and Minutes in 24 hour format M:T:W:Th:F:S:Su - Days of the week. A value of 1 to enable and 0 to disable. Example: 08:30|1:1:1:1:0:0:0 - Enables Pre-Launch Monday through Thursday at 8:30 AM


HKEY_LOCAL_MACHINE\Software\Citrix\ICAClient\Prelaunch

HKEY_CURRENT_USER\Software\Citrix\ICAClient\Prelaunch

772

ScreenPercent

Specifies the size of the ICA session as a percentage of total screen size.

If DesiredWinType is set to 5, this parameter is used to specify the size of the ICA session asa percentage of total screen size.

Client Display Setting: Use this policy to control how the client presents remoteapplications and desktops to the end user. Remote applications can be seamlesslyintegrated with local applications, or the entire local environment can be replaced with aremote desktop.

Window Percent can be used as an alternative to manually choosing the width and height. Itselects a window size as a fixed percentage of the entire screen. The server may choose toignore this value. This setting is ignored when seamless windows is in use.

ADM UI Element: Citrix Components > Citrix Receiver > User experience > Client displaysettings > Window percent

Section Server

Feature Core

Attribute Name INI_SCREENPERCENT

Data Type Integer


UNIX Specific No

Present in ADM Yes


75 Default screen size when the setting is enabled.

0 Disables the setting.

1-100




canonicalization.ini Thinwire3.0 ScreenPercent

appsrv.ini WFClient



ScreenPercent



*


*

ScreenPercent

773

774

SecureChannelProtocol(2)

Specifies which secure channel protocol to use.

Use this policy to configure the TLS/SSL options that help to ensure that the client connectsto genuine remote applications and desktops. TLS and SSL encrypt the transferred data toprevent third-parties viewing or modifying the data traffic. Citrix recommends that anyconnections over untrusted networks use TLS/SSL or another encryption solution with atleast the same level of protection.

When this policy is enabled, the client will apply these settings to all TLS/SSL connectionsperformed by the client. The Require SSL for all connections check box can be used toforce the client to use the TLS or SSL protocol for all connections that it performs.

TLS and SSL identify remote servers by the common name on the security certificate sentby the server during connection negotiation. Usually the common name is the DNS name ofthe server, for example www.citrix.com. It is possible to restrict the common names towhich the client will connect by specifying a comma-separated list in the "Allowed SSLservers" setting. Note that a wildcard address, for example *.citrix.com:443 will match allcommon names that end with .citrix.com. The information contained in a certificate isguaranteed to be correct by the certificate`s issuer.

Some security policies have requirements related to the exact choice of cryptography usedfor a connection. By default the client will automatically select either TLS v1.0 or SSL v3.0(with preference for TLS v1.0) depending on what the server supports. This can berestricted to only TLS v1.0 or SSL v3.0 using the "SSL/TLS version" setting.

Similarly, certain security policies have requirements relating to the cryptographicciphersuites used for a connection. By default the client will automatically negotiate asuitable ciphersuite from the five listed below. If necessary, it is possible to restrict to justthe ciphersuites in one of the two lists.

● Government Ciphersuites:

● TLS_RSA_WITH_AES_256_CBC_SHA

● TLS_RSA_WITH_3DES_EDE_CBC_SHA● Commercial Ciphersuites:


● TLS_RSA_WITH_RC4_128_SHA

● TLS_RSA_WITH_RC4_128_MD5Certificate Revocation List (CRL) checking is an advanced feature supported by somecertificate issuers. It allows security certificates to be revoked (invalidated before theirexpiry date) in the case of cryptographic compromise of the certificate private key, orsimply an unexpected change in DNS name.

Valid CRLs must be downloaded periodically from the certificate issuer and stored locally.This can be controlled through the selection made in "CRL verification."

● Disabled: When selected, no CRL checking will be performed.

● Only check locally stored CRLs: When selected, any CRLs that have been previouslyinstalled or downloaded will be used in certificate validation. If a certificate is found tobe revoked, the connection will fail.

● Retrieve CRLs from network: When selected, the client will attempt to retrieve CRLsfrom the relevant certificate issuers. If a certificate is found to be revoked, theconnection will fail.

● Require CRLs for connection: When selected, the client will attempt to retrieve CRLsfrom the relevant certificate issuers. If a certificate is found to be revoked, theconnection will fail. If the client is unable to retrieve a valid CRL, the connection willfail.

ADM UI Element: Citrix Components > Citrix Receiver > Network routing


Feature SSL

Attribute Name INI_SSLPROTOCOLS

Data Type String

Access Type Read

UNIX Specific No

Present in ADM Yes


Detect Protocol value - Default

TLS Protocol value

SSL Protocol value


All_Regions.ini Network\SSL


775


HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\LockdownProfiles\All Regions\Lockdown\Network\SSL

HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\LockdownProfiles\All Regions\Lockdown\Network\SSL

TroubleshootingError Message: "SSL Error 61: You have not chosen to trust "<xxx>" the issuer of the server`ssecurity certificate". The common name and other information on a security certificate isguaranteed to be accurate by the certificate`s issuer. For a connection to be successful,the client must trust the certificate`s issuer to make that guarantee.

Error Message: "SSL Error 59: The server sent a security certificate identifying `xxx`. TheSSL connection was to `yyy`". The common name did not match the server the client wasexpecting to connect to.


776

777

SecurityTicket

Specifies whether (On) or not (Off) CGP security ticket is turned on. WhenCGPSecurityTicket is turned on, use CGP through SG.

Section Server

Feature CPG

Attribute Name INI_CGPSECURITYTICKET

Data Type inc\cgpini.h

Access Type Read

UNIX Specific No

Present in ADM No


Off CGP security ticket is turned off - Default

On CGP security ticket is on


All_Regions.ini Network\CGP *


HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\LockdownProfiles\AllRegions\Lockdown\Network\CGPHKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICAClient\Engine\Lockdown Profiles\All Regions\Lockdown\Network\CGP

*

HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\LockdownProfiles\All Regions\Lockdown\Network\CGP

*

778

SessionReliabilityTTL

Specifies the session reliability timeout in number of seconds. This attribute allows you toconfigure Session Reliability Time To Live (TTL).

Section WFClient

Feature SessionReliability

Attribute Name INI_SESSIONRELIABILITY_TTL

Data Type Integer

Access Type Read

UNIX Specific No

Present in ADM No


180 Seconds - Default


All_Regions.ini Network\CGP *

Module.ini WFClient



3

HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\LockdownProfiles\All Regions\Lockdown\Network\CGP

*

HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\LockdownProfiles\All Regions\Lockdown\Network\CGP

*

779

SessionSharingKey

Specifies the session sharing key.

Session sharing key takes priority over all other checks. If it matches you share, if it doesnot you do not. It is up to the server to set the session sharing key correctly. Session sharingkey is created from (Neighborhood Name, Color Depth, Username/Domain, EncryptionLevel, Audio BandWidth). If the key is not present, go through the old checks.

Section Server


Attribute Name INI_SESSIONKEY_NAME

Data Type String

Access Type Read

UNIX Specific No

Present in ADM No


oLdWaY Default

Off Launch failed because session key is set to Off






780

SessionSharingLaunchOnly

Specifies the name of the session to be shared.

Section Server


Attribute Name INI_SESSION_SHARING_NAME

Data Type String

Access Type Read

UNIX Specific No

Present in ADM No


"" If present then any string representing the name of the session






781

SFRAllowed

Specifies whether Special folder direction is allowed or not. If it is enabled, client sends theDesktop and Documents folder paths to the server side SFR as part of CDM VC data. SFRredirects the logged on user’s document and desktop folders to client’s document anddesktop folders respectively.

Section ClientDrive

Feature SFR

Attribute Name INI_SFRALLOWED

Data Type Boolean

Access Type Read

UNIX Specific No

Present in ADM Yes


Off Disables SFR - Default

On Enables SFR


All_Regions.ini Virtual Channels\ Drives *

Canonicalization.ini ClientDrive SFRAllowed

Module.ini ClientDrive FALSE



FALSE


*


SFRALLOWED

782

SkipRedrawPerPaletteChange

Specifies whether (On) or not (Off) to skip redrawing the screen after a palette change. Ifthis parameter is enabled, HowManySkipRedrawPerPaletteChange specifies how manypalette changes are skipped before each redraw. Use this only as directed by CitrixTechnical Support.

