Citrix Receiver for Windows 4.9 LTSR

Citrix Receiver for Windows 4.9

LTSR

Citrix Product Documentation | docs.citrix.com March 17, 2021

Contents

What’s new in 4.9 LTSR 3

Fixed issues 4

Known Issues 24

Third party notices 26

System requirements and compatibility 26

Connections, Certificates and Authentication 28

Install 31

Install and uninstall Citrix Receiver for Windows manually 34

Configure and install using command-line parameters 35

Deploy using Active Directory and sample startup scripts 53

Deploy Citrix Receiver for Windows from Receiver for Web 56

Deploy Citrix Receiver for Windows from a Web Interface logon screen 56

Deploy using System Center Configuration Manager 2012 R2 57

Configure 60

Configuring application delivery 61

Configuring your XenDesktop environment 73

Configuring adaptive transport 73

Configuring auto-update 75

Configuring bidirectional content redirection 80

Configuring Bloomberg keyboards 82

Configuring composite USB device redirection 83

Configuring USB support 85

Configuring StoreFront 91

Citrix Receiver for Windows 4.9 LTSR

Configuring the Group Policy Object administrative template 103

Providing users with account information 105

Configuring auto-update 109

Optimize the environment 114

Reducing application launch time 115

Mapping client devices 117

Supporting DNS name resolution 120

Using proxy servers with XenDesktop 121

Using Configuration Checker to validate Single Sign-on configuration 121

Improve the user experience 123

Secure connections 133

Configure domain pass-through authentication 133

Configure domain pass-through authentication with Kerberos 136

Configure smart card authentication 139

Enable certificate revocation list checking for improved security 143

Secure communications 144

Configure and enable TLS 145

Configure smart card authentication for Web Interface 5.4 149

Connect with Secure Gateway 150

Connect through a firewall 151

Connect through a proxy server 153

Enforce trust relationship 153

Elevation level and wfcrun32.exe 154

ICA file signing to protect against application or desktop launches from untrusted servers 155

Citrix Receiver for Windows 4.9 LTSR

Citrix Receiver for Windows Help 156

What is Citrix Receiver? 156

Add accounts or switch servers 157

Change how desktops look and work 157

Display your devices in the Desktop Viewer 159

Manage my passwords 160

Use Account Self-Service 161

Change your password manually 163

Common questions and issues 164

Change your password automatically 166

Pause and resume Single Sign-on 170

Group programs in a password sharing group 171

Store user names and passwords 172

Remove user names and passwords 175

Reveal your password 176

Set up Citrix Single Sign-on for the first time 177

Use apps when not connected to the Internet 177

Find desktops and apps 177

Manage sessions 178

Refresh or remove apps 178

Citrix Receiver for Windows Desktop Lock 179

SDK and API 184

Citrix Receiver for Windows 4.9 LTSR

What’s new in 4.9 LTSR

December 4, 2019

Important updates about Citrix Receiver

Citrix Cloud TLS Version Deprecation

To improve the security of connections to Citrix Cloud, Citrix will block any communication over Trans-

port Layer Security (TLS) 1.0 and 1.1 as of March 15, 2019. However, this deprecation does not aect

users of customers on the Citrix Receiver for Windows 4.9 LTSR track. For more information, see Dep-

recation of TLS versions.

Cumulative Update 9 now available

Cumulative Update 9 (CU9) for Citrix Receiver for Windows 4.9 LTSR was released on December 04,

2019. Built on top of Citrix Receiver for Windows 4.9, CU9 continues to add stability and ease of use

to this LTSR. It also contains eight fixes from CU8, 13 fixes from CU7, ten fixes from CU6, more than a

dozen fixes each from CU5 and CU4, 20 fixes from CU3, 18 fixes from CU2, and more than 15 fixes from

CU1. CU9 is available for download from the Citrix download page.

Reduced size of the installer

With this release, the size of the Citrix Receiver for Windows installer is reduced to 39.9MB. This con-

stitutes a 15% reduction in size from earlier releases.

New external beacon for StoreFront account

On a StoreFront account, ping.citrix.com is used as a replacement for the www.citrix.com external

beacon.

Starting with Citrix Receiver for Windows Version 4.9, no user-configurable changes are required.

If you are using an earlier version of Citrix Receiver for Windows, Citrix recommends that you replace

the www.citrix.com external beacon with ping.citrix.com.

For more information about the external beacon, see Knowledge Center article CTX218708.

For information about configuring the external beacon on StoreFront, see Configure beacon points.

Note

Ignore if the StoreFront account is not configured with www.citrix.com as the external beacon.

Citrix Receiver for Windows 4.9 LTSR

Fixed issues

July 6, 2020

Citrix Receiver for Windows 4.9 LTSR CU9 Hotfix 2 (4.9.9002)

Compared to: Citrix Receiver for Windows 4.9 LTSR CU9

Security Issues

• This release addresses two security issues. For more information, see Knowledge Center article

CTX275460. [CVADHELP-15088, CVADHELP-15089]

Session/Connection

• In a double-hop scenario, and with Windows Media redirection enabled, a session might exit

unexpectedly. [CVADHELP-14635]

Citrix Receiver for Windows 4.9 LTSR CU9

Compared to: Citrix Receiver for Windows 4.9 LTSR CU8

Content Redirection

• The wfshell.exe or the wfcrun32.exe process might exit unexpectedly when you attempt to

access long URLs in a published instance of Internet Explorer. [CVADHELP-11239, CVADHELP-

13424]

• With the bidirectional content redirection policy enabled, Internet Explorer running on a user

device might appear on the user’s taskbar. Also, the Internet Explorer browser window does not

appear in the foreground. [CVADHELP-12897]

• When you attempt to redirect a long URL, the URL might not be redirected to a VDA

and the Redirector.exe process exits unexpectedly with the following exception: IN-

VALID_CRUNTIME_PARAMETER [CVADHELP-13197]

HDX MediaStream Windows Media Redirection

• In a multi-monitor environment, when you play an MP4 video using the Windows Media Player

in a user session, the video might play correctly on the primary monitor. But, when you move

Citrix Receiver for Windows 4.9 LTSR

the player to a dierent screen, a black screen might appear on the secondary or an extended

monitor connected through DisplayLink using a docking station. [CVADHELP-11848]

Keyboard

• The CTRL+ALT+END key might not be accepted by the RDP client published in seamless mode

or within a user published desktop. To enable the fix, set the following registry keys:

– On 32-bit systems

HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All

Regions\Lockdown\Client Engine\Hot keys

Name: EnableCtrlAltEnd

Type: REG_SZ

Data: True (By default, no value is assigned to the key)

– On 64-bit systems

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Citrix\ICA Client\Engine\Lockdown

Profiles\All Regions\Lockdown\Client Engine\Hot keys

Name: EnableCtrlAltEnd

Type: REG_SZ

Data: True (By default, no value is assigned to the key)

[CVADHELP-12567]

Session/Connection

• When published applications receive many requests to play short sounds for a short period of

time, the wfica32.exe process might exit unexpectedly. [CVADHELP-12855]

• Aer a session timeout is reached, the session might automatically log o. When you attempt

to launch the session again, the session takes longer than normal to launch. The issue occurs

when there is a network disruption. [CVADHELP-13017]

System Exceptions

• The Receiver.exe process might exit unexpectedly while capturing the CDF traces. [CVADHELP-

13077]

Citrix Receiver for Windows 4.9 LTSR

Citrix Receiver for Windows 4.9 LTSR CU8

Compared to: Citrix Receiver for Windows 4.9 LTSR CU7

Installing, Uninstalling, Upgrading

• With the Citrix HDX RealTime Media Engine plug-in installed, you cannot start a session aer you

upgrade Citrix Receiver for Windows to Version 4.9 LTSR Cumulative Update. [LD1814]

Keyboard

• On a Surface Pro device, when you choose the on-screen keyboard on the Desktop Viewer, the

keyboard might not appear. [LD0580]

• With the local keyboard layout feature enabled, certain keyboard layouts might not be reflected

in an HDX session. The issue occurs on a VDA that is running Windows 2016 or later versions.

[LD1600]

Seamless Windows

• When you open a new window within a published application, the icon of the published appli-

cation might disappear from the taskbar. [LD1868]

Session/Connection

• In double-hop scenarios where VDAs for Desktop OS are running in the first hop and published

applications are running in the second hop, this error message might appear:

Citrix HDX Engine has stopped working.

Exception caused the program to stop working correctly. Please close the program.

The issue occurs when you use third-party applications with a custom virtual channel and re-

connect or seize the first hop desktop from a dierent client device. [LD0479, LD1898]

User Experience

• Application enumeration and filtering based on client names might not work in native Citrix

Receiver with the unified experience. [LD1427]

• When you minimize, maximize, or resize a desktop, a gray screen might overlap the desktop.

[LD1487]

• Citrix Receiver for Windows might request the password even for the disabled store accounts.

[LD1723]

Citrix Receiver for Windows 4.9 LTSR

Citrix Receiver for Windows 4.9 LTSR CU7

Compared to: Citrix Receiver for Windows 4.9 LTSR CU6 Hotfix 1 (4.9.6001)

Installing, Uninstalling, Upgrading

• When you upgrade Citrix Receiver for Windows on a machine that has a third-party application

installed and that uses a custom virtual channel, launching an application from the Receiver

might fail. This error message appears:

This version of Citrix Receiver does not support selected encryption.

The issue occurs when the third-party application’s driver details are not preserved upon up-

grade. [LD0831]

Keyboard

• With Local IME feature enabled, the Shi key might remain stuck in the down position if you

switch between English and Chinese languages using a Shi Key with the Dayi or Array Chinese

input method. [LD1039]

Secure Gateway

• Attempts to add a store from an external network using the Citrix Gateway might fail when you

configure https://citrix.com as an external beacon. [LD0913]

• Citrix Receiver for Windows might not use the Proxy Auto Configuration (PAC) (proxy.pac) file

when specified through the https address. [LD1460]

Session/Connection

• When certain third-party applications use Citrix ICA Client Object (ICO) to connect the ICA host,

the connection might fail. [LD0266]

• Frequent connection failures might be logged into the Citrix Director. This occasional issue oc-

curs when you start a user session. [LD0519]

• When a user session is running with the Desktop Viewer disabled in a dual-monitor scenario,

the session might become unresponsive. The issue occurs when you unplug any monitor cable.

[LD0999]

• With the Desktop Lock installed on a client machine that is running Citrix Receiver for Windows,

you might be logged o. The issue occurs when the Citrix StoreFront goes oline. [LD1021]

• Attempts to reconnect to a published application of a disconnected session might take a long

time. [LD1381]

Citrix Receiver for Windows 4.9 LTSR

User Experience

• The Citrix Receiver for Windows might send an alternative IP address for the machine to the

StoreFront. The issue occurs when Citrix Receiver for Windows chooses the last IP address from

the IP address list, regardless of whether it is the current IP address. As a result, the Excluded-

ClientIPFilter setting in the Delivery Group becomes unusable. [LC9497]

• With the Desktop Lock and Local App Access enabled, the local applications might not display

correctly when you minimize them. [LD0787]

• When you hover the mouse pointer over an application icon while several applications are run-

ning, the taskbar preview might show only the active window’s content. [LD1030]

Note:

With client rendered Flash or Windows Media Redirection, the taskbar preview might not

display correctly.

• When using Citrix Receiver for Windows, shortcuts might not be created for the existing users

aer you add a store while another store exists. [LD1125]

Citrix Receiver for Windows 4.9 LTSR CU6 Hotfix 1 (4.9.6001)

Compared to: Citrix Receiver for Windows 4.9 LTSR CU6

Security Issues

• This fix addresses a security issue. For more information, see Knowledge Center article

CTX251986. [LD1518]

Citrix Receiver for Windows 4.9 LTSR CU6

Compared to: Citrix Receiver for Windows 4.9 LTSR CU5

HDX MediaStream Windows Media Redirection

• Windows Media Redirection client-side content fetching might fail. The issue occurs when you

play multimedia files that contain script streams, which are archived from a live web stream.

[LC7948]

Installing, Uninstalling, Upgrading

• Aer you upgrade Citrix Receiver for Windows to Version 4.9 LTSR, the registry key that is re-

quired for custom virtual channels might not be preserved. [LD0633]

Citrix Receiver for Windows 4.9 LTSR

Keyboard

• With Local IME or local keyboard layout synchronization enabled, the Shi key might remain

stuck in the down position when you press key combinations that include the right Ctrl or the

right Shi keys. [LD0585]

• With the Yes, I prefer to use the local keyboard layout, rather than the keyboard layout

provided by the remote server option selected, the last input character might not handle cor-

rectly. The issue occurs when you switch from Korean to English by clicking the Right-Alt key.

Note that aer applying this fix, the issue might persist when you use the mouse. [LD0825]

Session/Connection

• The host to client redirection might not work when using some third-party applications. The

issue occurs when these applications use a special web URL that contains HTTPS and HTTP

addresses. [LD0484]

• With Application Lingering configured, published applications might fail to reopen an existing

file aer the session is disconnected. [LD0742]

• You have the Windows 7 basic theme and you disable the hardware acceleration (GDI mode) on

the user device. When you switch between the local and published seamless applications, you

might experience display issues. [LD0853]

• When you use the NVIDIA GPUs on the VDA and optimize the latest NvENC in the GPU, there can

be a corruption in the h.264 DXVA decoding.

To enable the fix, set the following registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\GfxRender

Name: MaxNumRefFrames

Type: DWORD

Value: Between 2 and 8 [LD0943]

User Experience

• When you maximize a non-seamless application window, the application window is corrupted.

[LD0755]

• When you start a Windows 7 published desktop, there might be a lag when you drag a mouse

cursor within the Citrix Receiver for Windows session. [LD0923]

Citrix Receiver for Windows 4.9 LTSR

Citrix Receiver for Windows 4.9 LTSR CU5

Compared to: Citrix Receiver for Windows 4.9 LTSR CU4

Content Redirection

• When you cancel the default program window while launching the File Type Association en-

abled extension for the first time, this error message might appear for subsequent launches of

this extension:

Windows cannot access the specified device, path, or file. You may not have the appropri-

ate permissions to access the item. [LD0026]

Keyboard

• When using a barcode reader, some of the data might be lost when sending a large amount of

data. [LD0243]

Session/Connection

• Aer you upgrade Citrix Receiver for Windows to Version 4.9.1000, the CDViewer might display

a gray screen when you log o. [LC9290]

• Attempts to start an application might fail and this error message appears:

Unable to launch your application. Contact your help desk and provide them with the fol-

lowing information: Cannot open the Citrix Receiver.

– To enable the fix, the administrator must set the following registry key:

HKEY_LOCAL_MACHINE\Soware\Citrix\ICA Client\Engine

Name: EngineTimeout

Type: DWORD

Value: More than 20 seconds

– To enable the fix, the user must set the following registry key:

HKEY_CURRENT_USER\Soware\Citrix\ICA Client\Engine

Name: EngineTimeout

Type: DWORD

Value: More than 20 seconds, for example, EngineTimeout=20 [LC9771]

Citrix Receiver for Windows 4.9 LTSR

• Start multiple applications within a hosted shared desktop. If you switch between the clients or

perform a disconnect or a reconnect operation, this error message might appear:

Citrix HDX Engine has stopped working.

Exception caused the program to stop working correctly. Please close the program.

[LC9772]

• Applications that are started using Citrix Receiver for Windows might be mirrored onto the sec-

ondary monitor. [LC9893]

• When the seamless application is minimized, it appears as a miniature version of the applica-

tion. Instead, it must appear like a minimized window or must appear on the taskbar. [LD0034]

• The published instance of some third-party applicationsmightopen as transparent applications

when using the NVIDIA graphic cards with GPU. [LD0175]

• The local application shortcuts that are created from the Control Panel icon cannot be started

with KEYWORDS:Prefer that is configured from Citrix Studio. [LD0288]

• When you attempt to add a second store using the Group Policy Object (GPO) administrative

template, the beacons and other information might be missing from the secondary store.

[LD0413]

System Exceptions

• With the bidirectional content redirection policy enabled, the Redirector.exe process might exit

unexpectedly when you attempt to open a webpage on the local web browser. As a result, the

bidirectional content redirection does not work, and this error message appears:

Citrix FTA, URL Redirector stopped working. [LD0420]

• The wfica32.exe process might exit unexpectedly. The issue occurs when the proxy settings are

configured and you attempt to start a new session in the Citrix Receiver for Web. [LD0548]

User Interface

• The mouse clicks might not generate responses on the remote session. This issue can occur

when you open the Preferences window from the Desktop Viewer toolbar and configure the

MouseTimer setting to any value other than the default value. [LD0260]

• When you select the Reset Receiver option, the Citrix Receiver for Windows might request that

you install the .Net Framework 3.5 on Microso Windows Version 10. [LD0690]

Citrix Receiver for Windows 4.9 LTSR CU4

Compared to: Citrix Receiver for Windows 4.9 LTSR CU3

Citrix Receiver for Windows 4.9 LTSR

Client Device Issues

• By using the Automatic keyboard display policy set to enabled, auto so keyboard popup

might not work in a session. [LC9925]

HDX MediaStream Windows Media Redirection

• The redirected multicast streams that contain embedded scripts might fail to fetch content from

the client. A black screen appears in place of the video. [LC9775]

Keyboard

• Before this fix was introduced, the Bloomberg model 4 Starboard keyboard supported only

the PC mode. With this fix, the Bloomberg model 4 Starboard keyboard supports PC and KVM

modes. [LC9984]

Logon/Authentication

• When using Citrix Receiver for Windows to add an account, typing the store URL might result in

the following error message: The Authentication Service could not be contacted. The issue

occurs when a StoreFront URL begins with the text string citrix.com. [LC9631]

Session/Connection

• With KEYWORDS:Prefer configured from Citrix Studio, the command-line switch or the argu-

ment that is mentioned in the application shortcut on the local user device might not be hon-

ored. [LD0060]

• This fix performs the following changes:

– When you customize edtMSS and OutBufLength, the edtMSS overrides OutBufLength.

– Changes the parameter names from udt to edt in All_regions.ini, defaulit.ica file, and reg-

istry.

Note:

Aer an upgrade as an administrator, the user registry key and entries are not renamed

from udt to edt under the registry key HKEY_CURRENT_USER\SOFTWARE\Citrix\ICA

Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\UDT. Additionally, the

parameter value is not retained. [LD0098]

• The stores added through the Group Policy Object (GPO) might not be removed even when you

update or remove the store in the GPO. [LD0147]

Citrix Receiver for Windows 4.9 LTSR

System Exceptions

• Citrix Receiver for Windows might exit unexpectedly when you log on to a store. [LC8271]

• Citrix Receiver for Windows might exit unexpectedly and this error message appears: Citrix HDX

Engine has stopped working.

