Working Scenarios:
1. Disabling Client Selective Trust
2. Using IE instead with Client Selective Trust enabled
Background
With the introduction of Receiver 3.x client, administrators can configure the default behavior for device access when connecting to a Citrix XenDesktop or XenApp environment. By default, the Desktop Viewer client device restrictions are based on the Internet region and this behavior can be changed by creating the Client Selective Trust feature registry keys under the HKey_Local_Machine hive in the registry and by modifying the required values.
With the default value, one of the following dialog boxes appear when accessing local files, webcams, or microphones:
- HDX File Access
- HDX Microphone and Webcam
Instructions
To configure default device access behavior of Receiver, XenDesktop or XenApp, complete the following steps:
Note: In the ADM template there is the 'Create Client Service Trust Key' value, which can be used to automatically create all the required registry keys otherwise import registry keys first and make changes in registry values as explained and then apply ADM files and perform changes for ADM files. If you have applied ADM files first and then registry changes, there could be a possibility of continued unresolved issues. Using ADM files ONLY and not importing registry hive or making changes to registry values will not resolve the issue. Both steps are required and should be applied in the correct order: Step 1. Registry Hive, Step 2. ADM File.
It is also applicable for Citrix Receiver 4.x.
Caution! Refer to the Disclaimer at the end of this article before using Registry Editor.
Download the appropriate registry settings file that is attached to this article and import to a client device.
Note: The attachment contains the file for a 32-bit and a 64-bit operating system.
Open one of the following registry keys on the computer:
HKEY_LOCAL_MACHINESOFTWARECitrixICA ClientClient Selective Trust
Or
HKEY_LOCAL_MACHINESOFTWAREWow6432NodeCitrixICA ClientClient Selective Trust.
Note: The key 'HKEY_CURRENT_USERSOFTWARECitrixICA ClientClient Selective Trust' has higher priority than 'HKLMSOFTWARECitrixICA ClientClient Selective Trust'. This Key will be created every time a user makes changes in the preferences of Receiver. As this key has priority, it needs to be deleted at every reboot.- In the appropriate region(s), change the default value of any of the following resources according to the list of Access Values:
Resource Key | Resource Description |
FileSecurityPermission | Client Drives |
MicrophoneAndWebcamSecurityPermission | Microphones and Webcams |
ScannerAndDigitalCameraSecurityPermission | USB and Other Devices |
0 = No Access
1 = Read Only Access
2 = Full Access
3 = Prompt User for Access
Export the Client Selective Trust key to a new .reg file.
Import the modified .reg file on each client device.
This process can be automated by using a log on script.
Note: Included in the ZIP archive are the Group Policy ADM files specifically for x86 or x64 operating systems which create the required registry keys on the client machine and add the ability to modify the values as explained in the preceding section. If an Organizational Unit (OU) or group of computers contains multiple architectures, ensure to use a method such as Windows Management Instrumentation (WMI) filtering to apply the appropriate settings.
For clients supporting adml/admx format templates follow: https://msdn.microsoft.com/en-us/library/bb530196.aspx
Additional Resources
- Citrix Documentation - Configure Receiver with the Group Policy Object template
- CTX124921 - Citrix Online Plug-in 12.0 Ignores Webica.ini Settings
- Citrix Receiver - Latest Download
Citrix Receiver Xenapp Compatibility Matrix
Disclaimer
Citrix Receiver Xenapp Server.protocol Driver Error