Section WFClient

Feature Graphics

Attribute Name INI_SKIPREDRAWPERPALETTECHANGE

Data Type Boolean

Access Type Reed

UNIX Specific No

Present in ADM No


0 Does not skip redrawing the screen after a palette change - Default

1 Skips redrawing the screen after a palette change

INI LocationN/A


783

SmartCardAllowed

Specifies whether or not Smartcard virtual channel has been enabled.

When enabled, this policy allows the remote server to access smart cards attached to theclient device for authentication and other purposes.

When disabled, the server cannot access smart cards attached to the client device.

ADM UI Element: Citrix Components > Citrix Receiver > User authentication > Smart cardauthentication > Allow smart card authentication

Section Smartcard,Server

Feature SmartCard

Attribute Name INI_SMARTCARDSWITCH

Data Type Boolean

Access Type Read

UNIX Specific No

Present in ADM No


FALSE Disable the requirement for a smart card. - Default

NO Enable the requirement for a smart card.

INI LocationN/A


784

SpeedScreenMMA

Specifies whether(On) or not(Off) to enable the HDX MediaStream Multimedia Acceleration.

It is used to decide the default value of Tw2CachePower. If SpeedScreenMMA = On thenTw2CachePower = 19 else Tw2CachePower = 22.

Remote Video: The remote video option allows the server to directly stream certain videodata to the client. This provides better performance than decompressing and recompressingvideo data on the computer running Citrix XenApp.

ADM UI Element : Citrix Components > Citrix Receiver > User experience > Client graphicssettings

Section Server

Feature RAVE

Attribute Name INI_MM

Data Type String

Access Type Read

UNIX Specific No

Present in ADM No


oLdWaY Default

Off Launch failed because session key is set to Off






SpeedScreenMMA

785

786

SpeedScreenMMAAudioEnabled

Specifies whether (True) or not (False) audio playback will occur through HDX MediaStreamMultimedia Acceleration.

Section Server

Feature RAVE

Attribute Name INI_MM_AUDIO_ENABLED

Data Type Boolean

Access Type Read

UNIX Specific No

Present in ADM No


TRUE Audio playback will occur through HDX MediaStream MultimediaAcceleration - Default

FALSE Audio playback will not occur through HDX MediaStream MultimediaAcceleration


All_Regions.ini Virtual Channels\Multimedia *


HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\LockdownProfiles\All Regions\Lockdown\Virtual Channels\Multimedia

*

HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\LockdownProfiles\All Regions\Lockdown\Virtual Channels\Multimedia

*

787

SpeedScreenMMAMaxBufferThreshold

Specifies (as a percentage) the amount of data in the media queue before the clientrequests that the server stops sending data until the data in the queue levels off.

Section Server

Feature RAVE

Attribute Name INI_MM_MAX_THRESHOLD

Data Type Integer

Access Type Read

UNIX Specific No

Present in ADM No


90 Percent - Default

85-90 Percent





*


*

788

SpeedScreenMMAMaximumBufferSize

Specifies the maximum size in kilobytes of the media queue that the client can create. Thisis per stream, so the client could create a 30240KB queue for audio and a 30240 queue forvideo.

Section Server

Feature RAVE

Attribute Name INI_MM_MAX_BUFFER_SIZE

Data Type Integer

Access Type Read

UNIX Specific No

Present in ADM No


30240 Size in KB - Default





*


*

789

SpeedScreenMMAMinBufferThreshold

Specifies what percent value the data in the media queue will be when the client requestsa burst from the server to replenish its media queue.

Section Server

Feature RAVE

Attribute Name INI_MM_MIN_THRESHOLD

Data Type Integer

Access Type Read

UNIX Specific No

Present in ADM No


10 Default

5-15





*


*

790

SpeedScreenMMASecondsToBuffer

Specifies the number of seconds of MMA data to buffer. The value is set on both the serverand client and the connection is set up with the smaller of these values.

Section Server

Feature RAVE

Attribute Name INI_MM_SECONDS_TO_BUFFER

Data Type Integer

Access Type Read

UNIX Specific No

Present in ADM No


1 Default

10 (wince default)

1-10





*


*

791

SpeedScreenMMAVideoEnabled

Specifies whether (True) or not (False) video playback will occur through HDX MediaStreamMultimedia Acceleration.

Section Server

Feature RAVE

Attribute Name INI_MM_VIDEO_ENABLED

Data Type Boolean

Access Type Read

UNIX Specific No

Present in ADM No


TRUE Video playback will occur through HDX MediaStream MultimediaAcceleration - Default

FALSE Video playback will not occur through HDX MediaStream MultimediaAcceleration





*


*

792

SSLCACert

Specifies a Certificate Authority Certificates count and a string.

The attribute CACerts (Certificate Authority Certificates) is stored and read with thecurrent CACerts count and string containing the certificate name. Specific to SSL (SecureSockets Layer).

Only present if there are any Certificate Authority Certificates to store.

Section Server

Feature SSL

Attribute Name INI_SSLCACERT

Data Type String


UNIX Specific No

Present in ADM No



793

SSLCertificateRevocationCheckPolicy(2)

Governs how a given trusted root certificate authority is treated during an attempt to opena remote session through SSL when using the client for 32-bit Windows.

When certificate revocation list checking is enabled, the client checks whether or not theserver’s certificate is revoked. This feature improves the cryptographic authentication ofthe Citrix server and improves the overall security of the SSL/TLS connections between aclient and a server. There are several levels of certificate revocation list checking. Forexample, the client can be configured to check only its local certificate list, or to check thelocal and network certificate lists. In addition, certificate checking can be configured toallow users to log on only if all Certificate Revocation lists are verified.

The client checks SSL certificate revocation only when the underlying operating system isWindows 2000 or later. When this setting is not configured in the Appsrv.ini and .ica files,NoCheck is used as the default value for Windows NT4/9x and CheckWithNoNetworkAccessis used as the default value for Windows 2000/XP. When theCertificateRevocationCheckPolicy setting is configured in the Appsrv.ini file of a user’sprofile and the .ica file, the value in the Appsrv.ini file takes precedence when attemptingto launch a remote session using the .ica file.

This behavior is the reverse of that displayed with most other parameters shared betweenthe two file types.

Possible values for the parameter SSLCertificateRevocationCheckPolicy in theAppsrv.ini/.ica file are as follows:

● NoCheck. No Certificate Revocation List check is performed.

● CheckWithNoNetworkAccess. Certificate revocation list check is performed. Only localcertificate revocation list stores are used. All distribution points are ignored. Finding aCertificate Revocation List is not critical for verification of the server certificatepresented by the target SSL Relay/Secure Gateway server.

● FullAccessCheck. Certificate Revocation List check is performed. Local CertificateRevocation List stores and all distribution points are used. Finding a CertificateRevocation List is not critical for verification of the server certificate presented by thetarget SSL Relay/Secure Gateway server.

● FullAccessCheckAndCRLRequired. Certificate Revocation List check is performed. LocalCertificate Revocation List stores and all distribution points are used. Finding allrequired Certificate Revocation Lists is critical for verification.

Certificate Revocation List (CRL) checking is an advanced feature supported by somecertificate issuers. It allows security certificates to be revoked (invalidated before theirexpiry date) in the case of cryptographic compromise of the certificate private key, orsimply an unexpected change in DNS name.

Valid CRLs must be downloaded periodically from the certificate issuer and stored locally.This can be controlled through the selection made in "CRL verification":







Feature SSL

Attribute Name INI_SSLCERTREVCHECKPOLICY

Data Type String

Access Type Read

UNIX Specific No

Present in ADM Yes


"" Policy value - Default

NoCheck No Certificate Revocation List check is performed

CheckWithNoNetworkAccessOnly local certificate revocation list stores are used. All distribution pointsare ignored

FullAccessCheckLocal Certificate Revocation List stores and all distribution points are used

FullAccessCheckAndCRLRequiredLocal Certificate Revocation List stores and all distribution points are used




794







795

796

SSLCiphers

On platforms that support multiple SSL cipher suites (currently 32-bit editions of Windowsonly), this parameter determines which cipher suite(s) the client is permitted to use toestablish an SSL connection. Non-32-bit Windows platforms are locked (hard-coded) to COM.

ADM UI: Citrix Components > Citrix Receiver > Network routing > TLS/SSL data encryptionand server identification > SSL ciphersuite

Section WFClient

Feature SSL

Attribute Name INI_SSLCIPHERS

Data Type String

Access Type Read

UNIX Specific No

Present in ADM Yes


ALL Either - Default

RC4 COM

GOV 3DES



appsrv.ini WFClient ALL




SSLCiphers

797

798

SSLCommonName

Specifies the server name as it appears on the SSL certificate.