The issue occurs when there is a trap in the graphics module. [LC9466]

• The wfica32.exe process might exit unexpectedly when you log o the system. [LC9892]

TWAIN

• Citrix Receiver for Windows 4.7 or later versions might fail to redirect the scanners. The issue

occurs when the Twain 2.0 drivers are not present on user device. [LC8215]

User Experience

• When you establish a VPN connection using certain third-party applications, Citrix Receiver for

Windows might remain in an unusable state for about 15 minutes. [LC9302]

• When you connect to a Linux VDA 7.17 or later versions from Citrix Receiver for Windows, the

GPU usage of Citrix HDX Engine might be high. [LC9506]

• When you use the Japanese Input Method Editor (IME) and input text in an application that is in

seamless mode, the text might not be visible. The issue occurs when the font size of the text is

small.

To enable the fix, set the following registry keys:

– On 32-bit systems:

HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client

Name: DisableD3DRenderWidthHeightCheck

Type: REG_DWORD

Value: 1

– On 64-bit systems:

HKEY_LOCAL_MACHINE\SOFTWARE\Wow 6432Node\Citrix\ICA Client

Name: DisableD3DRenderWidthHeightCheck

Type: REG_DWORD

Value: 1 [LC9882]

Citrix Receiver for Windows 4.9 LTSR

User Interface

• The Configuration Checker, which validates the Single Sign-on configuration, might fail tocom-

plete the validation process and becomes stuck verifying the Single Sign-on process. [LC9625]

Citrix Receiver for Windows 4.9 LTSR CU3

Compared to: Citrix Receiver for Windows 4.9 LTSR CU2

Client Device Issues

• Certain DVD videos might not play inside a session through a mapped client drive. [LC8912]

Content Redirection

• When you redirect bidirectional content to a VDA, a second URL opens on a new browser when

the browser is already open. [LC9157]

• Applications and icons might partially associate with file types when using Citrix Receiver for

Windows with Citrix XenApp Services Site. [LC9402]

Installing, Uninstalling, Upgrading

• When you upgrade Citrix Receiver for Windows through System Center Configuration Manager

(SCCM), Receiver for Windows might request a system restart. [LC9706]

Keyboard

• Attempts to use the server default or the desired keyboard layouts using APPSRV.INI or ICA files

that is downloaded from the StoreFront might fail.

The following are the limitations in this scenario:

– You must set the keyboard layout manually in the session through the control panel when

configuring for the first time even though you have set the layout previously.

– You must set the keyboard layout synchronization from Advance Preferences to No. If

you set the layout to Yes, the local IME is redirected. [LC9593]

Logon/Authentication

• Aer the AuthManSvr.exe process restarts, attempts to log o from Citrix Receiver for Windows

fails. [LC7981]

Citrix Receiver for Windows 4.9 LTSR

Printing

• When you attempt to print large documents using the PDF writer as the printing preference, the

printer might become unresponsive or this error message might appear:

“Emf viewer has stopped working.” [LC8882]

Session/Connection

• The desktop might disappear soon aer you start the desktop. The issue occurs because of the

duplicate TLS packets sent from Citrix Receiver for Windows. [LC8724]

• When you attempt to start a desktop using Microso Internet Explorer 11, this error message

might appear:

“The connection to \<published_desktop\> failed with status (Unknown client error 0)”

[LC8841]

• When you setup aggregation between two sites in StoreFront, the pre-launch session is not cre-

ated. [LC8847]

• In a double hop scenario with VDA for Desktop OS in the first hop and an application in the

second hop that is started within a VDA, upon reconnecting to the first hop that is running VDA

for Desktop OS, the screen might flicker for a few seconds. [LC9071]

• Attempts to start desktops using Citrix Receiver for Windows might time out aer a short period

and fail. The issue occurs even aer increasing the launch timeout value through the StoreFront

setting LaunchTimeoutMs. [LC9369]

• Aer changing the internal beacon point in StoreFront, you might not be able to start applica-

tions from Citrix Receiver for Windows until you restart Citrix Receiver. [LC9442]

• When you switch between multiple published applications using the Win+Tab or Alt+Tab keys,

the GDI objects might increase on the client until the applications become unresponsive and

display black pixels. [LC9655]

Smart Cards

• When you attempt to start a published desktop in full screen mode using smart card authenti-

cation, the PIN prompt might not appear on the Desktop Viewer. [LC8579]

System Exceptions

• The wfica32 process might exit intermittently when using a touch-enabled device to connect to

a VDA. [LC9228]

• The wfica32.exe process might exit intermittently. [LC9397]

Citrix Receiver for Windows 4.9 LTSR

User Experience

• Citrix Receiver for Windows application window might appear automatically even if you have

not opened the application. The issue occurs when the administrator removes or disables any

published application from Citrix Studio. [LC8176]

• The Start menu and taskbar icons might flicker when you refresh the applications within Citrix

Receiver for Windows. [LC8890]

• The mouse cursor is missing, or appears to be small, within the Citrix Receiver for Windows

session. This might occur when using multiple monitors with dierent DPI on endpoints that

are running on Microso Windows 10. [LC8915]

• The mouse cursor might appear to be smaller than the normal size within the Citrix Receiver for

Windows session. This issue might occur when using a high resolution display on the endpoints

that is running Version 1607 of Microso Windows 10 and later.

The following are the limitations in this scenario:

– The mouse pointer becomes small when you le-click in reverse seamless mode. It be-

comes normal when you release the click.

– The mouse pointer becomes enlarged slightly with low resolution when running on VDA

for Desktop OS and VDA for Server OS that is earlier to Version 1607 of Windows 10 and

Windows Server 2016.

– In a multi-monitor scenario, when the DPI of the monitors is dierent, the mouse pointer

fails to scale correctly. The issue happens when the window is moved across monitors and

can be corrected by resizing the application window.

– The mouse pointer still appears small on the Desktop Viewer on launched desktops.

[LC9221]

• This fix addresses minor performance and quality improvements for Enlightened Data Trans-

port (EDT). [LC9417]

Citrix Receiver for Windows 4.9 LTSR CU2

Compared to: Citrix Receiver for Windows 4.9 LTSR CU1

Client Device Issues

• During a Voice over Internet Protocol (VOIP) call, if user1 launches a published sound recorder

application and starts recording, the microphone audio from user1 is no longer heard within the

call. user1 can hear user2. [LC8713]

Citrix Receiver for Windows 4.9 LTSR

HDX MediaStream Flash Redirection

• With the HDX MediaStream Flash Redirection setting enabled, the PseudoContainer2.exe pro-

cess might exit unexpectedly when you disconnect the session. [LC8802]

HDX MediaStream Windows Media Redirection

• When sending messages using certain third-party applications, a notification alert is not heard.

This fix provides improved support for sounds that play for a short period. [LC8468]

HDX Seamless Local Apps

• Attempts to start applications might fail when using the local app access feature “KEY-

WORDS:prefer=”pattern“” with any 64-bit applications that needs to be configured while

launching. [LC8580]

Installing, Uninstalling, Upgrading

• Aer you upgrade Citrix Receiver for Windows, certain registry keys that are required for custom

virtual channels might be removed. [LC8414]

• Aer the Citrix Receiver for Windows auto update installation, the Auto-update install

command-line switch might not be preserved. As a result, the auto update configuration is set

to the default option. [LC9103]

Session/Connection

• Attempts to launch a session might fail with the following error message:

“The ICA file contains an invalid unsigned parameter.”

Before you upgrade or replace the new ADMX file, set the ICA file signing related policy “Enable

ICA File Signing” to “Not configured.”

Note: Fix LC5338 works with StoreFront 3.0.4000, StoreFront 3.9 and later versions. [LC5338]

• When you launch the selfservice.exe process from Citrix Receiver for Windows on the first hop

of VDA for Server OS, disconnecting the first hop can cause certain third-party applications or

Windows Task Scheduler to run “SelfService.exe –disconnectapps” to disconnect the second

hop upon disconnecting the first hop. When you reconnect to the first hop, “SelfService.exe –

reconnectapps” is run to reconnect to the second hop upon reconnecting the first hop. In this

scenario, Citrix Receiver for Windows might appear in the foreground instead of appearing in

the background and the reconnected applications appear in the background. [LC8224]

Citrix Receiver for Windows 4.9 LTSR

System Exceptions

• The wfica32 process might exit intermittently when using the Mobile Receiver virtual channel.

[LC8526]

• User sessions might exit unexpectedly when using biometrics authentication of the Bloomberg

keyboard. [LC8766]

• User sessions might exit unexpectedly when you use a Bloomberg keyboard fingerprint scanner

device inside the session that is redirected through USB redirection. [LC8928]

User Experience

• When using the customized phrase feature on the Input Method Editor (IME) language bar, cer-

tain characters might randomly get dropped in a user session. [LC6155]

• Shortcuts of streaming applications that are created manually on the desktops and taskbar are

deleted. [LC7500]

• When you start Citrix Receiver for Windows, the Start menu and desktop shortcuts might flicker

if the subscribed applications contain icons with bpp=4 in the Receiver Self-Service window.

[LC8480]

• When certain third-party applications attempt to send a large number of characters to a session

with HDX seamless apps enabled, only a few characters might be sent to the application instead

of all the characters. [LC8560]

• When a published desktop is launched in full-screen mode from a Windows 7 client machine,

playing a redirected Flash video can cause the applications that are set to Always on top to

appear over the desktop viewer window. The fix is disabled by default.

To enable the fix, set the following registry keys:

– On 32-bit systems:

HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\XenDesktop\DesktopViewer

Name:PreventAlwaysOnTopWindowPopover

Type: DWORD

Value: 2; to disable the fix, set the registry key value to 0 or remove the registry key.

– On 64-bit systems:

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Citrix\XenDesktop\DesktopViewer

Name:PreventAlwaysOnTopWindowPopover

Type: DWORD

Citrix Receiver for Windows 4.9 LTSR

Value: 2; to disable the fix, set the registry key value to 0 or remove the registry key.

[LC8616]

• When you refresh applications in Citrix Receiver for Windows, the Microso Outlook application

icons that were manually pinned to the taskbar might disappear. [LC8785]

User Interface

• Applications might not appear in the Start menu when you change the Settings Option in Citrix

Receiver for Windows and configure StoreFront with the Disable User Subscriptions (Manda-

tory Store) setting for the store. [LC8648]

Citrix Receiver for Windows 4.9 LTSR CU1

Compared to: Citrix Receiver for Windows 4.9 LTSR

Client Device Issues

• Devices such as a keyboard, mouse, or a monitor connected to a docking station or a USB hub

cannot be used. The issue occurs when the user session is in full-screen mode or if the session

window is in focus and if you connect the docking station or the hub to a client machine aer

starting the user session. [LC8295]

Content Redirection

• File type association might not work when you log on to Citrix Receiver for Windows using a

roaming profile. [LC8042]

HDX RealTime

• When multiple webcams of the same model are installed on the VDA, only the latest webcam

might be recognized by the session and mapped. With the fix, multiple webcams that are the

same model can be used in any video conference application inside a session.

Note:

– WithFix LC5008 installed, you might not be able toswitchwebcams from the “Preferences”

tab.

– To enable this fix, you must installbotha server and a client hotfix that contains Fix LC5008.

[LC5008]

Citrix Receiver for Windows 4.9 LTSR

Session/Connection

• When attempting to launch Microso Internet Explorer as a dierent user than the currently

logged in user using the “Run As” command and with the Redirector.exe process running on the

system, the browser might launch but content does not load for about 20-30 seconds. [LC5227]

• Attempts to launch a desktop using Mozilla Firefox might fail. The issue occurs when the desk-

top viewer fails to delete a previously created ICA file from the temporary directory of Internet

Explorer. This results in an “Access denied” error that prevents the copying of the ICA file when

you launch a new session. [LC7883]

• When you launch an application from the Start menu or the desktop shortcut, the application

might launch but the following error message appears:

“Cannot find this file, Please verify that the correct path and file name are given.” [LC8253]

• With Citrix Receiver for Windows 4.8 installed, certain features of an employee web portal might

not function properly. However, when the Citrix ICA Client ActiveX control is disabled within

Microso Internet Explorer, the website functions properly. [LC8428]

System Exceptions

• Citrix Receiver for Windows might exit unexpectedly with the following error message:

“Citrix HDX Engine has stopped working” [LC8040]

• Citrix Receiver for Windows 4.8 might experience a fatal exception, displaying a blue screen. The

issue occurs when you restart the system using certain multifunction keyboard models and plug

and unplug the keyboard multiple times from the system. [LC8182]

• Aer removing the headphones from a user device while an audio file is playing, the session

might become unresponsive until you disconnect and reconnect the session. [LC8243]

• When you use the keyboard shortcut “Alt+Enter” in a published seamless application, the

wfica32.exe process might exit unexpectedly. [LC8317]

• In a double-hop scenario, the wfica32.exe process might exit unexpectedly when you switch a

session between clients. [LC8354]

User Experience

• When you record sound with audio quality set to high, the quality of the sound recording might

be poor. [LC8241]

• When you restore a seamless window from full-screen to its original size in a multi-monitor en-

vironment and then drag it back across monitors in order to view the entire application, the

window might be clipped incorrectly. As a result, only a partial window is visible. The issue

Citrix Receiver for Windows 4.9 LTSR

occurs with seamless windows that are wider than the monitor and thus partially o-screen.

[LC8325]

• When you configure shortcut options in the Store web.config file, published application short-

cuts might disappear from the Start menu and desktop.

Note: This fix provides a complete fix for Fix LC7577. [LC8391]

• When launching a session in seamless mode while using Epic Hyperspace, the application

might not allow other applications that are running locally on an endpoint to appear in the

foreground. The Epic Hyperspace application might retain the foreground focus until you

minimize it. [LC8462]

• When you connectto a published desktop, blank areas might appear on the desktopthat change

when resizing the window. This error occurs when using legacy graphics mode. [LC8518]

Citrix Receiver for Windows 4.9 LTSR

Compared to: Citrix Receiver for Windows 4.8

HDX 3D Pro

• With HDX 3D Pro enabled on a VDA, using certain third-party applications can cause the VDA to

disconnect.

To enable the fix, set the following registry keys:

– On 32-bit Windows:

HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA

Client\Engine\Configuration\Advanced\Modules\Thinwire3.0

Name: Tw2IgnoreValidationErrors

Type: REG_SZ

Value: TRUE

HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA

Client\Engine\Configuration\Advanced\Modules\Thinwire3.0

Name: Tw2IgnoreExecutionErrors

Type: REG_SZ

Value: TRUE

Citrix Receiver for Windows 4.9 LTSR

– On 64-bit Windows

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Thinwire3.0

Name: Tw2IgnoreValidationErrors

Type: REG_SZ

Value: TRUE

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Thinwire3.0

Name: Tw2IgnoreExecutionErrors

Type: REG_SZ

Value: TRUE [LC7655]

Server/Site Administration

• When a user password expires, the “Change Password” input form might become non-

interactive. The issue occurs when the new password does not meet the requirement.

[LC7943]

Session/Connection

• When you assign a desktop group to an external client IP address according to the procedure de-

scribed in Knowledge Center article CTX128232, the published desktop might fail to start when

you access through NetScaler Gateway. The following error message might appear:

“Cannot start app” [LC5932]

• Citrix Receiver for Windows might fail to connect to StoreFront when connected through the

Juniper SSLVPN. The issue occurs when the DNS resolution for the StoreFront URL fails. [LC6711]

• Citrix Receiver for Windows might exit unexpectedly when disconnecting from a VDA that is us-

ing an integrated webcam. The issue occurs when you disconnect from the VDA while the web-

cam is running. [LC6815]

• With Desktop Lock enabled, the user session might automatically disconnect when the Store-

Front session expires. [LC6984]

• When using the Epic Hyperspace soware for medical dictation, the dictation recorder might

become unresponsive on the user device while recording. [LC7435]

• When you use the Citrix ICA Client Object API to launch a client session through NetScaler and

configure the Client Selective Trust in Group Policy Object, the session might fail to launch.

[LC7575]

Citrix Receiver for Windows 4.9 LTSR

• File type association might fail to open the associated document when you set the registry value

“DisableStubCreation”to“true” under the registry keyHKEY_LOCAL_MACHINE\SOFTWARE\Citrix\Dazzle

on 32-bit Windows and HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Citrix\Dazzle on

64-bit Windows. The issue occurs when the “%1” parameter is missing for the relevant file name

extension under the registry key HKEY_CURRENT_USER\SOFTWARE\Classes\Dazzle.<appname>.<extension>.1\shell\open\command.

[LC7619]

• With local app access enabled, the size and position of VDA for Desktop OS sessions launched

in full-screen mode might be incorrect. [LC7646]

• When you add a store through the group policy settings or the command line and configure

reconnect at Windows logon, Citrix Receiver for Windows might not automatically reconnect at

Windows logon. [LC7679]

• Aerresumingfrom Sleep mode, the auto client reconnect feature might failto work, preventing

sessions from reconnecting. [LC7705]

• With local app access enabled, the wfcrun32.exe process might exit unexpectedly. [LC7946]

Smart Cards

• With the local security setting “Lock Workstation,” located under the policy “Interactive logon:

Smart card removal behavior” set in a user session, the session might not be locked when you

remove the smart card reader from that session. [LC7571]

• When the SCardListReaderGroup API is called in a user session from the server, Citrix Receiver

for Windows might not execute the API that is called on the client side. [LC7699]

User Experience

• Double-tapping on a device’s touchscreen might not work for some applications within a user

session. [LC6698]

• When you click the taskbar icons to switch the focus between the windows of a third-party ap-

plication in a seamless session, the corresponding window of the third-party application might

fail to appear in the foreground. [LC6709]

• When you change the resolution of the user devicewhile one of the mouse buttonsis in the down

state, seamless apps might not be able to receive the mouse up state for that mouse event. As

a result, the mouse capture is lost. [LC7419]

• When you configure shortcut options in the Store web.config file, published application short-

cuts might disappear from the Start menu and desktop. [LC7577]

• When launching a session in seamless mode while using Epic Hyperspace, the applicationmight

notallow otherapplicationsthat are running locallyon an endpoint toappear in the foreground.

Citrix Receiver for Windows 4.9 LTSR

The Epic Hyperspace application might retain the foreground focus until the application is min-

imized. [LC7906]

Note: This version of Citrix Receiver for Windows also includes all fixes included in Versions 4.8, 4.7,

4.6, 4.5, 4.4, 4.3, 4.2, 4.1, and 4.0.

Known Issues

December 4, 2019

Known issues in Citrix Receiver for Windows 4.9 LTSR CU9

No new issues have been observed in this release.

Known issues in Citrix Receiver for Windows 4.9 LTSR CU8

No new issues have been observed in this release.