If the value of SSLProxyHost is not identical to that of the server name as it appears on theSSL certificate, this parameter is required, and its value must specify the server name as itappears on the SSL certificate.

Section name would be WFClient for all custom ICA connections unless otherwiseoverridden.

Section name would be applicationservername for each custom ICA connection whereDoNotUseDefaultCSL=On.

Section Server

Feature SSL

Attribute Name INI_SSLCOMMONNAME

Data Type String

Access Type Read

UNIX Specific No

Present in ADM No


"" Server name - Default






SSLCommonName

799

800

SSLEnable

Specifies whether or not SSL is enabled.

The value of this parameter must be On to enable SSL. This setting is ignored by networkprotocols other than TCP/IP.

Use this policy to configure the TLS/SSL options that help to ensure that the client connectsto genuine remote applications and desktops. TLS and SSL encrypt the transferred data toprevent third-parties viewing or modifying the data traffic. Citrix recommends that anyconnections over untrusted networks use TLS/SSL or another encryption solution with atleast the same level of protection.

When this policy is enabled, the client will apply these settings to all TLS/SSL connectionsperformed by the client. The Require SSL for all connections check box can be used toforce the client to use the TLS or SSL protocol for all connections that it performs.

TLS and SSL identify remote servers by the common name on the security certificate sentby the server during connection negotiation. Usually the common name is the DNS name ofthe server, for example www.citrix.com. It is possible to restrict the common names towhich the client will connect by specifying a comma-separated list in the "Allowed SSLservers" setting. Note that a wildcard address, for example, *.citrix.com:443, will match allcommon names that end with .citrix.com. The information contained in a certificate isguaranteed to be correct by the certificate`s issuer.

Some security policies have requirements related to the exact choice of cryptography usedfor a connection. By default the client will automatically select either TLS v1.0 or SSL v3.0(with preference for TLS v1.0) depending on what the server supports. This can berestricted to only TLS v1.0 or SSL v3.0 using the "SSL/TLS version" setting.

Similarly, certain security policies have requirements relating to the cryptographicciphersuites used for a connection. By default the client will automatically negotiate asuitable ciphersuite from the five listed below. If necessary, it is possible to restrict to justthe ciphersuites in one of the two lists.

● Government Ciphersuites:


● TLS_RSA_WITH_3DES_EDE_CBC_SHA● Commercial Ciphersuites:


● TLS_RSA_WITH_RC4_128_SHA

● TLS_RSA_WITH_RC4_128_MD5Certificate Revocation List (CRL) checking is an advanced feature supported by somecertificate issuers. It allows security certificates to be revoked (invalidated before theirexpiry date) in the case of cryptographic compromise of the certificate private key, orsimply an unexpected change in DNS name.

Valid CRLs must be downloaded periodically from the certificate issuer and stored locally.This can be controlled through the selection made in "CRL verification."







Feature SSL

Attribute Name INI_SSLNOCACERTS

Data Type Integer


UNIX Specific No

Present in ADM No


0 Number of CACerts. (Certificate Authority Certificates) - Default


All_Regions.ini Network\SSL *

appsrv.ini WFClient

SSLEnable

801



*


*



SSLEnable

802

803

SSLProxyHost(2)

Specifies the server name value.

By default, this parameter is not present, or, if present, the value is set to *:443.

Assuming that every Citrix server in a server farm has its own SSL relay, the asterisk meansthat the address of the SSL relay is the same as that of the Citrix server.

If not every Citrix server in a given server farm has its own relay, the value can specify anexplicit server name in place of the asterisk. If the value is an explicit server name, SSLtraffic enters the server farm through the server whose name is specified by the value. Theserver name value must match the server name in the server’s SSL certificate; otherwise,SSL communications fail. For listening port numbers other than 443, the port number isappended to the server name following a colon (:):SSLProxyHost=*:SSL relay port number,where SSL relay port number is the number of the listening port. Related parameter:SSLCommonName.



Feature SSL

Attribute Name INI_SSLPROXYHOST

Data Type String


UNIX Specific No

Present in ADM Yes


*.443 SSL Proxy host string - Default



appsrv.ini WFClient *:443




SSLProxyHost(2)

804

805

SSOnCredentialType(3)

Specifies the credential type to used with pass-through authentication.

Allows particular credentials (Windows, NetWare, either) to be used with pass-throughauthentication on client devices that have the Novell Client installed.

Local user name and password: Use this policy to instruct the client to use the same logoncredentials (pass-through authentication) for Citrix XenApp as the client machine.

When this policy is enabled, the client can be prevented from using the current user`slogon credentials to authenticate to the remote server by clearing the Enable pass-throughauthentication check box.

When run in a Novell Directory Server environment, selecting the Use Novell DirectoryServer credentials check box requests that the client uses the user’s NDS credentials.

ADM UI Element: Citrix Components > Citrix Receiver > User authentication > Local username and password -> Use Novell Directory Server credentials


Feature SSON

Attribute Name INI_SSON_CREDENTIAL_TYPE

Data Type String

Access Type Read

UNIX Specific No

Present in ADM Yes


Any Windows, NetWare, either - Default

NT

NDS


All_Regions.ini Logon\Local Credentials

appsrv.ini WFClient Any




SSOnCredentialType(3)

806

807

SSOnDetected

A boolean setting enabled when (Single Sign-On) is being used.

(Single Sign-On) setting handles authentication to servers.

SSOnDetected Citrix pass-through authentication (Single Sign-On) is being used.

Section Server

Feature SSON

Attribute Name INI_SSON_DETECTED

Data Type Boolean


UNIX Specific No

Present in ADM No


FALSE Disable single sign-on detected - Default

TRUE Enable single sign-on detected


All_Regions.ini Logon *


HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\LockdownProfiles\All Regions\Lockdown\Logon

*

HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\LockdownProfiles\All Regions\Lockdown\Logon

*

808

SSOnUserSetting

Selects (On) or clears (Off) the Use local credentials to log on option. Choose usepass-through authentication when installing the ICA Client for this parameter to have aneffect.

This attribute is used for 3 types of User authentications in ADM file: "Smart CardAuthentication", "Kerberos authentication" and "Local user name and password".

● "Smart Card Authentication": Use Smart Card Authentication to control how the clientuses smart cards attached to the client device. When enabled, this policy allows theremote server to access smart cards attached to the client device for authenticationand other purposes. When disabled, the server cannot access smart cards attached tothe client device.

ADM UI Element: Citrix Components > Citrix Receiver > User authentication > Smartcard authentication > Use pass-through authentication for PIN

● "Kerberos authentication": Use this policy to control how the client uses Kerberos toauthenticate the user to the remote application or desktop. When enabled, this policyallows the client to authenticate the user using the Kerberos protocol. Kerberos is aDomain Controller authorised authentication transaction that avoids the need totransmit the real user credential data to the server. When disabled, the client will notattempt Kerberos authentication.

ADM UI Element: Citrix Components > Citrix Receiver > User authentication > Kerberosauthentication

● "Local user name and password": Use this policy to instruct the client to use the samelogon credentials (pass-through authentication) for Citrix XenApp as the client machine.When this policy is enabled, the client can be prevented from using the current user`slogon credentials to authenticate to the remote server by clearing the Enablepass-through authentication check box.

ADM UI Element: Citrix Components > Citrix Receiver > User authentication > Local username and password

Section WFClient

Feature SSON

Attribute Name INI_USER_SETTING_SINGLE_SIGN_ON

Data Type Boolean


UNIX Specific No

Present in ADM Yes


Off Clear the user local credentials to log on option - Default

On Selects the use local credentials to log on option






*


*

SSOnUserSetting

809

810

SSPIEnabled

Enables and disables Kerberos authentication protocol.

Use this policy to control how the client uses Kerberos to authenticate the user to theremote application or desktop.

When enabled, this policy allows the client to authenticate the user using the Kerberosprotocol. Kerberos is a Domain Controller authorised authentication transaction that avoidsthe need to transmit the real user credential data to the server.

When disabled, the client will not attempt Kerberos authentication.