Known issues in Citrix Receiver for Windows 4.9 LTSR CU7

• With client rendered Flash or Windows Media redirection enabled, the taskbar preview might

not display correctly. [LCMRFWIN-2013]

• When you upgrade Citrix Receiver for Windows to Version 4.9 LTSR Cumulative Update 7, mul-

tiple reg.exe processes might spawn child processes. Those child processes remain until you

restart or log o from the client. [LCMRFWIN-2050]

• With the Citrix HDX RealTime Media Engine plug-in installed, duplicate registry key values might

be created when you upgrade Citrix Receiver for Windows to Version 4.9 LTSR Cumulative Up-

date 7. Also, the session does not launch. The session launches only aer you remove the du-

plicate data HDX RealTime Media Engine, SOCKSProxyPlugin, UDPGatewayPlugin from the

VirtualDriverEx registry name.

To enable the fix, set the following registry key:

– On 32-bit machines:

HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ICA

3.0\

Name: VirtualDriverEx

Type: REG_SZ

Data: HDX RealTime Media Engine, SOCKSProxyPlugin, UDPGatewayPlugin

Citrix Receiver for Windows 4.9 LTSR

– On 64-bit machines:

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ICA

3.0\

Name: VirtualDriverEx

Type: REG_SZ

Data: HDX RealTime Media Engine, SOCKSProxyPlugin, UDPGatewayPlugin

[LCMRFWIN-2054]

Known issues in Citrix Receiver for Windows 4.9 LTSR CU6

No new issues have been observed in this release.

Known issues in Citrix Receiver for Windows 4.9 LTSR CU5

No new issues have been observed in this release.

Known issues in Citrix Receiver for Windows 4.9 LTSR CU4

No new issues have been observed in this release.

Known issues in Citrix Receiver for Windows 4.9 LTSR CU3

No new issues have been observed in this release.

Known issues in Citrix Receiver for Windows 4.9 LTSR CU2

No new issues have been observed in this release.

Known issues in Citrix Receiver for Windows 4.9 LTSR CU1

Citrix Receiver for Windows 4.9 contains some of the known issues that were present in Versions 4.5,

4.6, 4.7 and 4.8, plus the following, known issue:

• With Framehawk enabled, the wfica32.exe process might exit unexpectedly when you attempt

to log on and o continually. [LCMRFWIN-704]

Citrix Receiver for Windows 4.9 LTSR

Known issues in Citrix Receiver for Windows 4.9

• When you launch a Desktop session in a windowed mode on a Surface Pro, and switching from

between Desktop mode to Tablet mode, Desktop Viewer option turns unresponsive. [RFWIN-

5837]

Third party notices

June 21, 2019

Citrix Receiver for Windows might include third party soware licensed under the terms defined in the

following document:

Citrix Receiver for Windows Third Party Notices (PDF Download)

System requirements and compatibility

December 17, 2019

Requirements

• This version of Citrix Receiver for Windows requires a minimum of 500MB free disk space and

1GB RAM.

• .NET Framework minimum requirements

– NET 3.5 Service Pack 1 is required by the Self-Service plug-in, which allows users to sub-

scribe to and launch desktops and applications from the Receiver user interface or from

a command line. For more information, see Configure and install Receiver for Windows

using command-line parameters.

– The .NET 2.0 Service Pack 1 and Microso Visual C++ 2008 Service Pack 1 Redistributable

Package are required.

Compatibility

Citrix Receiver for Windows Version 4.9 is compatible with the following Windows operating systems

and web browsers. It is also compatible with all currently supported versions of XenApp, XenDesktop,

and NetScaler Gateway as listed in the Citrix Product Lifecycle Matrix.

Citrix Receiver for Windows 4.9 LTSR

Note

The NetScaler Gateway End Point Analysis Plug-in (EPA) does not support native Citrix Receiver

for Windows.

Operating system

Windows 10 32-bit and 64-bit editions [1]

Windows 10 IoT Enterprise [2]

Windows 8.1, 32-bit and 64-bit editions (including Embedded edition)

Windows 7, 32-bit and 64-bit editions (including Embedded edition)

Windows Thin PC

Windows Server 2016

Windows Server 2012 R2, Standard and Datacenter editions

Windows Server 2012, Standard and Datacenter editions

Windows Server 2008 R2, 64-bit edition

[1] Supports Windows 10 Anniversary Update, Creators Update, Falls Creators Update, April 2018 Up-

date (Version 1803), October 2018 Update (Version 1809), May 2019 Update (Version 1903), and Novem-

ber 2019 Update (Version 1909).

[2] Supports Windows 10 IoT Enterprise 2015 LTSB, Windows 10 IoT Enterprise 2016 LTSB, Anniversary

Update, Creators Update, Falls Creators Update.

Browser

Internet Explorer

Latest Google Chrome (requires StoreFront)

Latest Mozilla Firefox

Microso Edge

4.9 LTSR CU version Supported version of Windows 10

CU9 November 2019 Update (Version 1909)

CU8 May 2019 Update (Version 1903)

CU7 May 2019 Update (Version 1903)

Citrix Receiver for Windows 4.9 LTSR

4.9 LTSR CU version Supported version of Windows 10

CU6 October 2018 Update (Version 1809)

CU5 October 2018 Update (Version 1809)

CU4 April 2018 Update

CU3 April 2018 Update

CU2 Falls Creators Update

CU1 Falls Creators Update

Supportability matrix

Operating systems supported on

touch-enabled devices Operating systems supported on VDAs

Windows 10 Windows 10

Windows 8 Windows 8

Windows 7 Windows 7

Windows 2012 R2

Windows Server 2016

Windows Server 2008 R2

Connections, Certificates and Authentication

March 19, 2019

Connections

1. HTTP store

2. HTTPS store

3. NetScaler Gateway 10.5 and later

4. Web Interface 5.4

Citrix Receiver for Windows can be connected to the VDA or an ICA session can be established on win-

dows domain-joined machines, managed devices (local and remote with or without VPN) and non-

domain joined machines.

Citrix Receiver for Windows 4.9 LTSR

Certificates

1. Private (self-signed)

2. Root

3. Wildcard

4. Intermediate

Private (self-signed) certificates

If a private certificate is installed on the remote gateway, the root certificate of the organization’s cer-

tificate authority must be installed on the user device to successfully access Citrix resources using

Citrix Receiver for Windows.

Note

If the remote gateway’s certificate cannot be verified upon connection (because the root certifi-

cate is not included in the local Keystore.), an untrusted certificate warning appears. If a user

chooses to continue through the warning, a list of apps is displayed but the apps cannot be

launched.

Installing root certificates

For domain-joined computers, you can use Group Policy Object administrative template to distribute

and trust CA certificates.

For non-domain joined computers, the organization can create a custom install package to distribute

and install the CA certificate. Contact your system administrator for assistance.

Wildcard certificates

Wildcard certificates are used on a server within the same domain.

Citrix Receiver for Windows supports wildcard certificates; however, they must be used in accordance

with your organization’s security policy. In practice, an alternative to wildcard certificates is a certifi-

cate containing the list of server names with the Subject Alternative Name (SAN) extension is consid-

ered. These certificates are issued by both private and public certificate authorities.

Intermediate certificates

If your certificate chain includes an intermediate certificate, the intermediate certificate must be ap-

pended to the NetScaler Gateway server certificate. For information, see Configuring Intermediate

Certificates.

Citrix Receiver for Windows 4.9 LTSR

Authentication

Authentication to StoreFront

Receiver for

Web using

browsers

StoreFront

Services site

(native)

StoreFront

XenApp

Services site

(native)

NetScaler to

Receiver for

Web

(browser)

NetScaler to

StoreFront

Services site

(native)

Anonymous Yes Yes

Domain Yes Yes Yes Yes* Yes*

Domain

pass-through

Yes Yes Yes

Security

token

Yes* Yes*

Two-factor

(domain with

security

token)

Yes* Yes*

SMS Yes* Yes*

Smart card Yes Yes Yes Yes

User

certificate

Yes

(NetScaler

plug-in)

Yes

(NetScaler

plug-in)

*With or without the NetScaler plug-in installed on the device.

Note

Citrix Receiver for Windows 4.8 supports 2FA (domain plus security token) through NetScaler

Gateway to the StoreFront native service.

Authentication to Web Interface

Citrix Receiver for Windows supports the following authentication methods (Web Interface uses the

term Explicit for domain and security token authentication):

Citrix Receiver for Windows 4.9 LTSR

Web Interface

(browsers)

Web Interface

XenApp

Services site

NetScaler to

Web Interface

(browser)

NetScaler to

Web Interface

XenApp

Services site

Anonymous Yes

Domain Yes Yes Yes*

Domain

pass-through

Yes Yes

Security token Yes*

Two-factor

(domain with

security token)

Yes*

SMS Yes*

Smart card Yes Yes

User certificate Yes (NetScaler

plug-in)

*Available only in deployments that include NetScaler Gateway, with or without the associated plug-in

installed on the device.

For information about authentication, see Configuring Authentication and Authorization in the

NetScaler Gateway documentation and Manage topics in the StoreFront documentation.

For information about authentication methods supported by Web Interface, see Web Interface docu-

mentation.

Install

October 26, 2018

The CitrixReceiver.exe installation package can be installed in the following methods:

• By a user from Citrix.com or your own download site

– A first-time user who obtains Citrix Receiver for Windows from Citrix.com or your own

download site can set up an account by entering an email address instead of a server

URL. Citrix Receiver for Windows determines the NetScaler Gateway or StoreFront Server

Citrix Receiver for Windows 4.9 LTSR

associated with the email address and prompts the user to log on and continue the

installation. This feature is referred to as “email-based account discovery.” Note: A

first-time user is one who does not have Citrix Receiver for Windows installed on the

device.

– Email-based account discovery for a first-time user does not apply if Citrix Receiver for

Windows is downloaded from a location other than Citrix.com (such as a Receiver for Web

site).

– If your site requires configuration of Citrix Receiver for Windows, use an alternate deploy-

ment method.

• Automatically from Receiver for Web or from a Web Interface logon screen.

– A first-time user can set up an account by entering a server URL or downloading a provi-

sioning (CR) file.

• Using an Electronic Soware Distribution (ESD) tool

– A first-time user must enter a server URL or open a provisioning file to set up an account.

Citrix Receiver for Windows does not require administrator rights to install unless you are using pass-

through authentication.

HDX RealTime Media Engine (RTME)

A single installer now combines the latest Citrix Receiver for Windows with the HDX RTME installer.

When installing Citrix Receiver by using the executable file (.exe), the HDX RTME is installed as well.

If you have installed the HDX RealTime Media Engine, when you uninstall and then reinstall Citrix Re-

ceiver for Windows, ensure that you use the same mode that you used to install the HDX RTME.

Note

Installing the latest version of Citrix Receiver with integrated RTME support requires administra-

tive privileges on the host machine.

Consider the following HDX RTME issues when installing or upgrading Citrix Receiver for Windows:

• The latest version of Citrix ReceiverPlusRTME contains HDX RTME; no further installation is re-

quired to install RTME.

• Upgrading from a previous Citrix Receiver for Windows version to the latest bundled version

(Citrix Receiver with RTME) is supported. Previously installed versions of RTME are overwritten

with the latest version; upgrading from the same Citrix Receiver for Windows version to the lat-

est bundled version (for example, Receiver 4.7 to the bundled Receiver 4.7 plus RTME) is not

supported.

• If you have an earlier version of RTME, installing the latest Citrix Receiver for Windows version

automatically updates the RTME on the client device.

• If a more recent version of RTME is present, the installer retains the latest version.

Citrix Receiver for Windows 4.9 LTSR

Important

The HDX RealTime Connector on your XenApp/XenDesktop servers must be at least version

2.0.0.417 for compatibility with the new RTME package; that is, you cannot use RTME 2.0 with

the 1.8 RTME Connector.

Manual Upgrade to Citrix Receiver for Windows

For deployments with StoreFront:

• Best practice for BYOD (Bring Your Own Device) users is to configure the latest versions of

NetScaler Gateway and StoreFront as described in the documentation for those products

on the Product Documentation site. Attach the provisioning file created by StoreFront to an

email and inform users how to upgrade and to open the provisioning file aer installing Citrix

Receiver for Windows.

• As an alternative to providing a provisioning file, inform users to enter the NetScaler Gateway

URL. Or, if you configured email-based account discovery as described in the StoreFront docu-

mentation, inform users to enter their email address.

• Another method is to configure a Citrix Receiver for Web site as described in the StoreFront doc-

umentation and complete the configuration described in Deploy Citrix Receiver for Windows

from Citrix Receiver for Web. Inform users how to upgrade Citrix Receiver for Windows, access

the Citrix Receiver for Web site, and download the provisioning file from Citrix Receiver for Web

(click the user name and click Activate).

For deployments with Web Interface

• Upgrade your Web Interface site with Citrix Receiver for Windows and complete the configura-

tion described in Deploy Citrix Receiver for Windows from a Web Interface logon screen. Let

your users know how to upgrade Citrix Receiver for Windows. You can, for example, create a

download site where users can obtain the renamed Citrix Receiver installer.

Considerations when upgrading

Citrix Receiver for Windows 4.x can be used to upgrade Citrix Receiver for Windows 3.x as well as Citrix

online plug-in 12.x.

If Citrix Receiver for Windows 3.x was installed per machine, a per-user upgrade (by a user without

administrative privileges) is not supported.

If Citrix Receiver for Windows 3.x was installed per user, a per-machine upgrade is not supported.

Citrix Receiver for Windows 4.9 LTSR

Install and uninstall Citrix Receiver for Windows manually

August 6, 2018

You can install Citrix Receiver for Windows from the installation media, a network share, Windows Ex-

plorer, or a command line by manually running the CitrixReceiver.exe installer package. For command

line installation parameters and space requirements, see Configure and install Receiver for Windows

using command-line parameters.

Validating free disk space

Citrix Receiver for Windows performs a check to verify whether there is enough available disk space

to complete the installation. The verification is performed both during a fresh installation and an

upgrade.

During a fresh installation, the installation ends when there is insuicient disk space and the following

dialog appears.

When you are upgrading Citrix Receiver for Windows, the installation ends when there is insuicient

disk space and the following dialog appears.

The following table provides details on the minimum required disk space to install Citrix Receiver for

Windows.

Installation type Required disk space

Fresh installation 320 MB

Upgrade of Citrix Receiver 206 MB

Note

• The installer performs the check on the disk space only aer extracting the installation pack-

age.

• When the system is low on disk space during silent installation, the dialog does not appear

but the error message is recorded in the CTXInstall_TrolleyExpress-*.log.

Uninstalling Citrix Receiver for Windows

You can uninstall Citrix Receiver for Windows with the Windows Programs and Features utility (Add/Re-

move Programs).

Citrix Receiver for Windows 4.9 LTSR

Note

You get a prompt to uninstall the Citrix HDX RTME package before continuing with the Citrix Re-

ceiver for Windows installation. For more information, see Knowledge Center article CTX200340.

To uninstall Citrix Receiver for Windows using the command line interface

You can also uninstall Citrix Receiver for Windows from a command line by typing the following com-

mand:

CitrixReceiver.exe /uninstall

Aer uninstalling Citrix Receiver for Windows, the custom Citrix Receiver for Windows registry keys cre-

ated by receiver.adm/receiver.adml or receiver.admx remain in the Soware\Policies\Citrix\ICA Client

directory under HKEY_LOCAL_MACHINE and HKEY_LOCAL_USER.

When you reinstall Citrix Receiver for Window, these policies might be enforced, possibly causing un-

expected behavior. To remove the customizations, delete them manually.

Configure and install using command-line parameters

June 20, 2019

Customize Citrix Receiver for Windows installer by specifying command line options. The installer

package self-extracts to the user’s temp directory before launching the setup program. The space

requirement includes program files, user data, and temp directories aer launching several applica-

tions.

For more information space requirements, see System requirements.

To install Citrix Receiver for Windows from a command prompt, use the syntax:

CitrixReceiver.exe [Options]

Auto-update

Citrix Receiver for Windows 4.9 LTSR

Option /AutoUpdateCheck = auto/manual/disabled

Description Indicates that Citrix Receiver for Windows

detects when an update is available; Auto –

You are notified when an update is available

(default); Manual –You are not notified when

updates are available. Check for updates

manually; Disabled – Disable auto-update

Sample usage CitrixReceiver.exe / AutoUpdateCheck = auto;

CitrixReceiver.exe / AutoUpdateCheck =

manual; CitrixReceiver.exe / AutoUpdateCheck

= disabled

Option /AutoUpdateStream= LTSR/Current

Description Indicates the release of Citrix Receiver for

Windows;

LTSR

– indicates that the release is a

Long Term Service Release; Current – indicates

that the release is the latest version of Citrix

Receiver for Windows

Sample usage CitrixReceiver.exe /AutoUpdateStream= LTSR;

CitrixReceiver.exe / AutoUpdateStream=

Current

Option /DeferUpdateCount

Description Indicates the number of times the Remind me

later option is displayed. Indicates that you

can defer the update to set count; -1 – indicates

that you can defer the notifications any

number of times (default value=-1); 0 –

indicates that the Remind me later option is

not displayed; Any other number – indicates

that the Remind me later option is displayed in

that count. For example, if you set the value to

10, the Remind me later option is displayed 10

times.

Citrix Receiver for Windows 4.9 LTSR

Option /DeferUpdateCount

Sample usage CitrixReceiver.exe /DeferUpdateCount=-1;

CitrixReceiver.exe /DeferUpdateCount=-0;

CitrixReceiver.exe /DeferUpdateCount=<any

other number>

Option /AURolloutPriority

Description Indicates the period when you can stage the

rollout; Fast – Update rollout happens at the

beginning of the delivery period; Medium –

Update rollout happens at the mid-delivery

period; Slow – Update rollout happens at the

end of the delivery period.

Sample usage CitrixReceiver.exe /AURolloutPriority=Fast;

CitrixReceiver.exe /AURolloutPriority=Medium;

CitrixReceiver.exe /AURolloutPriority=Slow

Enable bidirectional content redirection

Note

By default, Citrix Receiver for Windows does not install the bidirectional content redirection com-

ponents if they are already installed on the server. If you are using XenDesktop as a client ma-

chine, you must install Citrix Receiver for Windows by using the /FORCE_LAA switch to install the

bidirectional content redirection components. The feature, however, must be configured both

on the server and the client.

Option ALLOW_BIDIRCONTENTREDIRECTION=1

Description Indicates that the bidirectional content

redirection between client to host and host to

the client is Enabled.

Sample usage CitrixReceiver.exe

/ALLOW_BIDIRCONTENTREDIRECTION=1

Enable Local App Access

Citrix Receiver for Windows 4.9 LTSR

Option FORCE_LAA=1

Description By default, Citrix Receiver for Windows does

not install the client side Local App Access

components if the components are already

installed on the server. To force the client side

Local App Access components on the Citrix

Receiver, use FORCE_LAA command line

switch. Administrator-level privileges are

required to perform these steps. For more

information on Local App Access, see Local App

Access in XenApp and XenDesktop

documentation.