ADM UI Element: Citrix Components > Citrix Receiver > Network routing > Userauthentication

Section WFClient

Feature SSPI

Attribute Name INI_SSPI_ENABLED

Data Type Boolean


UNIX Specific No

Present in ADM Yes


On Enable Kerberos authentication protocol- Default

Off Disable Kerberos authentication protocol


All_Regions.ini Logon\Kerberos *

wfclient.ini WFClient On


HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\LockdownProfiles\All Regions\Lockdown\Logon\Kerberos

*

0x1 HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\LockdownProfiles\All Regions\Lockdown\Logon\Kerberos

*

TroubleshootingThe machine running the client and the server running the remote application must be indomains that have a trust relationship. The Domain Controller must be aware that CitrixXenApp will be performing a full user logon (interactive logon) using Kerberos. This isconfigured using the "Trust for Delegated Authentication" settings on the Domain Controller.

When connecting using Web Interface, Web Interface server must be aware that the clientwill connect using Kerberos authentication. This is necessary because by default WebInterface server will use an IP address for the destination server whereas Kerberosauthentication requires a Fully Qualified Domain Name.

Both client and server machines must have correctly registered DNS entries. This isnecessary because endpoints will authenticate each other during connection.

SSPIEnabled

811

812

startIFDCD(3)

This is an End User Experience Monitoring (EUEM) metric. This metric tracks the time ittakes the client to download the ICA file from the Web server for Program NeighborhoodAgent or Web Interface.

Section qwerty,dynamic,Server

Feature EUEM

Attribute Name INI_EUEM_STARTIFDCD

Data Type Integer


UNIX Specific No

Present in ADM No








813

startSCD(2)

New session creation time (SCD), from the moment wfica32.exe is launched to when theconnection is established

An ICA session may be started by different launchers, all of the launchers use the sameengine wfica32.exe. This is specific to the ICA launcher when it is not ProgramNeighborhood Classic.


Feature EUEM

Attribute Name INI_EUEM_STARTSCD

Data Type Integer


UNIX Specific No

Present in ADM No


0 Session Creation Time (ms) - Default






814

State

Specifies whether or not to launch a pre-launched application session at user logon. Whenset to 1 (default setting), the session is enabled at user logon. When set to 2, thepre-launched application session is launched at the

When set to 2, the pre-launched application session launches at the specified Schedule; ifthe schedule is not set, the session is disabled.

To enable users to override this administrator's configuration, enable the UserOverridesetting.


Feature Pre-Launch

Attribute Name PRELAUNCH_STATE


Data Type string


UNIX Specific No

Present in ADM No


1 Pre-Launch enabled default

0 Pre-Launch disabled

2 Pre-Launch scheduled


HKEY_LOCAL_MACHINE\Software\Citrix\ICAClient\PreLaunch

HKEY_CURRENT_USER\Software\Citrix\ICAClient\PreLaunch

815

SucConnTimeout

Specifies the number of seconds to wait for a recently started session to become availablefor session sharing.

Multiple sessions can be opened if multiple configured seamless Window applications arestarted in rapid succession and the server has custom logon scripts that take longer than 20seconds to complete. To extend this time-out value, enter this setting in the Appsrv.ini fileunder the [WFClient] section.

Section WFClient


Attribute Name INI_SUCCONNTIMEOUT

Data Type Integer

Access Type Read

UNIX Specific No

Present in ADM No


20 Wait for Session Sharing (seconds) - Default

INI LocationN/A


816

SwapButtons

Specifies whether (On) or not (Off) to swap the function of the client device’s mousebuttons within the ICA session.

Section WFClient

Feature Mouse

Attribute Name INI_SWAPBUTTONS

Data Type Boolean

Access Type Read

UNIX Specific No

Present in ADM No


Off Disable swap function - Default

On Enable the swap function

INI LocationN/A


817

TransparentKeyPassthrough

Determines how the mapping of certain Windows key combinations are used whenconnecting to ICA sessions.

This setting appears in the Citrix Receiver user interface under Session Options page and inthe Web Interface for Citrix XenApp Settings page.

● When Local is set, the key combinations apply to the local desktop.

● When Remote is set, the key combinations apply to seamless and non-seamless ICAsessions when their windows have the keyboard focus.

● When FullScreenOnly is set, the key combinations apply to the non-seamless ICA sessionin full screen mode.

The default value is FullScreenOnly. When no TransparentKeyPassthrough setting in the ICAfile is passed to the ICA Engine, the keyboard transparent feature behave’s as ifFullScreenOnly is set.

Section WFClient

Feature Keyboard

Attribute Name INI_TPKEYPASSTHRU

Data Type String

Access Type Read

UNIX Specific No

Present in ADM No


FullScreenOnlyDefault

Local

Remote


All_Regions.ini Virtual Channels\Keyboard

wfclient.ini WFClient FullScreenOnly

appsrv.ini WFClient FullScreenOnly




TransparentKeyPassthrough

818

819

TransportReconnectDelay

Specifies the number of seconds to wait before attempting to reconnect to thedisconnected session.

When a network error occurs, the auto client reconnect feature normally displays a dialogbox asking whether or not to try to reconnect. The TransportReconnectDelay=delay settingreplaces this display with a delay (in seconds) followed by an automatic reconnectionattempt.

Specifies the number of retries the client will attempt to reconnect to the disconnectedsession. If the TransportReconnectEnabled value is set to On or is not present in the .inifile, the number that is specified for this value is used.

Use "Session reliability and automatic reconnection" policy to control how the clientbehaves when a network failure causes the connection to be dropped.

When this policy is enabled, the client will attempt to reconnect to a server only if "Enablereconnection" is selected. By default three reconnection attempts are made, but this canbe altered using the "Number of retries" setting. Similarly the delay between retries can bealtered from the default of 30 seconds using the "Retry delay" setting.

ADM UI Element: Citrix Components > Citrix Receiver > Network routing > Session reliabilityand automatic reconnection > Retry delay (seconds)

Section WFClient

Feature ACR

Attribute Name INI_TRANSPORT_RECONNECT_DELAY

Data Type Integer

Access Type Read

UNIX Specific No

Present in ADM Yes


30 Seconds - Default


All_Regions.ini Network\Reconnection *


HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\LockdownProfiles\All Regions\Lockdown\Network\Reconnection

*

HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\LockdownProfiles\All Regions\Lockdown\Network\Reconnection

*

TroubleshootingSome proxy servers will automatically disconnect connections that are idle for a certainlength of time. This can cause client sessions to be disconnected when not in use. Aserver-side option "ICA Keep-Alive" is available to send extra data packets during periods ofinactivity that can be used prevent proxies from closing connections.

TransportReconnectDelay

820

821

TransportReconnectEnabled

Specifies whether (On) or not (Off) the Auto Client Reconnect is enabled. By default if theclient connects to a server that is enabled for AutoClientReconnect and a disconnectionoccurs, the client tries indefinitely to reconnect to the disconnected session until the userclicks the Cancel button in the AutoClientReconnect dialog box.

Session reliability and automatic reconnection: Use this policy to control how the clientbehaves when a network failure causes the connection to be dropped.

When this policy is enabled, the client will attempt to reconnect to a server only if "Enablereconnection" is selected. By default three reconnection attempts are made, but this canbe altered using the "Number of retries" setting. Similarly the delay between retries can bealtered from the default of 30 seconds using the "Retry delay" setting.

ADM UI Element: Citrix Components > Citrix Receiver > Network routing > Session reliabilityand automatic reconnection > Enable reconnection

Section WFClient

Feature ACR

Attribute Name INI_TRANSPORT_RECONNECT_ENABLED

Data Type Boolean

Access Type Read

UNIX Specific No

Present in ADM Yes


1 Enables Auto Client Reconnect - Default

0 Disables Auto Client Reconnect

On Enables Auto Client Reconnect

Off Disables Auto Client Reconnect

true Enables Auto Client Reconnect

false Disables Auto Client Reconnect

yes Enables Auto Client Reconnect

no Disables Auto Client Reconnect





*


*

TransportReconnectEnabled

822

823

TransportReconnectRetries

Specifies the number of times the client will attempt to reconnect to the disconnectedsession. If the TransportReconnectEnabled value is set to On or is not present in the .inifile, the number that is specified for this value is used.

Use the Session reliability and automatic reconnection policy settings to control how theclient behaves when a network failure causes the connection to be dropped.

When these policy settings are enabled, the client will attempt to reconnect to a serveronly if Enable Reconnection is selected in the Citrix User policy setting for Auto ClientReconnect. By default three reconnection attempts are made, but this can be altered usingthe Number of retries setting. Similarly the delay between retries can be altered from thedefault of 30 seconds using the Retry delay setting. Retry delay is supported only on WinCE.

ADM UI Element: Citrix Components > Citrix Receiver > Network routing > Session reliabilityand automatic reconnection > Number of retries

Section WFClient

Feature ACR

Attribute Name INI_TRANSPORT_RECONNECT_RETRIES

Data Type Integer

Access Type Read

UNIX Specific No

Present in ADM Yes


0xFFFFFFFF For Win32 (infinite) - Default

3 (default for non-windows)

1 -0xFFFFFFFF

1 or higher





*


*

TroubleshootingSome proxy servers will automatically disconnect connections that are idle for a certainlength of time. This can cause client sessions to be disconnected when not in use. Theserver-side policy setting for ICA Keep Alives is available to send extra data packets duringperiods of inactivity that can be used to prevent proxies from closing connections.

TransportReconnectRetries

824

825

TransportSilentDisconnect

Specifies whether or not silent disconnect is enabled.

This setting hides the network error message that appears when the client is disconnected.Instead of showing the error message, the client just exits silently.

Section WFClient

Feature ACR

Attribute Name INI_TRANSPORT_SILENT_DISCONNECT

Data Type Boolean

Access Type Read

UNIX Specific No

Present in ADM No


FALSE Disable silent disconnect - Default

TRUE Enable silent disconnect

INI LocationN/A


826

TRWD

EUEM: End User Experience Monitoring .

TRWD: TICKET_RESPONSE_WEB_SERVER

The time it takes to get a ticket (if required) from the STA server or XML Service. Thismetric is collected when the application is launched via the Citrix Receiver or WebInterface.

Section Server

Feature EUEM

Attribute Name INI_EUEM_TRWD

Data Type Integer


UNIX Specific No

Present in ADM No








827

Tw2CachePower

Specifies, in powers of 2 bytes, the size of the ThinWire cache. For example, aTW2CachePower value of 23 creates an 8MB (2^23 bytes) ThinWire cache. Set it in therange of 19 to 25. Any value less than 19 is reset to 19; any value greater than 25 is reset to25. If you do not specify a value, the ThinWire driver automatically computes the initialsize based on connection resolution and color depth, applying a value in the range of 22 to25. If the required memory space cannot be allocated, the value is gradually lowered untilit matches the actual amount of available memory space. If memory space equivalent to avalue of 19 (512KB) cannot be allocated, the connection is dropped.

Section Thinwire3.0

Feature Graphics

Attribute Name INI_TW2_CACHE_POWER

Data Type Integer

Access Type Read

UNIX Specific No

Present in ADM No


19 Default

19-25

INI LocationN/A


828

TW2StopwatchMinimum

Sets a minimum return value for TW2 stopwatch timers.

TW2`s stopwatch timers can return meaningless results when the underlying graphicssystem is not synchronous, for example X11 on Unix. This option allows an implementationto set a minimum value that will be returned for a stopwatch timer period. The minimumvalue used is taken from the configuration files and scaled by the size of the last imagecopy.

Section Thinwire3.0

Feature Graphics

Attribute Name INI_TW2_STOPWATCH_MINIMUM

Data Type String

Access Type Read

UNIX Specific No

Present in ADM No


0 Default



canonicalization.ini Thinwire3.0 TW2StopwatchMinimum



TW2StopwatchMinimum


*


*

829

TW2StopwatchScale

Sets a scale factor to be applied to TW2 stopwatch timers.

TW2`s stopwatch timers can return over-optimistic results when there is a large disparitybetween the speed of different graphics operations; for example, some WinCE terminalscan scroll quickly but draw relatively slowly. This option allows a scale factor to be appliedto values returned by the stopwatch timers in an attempt to correct this.

Section Thinwire3.0

Feature Graphics

Attribute Name INI_TW2_STOPWATCH_SCALE

Data Type Integer

Access Type Read

UNIX Specific No

Present in ADM No


1 Scale Factor - Default

INI LocationN/A


830

TwainAllowed

Specifies whether (TRUE) or not (FALSE) Image capture is enabled.

Image Capture: Use this policy to enable and restrict the remote application or desktop`saccess to scanners, webcams, and other imaging devices on the client device (TWAIN).

ADM UI Element: Citrix Components > Citrix Receiver > Remoting client devices > Imagecapture

Section WFClient

Feature Twain

Attribute Name INI_TWAINALLOWED

Data Type Boolean

Access Type Read

UNIX Specific No

Present in ADM Yes


TRUE Enables Image capture (TWAIN) - Default

FALSE Disables Image capture (TWAIN)


All_Regions.ini Virtual Channels\Image Capture *


HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\LockdownProfiles\All Regions\Lockdown\Virtual Channels\Image Capture

*

HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\LockdownProfiles\All Regions\Lockdown\Virtual Channels\Image Capture

*

831

TWIEmulateSystray

Specifies whether (TRUE) or not (FALSE) to do system tray emulation on non-windowsclients.

Controls the creation of a system emulation window to display notification area icons whenusing seamless mode.

Section Server

Feature Seamless

Attribute Name INI_TWI_SYSTRAY_EMULATION

Data Type Boolean

Access Type Read

UNIX Specific No

Present in ADM No


TRUE Do system tray emulation on non-Windows clients - Default

FALSE Does not do system tray emulation on non-Windows clients

INI LocationN/A


832

TWIFullScreenMode

This setting switches the client to full screen mode.

The server display will completely cover the client display.

ADM UI Element: Citrix Components > Citrix Receiver > User experience > Client displaysettings

Section Thinwire3.0

Feature Keyboard

Attribute Name INI_FULLSCREENMODE

Data Type Boolean

Access Type Read

UNIX Specific No

Present in ADM Yes


0 Disable client full screen mode - Default

1 Enable client full screen mode




canonicalization.ini Thinwire3.0 TWIFullScreenMode



TWIFullScreenMode



*


*

TWIFullScreenMode

833

834

TWIIgnoreWorkArea

Enable/Disable sending only desktop work area.

Specifies whether (True) or not (False) the entire desktop area will be sent to the server.By default when the client connects to the server it sends the entire desktop area(including the taskbar) of the client display to the server. Setting this value to True sendsonly the desktop work area (area where shortcuts are placed, for example).

Section WFClient

Feature Seamless

Attribute Name INI_OVERRIDE_WORKAREA_SETTING

Data Type Boolean

Access Type Read

UNIX Specific No

Present in ADM No


0 Disable sending only desktop work area.

1 Enable sending only desktop work area.


All_Regions.ini Virtual Channels\Seamless Windows *



*


*

TWIIgnoreWorkArea

835

836

TWIMode

Specifies whether (On) or not (Off) to use seamless mode for all connections in theassociated application set or for the associated custom ICA connection. Set the parametersDesiredVRES, DesiredHRES, and DesiredWinType accordingly.

Client display settings: Use this policy to control how the client presents remoteapplications and desktops to the end user. Remote applications can be seamlesslyintegrated with local applications, or the entire local environment can be replaced with aremote desktop.

Seamless windows: When set to False this setting allows the client to disable the use ofseamless windows, instead displaying a fixed size window. When set to True it forces theclient to request seamless windows, although the server may choose to reject this request.

ADM UI Element: Citrix Components > Citrix Receiver > User experience > Client displaysettings > Seamless windows

Section Server

Feature Seamless

Attribute Name INI_TWI_MODE

Data Type Boolean


UNIX Specific No

Present in ADM Yes


FALSE Disables the seamless mode for all connections - default

TRUE Enables the seamless mode for all connections

Off Disables seamless mode for all connections

On Enables seamless mode for all connections





*


*

TWIMode

837

838

TWISeamlessFlag

Enable/Disable seamless applications launch.

Starting with Version 9.x of the Citrix Receiver for Windows, when an application launchesseamlessly, if focus is shifted away from the Logon Status dialog boxes before theapplication is displayed, the application launches behind whichever window has focus.

By setting this value to 1, seamless applications launch in the foreground and have focus,even if the focus shifted away from the Logon Status dialog boxes.

Section WFClient

Feature Seamless

Attribute Name INI_SEAMLESS_FLAG

Data Type Integer

Access Type Read

UNIX Specific No

Present in ADM No


0 Disable seamless application launch - default

1 Enable seamless application launch.



839

TWIShrinkWorkArea

Specifies the value that the work area will be minimized. By specifying this users can makework area for seamless windows smaller.