Sample usage CitrixReceiver.exe /FORCE_LAA =1

Display usage information

Option /? or /help

Description Indicates usage information

Sample usage CitrixReceiver.exe /?; CitrixReceiver.exe /help

Suppress reboot during UI installation

Option /noreboot

Description Suppresses reboot during UI installations. This

option is not necessary for silent installs. If you

suppress reboot prompts, the USB devices that

are in suspended state when Citrix Receiver for

Windows installs is not recognized by Citrix

Receiver for Windows until aer the user

device is restarted.

Sample usage CitrixReceiver.exe /noreboot

Silent installation

Citrix Receiver for Windows 4.9 LTSR

Option /silent

Description Disables the error and progress dialogs to run a

completely silent installation.

Sample usage CitrixReceiver.exe /silent

Enable single sign on authentication

Option /includeSSON

Description Indicates that the Citrix Receiver for Windows

will be installed with the single sign-on

component. The related option,

ENABLE_SSON, is enabled when /includeSSON

is on the command line. If you use ADDLOCAL=

to specify features and you want to install the

single sign on, you must also specify the value

SSON. To enable pass-through authentication

for a user device, you must install Citrix

Receiver for Windows with local administrator

rights from a command line that has the option

/includeSSON. For more information, see How

to Manually Install and Configure Citrix

Receiver for Pass-Through Authentication.

Note: Smart card, Kerberos and Local user

name and password policies are

inter-dependent. The order of configuration is

important. We recommend to first disable

unwanted policies, and then enable the

policies you require. Carefully validate the

result.

Sample usage CitrixReceiver.exe /includeSSON

Enable single sign on when /includeSSON is specified

Citrix Receiver for Windows 4.9 LTSR

Option ENABLE_SSON={Yes | No}

Description Enable Single sign-on when /includeSSON is

specified. The default value is Yes. Enables

Single sign-on when /includeSSON is also

specified. This property is required for smart

card Single sign-on. Note that users must log

o and log in to their devices aer an

installation with Single sign-on authentication

enabled. Requires administrator rights.

Sample usage CitrixReceiver.exe ENABLE_SSON=Yes

Always-on tracing

Option /EnableTracing={true | false}

Description By default, this feature is set to true. Use this

property to explicitly enable or disable the

always-on tracing feature. Always-on tracing

helps collect critical logs around connection

time. These logs can prove useful when

troubleshooting intermittent connectivity

issues. The Always-on tracing policy overrides

this setting.

Sample usage CitrixReceiver.exe /EnableTracing=true

Using the Citrix Customer Experience Improvement Program (CEIP)

Option EnableCEIP={true | false}

Description When you enable participation in the Citrix

Customer Experience Improvement Program

(CEIP), anonymous statistics and usage

information are sent to Citrix to help Citrix

improve the quality and performance of its

products.

Sample usage CitrixReceiver.exe EnableCEIP=true

Citrix Receiver for Windows 4.9 LTSR

Specify the installation directory

Option INSTALLDIR=<Installation Directory>

Description Specifies the installation path, where

Installation Directory is the location where

most of the Citrix Receiver soware will be

installed. The default value is C:\Program

Files\Citrix\Receiver. The following Receiver

components are installed in the C:\Program

Files\Citrix path: Authentication Manager;

Citrix Receiver; Self-Service plug-in; If you use

this option and specify an Installation

directory, you must install RIInstaller.msi in the

installation directory\Receiver directory and

the other .msi files in the installation directory.

Sample usage CitrixReceiver.exe INSTALLDIR=c:\Citrix\Test

Identify a user device

Option CLIENT_NAME=<ClientName>

Description Specifies the client name, where ClientName is

the name used to identify the user device to

the server . The default value is

%COMPUTERNAME%

Sample usage CitrixReceiver.exe

CLIENT_NAME=%COMPUTERNAME%.

Dynamic client name

Citrix Receiver for Windows 4.9 LTSR

Option ENABLE_CLIENT_NAME= Yes | No

Description The dynamic client name feature allows the

client name to be the same as the computer

name. When users change their computer

name, the client name changes to match.

Defaults to Yes. To disable dynamic client

name support, set this property to No and

specify a value for the CLIENT_NAME property.

Sample usage CitrixReceiver.exe

ENABLE_DYNAMIC_CLIENT_NAME =Yes

Install specified components

Citrix Receiver for Windows 4.9 LTSR

Option ADDLOCAL=<feature… ,>

Description Installs one or more of the specified

components. When specifying multiple

parameters, separate each parameter with a

comma and without spaces. The names are

case sensitive. If you do not specify this

parameter, all components are installed by

default. Components include: ReceiverInside –

Installs the Citrix Receiver experience (required

component for Receiver operation); ICA_Client

– Installs the standard Citrix Receiver (required

component for Receiver operation).

WebHelper –Installs the WebHelper

component. This component retrieves the ICA

file from Storefront and passes it to the HDX

Engine. In addition, if verifies environment

parameters and shares them with Storefront

(similar to ICO client detection); [Optional]

SSON – Installs single sign on. Requires

administrator rights. AM – Installs the

Authentication Manager; SELFSERVICE –

Installs the Self-Service Plug-in. The AM value

must be specified on the command line and

.NET 3.5 Service Pack 1 must be installed on the

user device. The Self-Service Plug-in is not

available for Windows Thin PC devices, which

do not support .NET 3.5; For information on

scripting the Self-Service Plug-in (SSP), and a

list of parameters available in Receiver for

Windows 4.2 and later, see Knowledge Center

article CTX200337; The Self-Service Plug-in

allows users to access virtual desktops and

applications from the Receiver window or from

a command line, as described later in this

section in To launch a virtual desktop or

application from a command line; USB –

Installs USB support. Requires administrator

rights; DesktopViewer – Installs the Desktop

Viewer; Flash – Installs HDX media stream for

Flash; Vd3d – Enables the Windows Aero

experience (for operating systems that support

it).

Citrix Receiver for Windows 4.9 LTSR

Option ADDLOCAL=<feature… ,>

Sample usage CitrixReceiver.exe ADDLO-

CAL=ReceiverInside,ICA_Client,AM,SELFSERVICE,DesktopViewer,Flash,Vd3d,usb,WebHelper

Configure Citrix Receiver for Windows to manually add Stores

Citrix Receiver for Windows 4.9 LTSR

Option ALLOWADDSTORE={N | S | A}

Description Specifies whether users can add and remove

stores not configured through Merchandising

Server deliveries; users can enable or disable

stores configured through Merchandising

Server deliveries, but they cannot remove

these stores or change the names or the URLs.)

Defaults to S. Options include: N – Never allow

users to add or remove their own store; S –

Allow users to add or remove secure stores

only (configured with HTTPS); A – Allow users

to add or remove both secure stores (HTTPS)

and non-secure stores (HTTP). Not applicable if

Citrix Receiver is installed per user; You can

also control this feature by updating the

registry key

HKLM\Soware[Wow6432Node]Citrix\Dazzle\AllowAddStore.

Note: Only secure (HTTPS) stores are allowed

by default and are recommended for

production environments. For test

environments, you can use HTTP store

connections through the following

configuration: Set

HKLM\Soware[Wow6432Node]Citrix\Dazzle\AllowAddStore

to A to allow users to add non-secure stores; Set

HKLM\Soware[Wow6432Node]Citrix\Dazzle\AllowSavePwd

to A to allow users to save their passwords for

non-secure stores; To enable the addition of a

store that is configured in StoreFront with a

TransportType of HTTP, add to

HKLM\Soware[Wow6432Node]Citrix\AuthManager

the value ConnectionSecurityMode (REG_SZ

type) and set it to Any; Exit and restart Citrix

Receiver.

Sample usage CitrixReceiver.exe ALLOWADDSTORE=N

Save credentials for stores locally using PNAgent protocol

Citrix Receiver for Windows 4.9 LTSR

Option ALLOWSAVEPWD={N | S | A}

Description The default is the value specified by the

PNAgent server at runtime. Specifies whether

users can save the credentials for stores locally

on their computers and apply only to stores

using the PNAgent protocol. Defaults to S.

Options include: N – Never allow users to save

their passwords; S – Allow users to save

passwords for secure stores only (configured

with HTTPS); A – Allow users to save passwords

for both secure stores (HTTPS) and non-secure

stores (HTTPS) and non-secure stores (HTTP);

You can also control this feature by updating

the registry key

HKLM\Soware[Wow6432Node]\Citrix\Dazzle\AllowSavePwd;

Note: The following registry key must be

added manually if AllowSavePwd does not

work: Key for 32bit OS client:

HKLM\Soware\Citrix\AuthManager; •Key for

64bit OS client:

HKLM\Soware\wow6432node\Citrix\AuthManager;

•Type: REG_SZ; •Value: never - never allow

users to save their passwords. secureonly -

allow users to save passwords for secure stores

only (configured with HTTPS). always - allow

users to save passwords for both secure stores

(HTTPS) and non-secure stores (HTTP).

Sample usage CitrixReceiver.exe ALLOWSAVEPWD=N

Select certificate

Citrix Receiver for Windows 4.9 LTSR

Option

AM_CERTIFICATESELECTIONMODE={Prompt

|SmartCardDefault | LatestExpiry}

Description Use this option to select a certificate.The

default value is Prompt, which prompts the

user to choose a certificate from a list. Change

this property to choose the default certificate

(per the smart card provider) or the certificate

with the latest expiry date. If there are no valid

logon certificates, the user is notified, and

given the option to use an alternate logon

method if available. Use this option to select a

certificate.The default value is Prompt, which

prompts the user to choose a certificate from a

list. Change this property to choose the default

certificate (per the smart card provider) or the

certificate with the latest expiry date. If there

are no valid logon certificates, the user is

notified, and given the option to use an

alternate logon method if available. You can

also control this feature by updating the

registry key HKCU or

HKLM\Soware[Wow6432Node]Citrix\AuthManager:CertificateSelectionMode={

Prompt | SmartCardDefault | LatestExpiry }.

Values defined in HKCU take precedence over

values in HKLM to best assist the user in

selecting a certificate.

Sample usage CitrixReceiver.exe

AM_CERTIFICATESELECTIONMODE=Prompt

Use CSP components to manage Smart Card PIN entry

Citrix Receiver for Windows 4.9 LTSR

Option AM_SMARTCARDPINENTRY=CSP

Description Use CSP components to manage Smart Card

PIN entry. By default, the PIN prompts

presented to users are provided by Citrix

Receiver rather than the smart card

Cryptographic Service Provider (CSP). Receiver

prompts users to enter a PIN when required

and then passes the PIN to the smart card CSP.

Specify this property to use the CSP

components to manage the PIN entry,

including the prompt for a PIN.

Sample usage CitrixReceiver.exe

AM_SMARTCARDPINENTRY=CSP

Using Kerberos

Option ENABLE_KERBEROS={Yes | No}

Description The default value is No. Specifies whether the

HDX engine should use Kerberos

authentication and applies only when single

sign-on (pass-through) authentication is

enabled. For more information, see Configure

domain pass-through authentication with

Kerberos.

Sample usage CitrixReceiver.exe ENABLE_KERBEROS=No

Displaying legacy FTA icons

Citrix Receiver for Windows 4.9 LTSR

Option LEGACYFTAICONS={False | True}

Description Use this option to display Legacy FTA icons.

The default value is False. Specifies whether or

not application icons are displayed for

documents that have file type associations

with subscribed applications. When the

argument is set to false, Windows generates

icons for documents that do not have a specific

icon assigned to them. The icons generated by

Windows consist of a generic document icon

overlaid with a smaller version of the

application icon. Citrix recommends enabling

this option if you plan to deliver Microso

Oice applications to users running Windows 7.

Sample usage CitrixReceiver.exe LEGACYFTAICONS=False

Enabling pre-launch

Option ENABLEPRELAUNCH={False | True}

Description The default value is False. For information

about session pre-launch, see Reduce

application launch time.

Sample usage CitrixReceiver.exe ENABLEPRELAUNCH=False

Specifying the directory for Start Menu shortcuts

Citrix Receiver for Windows 4.9 LTSR

Option STARTMENUDIR={Directory Name}

Description By default, applications appear under Start >

All Programs. You can specify the relative path

under the programs folder to contain the

shortcuts to subscribed applications. For

example, to place shortcuts under Start > All

Programs > Receiver, specify

STARTMENUDIR=\Receiver. Users can change

the folder name or move the folder at any time.

You can also control this feature through a

registry key: Create the entry REG_SZ for

StartMenuDir and give it the value

“\RelativePath”. Location:

HKLM\Soware[Wow6432Node]Citrix\Dazzle;HKCU\Soware\Citrix\Dazzle;

For applications published through XenApp

with a Client applications folder (also referred

to as a Program Neighborhood folder)

specified, you can specify that the client

applications folder is to be appended to the

shortcuts path as follows: Create the entry

REG_SZ for UseCategoryAsStartMenuPath and

give it the value “true”. Use the same registry

locations as noted above. Note: Windows 8/8.1

does not allow the creation of nested folders

within the Start Menu. Applications will be

displayed individually or under the root folder

but not within Category sub folders defined

with XenApp. Examples: •If client application

folder is \oice, UseCategoryAsStartMenuPath

is true, and no StartMenuDiris specified,

shortcuts are placed under Start > All Programs

> Oice; •If Client applications folder is \Oice,

UseCategoryAsStartMenuPath is true, and

StartMenuDir is \Receiver, shortcuts are placed

under Start > All Programs > Receiver > Oice;

Changes made to these settings have no

impact on shortcuts that are already created.

To move shortcuts, you must uninstall and

re-install the applications.

Citrix Receiver for Windows 4.9 LTSR

Option STARTMENUDIR={Directory Name}

Sample usage CitrixReceiver.exe STARTMENUDIR=\Oice

Specifying the Store Name

Option

STOREx=”storename;http[s]://servername.domain/IISLocation/discovery;[On

| O] ; [storedescription]” [ STOREy=”…”]

Description Use this option to specify the Store name.

Specifies up to 10 stores to use with Citrix

Receiver. Values: x and y – Integers 0 through

9; storename – Defaults to store. This must

match the name configured on the StoreFront

Server; servername.domain – The fully

qualified domain name of the server hosting

the store; IISLocation – the path to the store

within IIS. The store URL must match the URL

in StoreFront provisioning files. The store URLs

are of the form “/Citrix/store/discovery”. To

obtain the URL, export a provisioning file from

StoreFront, open it in notepad and copy the

URL from the <Address> element. •On | O –

The optional O configuration setting enables

you to deliver disabled stores, giving users the

choice of whether or not they access them.

When the store status is not specified, the

default setting is On; storedescription – An

optional description of the store, such as HR

App Store; Note: In this release, it is important

to include “/discovery” in the store URL for

successful pass-through authentication.

Sample usage CitrixReceiver.exe STORE0=”Store;https://

test.xx.com/Citrix/Store/Discovery

Enabling URL Redirection on user devices

Citrix Receiver for Windows 4.9 LTSR

Option ALLOW_CLIENTHOSTEDAPPSURL=1

Description Enables the URL redirection feature on user

devices. Requires administrator rights.

Requires that Citrix Receiver is installed for All

Users. For information about URL redirection,

see Local App Access and its sub-topics in the

XenDesktop 7 documentation.

Sample usage CitrixReceiver.exe

ALLOW_CLIENTHOSTEDAPPSURL=1

Specifying the directory for Desktop Shortcuts

Option DESKTOPDIR=<Directory Name>

Description Brings all shortcuts into a single folder.

CategoryPath is supported for desktop

shortcuts. Note: When using the DESKTOPDIR

option, set the PutShortcutsOnDesktop key to

True.

Sample usage CitrixReceiver.exe DESKTOPDIR=\Oice

Upgrading from an unsupported Citrix Receiver version

Option /rcu

Description Allows you to upgrade from an unsupported

version to the latest version of Citrix Receiver.

Sample usage CitrixReceiver.exe /rcu

Troubleshooting the installation

If there is a problem with the installation, search in the user’s %TEMP%/CTXReceiverInstallLogs direc-

tory for the logs with the prefix CtxInstall- or TrolleyExpress- . For example:

CtxInstall-ICAWebWrapper-20141114-134516.log

TrolleyExpress-20090807-123456.log

Examples of a command line installation:

Citrix Receiver for Windows 4.9 LTSR

To install all components silently and specify two application stores:

CitrixReceiver.exe /silent

STORE0=”AppStore;https://testserver.net/Citrix/MyStore/discovery;on;HR App

Store”

STORE1=”BackUpAppStore;https://testserver.net/Citrix/MyBackupStore/discovery;

on;Backup HR App Store”

To specify single sign-on (pass-through authentication) and add a store that points to a XenApp Ser-

vices URL:

CitrixReceiver.exe /INCLUDESSON /STORE0=”PNAgent;https://testserver.net/Citrix/

PNAgent/config.xml;on;My PNAgent Site”

To launch a virtual desktop or application from a command line

Citrix Receiver for Windows creates a stub application for each subscribed desktop or application.

You can use a stub application to launch a virtual desktop or application from the command line.

Stub applications are located in %appdata%\Citrix\SelfService. The file name for a stub application

is the Display Name of the application, with the spaces removed. For example, the stub application

file name for Internet Explorer is InternetExplorer.exe.

Deploy using Active Directory and sample startup scripts

August 6, 2018

You can use Active Directory Group Policy scripts to pre-deploy Citrix Receiver for Windows on systems

based on your Active Directory organizational structure. Citrix recommends using the scripts rather

than extracting the .msi files because the scripts allow for a single point for installation, upgrade, and

uninstall; they consolidate the Citrix entries in Programs and Features, and make it easier to detect

the version of Citrix Receiver that is deployed. Use the Scripts setting in the Group Policy Management

Console (GPMC) under Computer Configuration or User Configuration. For general information about

startup scripts, see Microso documentation.

Citrix includes sample per-computer startup scripts to install and uninstall CitrixReceiver.exe. The

scripts are located on the Citrix Receiver for Windows Download page.

• CheckAndDeployReceiverPerMachineStartupScript.bat

• CheckAndRemoveReceiverPerMachineStartupScript.bat

When the scripts are executed during Startup or Shutdown of an Active Directory Group Policy, custom

configuration files might be created in the Default User profile of a system. If not removed, these con-

Citrix Receiver for Windows 4.9 LTSR

figuration files can prevent some users from accessing the Receiver logs directory. The Citrix sample

scripts include functionality to properly remove these configuration files.