Seamless applications cover the local taskbar on Windows 2000, 2003, and XP workstationcomputers when Auto hide is selected in the taskbar and Start Menu Properties dialog box.If the user selects to auto hide the local taskbar and a seamless ICA session is run, the localtaskbar may not be accessible. If the seamless application is minimized, the local taskbarcan be accessed. To avoid this problem, set the setting to a value of 3 or more.

Section WFClient

Feature Seamless

Attribute Name INI_WORKAREA_TOSHRINK

Data Type Integer

Access Type Read

UNIX Specific No

Present in ADM No


0 Default

greaterthan 0



840

TWISuppressZZEcho

Suppress post-move jiggle of seamless window.

By setting this property to True, any attempt by the server to move a seamless window tothe top left corner of the screen is ignored after the window is moved locally. This affectsWindows servers only.

Section Server

Feature Seamless

Attribute Name INI_TWI_SUPPRESS_ZZ_ECHO

Data Type Boolean

Access Type Read

UNIX Specific No

Present in ADM No


FALSE Does not suppress post-move jiggle - default

TRUE Suppress post move jiggle



841

TWITaskbarGroupingMode

Mode used for Seamless Taskbar Grouping of hosted, published applications.

Set this parameter to the desired value for Seamless Taskbar Grouping support. If GroupAllis specified, hosted, published app instances are grouped together on the Windows Taskbarby app. Likewise, these app instances are grouped together with corresponding local appinstances. If GroupNone is specified, the Seamless Taskbar Grouping feature is disabled. Asa result, all instances of all hosted apps are grouped together in the Windows Taskbar inthe same group, and not with local apps.

Section Server

Feature Seamless

Attribute Name INI_TWI_TASKBAR_GRP_MODE

Data Type String

Access Type Read

UNIX Specific No

Present in ADM No


GroupAll Specifies that published app instances should be grouped withcorresponding local app instances on the Windows Taskbar - default

GroupNone Disables taskbar button grouping support





*


*


TWITaskbarGroupingMode

842

843

UnicodeEnabled

Enable UNICODE printer names.


Feature Printing

Attribute Name INI_CPMUNICODEENABLED

Data Type Integer

Access Type Read

UNIX Specific Yes

Present in ADM No


TRUE Default

FALSE



844

UseAlternateAddress(3)

Selects (1) or clears (0) the Use alternate address for firewall connection option.

Selects (1) or clears (0) the Use alternate address for firewall connection option. Used toperform Network Address Translation (NAT).

Firewalls use IP address translation to convert public (Internet) IP addresses into private(intranet) IP addresses. Public IP addresses are called external addresses because they areexternal to the firewall, while private IP addresses are called internal addresses. In thiscontext, alternate means external.

A client configured to use the TCP/IP server location network protocol sends a directed UDPdatagram to the server IP address, using TCP/IP port 1604. Any intervening firewall must beconfigured to allow UDP packets to pass port 1604 or client-server communication fails.

If a fixed server location address is specified, the client contacts that server to determinethe address of the ICA master browser. When the client connects by server or publishedapplication name, the ICA master browser returns the address of the requested server orpublished application.

You can use UseAlternateAddress for TCP/IP connections only. To specify the server’s IPaddress, you must include the following statement in the [WFClient] section of the ICA file:

TcpBrowserAddress=ipaddress, where ipaddress is the IP address of the Citrix server.

You must also use the ALTADDR command on the Citrix server with the IP address that isaccessed by the ICA file (specified byipaddress). See the XenApp Administration guide formore information about the ALTADDR command.

Note: WFClient is used as section for all custom ICA connections unless otherwiseoverridden.


● For applicationsetname: Settings dialog box > Connection tab > Firewalls > Usealternate address for firewall connection option

● For applicationservername: Properties dialog box > Connection tab > Firewalls >Usealternate address for firewall connection option


Feature NATSupport

Attribute Name INI_USEALTERNATEADDRESS

Data Type String

Access Type Read

UNIX Specific No

Present in ADM No


0 Do not use the alternate address for firewall connection option - default

1 Use alternate address for firewall connection option.


Module.ini TCP/IP





All_Regions.ini Network\Protocols *

Module.ini WFClient







HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICAClient\Engine\Configuration\Advanced\Modules\WFClient


*


845


*


846

847

UseDefaultEncryption

Specifies from where to use the default encryption setting.

In applicationsetname: Specifies whether to use the server-side default encryption setting(On) or the setting specified in applicationsetname (Off). EncryptionLevel must be specifiedin applicationsetname if the value of UseDefaultEncryption in applicationsetname is Off.

In applicationservername: Specifies whether to use the custom default encryption setting inWFClient (On) or the setting specified in applicationservername (Off). EncryptionLevel mustbe specified in applicationservername if the value of UseDefaultEncryption inapplicationservername is Off.

Interface Element:

● For applicationsetname: Settings dialog box > Default Options tab > Encryption Level >Use Server Default option

● For applicationservername: Properties dialog box > Options tab > Encryption Level > UseCustom Default option

Section Server

Feature Misc

Attribute Name INI_USEDEFENCRYPT

Data Type Boolean

Access Type Read

UNIX Specific No

Present in ADM No


FALSE Use the default encrypting setting from applicationsetname /applicationservername - default

TRUE Use default encryption setting from server side or from WFClient



UseDefaultEncryption

848

849

UseLocalUserAndPassword(2)

Specifies whether (On) or not (Off) to use the same user name and password the user usedto log on to the client computer for authentication to the Citrix server.

SSOnUserSetting must be set to On.

Use the Local username and password policy to instruct the client to use the same logoncredentials (pass-through authentication) for the XenApp server as the client machine.When this policy is enabled, the client can be prevented from using the current user`slogon credentials to authenticate to the remote server by clearing the Enable pass-throughauthentication check box.

ADM UI Element : Citrix Components > Citrix Receiver > User authentication > Local username and password > Enable pass-through authentication

Section Server,Server

Feature SSON

Attribute Name INI_USE_LOCAL_USER_AND_PASSWORD

Data Type Boolean

Access Type Read

UNIX Specific No

Present in ADM Yes


On Use pass-through authentication

Off Does not use pass-through authentication



Registry Location

Registry Key Value


*


*

UseLocalUserAndPassword(2)

850

851

UseMRUBrowserPrefs

Specifies how it will be determined which browser's preferences will be used for the proxysettings.

It is used when the client finds more than one browser preferences file when processing theProxyType=Auto setting to find network proxy settings. If this is set, it uses the one thatchanged most recently.

If the parameter is False the client uses its old method: it looks first for Firefox browsersettings, then Mozilla, then Netscape, and uses the first one found.

Section Server

Feature Proxy

Attribute Name INI_USEMRUBROWSERPREFS

Data Type Boolean

Access Type Read

UNIX Specific Yes

Present in ADM No


True Proxy setting is the one changed most recently - default

False Uses old method: look first for Firefox browser settings, then Mozilla, theNetscape, and use the first one found



852

Username(3)

Specifies the user name that appears in the User name text box if the user selects theUser-specified credentials option for the associated custom ICA connection.

Use this policy to control how user credentials data stored on users’ machines or placed inICA files is used to authenticate the user to the remote published application or desktop.When this policy is enabled, you can prevent locally stored passwords being automaticallysent to remote servers by clearing the Allow authentication using locally storedcredentials check box. This causes any password fields to be replaced with dummy data. Inaddition, the User name and Domain options can be used to restrict or override whichusers can be automatically authenticate to servers. These can be specified ascomma-separated lists.

Properties dialog box > Logon Information tab > User-specified credentials option > Username text box

ADM UI Element : Citrix Component > Citrix Receiver > User Authentication > Locally storedcredential > User name

Section Smartcard,dynamic,Server

Feature Core

Attribute Name INI_USERNAME

Data Type String

Access Type Read

UNIX Specific No

Present in ADM Yes


"" User name - Default






Username(3)

853

854

UserOverride

Specifies whether the users can override the Pre-Launch configuration set by theadministrator (see settings State and Schedule). If enabled, but the user configurationsetting is not present on the client, the Pre-Launch configuration specified by theadministrator is enabled.


Feature Pre-Launch

Attribute Name PRELAUNCH_USER_OVERRIDE


Data Type string


UNIX Specific No

Present in ADM No


0 Disable users override default

1 Enable users override


HKEY_LOCAL_MACHINE\Software\Citrix\ICAClient\PreLaunch

855

UsersShareIniFiles

Specifies whether (On) or not (Off) users shares .ini files or they have their own .ini files.

Section WFClient

Feature Core

Attribute Name INI_USERS_SHAREINIFILES

Data Type Boolean

Access Type Read

UNIX Specific No

Present in ADM No


Off Users have their own ini files - default

On Users shares ini file




856

UseSSPIOnly

Specifies whether to use only Kerberos authentication or to get credentials from the Singlesign-on service. Authentication will fail if Kerberos authentication fails. This preventsfallback to using passthrough.

If set to True, only Kerberos authentication is used and credentials are not retrieved fromthe Single sign-on service.

Section WFClient

Feature SSPI

Attribute Name INI_SSPI_ONLY

Data Type Boolean

Access Type Read

UNIX Specific No

Present in ADM No


FALSE Use Kerberos authentication or get credentials from Single sign-on service -Default

TRUE Use only Kerberos authentication


All_Regions.ini Logon\Kerberos *


HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\LockdownProfiles\All Regions\Lockdown\Logon\Kerberos

*

HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\LockdownProfiles\All Regions\Lockdown\Logon\Kerberos

*

UseSSPIOnly

857

858

VariantName

Identify that the client is a variant of the regular client.

If Module.ini or Appsrv.ini contain a line named "VariantName=[ ]" it designates the client isnot a regular Win32 client (OEMs).

Section ClientAudio

Feature Core

Attribute Name INI_CM_VARIANTNAME

Data Type String

Access Type Write

UNIX Specific No

Present in ADM No


Base Default



859

VirtualChannels

List of virtual channel names to create.

Specifies the virtual channels to be opened on connection. You can specify multiple channelnames as a comma separated list. Names must be restricted to seven characters or less.

Section Server

Feature Core

Attribute Name INI_VIRTUALCHANNELS

Data Type String

Access Type Read

UNIX Specific No

Present in ADM No


"" If present then any possible virtual channel list



860

VirtualCOMPortEmulation

Specifies whether virtual COM ports are enabled or not.

Remote PDA synchronization uses virtual COM ports. These are serial port connections thatare routed through USB connections. It is necessary to enable serial port access to use PDAsynchronization for this reason.

ADM UI: Citrix Receiver > Remote Client Devices > Client hardware Access > Allow PDASynchronizaton.

Section WFClient

Feature PDASync

Attribute Name INI_VCOM_EMULATION

Data Type Boolean

Access Type Read

UNIX Specific No

Present in ADM Yes


On Virtual COM ports are enabled - Default

Off Virtual COM ports are not enabled


All_Regions.ini Virtual Channels\Serial Port *


HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\LockdownProfiles\All Regions\Lockdown\Virtual Channels\Serial Port

*

HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\LockdownProfiles\All Regions\Lockdown\Virtual Channels\Serial Port

*

VirtualCOMPortEmulation

861

862

VirtualDriver

Specifies a list of virtual drivers to load, in sequence. The listed items correspond tosection names containing parameters for each specific virtual driver. Individual features canbe disabled by removing their drivers from this list (for example, remove ClientDrive todisable client drive mapping).

Section ICA 3.0

Feature Core

Attribute Name INI_VIRTUALDRIVER

Data Type String

Access Type Read

UNIX Specific No

Present in ADM No


Thinwire3.0, ClientDrive,ClientPrinterQueue,ClientPrinterPort, Clipboard,ClientComm, ClientAudio,LicenseHandler,ProgramNeighborhood,TWI,ZL_FONT,ZLC,SmartCard,Multimedia,ICACTL,SpeechMike,SSPI,TwainRdr,UserExperience

Default


Module.ini ICA 3.0 Thinwire3.0, ClientDrive,ClientPrinterQueue,ClientPrinterPort, Clipboard,ClientComm, ClientAudio,LicenseHandler,ProgramNeighborhood,TWI,ZL_FONT,ZLC,SmartCard,Multimedia,ICACTL,SpeechMike,SSPI,TwainRdr,UserExperience

Registry Location

Registry Key Value

HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICAClient\Engine\Configuration\Advanced\Modules\ICA3.0

Thinwire3.0, ClientDrive,ClientPrinterQueue,ClientPrinterPort, Clipboard,ClientComm, ClientAudio,LicenseHandler,ProgramNeighborhood,TWI,ZL_FONT,ZLC,SmartCard,Multimedia,ICACTL,SpeechMike,SSPI,TwainRdr,UserExperience

VirtualDriver

863

864

VirtualDriverEx

Specifies the list of third party virtual channels.

Set AllowVirtualDriverEx to True to append the third party virtual channel list to thecurrent virtual drivers.

Section ICA 3.0

Feature Core

Attribute Name INI_VIRTUALDRIVER_THIRDPARTY

Data Type String

Access Type Read

UNIX Specific No

Present in ADM No


"" If present then any possible virtual channels


Module.ini ICA 3.0



865

VSLAllowed(2)

Specifies whether or not client printer queue mapping has been enabled.

Enables (On) or disables (Off) client printer spooling by controlling whether (On) or not(Off) the client printer mapping virtual driver in ClientPrinterQueue is loaded.

Use this policy to enable and restrict the remote application or desktop`s access to clientprinters.

When this policy is disabled, the client prevents the server from accessing or printing toprinters available to the client device.

ADM UI Element : Citrix Components > Citrix Receiver > Remoting client devices > Clientprinters

Section WFClient,ClientPrinterQueue

Feature Printing

Attribute Name INI_VSLALLOWED

Data Type Boolean

Access Type Read

UNIX Specific No

Present in ADM Yes


TRUE Enables client printer queue mapping - Default

FALSE Disable client printer queue mapping






*


*

VSLAllowed(2)

866

867

Win32FavorRetainedPrinterSettings

Specifies whether (False) or not (True) to prevent the system from retaining any changes tothe properties store.

The Win32FavorRetainedPrinterSettings=Off setting in the client’s appsrv.ini file (under the[WFClient] section) prevents the system from retaining any changes to the properties store.

For certain printer drivers, changes made to printer properties or advanced printer settingswithin a session do not persist between sessions. This is the server-side component of anenhancement that allows to modify the client-side appsrv.ini file to set the client to alwaysuse the printer settings from the actual printer rather than the retained settings in theproperties store. This setting also forces the client to attempt to write settings modifiedwithin a client session to the client printer if the drivers are determined to be equivalent.

Win32FavorRetainedPrinterSettings = TRUE implies that the client shall service propertiesrequests from the client's private printer properties store in the client-side user profile atHKCU\Software\Citrix\PrinterProperties. If there are no retained properties for the printerin question, real properties should be returned from the real Windows printer objectinstead. FALSE implies client shall service properties enumerations and saves to/from thereal printer first. When client and server drivers are equivalent, all properties would beread from (written to) the real printer. When server and client driver are not equivalent,device dependent properties will still be serviced from retained settings since the devicespecific settings of the real printer are not useable.

Section WFClient

Feature Printing

Attribute Name INI_VSLPROPSFROMPROFILE

Data Type Boolean

Access Type Read

UNIX Specific No

Present in ADM No


TRUE Client shall service properties requests from the clients private printerproperties store - Default

FALSE Prevents the system from retaining any changes to the properties store





*


*

Win32FavorRetainedPrinterSettings

868

869

WindowManagerMoveIgnored

Flag to indicate that the Window Manager's initial move should be ignored for the UNIXclient.

If this flag is set to True, dubious window configuration messages from WM at start-up areacknowledged and Window Manager's initial move should be ignored.

Section Thinwire3.0

Feature Graphics

Attribute Name INI_WINDOW_MANAGER_MOVE_IGNORED

Data Type Boolean

Access Type Read

UNIX Specific Yes

Present in ADM No


False Window Manager's initial move should be not be ignored - Default

True Window Manager's initial move should be ignored.



870

WindowManagerMoveTimeout

Time period in milliseconds for WindowManagerMoveIgnored, which ignores local changes inwindow size and position for a short period after creation of a seamless window.

Section Thinwire3.0

Feature Graphics

Attribute Name INI_WINDOW_MANAGER_MOVE_TIMEOUT

Data Type Integer

Access Type Read

UNIX Specific Yes

Present in ADM No


500 Window Manager Timeout (ms) - Default



871

WindowsCache

Specifies the size of the Receiver's Thinwire memory (in 1KB chunks). The maximum size ofthe Thinwire cache is 8192KB.