To use the startup scripts to deploy Receiver with Active Directory:

1. Create the Organizational Unit (OU) for each script.

2. Create a Group Policy Object (GPO) for the newly created OU.

Modify sample scripts

Modify the scripts by editing these parameters in the header section of each file:

• Current Version of package. The specified version number is validated and if it is not present

the deployment proceeds. For example, set DesiredVersion= 3.3.0.XXXX to exactly match the

version specified. If you specify a partial version, for example, 3.3.0, it matches any version with

that prefix (3.3.0.1111, 3.3.0.7777, and so forth).

• Package Location/Deployment directory. This specifies the network share containing the

packages and is not authenticated by the script. The shared folder must have Read permission

for EVERYONE.

• ScriptLogging Directory. This specifies the network share where the install logs are copiedand

is not authenticated by the script. The shared folder must have Read and Write permissions for

EVERYONE.

• Package Installer Command Line Options. These command line options are passed to the

installer. For the command line syntax, see Configure and install Receiver for Windows using

command-line parameters.

To add the per-computer startup scripts

1. Open the Group Policy Management Console.

2. Select Computer Configuration > Policies > Windows Settings > Scripts (Startup/Shutdown).

3. In the right-hand pane of the Group Policy Management Console, select Startup.

4. In the Properties menu, click Show Files, copy the appropriate script to the folder displayed,

and then close the window.

5. In the Properties menu, click Add and use Browse to find and add the newly created script.

To deploy Citrix Receiver for Windows per-computer

1. Move the user devices designated to receive this deployment to the OU you created.

2. Reboot the user device and log on as any user.

3. Verify that Program and Features (Add or Remove Programs in previous OS versions) contains

the newly installed package.

Citrix Receiver for Windows 4.9 LTSR

To remove Citrix Receiver for Windows per-computer

1. Move the user devices designated for the removal to the OU you created.

2. Reboot the user device and log on as any user.

3. Verify that Program and Features (Add or Remove Programs in previous OS versions) removed

the previously installed package.

Use the per-user sample startup scripts

Citrix recommends using per-computer startup scripts. However, for situations where you require

Citrix Receiver for Windows per-user deployments, two Citrix Receiver for Windows per-user scripts

are included on the XenDesktop and XenApp media in the Citrix Receiver for Windows and Plug-

ins\Windows\Receiver\Startup_Logon_Scripts folder.

• CheckAndDeployReceiverPerUserLogonScript.bat

• CheckAndRemoveReceiverPerUserLogonScript.bat

To set up the per-user startup scripts

1. Open the Group Policy Management Console.

2. Select User Configuration > Policies > Windows Settings > Scripts.

3. In the right-hand pane of the Group Policy Management Console, select Logon

4. In the Logon Properties menu, click Show Files, copy the appropriate script to the folder dis-

played, and then close the window.

5. In the Logon Properties menu, click Add and use Browse to find and add the newly created

script.

To deploy Citrix Receiver for Windows per-user

1. Move the users designated to receive this deployment to the OU you created.

2. Reboot the user device and log on as the specified user.

3. Verify that Program and Features (Add or Remove Programs in previous OS versions) contains

the newly installed package.

To remove Citrix Receiver for Windows per-user

1. Move the users designated for the removal to the OU you created.

2. Reboot the user device and log on as the specified user.

3. Verify that Program and Features (Add or Remove Programs in previous OS versions) removed

the previously installed package.

Citrix Receiver for Windows 4.9 LTSR

Deploy Citrix Receiver for Windows from Receiver for Web

August 6, 2018

You can deploy Citrix Receiver for Windows from Citrix Receiver for Web to ensure that you have in-

stalled the Receiver before connecting to an application from a browser. Citrix Receiver for Web site

enable you to access StoreFront stores through a web page. If the Citrix Receiver for Web site detects

that a user does not have a compatible version of Citrix Receiver for Windows, you are prompted to

download and install Citrix Receiver for Windows.

For more information, see

Citrix Receiver for Web sites in the StoreFront documentation.

Email-based account discovery is not supported when Citrix Receiver for Windows is deployed from

Citrix Receiver for Web. If email-based account discovery is configured and a first-time user installs

Citrix Receiver for Windows from Citrix.com, Citrix Receiver for Windows prompts the user for an email

or server address. Entering an email address results in the error message “Your email cannot be used

to add an account.”

Use the following configuration to prompt for the server address only.

1. Download CitrixReceiver.exe to your local computer.

2. Rename CitrixReceiver.exe to CitrixReceiverWeb.exe.

3. Deploy the renamed executable using your regular deployment method. If you use StoreFront,

refer to Configure Receiver for Web sites using the configuration files in the StoreFront docu-

mentation.

Deploy Citrix Receiver for Windows from a Web Interface logon screen

October 26, 2018

This feature is available only for XenDesktop and XenApp releases that support Web Interface.

You can deploy Citrix Receiver for Windows from a web page to ensure that users have it installed

before they try to use the Web Interface. The Web Interface provides a client detection and deploy-

ment process that detects which Citrix clients can be deployed within the user’s environment and

then guides them through the deployment procedure.

You can configure the client detection and deployment process to run automatically when users ac-

cess a XenApp website. If the Web Interface detects that a user does not have compatible version of

Citrix Receiver for Windows, the user is prompted to download and install Citrix Receiver for Windows.

Citrix Receiver for Windows 4.9 LTSR

Email-based account discovery does not apply when Citrix Receiver for Windows is deployed from

Web Interface. If email-based account discovery is configured and a first-time user installs Citrix Re-

ceiver for Windows from Citrix.com, Citrix ReceiverforWindows promptsthe user for an email or server

address. Entering an email address results in the error message “Your email cannot be used to add an

account.” Use the following configuration to prompt for the server address only:

1. Download CitrixReceiver.exe to your local computer.

2. Rename CitrixReceiver.exe to CitrixReceiverWeb.exe.

3. Specify the changed filename in the ClientIcaWin32 parameter in the configuration files for your

XenApp websites.

To use the client detection and deployment process, the Citrix Receiver for Windows installa-

tion files must be available on the Web Interface server. By default, the Web Interface assumes

that the file names of the Citrix Receiver for Windows installation files are the same as the files

supplied on the XenApp or XenDesktop installation media.

4. Add the sites from which the CitrixReceiverWeb.exe file is downloaded to the Trusted Sites zone.

5. Deploy the renamed executable using your regular deployment method.

Deploy using System Center Configuration Manager 2012 R2

November 19, 2018

You can use Microso System Center Configuration Manager (SCCM) to deploy Citrix Receiver for Win-

dows.

Note: Only Citrix Receiver for Windows Version 4.5 and later supports SCCM deployment.

There are four parts to completing the deployment of Citrix Receiver for Windows using SCCM:

1. Adding Citrix Receiver for Windows to the SCCM deployment

2. Adding distribution points

3. Deploying the Receiver soware to the soware center

4. Creating Device Collections

Adding Citrix Receiver for Windows to the SCCM deployment

1. Copy the downloaded Citrix Receiver to a folder on the Configuration Manager server and launch

the Configuration Manager console.

2. Select Soware Library > Application Management. Right-click Application and click Create

Application.

The Create Application wizard appears.

Citrix Receiver for Windows 4.9 LTSR

3. In the General pane, select Manually specify the application information and click Next.

4. In the General Information pane, specify information about the application such as Name,

Manufacturer, Soware version, and so on.

5. In the Application Catalog wizard, specify additional information such as Language, Application

name, User category and so on and click Next.

Note: Users can see the information you specify here.

6. In the Deployment Type pane,click Add to configure the deployment type for Citrix Receiver

setup. The Create Deployment Type wizard appears.

7. In the General pane: Set the deployment type to Windows Installer (*.msi file), select Manually

specify the deployment type information and click Next.

8. In the General Information pane: Specify deployment type details (For example: Receiver De-

ployment) and click

9. In the Content pane:

a) Provide the path where the Citrix Receiver setup file is present. For example: Tools on

SCCM server.

b) Specify Installation program as one of the following:

• CitrixReceiver.exe /silent for default silent installation.

• CitrixReceiver.exe /silent /includeSSON to enable domain pass-through.

• CitrixReceiver.exe /silent SELFSERVICEMODE=false to install receiver in Non-Self Ser-

vice Mode.

c) Specify Uninstall program as CitrixReceiver.exe /uninstall (to enable uninstallation

through SCCM).

10. In the Detection Method pane: Select Configure rules to detect the presence of this deploy-

ment type and click Add Clause. The Detection Rule dialog appears.

11. Set Setting Type to File System.

12. Under Specify the file or folder to detect the application, set the following:

• Type – From the drop-down menu, select File.

• Path – %ProgramFiles (x86)%\Citrix\ICA Client\Receiver

• File or folder name – Receiver.exe

• Property– From the drop-down menu, select Version

• Operator – From the drop-down menu, select Greater than or equal to

• Value – Type 4.3.0.65534

Note: This rule combination applies to Citrix Receiver for Windows upgrades as well.

13. In the User Experience pane, set:

Citrix Receiver for Windows 4.9 LTSR

• Installation behavior - Install for system

• Logon requirement - Whether or not a user is logged on

• Installation program visibility - Normal.

Click Next.

Note: Do not specify any requirements and dependencies for this deployment type.

14. In the Summary pane, verify the settings for this deployment type. Click Next.

A success message appears.

15. In the Completion pane, a new deployment type (Receiver Deployment) is listed under the De-

ployment types.

16. Click Next and click Close.

Add distribution points

1. Right-click Receiver for Windows in the Configuration Manager console and select Distribute

Content.

The Distribute Content wizard appears.

2. In the Content Distribution pane, click Add > Distribution Points. The Add Distribution Points

dialog appears.

3. Browse to the SCCM server where the content is available and click OK. In the Completion pane,

a success message appears

4. Click Close

Deploy the Receiver soware to the soware center

1. Right-click Receiver for Windows in the Configuration Manager console select Deploy.

The Deploy Soware wizard appears.

2. Select Browse against Collection (can be Device Collection or User Collection) where the appli-

cation is to be deployed and click

3. In the Deployment Settings pane, set Action to Install and Purpose to Required (enables unat-

tended installation). Click Next.

4. In the Scheduling pane, specify the schedule to deploy the soware on target devices.

5. In the User Experience pane, set the User notifications behavior; select Commit changes at

deadline or during a maintenance window (requires restart) and click Next to complete the

Deploy Soware wizard. In the Completion pane, a success message appears.

Reboot the target endpoint devices (required only to start installation immediately).

Citrix Receiver for Windows 4.9 LTSR

On endpoint devices, Citrix Receiver for Windows is visible in the Soware Center under Avail-

able Soware. Installation is triggered automatically based on the schedule you configure.

Alternatively, you can also schedule or install on demand. The installation status is displayed in

the Soware Center aer the installation starts.

Creating device collections

1. Launch the Configuration Manager console, click Assets and Compliance > Overview > De-

vices.

2. Right-click Device Collections and select Create Device Collection. The Create Device Collec-

tion wizard appears.

3. In the General pane, type the name for the device and click Browse for Limiting collection. This

determines the scope of devices, which can be one the default Device Collections created by

SCCM. Click Next.

4. In the Membership Rules pane, click Add Rule for filtering the devices. The Create Direct Mem-

bership Rule wizard appears.

• In the Search for Resources pane, select the Attribute name based on the devices you

want to filter and provide the Value for Attribute name to select the devices.

5. Click Next. In the Select Resources pane, select the devices that are required to be part of device

collection. In the Completion pane a success message appears.

6. Click Close.

7. In the Membership rules pane, a new rule is listed. Click Next.

8. In the Completion pane, a success message appears. Click Close to complete the Create Device

Collection wizard. The new device collection is listed in Device Collections. The new device

collection is a part of Device Collections while browsing in Deploy Soware wizard.

Note

When you set the MSIRESTARTMANAGERCONTROL attribute to False, deploying Citrix Receiver

for Windows using SCCM might not be successful.

As per our analysis, Citrix Receiver for Windows is NOT the cause of this failure. Also, retrying

might yield successful deployment.

Configure

October 26, 2018

Citrix Receiver for Windows 4.9 LTSR

When using Citrix Receiver for Windows soware, the following configuration steps allow users to ac-

cess their hosted applications and desktops:

• Configure your application delivery and Configure your XenDesktop environment. Ensure your

XenApp environment is configured correctly. Understand your options and provide meaningful

application descriptions for your users.

• Configure self-service mode by adding a StoreFront account to Citrix Receiver for Windows. This

mode allows users to subscribe to applications from the Citrix Receiver for Windows user inter-

face.

• Configure with the Group Policy Object administrative template

• Provide users with account information. Provide users with the information they need to set

up access to accounts hosting their virtual desktops and applications. In some environments,

users must manually set up access to those accounts.

If you have users who connect from outside the internal network (for example, users who connect

from the Internet or from remote locations), configure authentication through NetScaler Gateway.

For more information, see Authentication and Authorization in NetScaler Gateway documentation.

Configuring application delivery

June 19, 2019

When delivering applications with XenDesktop or XenApp, consider the following options to enhance

the user experience:

• Web Access Mode - Without any configuration, Citrix Receiver for Windows provides browser-

based access to applications and desktops. You can open a browser to a Receiver for Web or

Web Interface site to select and use the applications you want. In this mode, no shortcuts are

placed on the user’s desktop.

• Self Service Mode - By adding a StoreFront account to Citrix Receiver for Windows or configur-

ing Citrix Receiver for Windows to point to a StoreFront site, you can configure self-service mode,

which allows you to subscribe to applications from the Citrix Receiver for Windows user inter-

face. This enhanced user experience is similar to that of a mobile app store. In a self-service

mode, you can configure mandatory, auto-provisioned and featured app keyword settings as

required.

Note: By default, Citrix Receiver for Windows allows you to select the applications to display in the

Start menu.

• App shortcut-only mode - As a Citrix Receiver for Windows administrator, you can configure Cit-

rix Receiver for Windows to automatically place application and desktop shortcuts directly in

the Start menu or on the desktop in a similar way that Citrix Receiver for Windows Enterprise

Citrix Receiver for Windows 4.9 LTSR

places them. The new shortcut only mode allows you to find all the published apps within the

familiar Windows navigation schema where you would expect to find them.

For information on delivering applications using XenApp and XenDesktop 7, see Create a Delivery

Group application.

Note: Include meaningful descriptions for applications in a Delivery Group. Descriptions are visible

to Citrix Receiver for Windows users when using Web access or self-service mode.

Configuring NetScaler Gateway Store

Citrix recommends using the Group Policy Object administrative template to configure rules for net-

work routing, proxy servers, trusted server configuration, user routing, remote user devices, and user

experience.

You can use the receiver.admx / receiver.adml template files with domain policies and local computer

policies. For domain policies, import the template file using the Group Policy Management console.

This is especially useful for applying Citrix Receiver for Windows settings to a number of dierent user

devices throughout the enterprise. To aect a single user device, import the template file using the

local Group Policy Editor on the device.

To add or specify a NetScaler Gateway using Group Policy Object administrative template:

1. As an administrator, open the Citrix Receiver Group Policy Object administrative template by

running gpedit.msc.

• If applying the policy on a single computer, launch it from the Start menu.

• If applying on domain policies, launch it by using the Group Policy Management console

2. Under the Computer Configuration node, go to Administrative Templates > Classic Administra-

tive Templates (ADM) > Citrix Components > Citrix Receiver > StoreFront, an select NetScaler

Gateway URL/StoreFront Accounts List.

3. Edit the settings.

• Store name – Indicates the displayed store name

• Store URL – Indicates the URL of the store

• #Store name – Indicates the name of the store behind NetScaler Gateway

• Store enabled state –Indicates the state of the store, On/O

• Store Description – Provides description of the store

4. Add or specify the NetScaler URL. Enter the name of the URL, delimited by a semi-colon:

Example:

HRStore; https://dtls.blrwinrx.com\##Store name;On; Store for HR staff

Where #Store name is the name of store behind NetScaler Gateway; dtls.blrwinrx.com is the

Citrix Receiver for Windows 4.9 LTSR

NetScaler URL.

When Citrix Receiver for Windows is launched aer adding the Netscaler Gateway using GPO, the

following message appears in the notification area.

Limitations:

1. NetScaler URL should be listed as first followed by StoreFront URL(s).

2. Multiple NetScaler URLs are not supported.

3. Any change in NetScaler URL requires the Citrix Receiver for Windows to be reset for the changes

to take eect.

4. NetScalerGateway URL configuredusing this method does not support PNA Services site behind

NetScaler Gateway.

Configure self-service mode

By simply adding a StoreFront account to Citrix Receiver or configuring Citrix Receiver to point to a

StoreFront site, you can configure self-service mode, which allows users to subscribe to applications

from the Receiver user interface. This enhanced user experience is similar to that of a mobile app

store.

Note: By default, Citrix Receiver for Windows allows users to select the applications they want to dis-

play in their Start menu.

In self-service mode, you can configure mandatory, auto-provisioned and featured app keyword set-

tings as needed.

Append keywords to the descriptions you provide for delivery group applications:

• To make an individual app mandatory, so that it cannot be removed from Citrix Receiver for

Windows, append the string KEYWORDS:Mandatory to the application description. There is no

Remove option for users to unsubscribe to mandatory apps.

• To automatically subscribe all users of a store to an application, append the string KEY-

WORDS:Auto to the description. When users log on to the store, the application is automatically

provisioned without users needing to manually subscribe to the application.

• To advertise applications to users or to make commonly used applications easier to find by list-

ing them in the Citrix Receiver Featured list, append the string KEYWORDS:Featured to the ap-

plication description.

Customize the app shortcut location using the Group Policy Object template

Note

You should make changes to group policy before configuring a store. If at any time you want to

customize the group policies, reset Citrix Receiver, configure the group policy, and then recon-

Citrix Receiver for Windows 4.9 LTSR

figure the store.

As an administrator, you can configure shortcuts using group policy.

1. Open the Local Group Policy Editor by running the command gpedit.msc locally from the Start

menu when applying policies to a single computer or by using the Group Policy Management

Console when applying domain policies.

2. In the le pane of the Group Policy Editor, select the Administrative Templates folder.

3. From the Action menu, choose Add/Remove Templates.

4. Choose Add, browse to the Receiver Configuration folder and then select receiver.admx (or re-

ceiver.adml)

5. Select Open to add the template and then Close to the return to the Group Policy Editor.

6. In the Group Policy Editor, got to Administrative Templates > Classic Administrative Templates

(ADM) > Citrix Components > Citrix Receiver > Self Service.

7. Select Manage SelfServiceMode to enable or disable the self-service Receiver user interface.

8. Choose Manage App Shortcut to enable or disable:

• Shortcuts on Desktop

• Shortcuts in Start menu

• Desktop Directory

• Start menu Directory

• Category path for Shortcuts

• Remove apps on logo

• Remove apps on exit

9. Choose Allow users to Add/Remove account to give users privileges to add or remove more than

one account.