Section Thinwire3.0

Feature Graphics

Attribute Name INI_LARGECACHE

Data Type Integer

Access Type Read

UNIX Specific No

Present in ADM No


3072 KB - Default

8192 Maximum cache size (KB)


Module.ini Thinwire3.0 3072



3072

872

WindowSize

Gives the write window size, in bytes, for flow management for ClientComm section.

Section ClientComm

Feature Printing

Attribute Name INI_CCMWINDOWSIZE

Data Type Integer

Access Type Read

UNIX Specific No

Present in ADM No


1024 Write window size in bytes - Default

512 Write window size in bytes







1024


1024


1440

WindowSize

873

874

WindowSize

Gives the maximum write window size (in bytes) for flow management; i.e., the maximumnumber bytes that can be written for the ClientPrinterQueue section.


Feature Printing

Attribute Name INI_CPMWINDOWSIZE

Data Type Integer

Access Type Read

UNIX Specific No

Present in ADM No


512 Default

1024







1024


1024


1440

WindowSize

875

876

WindowSize

Specifies the write window size (in bytes) for flow management for the ClientPrinterQueuedriver.


Feature Graphics

Attribute Name INI_VSLWINDOWSIZE

Data Type Integer

Access Type Read

UNIX Specific No

Present in ADM No


512 Window Size (Bytes) - Default

1024 Window Size (Bytes)







1024


1024


1440

WindowSize

877

878

WindowSize2

Specifies the larger window size for flow management for ClientPrinterQueue driver.

This virtual driver is responsible for providing client printer queue access to supplement theICA 3.0 driver.

If this window size is not suitable, then smaller size (WindowSize) is used.


Feature Printing

Attribute Name INI_VSLWINDOWSIZE2

Data Type Integer

Access Type Read

UNIX Specific No

Present in ADM No


4102 Window Size (Bytes) - Default





4102

879

WindowsPrinter

Specifies the queue name displayed for the available printer.


Feature Printing

Attribute Name INI_CPMQUEUE

Data Type String

Access Type Read

UNIX Specific No

Present in ADM No


"" Default Windows Printer Name - Default


Module.ini ClientPrinterPort



880

WindowsPrinter

Specifies a queue name to print to.


Feature Printing

Attribute Name INI_VSLQUEUE

Data Type String

Access Type Read

UNIX Specific No

Present in ADM No


"" Queue name - Default


Module.ini ClientPrinterPort



881

WorkDirectory

Specifies the working directory after logon.

Section Server

Feature Core

Attribute Name INI_WORKDIRECTORY

Data Type String


UNIX Specific No

Present in ADM No


"" Directory location of working directory


All_Regions.ini Client Engine\Application Launching




882

WpadHost

Specifies the URL to query for the automatic proxy detection configuration file todetermine proxy settings.

Section WFClient

Feature Proxy

Attribute Name INI_WPADHOST

Data Type String

Access Type Read

UNIX Specific No

Present in ADM No


http://wpad/wpad.datDefault






883

XmlAddressResolutionType

Specifies the address resolution method used for XML requests. Address resolution is theprocess of resolving server and published application names to network addresses that thenetwork driver can understand and use.

Section WFClient

Feature EnumRes

Attribute Name INI_XMLADDRESSRESTYPE

Data Type String

Access Type Read

UNIX Specific No

Present in ADM No


DNS-Port Address name - Default

IPv4-Port Address name


appsrv.ini WFClient DNS-Port


884

ZLAutoHiLimit

Zero-Latency Mouse Threshold Upper Limit.

The Mouse Threshold Upper Limit is compared with the average response time of ICA todetermine if the mouse zero latency feature playback is turned on.

The zero latency feature monitors the response time of keyboard and mouse inputs on theReceiver and enables playback features to make ICA seem more responsive to the userwhen necessary. This is determined by keeping track of ICA’s average response time andcomparing the average response time to the IZLAutoLowLimit and the ZLAutoHiLimit.

If the average response time is greater than or equal to ZLAutoHiLimit, then ICA isresponding at an unacceptable speed and the zero latency feature turns on the mouse zerolatency playback and the keyboard zero latency playback features.

Section Server

Feature ZLC

Attribute Name INI_AUTO_ZLHILIMIT

Data Type Integer

Access Type Read

UNIX Specific No

Present in ADM No


250 Mouse zero latency playback turns on if average response time is greaterthan this limit - Default



885

ZLAutoLowLimit

Zero-latency Mouse Threshold Lower Limit.

Mouse Threshold Lower Limit that is compared with average response time of ICA todetermine if the mouse zero latency playback feature is turned off.

The zero latency feature monitors the response time of keyboard and mouse inputs on theReceiver, and enables playback features to make ICA seem more responsive to the userwhen necessary. This is determined by keeping track of ICA’s average response time andcomparing the average response time to the IZLAutoLowLimit and the ZLAutoHiLimit.

If the average response time is less than ZLAutoLowLimit, then ICA is responding at anacceptable speed and the zero latency feature turns off the mouse zero latency playbackfeature and continues to monitor the average response time.

Section Server

Feature ZLC

Attribute Name INI_AUTO_ZLLOWLIMIT

Data Type Integer

Access Type Read

UNIX Specific No

Present in ADM No


150 Lower limit threshold - Default



886

ZLDiskCacheSize

Specifies the cache size, in bytes, on disk for latency reduction.

Section WFClient

Feature ZLC

Attribute Name INI_ZLDISK_CACHE

Data Type Integer

Access Type Read

UNIX Specific No

Present in ADM No


-1 Disk free space will be used - Default



887

ZLFntMemCacheSize

Specifies a memory size value to create a cache directory.

This attribute is for Zero Latency Window - Virtual Font driver interface.

Section WFClient

Feature ZLC

Attribute Name INI_ZLMEM_CACHE

Data Type Integer

Access Type Read

UNIX Specific No

Present in ADM No


512000 Cache Directory Size (Bytes) - Default




888

ZLKeyboardMode

Specifies whether or not to use local text echo.

For 2 (Auto), local text echo is used if the connection latency exceeds the high latencythreshold set using the SpeedScreen Latency Reduction Manager. The Citrix server mustsupport SpeedScreen Latency Reduction for this setting to take effect.


● For applicationsetname: Settings dialog box > Default Options tab > SpeedScreenLatency Reduction menu; Local text echo option

● For applicationservername: Properties dialog box > Options tab > SpeedScreen LatencyReduction menu; Local Text Echo option

ADM UI Element: XenApp server > User Experience > Client graphic settings > Speed ScreenLatency Reduction - keyboard Local echo

Section Server

Feature ZLC

Attribute Name INI_ZLC_MODE

Data Type Integer

Access Type Read

UNIX Specific No

Present in ADM Yes


0 Always off - Default

1 Always on

2 Auto


All_Regions.ini Virtual Channels\Zero Latency *


HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\LockdownProfiles\All Regions\Lockdown\Virtual Channels\Zero Latency

*

HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\LockdownProfiles\All Regions\Lockdown\Virtual Channels\Zero Latency

*

ZLKeyboardMode

889

890

ZLMouseMode

Specifies whether or not to use mouse click feedback.

Set a value for mouse zero latency (mouse pointer prediction), 2, 1 or 0.

For ZLMouseMode=2 (Auto), mouse click feedback is used if the connection latency exceedsthe high latency threshold set using the SpeedScreen Latency Reduction Manager. The Citrixserver must support SpeedScreen Latency Reduction for this setting to take effect.

Interface Element:

● For applicationsetname: Settings dialog box > Default Options tab > SpeedScreenLatency Reduction menu; Mouse Click Feedback option

Enabling SpeedScreen Latency Reduction settings allows the client to predict how mousemovement and text entry will appear on the server. This results in the user gettingimmediate feedback when typing or moving the mouse pointer.

ADM UI Element: Citrix Components > Citrix Receiver > User experience > Client graphicssettings > SpeedScreen Latency Reduction - mouse pointer prediction

Section Server

Feature ZLC

Attribute Name INI_MOUSEZLMODE

Data Type Integer

Access Type Read

UNIX Specific No

Present in ADM Yes


2 Auto - Default

0 Always Off

1 Always On

INI Location

INI File Section Value

All_Regions.ini Virtual Channels\Zero Latency *


HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\LockdownProfiles\All Regions\Lockdown\Virtual Channels\Zero Latency

*

HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\LockdownProfiles\All Regions\Lockdown\Virtual Channels\Zero Latency

*

ZLMouseMode

891