Using StoreFront account settings to customize app shortcut locations

You can set up shortcuts in the Start menu and on the desktop from the StoreFront site. The fol-

lowing settings can be added in the web.config file in C:\inetpub\wwwroot\Citrix\Roaming in the

<annotatedServices> section:

• To put shortcuts on the desktop, use PutShortcutsOnDesktop. Settings: “true” or “false” (de-

fault is false).

• To put shortcuts in the Start menu, use PutShortcutsInStartMenu. Settings: “true” or “false”

(default is true).

• To use the category path in the Start menu, use UseCategoryAsStartMenuPath. Settings: “true”

or “false” (default is true).

Citrix Receiver for Windows 4.9 LTSR

NOTE: Windows 8/8.1 and Windows 10 do not allow the creation of nested folders within the Start

Menu. Applications will be displayed individually or under the root folder but not within Category sub

folders defined with XenApp.

• To set a single directory for all shortcuts in the Start menu, use StartMenuDir. Setting: String

value, being the name of the folder into which shortcuts are written.

• To reinstall modified apps, use AutoReinstallModifiedApps. Settings: “true” or “false” (default

is true).

• To show a single directory for all shortcuts on the desktop, use DesktopDir. Setting: String value,

being the name of the folder into which shortcuts are written.

• To not create an entry on the clients ‘add/remove programs’, useDontCreateAddRemoveEntry.

Settings: “true” or “false” (default is false).

• To remove shortcuts and Receiver icon for an application that was previously available from

the Store but now is not available, use SilentlyUninstallRemovedResources. Settings: “true” or

“false” (default is false).

In the web.config file, the changes should be added in the XML section for the account. Find this sec-

tion by locating the opening tab:

<account id=… name=”Store”

The section ends with the </account> tag.

Before the end of the account section, in the first properties section:

Properties can be added into this section aer the <clear /> tag, one per line, giving the name and

value. For example:

Note: Property elements added before the <clear /> tag may invalidate them. Removing the <clear />

tag when adding a property name and value is optional.

An extended example for this section is:

<properties><property name=”PutShortcutsOnDesktop” value=”True”/> <property name=”DesktopDir”

value=”Citrix Applications” />

Important

In multiple server deployments, use only one server at a time to make changes to the configura-

tion of the server group. Ensure that the Citrix StoreFront management console is not running

on any of the other servers in the deployment. Once complete, propagate your configuration

changes to the server group, so that the other servers in the deployment are updated.

Citrix Receiver for Windows 4.9 LTSR

Using per app settings in XenApp and XenDesktop 7.x to customize app shortcut

locations

Citrix Receiver can be configured to automatically place application and desktop shortcuts directly in

the Start Menu or on the desktop. This functionality was similar to previously released versions of Cit-

rix Receiver, however, release 4.2.100 introduced the ability to control app shortcut placement using

XenApp per app settings. This functionality is useful in environments with a handful of applications

that need to be displayed in consistent locations.

If you want to set the location of shortcuts so every user finds them in the same place use XenApp per

App Settings:

If you want per-app settings to determine

where applications are placed independently

of whether in self-service mode or Start Menu

mode…

configure Receiver with

PutShortcutsInStartMenu=false and enable

per app settings. Note: This setting applies to

the Web interface site only.

Note:

The PutShortcutsInStartMenu=false setting applies to both XenApp 6.5 and XenDesktop 7.x.

Using per app settings in XenApp 7.6 to customize app shortcut locations

To configure a per app publishing shortcut in XenApp 7.6:

1. In Citrix Studio, locate the Application Settings screen.

2. In the Application Settings screen, select Delivery. Using this screen, you can specify how ap-

plications are delivered to users.

3. Select the appropriate icon for the application. Click Change to browse to the location of the

desired icon.

4. In the Application category field, optionally specify the category in Receiver where the appli-

cation appears. For example, if you are adding shortcuts to Microso Oice applications, enter

Microso Oice.

5. Select the Add shortcut to user’s desktop checkbox.

6. Click OK.

Citrix Receiver for Windows 4.9 LTSR

Reducing enumeration delays or digitally signing application stubs

If users experience delays in app enumeration at each logon, or if there is a need to digitally sign ap-

plication stubs, Receiver provides functionality to copy the .EXE stubs from a network share.

This functionality involves a number of steps:

1. Create the application stubs on the client machine.

2. Copy the application stubs to a common location accessible from a network share.

3. If necessary, prepare a white list (or, sign the stubs with an Enterprise certificate.

4. Add a registry key to enable Receiver to create the stubs by copying them from the network

share.

If RemoveappsOnLogo and RemoveAppsonExit are enabled, and users are experiencing delays in

app enumeration at every logon, use the following workaround to reduce the delays:

1. Use regedit to add HKCU\Soware\Citrix\Dazzle /v ReuseStubs /t REG_SZ /d “true”.

2. Use regedit to add HKLM\Soware\Citrix\Dazzle /v ReuseStubs /t REG_SZ /d “true”. HKCU has

preference over HKLM.

Caution: Editing the Registry incorrectly can cause serious problems that may require you to reinstall

your operating system. Citrix cannot guarantee that problems resulting from the incorrect use of Reg-

istry Editor can be solved. Use Registry Editor at your own risk. Be sure to back up the registry before

you edit it.

Enable a machine to use pre-created stub executables that are stored on a network share:

1. On a client machine, create stub executables for all of the apps. To accomplish this, add all the

applications to the machine using Receiver; Receiver generates the executables.

2. Harvest the stub executables from %APPDATA%\Citrix\SelfService. You only need the .exe files.

3. Copy the executables to a network share.

4. For each client machine that will be locked down, set the following registry keys:

a) Regadd HKLM\Soware\Citrix\Dazzle/v CommonStubDirectory /t REG_SZ /d “\ShareOne\ReceiverStubs”

b) Reg add HKLM\Soware\Citrix\Dazzle /v

c) opyStubsFromCommonStubDirectory /t REG\SZ /d “true”. It’s also possible to configure

these settings on HKCU if you prefer. HKCU has preference over HKLM.

d) Exit and restart Receiver to test the settings.

Example use cases

This topic provides use cases for app shortcuts.

Citrix Receiver for Windows 4.9 LTSR

Allowing users to choose what they want in the Start Menu (Self-Service)

If you have dozens (or even hundreds) of apps, it’s best to allow users to select which applications

they want to favorite and add to the Start Menu:

If you want the user to choose the applications

they want in their Start Menu…

configure Citrix Receiver in self-service mode.

In this mode you also configure

auto-provisioned and mandatory app keyword

settings as needed.

If you want the user to choose the applications

they want in their Start Menu but also want

specific app shortcuts on the desktop…

configure Citrix Receiver without any options

and then use per app settings for the few apps

that you want on the desktop. Use auto

provisioned and mandatory apps as needed.

No app shortcuts in the Start Menu

If a user has a family computer, you might not need or want app shortcuts at all. In such scenarios, the

simplest approach is browser access; install Citrix Receiver without any configuration and browse to

Citrix Receiver for Web and Web interface. You can also configure Citrix Receiver for self-service access

without putting shortcuts anywhere.

If you want to prevent Citrix Receiver from

putting application shortcuts in the Start Menu

automatically…

configure Citrix Receiver with

PutShortcutsInStartMenu=False. Citrix

Receiver will not put apps in the Start Menu

even in self-service mode unless you put them

there using per app settings.

All app shortcuts in the Start Menu or on the Desktop

If the user has only a few apps, you can put them all in the Start Menu or all on the desktop, or in a

folder on the desktop.

Citrix Receiver for Windows 4.9 LTSR

If you want Citrix Receiver to put all application

shortcuts in the start menu automatically…

configure Citrix Receiver with SelfServiceMode

=False. All available apps will appear in the

Start Menu.

If you want all application shortcuts to put on

desktop…

configure Citrix Receiver with

PutShortcutsOnDesktop = true. All available

apps will appear in the desktop.

If you want all shortcuts to be put on the

desktop in a folder…

configure Citrix Receiver with

DesktopDir=Name of the desktop folder where

you want applications.

Per app settings in XenApp 6.5 or 7.x

If you want to set the location of shortcuts so every user finds them in the same place use XenApp per

App Settings:

If you want per-app settings to determine

where applications are placed independently

of whether in self-service mode or Start Menu

mode…

configure Citrix Receiver with

PutShortcutsInStartMenu=false and enable

per app settings.

Note:

This setting applies to

the Web Interface site only.

Apps in category folders or in specific folders

If you want applications displayed in specific folders use the following options:

If you want the application shortcuts Citrix

Receiver places in the start menu to be shown

in their associated category (folder)…

configure Citrix Receiver with

UseCategoryAsStartMenuPath=True. Note:

Windows 8/8.1 and Windows 10 do not allow

the creation of nested folders within the Start

Menu. Applications will be displayed

individually or under the root folder but not

within Category sub folders defined with

XenApp.

Citrix Receiver for Windows 4.9 LTSR

If you want the applications that Citrix Receiver

puts in the Start menu to be in a specific

folder…

configure Citrix Receiver with

StartMenuDir=the name of the Start Menu

folder name.

Remove apps on logo or exit

If you don’t want users to see apps if another user is going to share the end point, you can ensure that

apps are removed when the user logs o and exits

If you want Citrix Receiver to remove all apps

on logo…

configure Citrix Receiver with

RemoveAppsOnLogo=True.

If you want Citrix Receiver to remove apps on

exit…

configure Citrix Receiver with

RemoveAppsOnExit=True.

Configuring local app access applications

When configuring local app access applications:

• To specify that a locally installed application should be used instead of an application available

in Citrix Receiver, append the string KEYWORDS:prefer=”pattern”. This feature is referred to as

Local App Access.

Before installing an application on a user’s computer, Citrix Receiver searches for the specified

patterns to determine if the application is installed locally. If it is, Citrix Receiver subscribes the

application and does not create a shortcut. When the user starts the application from the Citrix

Receiver window, Citrix Receiver starts the locally installed (preferred) application.

If a user uninstalls a preferred application outside of Citrix Receiver, the application is unsub-

scribed during the next Citrix Receiver refresh. If a user uninstalls a preferred application from

the Citrix Receiver window, Citrix Receiver unsubscribes the application but does not uninstall

it.

Note: The keyword prefer is applied when Citrix Receiver subscribes an application. Adding the

keyword aer the application is subscribed has no eect.

You can specify the prefer keyword multiple times for an application. Only one match is needed

to apply the keyword to an application. The following patterns can be used in any combination:

Citrix Receiver for Windows 4.9 LTSR

• To specify that a locally installed application should be used instead of an application available

in Citrix Receiver, append the string KEYWORDS:prefer=”pattern”. This feature is referred to as

Local App Access.

Before installing an application on a user’s computer, Citrix Receiver searches for the specified

patterns to determine if the application is installed locally. If it is, Citrix Receiver subscribes the

application and does not create a shortcut. When the user starts the application from the Citrix

Receiver window, Citrix Receiver starts the locally installed (preferred) application.

If a user uninstalls a preferred application outside of Citrix Receiver, the application is unsub-

scribed during the next Citrix Receiver refresh. If a user uninstalls a preferred application from

the Citrix Receiver window, Citrix Receiver unsubscribes the application but does not uninstall

it.

Note: The keyword prefer is applied when Citrix Receiver subscribes an application. Adding the

keyword aer the application is subscribed has no eect.

You can specify the prefer keyword multiple times for an application. Only one match is needed to

apply the keyword to an application. The following patterns can be used in any combination:

• prefer=”ApplicationName”

The application name pattern matches any application with the specified application name in

the shortcut file name. The application name can be a word or a phrase. Quotation marks are re-

quired for phrases. Matching is not allowed on partial words or file paths and is case-insensitive.

The applicationname matching pattern is useful for overrides performed manually by an admin-

istrator.

KEYWORDS:prefer= Shortcut under Programs Matches?

Word \Microso Oice\Microso

Word 2010

Yes

“Microso Word” \Microso Oice\Microso

Word 2010

Yes

Console \McAfee\VirusScan Console Yes

Virus \McAfee\VirusScan Console No

McAfee \McAfee\VirusScan Console No

• prefer=”\\Folder1\Folder2...\ApplicationName”

The absolute path pattern matches the entire shortcut file path plus the entire application name

under the Start menu. The Programs folder is a sub folder of the Start menu directory, so you

must include it in the absolute path to target an application in that folder. Quotation marks

are required if the path contains spaces. The matching is case-sensitive. The absolute path

Citrix Receiver for Windows 4.9 LTSR

matching pattern is useful for overrides implemented programmatically in XenDesktop.

*KEYWORDS:prefer= Shortcut under Programs Matches?

“\Programs\Microso

Oice\Microso Word 2010”

\Programs\Microso

Oice\Microso Word 2010

Yes

“\Microso Oice” \Programs\Microso

Oice\Microso Word 2010

“\Microso Word 2010” \Programs\Microso

Oice\Microso Word 2010

“\Programs\Microso Word

2010”

2010” \Programs\Microso

Word 2010

Yes

• prefer=”\Folder1\Folder2…\ApplicationName”

The relative path pattern matches the relative shortcut file path under the Start menu. The rel-

ative path provided must contain the application name and can optionally include the folders

where the shortcut resides. Matching is successful if the shortcut file path ends with the rela-

tive path provided. Quotation marks are required if the path contains spaces. The matching

is case-sensitive. The relative path matching pattern is useful for overrides implemented pro-

grammatically.

KEYWORDS:prefer= Shortcut under Programs Matches?

“\Microso Oice\Microso

Word 2010”

\Microso Oice\Microso

Word 2010

Yes

“\Microso Oice”

\Microso Oice\Microso

Word 2010

“\Microso Word 2010” \Microso Oice\Microso

Word 2010

Yes

“\Microso Word” \Microso Word 2010 No

For information about other keywords, see “Additional recommendations” in Optimize the user expe-

rience in the StoreFront documentation.

Citrix Receiver for Windows 4.9 LTSR

Configuring your XenDesktop environment

October 26, 2018

Aer the Citrix Receiver for Windows is installed, the following configuration steps allow users to ac-

cess their hosted applications and desktops:

• Adaptive transport - Adaptive transport optimizes data transport by applying a new Citrix proto-

col called Enlightened Data Transport (EDT) in preference to TCP whenever possible. For more

information about configuring adaptive transport, see Configuring adaptive transport.

• Auto-update - Auto-update provides automatic updates for Citrix Receiver for Windows and for

the HDX RealTime Optimization Pack without the need to download updates manually. For

more information about configuring auto-update, see Configuring auto-update.

• Bidirectional content redirection - The bidirectional content redirection allows you to enable or

disable client to host and host to client URL redirection. For more information on configuring

bidirectional content redirection, see Configuring bidirectional content redirection.

• Bloomberg keyboards - Specialist USB devices (for example, Bloomberg keyboards and 3-D

mice) can be configured to use USB support. For information on configuring Bloomberg key-

boards, see Configure Bloomberg keyboards.

• Composite USB Device - A composite USB device has the ability to perform more than one func-

tion. This is accomplished by exposing each of those functions using dierent interfaces. For

more information on configuring composite USB device, see Configuring composite USB device.

• USB support - USB support enables users to interact with a wide range of USB devices when con-

nected to a virtual desktop. For more information on configuring USB support, see Configuring

USB support.

Configuring adaptive transport

October 26, 2018

Requirements

• XenApp and XenDesktop 7.12 and later (required to enable the feature using Citrix Studio).

• StoreFront 3.8.

• IPv4 VDAs only. IPv6 and mixed IPv6 and IPv4 configurations are not supported.

• Add firewall rules to allow inbound traic on UDP ports 1494 and 2598 of the VDA.

Note

TCP ports 1494 and 2598 are also required and opened automatically when you install the VDA.

Citrix Receiver for Windows 4.9 LTSR

However, UDP ports 1494 and 2598 are not automatically opened. You must enable them.

Adaptive transport must be configured on the VDA by applying the policy before it is available for

communication between the VDA and Citrix Receiver.

By default, the adaptive transport is allowed in Citrix Receiver for Windows. However, also by default,

the client attempts to use adaptive transport only if the VDA is configured to Preferred in the Citrix

Studio policy and if the setting has been applied on the VDA.

You can enable adaptive transport using the HDX Adaptive Transport policy setting. Set the new

policy to Preferred to use adaptive transport when possible, with fallback to TCP.

To disable adaptive transport on a specific client, set the EDT options appropriately using the Citrix

Receiver Group Policy Object administrative template.

To configure adaptive transport using the Citrix Receiver Group Policy Object

administrative template (optional)

The following are optional configuration steps to customize your environment. For example, you may

choose to disable the feature for a particular client for security reasons.

Note

By default, adaptive transport is disabled (O) and TCP is always used.

1. As an administrator, open the Citrix Receiver Group Policy Object administrative template by

running gpedit.msc.

• If you are applying the policy on a single computer, launch it from the Start menu.

• If you are applying the policy on a domain, launch it by using the GroupPolicy Management

console.

For information on how to import the Citrix Receiver for Windows administrative template files

into the Group Policy Editor, see Configuring Citrix Receiver for Windows with the Group Policy

Object template.

2. Under the Computer Configuration node, go to Administrative Templates > Citrix Receiver >

Network routing.

3. Set the Transport protocol for Receiver policy to Enabled.

4. Select Communication Protocol for Citrix Receiver as required.

• O: Indicates that TCP is used for data transfer.

• Preferred: Indicates that the Citrix Receiver tries to connect to the server using UDP at first

and then switches to TCP as a fallback.

• On: Indicates that the Citrix Receiver connects to the server using UDP only. There is no

fallback to TCP with this option.

Citrix Receiver for Windows 4.9 LTSR

5. Click Apply and OK.

6. From a command line, run the gpupdate /force command.

Additionally, for the adaptive transport configuration to take eect, the user is required to add the

Citrix Receiver Windows template files to the Policy Definitions folder. For more informationon adding

admx/adml template files to the local GPO, see Configuring Citrix Receiverfor Windows with the Group

Policy Object template.

To confirm that the policy setting has taken eect:

Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Citrix\ICA Client\Engine\Lockdown Pro-

files\All Regions\Lockdown\Network\UDT and verify that the key HDXOverUDP is included.

Configuring auto-update

September 9, 2019

When you configure auto-update from Citrix Receiver for Windows, follow the methods below in the

order of priority:

1. Group Policy Object administrative template

2. Command line interface

3. Advanced Preferences (per-user)

Configuring using the Group Policy Object administrative template

1. As an administrator, open the Citrix Receiver Group Policy Object administrative template by

running gpedit.msc.

• If you are applying the policy on a single computer, launch the Citrix Receiver Group Policy

Object administrative template from the Start menu.

• If you are applying the policy on a domain, launch the Citrix Receiver Group Policy Object

administrative template by using the Group Policy Management console.

2. Under the Computer Configuration node, go to Administrative Templates > Citrix Compo-

nents > Citrix Receiver > AutoUpdate.

3. Select the Set the Delay in Checking for Update policy. This policy allows you to stage the

rollout for a period.

4. Select Enabled, and from the Delay Group drop-down, select one of the following options:

Citrix Receiver Updates rollout does happen to all users at the same time. It depends on the delivery

period and delay groups. Ideally, delivery period spans for 30 days. So, user gets Receiver and related

plug-ins updates any day between day 01 and day 30.

Citrix Receiver for Windows 4.9 LTSR

Based on the delay group configuration, updates are available at the beginning, the middle, or the

end of the delivery period.

The delay groups are categorized as follows:

• Fast – Update rollout happens at the beginning of the delivery period.

• Medium – Update rollout happens at the mid-delivery period.

• Slow – Update rollout happens at the end of the delivery period.

1. Click Apply and OK to save the policy.

2. In the AutoUpdate Templates section, select the Enable or Disable AutoUpdate policy.

3. Select Enabled and set the values as required:

• From the Enable AutoUpdate Policy drop-down, select one of the following options:

– Auto – You are notified when an update is available (default).

– Manual

– You are not notified when updates are available. Check for updates manu-

ally.

• Select LTSR ONLY to get updates for LTSR only.

• From the auto-update-DeferUpdate-Count drop-down, select a value between -1 and 30,

where

– -1 – indicates that you can defer the notifications any number of times (default value=-

1).

– 0 – indicates that the Remind me later option is not displayed.

– Any other number – indicates that the Remind me later option is displayed in that

count. For example, if you set the value to 10, the Remind me later option is displayed

10 times.

4. Click Apply and OK to save the policy.

Configuring using the command line interface

While installing Citrix Receiver for Windows

To configure auto-update settings as an administrator using command-line settings during Citrix Re-

ceiver installation:

• /AutoUpdateCheck = auto/manual/disabled

• /AutoUpdateStream= LTSR/Current. Where, LTSR refers to Long Term Service Release and Cur-

rent refers to the current release.

• /DeferUpdateCount= any value between -1 and 30

• /AURolloutPriority= auto/fast/medium/slow

Forexample: CitrixReceiver.exe / AutoUpdateCheck=auto /AutoUpdateStream= Current /DeferUpdateCount=-

1 / AURolloutPriority= fast

Citrix Receiver for Windows 4.9 LTSR

• To configure auto-update settings as a user using command-line settings during Citrix Receiver

installation

– /AutoUpdateCheck=auto/manual

For example: CitrixReceiver.exe / AutoUpdateCheck=auto

Editing auto-update settings using the Group Policy Object administrative template overrides the set-

tings applied during Citrix Receiver for Windows installation for all users.

Aer Citrix Receiver for Windows installation

Auto-update can be configured aer installing Citrix Receiver for Windows.

To use the command line:

Open Windows Command Prompt and change the directory to where CitrixReceiverUpdater.exe

is located. Typically, CitrixReceiverUpdater.exe is located at CitrixReceiverInstallLocation\Citrix\Ica

Client\Receiver.

You can also set the auto-update command-line policy using this binary.

For example: Administrators can use all the four options:

• CitrixReceiverUpdater.exe/ AutoUpdateCheck=auto /AutoUpdateStream= STSR /DeferUpdateCount=-

1 / AURolloutPriority= fast

Configuring using the graphical user interface

An individual user can override the auto-update setting using the Advanced Preferences dialog. This

is a per-user configuration and the settings apply only to the current user.

1. Right-click Citrix Receiver for Windows from the notification area.

2. Select Advanced Preferences and click Auto Update.

The auto-update dialog appears.

3. Select one of the following options:

• Yes, notify me

• No, don’t notify me

• Use administrator specified settings

4. Click Save.

Configuring Auto-update using StoreFront

1. Use a text editor to open the web.configfile, which is typically locatedin the C:\inetpub\wwwroot\Citrix\Roaming

directory.

Citrix Receiver for Windows 4.9 LTSR

2. Locate the user account element in the file (Store is the account name of your deployment)

For example: <account id=… name=”Store”>

Before the </account> tag, navigate to the properties of that user account:

</properties>

3. Add the auto-update tag aer <clear /> tag.

<account id=”d1197d2c-ac82-4f13-9346-2ee14d4b0202” name=”F84Store”

description=”” published=”true” updaterType=”Citrix” remoteAccessType=”None”>

</plugins>

</trustSettings>

</properties>

</metadata>

</annotatedServiceRecord>

</annotatedServices>

Citrix Receiver for Windows 4.9 LTSR

</plugins>

</trustSettings>

</properties>

</metadata>

</account>

auto-update-Check

This indicates that Citrix Receiver for Windows detects when an update is available.

Valid values:

• Auto – You are notified when an update is available (default).

• Manual –You are not notified when updates are available. Check for updates manually.

• Disabled – Disable auto-update.

auto-update-LTSR-Only

This indicates that Citrix Receiver for Windows must accept updates only for LTSR.

Valid values:

• True – auto-updates checks only for LTSR updates of Citrix Receiver for Windows

• False – auto-update checks for non-LTSR updates of Citrix Receiver for Windows as well.

auto-update-DeferUpdate-Count

This indicates the number of counts you can defer the notifications. The Remind me later option is

displayed in the count of the set value.

Valid values:

• -1 – indicates that you can defer the notifications any number of times (default value=-1).

Citrix Receiver for Windows 4.9 LTSR

• 0 – indicates that the Remind me later option is not displayed.

• Any other number – indicates that the Remind me later option is displayed in that count. For

example, if you set the value to 10, the Remind me later option is displayed 10 times.

auto-update-Rollout-Priority:

This indicates the period that you can set for the rollout.

Valid values:

• Fast – Update rollout happens at the beginning of the delivery period.

• Medium – Update rollout happens at the mid-delivery period.

• Slow – Update rollout happens at the end of the delivery period.

Limitations:

1. Your system must have access to the internet.

2. Receiver for Web users cannot download the StoreFront policy automatically.

3. If you have configured an SSL intercepting outbound proxy, you must add an exception to the Re-

ceiver auto-update Signature service https://citrixupdates.cloud.com/ and the down-

load location https://downloadplugins.citrix.com/.

4. By default, auto-update is disabled on the VDA. This includes RDS multi-user server machines,

VDI and RemotePC machines.

5. auto-update is disabled on machines where Desktop Lock is installed.

Configuring bidirectional content redirection

November 12, 2018

You can enable bidirectional content redirection by using one of the following:

1. Group Policy Object administrative template

2. Registry

Note

• Bidirectional content redirection does not work on session where Local App Access is en-

abled.

• Bidirectional content redirection must be enabled both on the server and the client. When

it is disabled either on the server or the client, the functionality is disabled.

Citrix Receiver for Windows 4.9 LTSR

To enable bidirectional content redirection using the Group Policy Object

administrative template

Use Group Policy Object administrative template configuration for a first-time installation of Citrix

Receiver for Windows.

1. As an administrator, open the Citrix Receiver Group Policy Object administrative template by

running gpedit.msc.

• If you are applying the policy on a single computer, launch it from the Start menu.

• If you are applying the policy on a domain, launch it by using the GroupPolicy Management

console.

2. Under the User Configuration node, go to Administrative Templates > Classic Administrative

Templates (ADM) > Citrix Components > Citrix Receiver > User experience.

3. Select the Bidirectional Content Redirection policy.

4. Edit the settings.

Note:

When you include URLs, you can specify a single URL or a semi-colon delimited list of URLs. You

can use an asterisk (*) as a wildcard.

5. Click Apply and OK.

6. From a command line, run the gpupdate /force command.

To enable bidirectional content redirection using the registry

To enable bidirectional content redirection, run the redirector.exe /RegIE command from the Citrix

Receiver for Windows installation folder (C:\Program Files (x86)\Citrix\ICA Client).

Limitations:

• No fallback mechanism is present if redirection fails due to session launch issues.

Important:

• Ensure that redirection rules do not result in a looping configuration. A looping configuration,

for example results if VDA rules are set so that a URL, https://www.my_company.com, is con-

figured to be redirected to the client, and the same URL is configured to be redirected to the

VDA.

• URL redirection supports only explicit URLs (those appearing in the address bar of the browser

or found using the in-browser navigation, depending on the browser).

• If two applications with same display name are configured to use multiple StoreFront accounts,

the display name in the primary StoreFront account is used for launching the application or a

desktop session.

Citrix Receiver for Windows 4.9 LTSR

• New browser window opens only when URL is redirected to the client. When URL is redirected

to VDA, if the browser is already open, then the redirected URL opens in the new tab.

• Embedded links in files like documents, emails, pdfs is supported.

Configuring Bloomberg keyboards

August 6, 2018

Citrix Receiver for Windows supports the use of Bloomberg Keyboard in a XenApp and XenDesktop

session. The required components are installed with the plug-in. You can enable the Bloomberg key-

board feature during Citrix Receiver for Windows installation or by using the registry

Multiple sessions to Bloomberg keyboards are not recommended. The keyboard only operates cor-

rectly in single-session environments.

To enable or disable Bloomberg keyboard support:

Caution: Editing the registry incorrectly can cause serious problems that may require you to reinstall

your operating system. Citrix cannot guarantee that problems resulting from the incorrect use of Reg-

istry Editor can be solved. Use Registry Editor at your own risk. Be sure to back up the registry before

you edit it.

1. Locate the following key in the registry:

HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\GenericUSB

2. Do one of the following:

• To turn on this feature, for the entry with Type DWORD and Name EnableBloombergHID,

set Value to 1.

• To turn o this feature, set the Value to 0.

For more information on configuring Bloomberg Keyboard, see Knowledge Center article CTX122615.

To prevent the Desktop Viewer window from dimming

If users have multiple Desktop Viewer windows, by default the desktops that are not active are

dimmed. If users need to view multiple desktops simultaneously, this can make the information on

them unreadable. You can disable the default behavior and prevent the Desktop Viewer window

from dimming by editing the Registry.

Caution: Editing the registry incorrectly can cause serious problems that may require you to reinstall

your operating system. Citrix cannot guarantee that problems resulting from the incorrect use of Reg-

istry Editor can be solved. Use Registry Editor at your own risk. Be sure to back up the registry before

you edit it.

Citrix Receiver for Windows 4.9 LTSR

1. On the user device, create a REG_DWORD entry called DisableDimming in one of the following

keys, depending on whether you want to prevent dimming for the current user of the device or

the device itself. An entry already exists if the Desktop Viewer has been used on the device:

• HKEY_CURRENT_USER\Soware\Citrix\XenDesktop\DesktopViewer

• HKEY_LOCAL_MACHINE\Soware\Citrix\XenDesktop\DesktopViewer

Optionally, insteadof controlling dimming with the above user or device settings, you can define

a local policy by creating the same REG_WORD entry in one of the following keys:

• HKEY_CURRENT_USER\Soware\Policies\Citrix\XenDesktop\DesktopViewer

• HKEY_LOCAL_MACHINE\Soware\Policies\Citrix\XenDesktop\DesktopViewer

The use of these keys is optional because XenDesktop administrators, rather than plug-in ad-

ministrators or users, typically control policy settings using Group Policy. So, before using these

keys, check whether your XenDesktop administrator has set a policy for this feature.

2. Set the entry to any non-zero value such as 1 or true.

If no entries are specified or the entry is set to 0, the Desktop Viewer window is dimmed. If

multiple entries are specified, the following precedence is used. The first entry that is located

in this list, and its value, determine whether the window is dimmed:

a) HKEY_CURRENT_USER\Soware\Policies\Citrix\…

b) HKEY_LOCAL_MACHINE\Soware\Policies\Citrix\…

c) HKEY_CURRENT_USER\Soware\Citrix\…

d) HKEY_LOCAL_MACHINE\Soware\Citrix\…

Configuring composite USB device redirection

October 26, 2018

Configuring composite USB redirection using the Group Policy Object administrative

template

1. As an administrator, open the Citrix Receiver Group Policy Object administrative template by

running gpedit.msc.

a) If you are applying the policy on a single computer, launch the Citrix Receiver Group Policy

Object administrative template from the Start menu.

b) If you are applying the policy on a domain, launch the Citrix Receiver Group Policy Object

administrative template by using the Group Policy Management console.

2. Under the User Configuration node, go to Administrative Templates > Citrix Components >

Citrix Receiver > Remoting client devices > Generic USB Remoting.

Citrix Receiver for Windows 4.9 LTSR

3. Select the SplitDevices policy.

4. Select Enabled.

5. Click Apply.

6. Click OK to save the policy.

To allow or deny an interface using the Group Policy Object administrative template

1. As an administrator, open the Citrix Receiver Group Policy Object administrative template by

running gpedit.msc.

a) If you are applying the policy on a single computer, launch the Citrix Receiver Group Policy

Object administrative template from the Start menu.

b) If you are applying the policy on a domain, launch the Citrix Receiver Group Policy Object

administrative template by using the Group Policy management console.

2. Under the User Configuration node, go to Administrative Templates > Citrix Components >

Citrix Receiver > Remoting client devices > Generic USB Remoting.

3. Select USB Device Rules policy.

4. Select Enabled.

5. In the USB Device Rules text box, add the USB device that you want to allow or deny.

For example, ALLOW: vid=047F pid= C039 split=01 intf=00,03 //Allowed 00 and 03 interface, restrict

others.

6. Click Apply and OK.

In a desktop session, split USB devices are displayed in the Desktop Viewer under Devices. Ad-

ditionally, you can view split USB devices from Preferences > Devices.

In an application session, split USB devices are displayed in the Connection Center.

The table below provides details on the behavior scenarios when a USB interface is allowed or denied.

To allow an interface:

Split Interface Action

TRUE Valid number 0 -n Allow specified interface

TRUE Invalid number Allow all interfaces

FALSE Any value Allow Generic USB of parent

device

Not specified Any value Allow Generic USB of parent

device

Citrix Receiver for Windows 4.9 LTSR

For example, SplitDevices- true indicates that all devices split.

To deny an interface:

Split Interface Action

TRUE Valid number 0 - n Deny specified interface

TRUE Invalid number Deny all interfaces

FALSE Any value Deny Generic USB of parent

device

Not specified Any value Deny Generic USB of a parent

device

For example, SplitDevices- false indicates that devices are not split with specified interface number.

Example: My_<plantronics> headset

Interface number:

• Audio Interface Class -0

• HID Interface Class-3

Sample rules used for My_<plantronics> headset:

• ALLOW: vid=047F pid= C039 split=01 intf=00,03 //Allowed 00 and 03 interface, restrict others

• DENY: vid=047F pid= C039 split=01 intf=00,03 // deny 00 and 03

Limitations:

Citrix recommends that you do not split interfaces for a webcam. As a workaround, redirect the device

as a single device using Generic USB redirection. For a better performance, use the optimized virtual

channel.

Configuring USB support

March 19, 2019

USB support enables you to interact with a wide range of USB devices when connected to a virtual

desktop. You can plug USB devices into their computers and the devices are remote to their virtual

desktop. USB devices available for remoting include flash drives, smartphones, PDAs, printers, scan-

ners, MP3 players, security devices, and tablets. Desktop Viewer users can control whether USB de-

vices are available on the virtual desktop using a preference in the toolbar.

Citrix Receiver for Windows 4.9 LTSR

Isochronous features in USB devices, such as webcams, microphones, speakers, and headsets are

supported in typical low latency/high-speed LAN environments. This allows these devices to interact

with packages, such as Microso Oice Communicator and Skype.

The following types of device are supported directly in a XenApp and XenDesktop session, and so does

not use USB support:

• Keyboards

• Mice

• Smart cards

Note: Specialist USB devices (for example, Bloomberg keyboards and 3-D mice) can be configured to

use USB support. For information on configuring Bloomberg keyboards, see

Configure Bloomberg keyboards. For information on configuring policy rules for other specialist USB

devices, see Knowledge Center article

CTX122615

By default, certain types of USB devices are not supported for remoting through XenDesktop and Xe-

nApp. For example, a user may have a network interface card attached to the system board by internal

USB. Remoting this device would not be appropriate. The following types of USB device are not sup-

ported by default for use in a XenDesktop session:

• Bluetooth dongles

• Integrated network interface cards

• USB hubs

• USB graphics adapters

USB devices connected to a hub can be remote, but the hub itself cannot be remote.

The following types of USB device are not supported by default for use in a XenApp session:

• Bluetooth dongles

• Integrated network interface cards

• USB hubs

• USB graphics adapters

• Audio devices

• Mass storage devices

For instructions on automatically redirecting specific USB devices, see Knowledge Center article

CTX123015.

How USB support works

When a user plugs in a USB device, it is checked against the USB policy, and, if allowed, remoted to the

virtual desktop. If the device is denied by the default policy, it is available only to the local desktop.

Citrix Receiver for Windows 4.9 LTSR

When a user plugs in a USB device, a notification appears to inform the user about a new device. The

user can decide which USB devices are remoted to the virtual desktop by selecting devices from the

list each time they connect. Alternatively, the user can configure USB support so that all USB devices

plugged in both before and/or during a session are automatically remoted to the virtual desktop that

is in focus.

Mass storage devices

For mass storage devices only, in addition to USB support, remote access is available through client

drive mapping, which you configure through the Citrix Receiverpolicy Remoting client devices> Client

drive mapping. When this policy is applied, the drives on the user device are automatically mapped

to drive letters on the virtual desktop when users log on. The drives are displayed as shared folders

with mapped drive letters.

The main dierences between the two types of remoting policy are:

Feature Client drive mapping USB support

Enabled by default Yes No

Read-only access

configurable

Yes No

Safe to remove device during

a session

No Yes, if the user clicks Safely

Remove Hardware in the

notification area

If both Generic USB and the Client drive mapping policies are enabled and a mass storage device is

inserted before a session starts, it will be redirected using client drive mapping first, before being

considered for redirection through USB support. If it is inserted aer a session has started, it will be

considered for redirection using USB support before client drive mapping.

USB device classes allowed by default

Dierent classes of USB device are allowed by the default USB policy rules.

Although they are on this list, some classes are only available for remoting in XenDesktop and XenApp

sessions aer additional configuration. These are noted below.

• Audio (Class 01). Includes audio input devices (microphones), audio output devices, and MIDI

controllers. Modern audio devices generally use isochronous transfers, which is supported by

XenDesktop 4 or later. Audio (Class01) is not applicable to XenApp because these devices are

not available for remoting in XenApp using USB support.

Citrix Receiver for Windows 4.9 LTSR

Note: Some specialty devices (for example, VOIP phones) require additional configuration. For

more information, see Knowledge Center article CTX123015.

• Physical Interface Devices (Class 05). These devices are similar to Human Interface Devices

(HIDs), but generally provide “real-time” input or feedback and include force feedback joysticks,

motion platforms, and force feedback exoskeletons.

• Still Imaging (Class 06). Includes digital cameras and scanners. Digital cameras oen support

the still imaging class which uses the Picture Transfer Protocol (PTP) or Media Transfer Protocol

(MTP) to transfer images to a computer or other peripheral. Cameras may also appear as mass

storage devices and it may be possible to configure a camera to use either class, through setup

menus provided by the camera itself.

Note: If a camera appearsas a mass storage device, client drive mapping is used and USB support

is not required.

• Printers (Class 07). In general most printers are included in this class, although some use

vendor-specific protocols (class ). Multi-function printers may have an internal hub or be com-

posite devices. In both cases the printing element generally uses the Printers class and the

scanning or fax element uses another class; for example, Still Imaging.

Printers normally work appropriately without USB support.

Note: This class of device (in particular printers with scanning functions) requires additional

configuration. For instructions on this, see Knowledge Center article CTX123015.

• Mass Storage (Class 08). The most common mass storage devices are USB flash drives; others

include USB-attached hard drives, CD/DVD drives, and SD/MMC card readers. There are a wide

variety of devices with internal storage that also present a mass storage interface; these include

media players, digital cameras, and mobile phones. Mass Storage (Class 08) is not applicable

to XenApp because these devices are not available for remoting in XenApp using USB support.

Known subclasses include:

– 01 Limited flash devices

– 02 Typically CD/DVD devices (ATAPI/MMC-2)

– 03 Typically tape devices (QIC-157)

– 04 Typically floppy disk drives (UFI)

– 05 Typically floppy disk drives (SFF-8070i)

– 06 Most mass storage devices use this variant of SCSI

Mass storage devices can oen be accessed through client drive mapping, and so USB support

is not required.

Important: Some viruses are known to propagate actively using all types of mass storage. Care-

fully consider whether or not there is a business need to permit the use of mass storage devices,

either through client drive mapping or USB support.

Citrix Receiver for Windows 4.9 LTSR

• Content Security (Class 0d). Content security devices enforce content protection, typically for

licensing or digital rights management. This class includes dongles.

• Video (Class 0e). The video class covers devices that are used to manipulate video or video-

related material, such as webcams, digital camcorders, analog video converters, some televi-

sion tuners, and some digital cameras that support video streaming.

Note: Most video streaming devices use isochronous transfers, which is supported by XenDesk-

top 4 or later. Some video devices (for example webcams with motion detection) require addi-

tional configuration. For instructions on this, see Knowledge Center article CTX123015.

• Personal Healthcare (Class 0f). These devices include personal healthcare devices such as

blood pressure sensors, heart rate monitors, pedometers, pill monitors, and spirometers.

• Application and Vendor Specific (Classes fe and ). Many devices use vendor specific proto-

cols or protocols not standardized by the USB consortium, and these usually appear as vendor-

specific (class ).

USB devices classes denied by default

The following dierent classes of USB device are denied by the default USB policy rules.

• Communications and CDC Control (Classes 02 and 0a). The default USB policy does not allow

these devices, because one of the devices may be providing the connection to the virtual desk-

top itself.

• Human Interface Devices (Class 03). Includes a wide variety of both input and output devices.

Typical Human Interface Devices (HIDs) are keyboards, mice, pointing devices, graphic tablets,

sensors, game controllers, buttons, and control functions.

Subclass 01 is known as the “boot interface” class and is used for keyboards and mice.

The default USB policy does not allow USB keyboards (class 03, subclass 01, protocol 1), or USB

mice (class 03, subclass 01, protocol 2). This is because most keyboards and mice are handled

appropriately without USB support and it is normally necessary to use these devices locally as

well remotely when connecting to a virtual desktop.

• USB Hubs (Class 09). USB hubs allow extra devices to be connected to the local computer. It is

not necessary to access these devices remotely.

• Smart Card (Class 0b). Smart card readers include contactless and contact smart card readers,

and also USB tokens with an embedded smart card-equivalent chip.

Smart card readers are accessed using smart card remoting and do not require USB support.

• Wireless Controller (Class e0). Some of these devices may be providing critical network access,

or connecting critical peripherals, such as Bluetooth keyboards or mice.

Citrix Receiver for Windows 4.9 LTSR

The default USB policy does not allow these devices. However, there may be particular devices

to which it is appropriate to provide access using USB support.

• Miscellaneous network devices (Class ef, subclass 04). Some of these devices may be pro-

viding critical network access. The default USB policy does not allow these devices. However,

there may be particular devices to which it is appropriate to provide access using USB support.

Update the list of USB devices available for remoting

You can update the range of USB devices available for remoting to desktops by editing the Citrix Re-

ceiver for Windows template file. This allows you to make changes to the Citrix Receiver for Windows

using Group Policy. The file is located in the following installed folder:

<root drive>:\Program Files\Citrix\ICA Client\Configuration\en

Alternatively, you can edit the registry on each user device, adding the following registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Citrix\ICA Client\GenericUSB Type=String Name=”DeviceRules”

Value=

Caution: Editing the Registry incorrectly can cause serious problems that may require you to reinstall

your operating system. Citrix cannot guarantee that problems resulting from the incorrect use of Reg-

istry Editor can be solved. Use Registry Editor at your own risk. Be sure to back up the registry before

you edit it.

The product default rules are stored in:

HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\GenericUSB Type=MultiSzName=“DeviceRules”

Value=

Do not edit the product default rules.

For details of the rules and their syntax, see the Knowledge Center article CTX119722.

Configuring USB audio per user

Citrix recommends using the Group Policy Object receiver.admx/receiver.adml template file to config-

ure rules for network routing, proxy servers, trusted server configuration, user routing, remote user

devices, and the user experience.

You can use the receiver.admx template file with domain policies and local computer policies. For do-

main policies, import the template file using the Group Policy Management Console. This is especially

useful for applying Citrix Receiver for Windows settings to a number of dierent user devices through-

out the enterprise. To aect a single user device, import the template file using the local Group Policy

Editor on the device.

Note: This feature is available only on XenApp server.

Citrix Receiver for Windows 4.9 LTSR

To configure USB audio devices per user

1. As an administrator, open the Group Policy Editor by either running gpedit.msc locally from the

Start menu when applying policies to a single computer, or by using the Group Policy Manage-

ment Console when applying domain policies.

Note: If you already imported the receiver template into the Group Policy Editor, you can leave

out steps 2 to 5.

2. In the le pane of the Group Policy Editor, select the Administrative Templates folder.

3. rom the Action menu, choose Add/Remove Templates.

4. Choose Add and browse to the Configuration folder for Receiver (for 32-bit machines, usually

C:\Program Files\Citrix\ICA Client\Configuration, for 64-bit machines usually C:\Program Files

(x86)\Citrix\ICA Client\Configuration) and select receiver.admx.

5. Select Open to add the template and then Close to return to the Group Policy Editor.

6. Under the Computer Configuration node, go to Administrative Templates > Classic Adminis-

trative Templates (ADM) > Citrix Components > Citrix Receiver > User experience, and select

Audio through Generic USB Redirection.

7. Edit the settings.

8. Click Apply and OK.

9. Open cmd prompt in administrator mode.

10. Run the below command

gpupdate /force

Note: Any change in the policy requires the XenApp server to be restarted for the changes to take

eect.

Configuring StoreFront

March 19, 2019

Citrix StoreFront authenticates users to XenDesktop, XenApp, and VDI-in-a-Box, enumerating and ag-

gregating available desktops and applications into stores that users access through Citrix Receiver for

Windows.

In addition to the configuration summarized in this section, you must also configure NetScaler Gate-

way to enable users to connect from outside the internal network (for example, users who connect

from the Internet or from remote locations).

Citrix Receiver for Windows 4.9 LTSR

Tip

Citrix Receiver for Windows occasionally shows the older StoreFront UI instead of the updated

StoreFront UI aer you select the option to show all stores.

To configure StoreFront

Install and configure StoreFront as described in the StoreFront documentation. Citrix Receiver for

Windows requires an HTTPS connection. If the StoreFront server is configured for HTTP, a registry

key must be set on the user device as described in Configure and install Receiver for Windows using

command-line parameters under the ALLOWADDSTORE property description.

Note:

For administrators who need more control, Citrix provides a template you can use to create a

download site for Citrix Receiver for Windows.

Manage workspace control reconnect

Workspace control lets applications follow users as they move between devices. This enables, for

example, clinicians in hospitals to move from workstation to workstation without having to restart

their applications on each device. For Citrix Receiver for Windows, you manage workspace control on

client devices by modifying the registry. This can also be done for domain-joined client devices using

Group Policy.

Caution: Editing the registry incorrectly can cause serious problems that may require you to reinstall

your operating system. Citrix cannot guarantee that problems resulting from the incorrect use of Reg-

istry Editor can be solved. Use the Registry Editor at your own risk. Be sure to back up the registry

before you edit it.

Create WSCReconnectModeUser and modify the existing registry key WSCReconnectMode in the Mas-

ter Desktop Image or in XenApp server hosting. The published desktop can change the behavior of

the Citrix Receiver for Windows.

WSCReconnectMode key settings for Citrix Receiver for Windows:

• 0 = do not reconnect to any existing sessions

• 1 = reconnect on application launch

• 2 = reconnect on application refresh

• 3 = reconnect on application launch or refresh

• 4 = reconnect when Receiver interface opens

• 8 = reconnect on Windows log on

• 11 = combination of both 3 and 8

Citrix Receiver for Windows 4.9 LTSR

Disable workspace control for Citrix Receiver for Windows

To disable workspace control for Citrix Receiver for Windows, create the following key:

HKEY_CURRENT_USER\SOFTWARE\Wow6432Node\Citrix\Dazzle (64-bit)

HKEY_CURRENT_USER\SOFTWARE\Citrix\Dazzle for (32-bit)

Name: WSCReconnectModeUser

Type: REG_SZ

Value data: 0

Modify the following key from the default value of 3 to zero

HKEY_CURRENT\USER\SOFTWARE\Wow6432Node\Citrix\Dazzle (64-bit)

HKEY_CURRENT_USER\SOFTWARE\Citrix\Dazzle (32-bit)

Name: WSCReconnectMode

Type: REG_SZ

Value data: 0

Note: Alternatively, you can set the REG_SZ value WSCReconnectAll to false if you do not want to

create a new key.

Changing the status indicator timeout

You can change the amount of time the status indicator displays when a user is launching a session. To

alter the time out period, create a REG_DWORD value SI INACTIVE MS in HKLM\SOFTWARE\Citrix\ICA

CLIENT\Engine. The REG_DWORD value can be set to 4 if you want the status indicator to disappear

sooner.

Warning

Editing the registry incorrectly can cause serious problems that may require you to reinstall your

operating system. Citrix cannot guarantee that problems resulting from the incorrect use of Reg-

istry Editor can be solved. Use Registry Editor at your own risk. Be sure to back up the registry

before you edit it.

Customizing location for application shortcut via CLI

Start menu integration and desktop shortcut only mode lets you bring published application short-

cuts into the Windows Start menu and onto the desktop. Users do not have to subscribe to applica-

tions from the Citrix Receiver user interface. Start menu integration and desktop shortcut manage-

ment provides a seamless desktop experience for groups of users, who need access to a core set of

applications in a consistent way.

Citrix Receiver for Windows 4.9 LTSR

As a Citrix Receiver administrator, you use a command-line install flags, GPOs, account services, or

registry settings to disable the usual “self-service” Citrix Receiver interface and replace it with a pre-

configured Start menu. The flag is called SelfServiceMode and is set to true by default. When the

administrator sets the SelfServiceMode flag to false, the user no longer has access to the self-service

Citrix Receiver user interface. Instead, they can access subscribed apps from the Start menu and via

desktop shortcuts - referred to here as a shortcut-only mode.

Users and administrators can use a number of registry settings to customize the way shortcuts are set

up.

Working with shortcuts

• Users cannot remove apps. All apps are mandatory when working with the SelfServiceMode

flag set to false (shortcut-only mode). If the user removes a shortcut icon from the desktop, the

icon comes back when the user selects Refresh from the Citrix Receiver for Windows system tray

icon.

• Users can configure only one store. The Account and Preferences options are not available.

This is to prevent the user from configuring additional stores. The administrator can give a user

special privileges to add more than one account using the Group Policy Object template, or by

manually adding a registry key ( HideEditStoresDialog) on the client machine. When the admin-

istrator gives a user this privilege, the user has a Preferences option in the system tray icon,

where they can add and remove accounts.

• Users cannot remove apps via the Windows Control Panel.

• You can add desktop shortcuts via a customizable registry setting. Desktop shortcuts are not

added by default. Aer you make any changes to the registry settings, Citrix Receiver for Win-

dows must be restarted.

• Shortcuts are created in the Start menu with a category path as the default,

UseCategoryAsStartMenuPath.

Note: Windows 8/8.1 does not allow the creation of nested folders within the Start Menu. Applications

will be displayed individually or under the root folder but not within Category sub folders defined with

XenApp.

• You can add a flag [DESKTOPDIR=”Dir_name”] during installation to bring all shortcuts into a

single folder. CategoryPath is supported for desktop shortcuts.

• Auto Re-install Modified Apps is a feature which can be enabled via the registry key AutoReIn-

stallModifiedApps. When AutoReInstallModifiedApps is enabled, any changes to attributes of

published apps and desktops on the server are reflected on the client machine. When AutoRe-

InstallModifiedApps is disabled, apps and desktop attributes are not updated and shortcuts are

not re-stored on refresh if deleted on the client. By default, this AutoReInstallModifiedApps is

enabled. See Using registry keys to customize app shortcut locations.

Citrix Receiver for Windows 4.9 LTSR

Customizing location for application shortcut via Registry

Note

By default, registry keys use String format.

You can use registry key settings to customize shortcuts. You can set the registry keys at the following

locations. Where they apply, they are acted on in the order of preference listed.

Caution: Editing the Registry incorrectly can cause serious problems that may require you to

reinstall your operating system. Citrix cannot guarantee that problems resulting from the in-

correct use of Registry Editor can be solved. Use Registry Editor at your own risk. Be sure to

back up the registry before you edit it.

Note:

You should make changes to registry keys before configuring a store. If at any time you or a user

wants to customize the registry keys, you or the user must reset Receiver, configure the registry

keys, and then reconfigure the store.

Registry keys for 32-bit machines

Registry name Default value

Locations in order of

preference

RemoveAppsOnLogo False HKLM\SOFTWARE\Policies\Citrix\Dazzle;

HKLM\SOFTWARE\Citrix\Dazzle;

HKCU\Soware\Citrix\Dazzle;

HKCU\Soware\Citrix\Receiver\SR\Store”

+ primaryStoreID +

\Properties

RemoveAppsOnExit False HKLM\SOFTWARE\Policies\Citrix\Dazzle;

HKLM\SOFTWARE\Citrix\Dazzle;

HKCU\Soware\Citrix\Dazzle;

HKCU\Soware\Citrix\Receiver\SR\Store”

+ primaryStoreID +

\Properties

Citrix Receiver for Windows 4.9 LTSR

Registry name Default value

Locations in order of

preference

PutShortcutsOnDesktop False HKCU\Soware\Citrix\Receiver\SR\Store+StoreID

+\Properties;

HKCU\Soware\Citrix\Receiver\SR\Store”

+ primaryStoreID +

\Properties;

HKCU\Soware\Citrix\Dazzle;

HKLM\SOFTWARE\Policies\Citrix\Dazzle;

HKLM

\SOFTWARE\Citrix\Dazzle

PutShortcutsInStartMenu True HKCU\Soware\Citrix\Receiver\SR\Store+StoreID+\Properties;

HKCU\Soware\Citrix\Receiver\SR\Store”

+ primaryStoreID +

\Properties;

HKCU\Soware\Citrix\Dazzle;

HKLM\SOFTWARE\Policies\Citrix\Dazzle;

HKLM\SOFTWARE\Citrix\Dazzle

SelfServiceMode True HKLM\SOFTWARE\Policies\Citrix\Dazzle;

HKLM\SOFTWARE\Citrix\Dazzle

UseCategoryAsStartMenuPath True HKCU\Soware\Citrix\Receiver\SR\Store+StoreID

+\Properties;

HKCU\Soware\Citrix\Receiver\SR\Store”

+ primaryStoreID +

\Properties;

HKCU\Soware\Citrix\Dazzle;

HKLM\SOFTWARE\Policies\Citrix\Dazzle;

HKLM

\SOFTWARE\Citrix\Dazzle

StartMenuDir ”” (empty) HKCU\Soware\Citrix\Receiver\SR\Store+StoreID

+\Properties;

HKCU\Soware\Citrix\Receiver\SR\Store”

+ primaryStoreID +

\Properties;

HKCU\Soware\Citrix\Dazzle;

HKLM\SOFTWARE\Policies\Citrix\Dazzle;

HKLM

\SOFTWARE\Citrix\Dazzle

Citrix Receiver for Windows 4.9 LTSR

Registry name Default value

Locations in order of

preference

DesktopDir ”” (empty) HKCU\Soware\Citrix\Receiver\SR\Store+StoreID

+\Properties;

HKCU\Soware\Citrix\Receiver\SR\Store”

+ primaryStoreID +

\Properties;

HKCU\Soware\Citrix\Dazzle;

HKLM\SOFTWARE\Policies\Citrix\Dazzle;

HKLM\SOFTWARE\Citrix\Dazzle

AutoReinstallModifiedApps True HKCU\Soware\Citrix\Receiver\SR\Store+StoreID

+\Properties;

HKCU\Soware\Citrix\Receiver\SR\Store”

+ primaryStoreID +

\Properties;

HKCU\Soware\Citrix\Dazzle;

HKLM\SOFTWARE\Policies\Citrix\Dazzle;

HKLM\SOFTWARE\Citrix\Dazzle

HideEditStoresDialog True inSelfServiceMode, and

False inNonSelfServiceMode

HKLM\SOFTWARE\Policies\Citrix\Dazzle;

HKLM\SOFTWARE\Citrix\Dazzle;

HKCU\Soware\Citrix\Dazzle;

HKCU\Soware\Citrix\Receiver\SR\Store”

+ primaryStoreID +

\Properties

WSCSupported True HKCU\Soware\Citrix\Dazzle;

HKCU\Soware\Citrix\Receiver\SR\Store”

+ primaryStoreID

+\Properties;

HKLM\SOFTWARE\Policies\Citrix\Dazzle;HKLM\SOFTWARE\Citrix\Dazzle

WSCReconnectAll True HKCU\Soware\Citrix\Dazzle;

HKCU\Soware\Citrix\Receiver\SR\Store”

+ primaryStoreID +

\Properties;

HKLM\SOFTWARE\Policies\Citrix\Dazzle;

HKLM\SOFTWARE\Citrix\Dazzle

Citrix Receiver for Windows 4.9 LTSR

Registry name Default value

Locations in order of

preference

WSCReconnectMode 3 HKCU\Soware\Citrix\Dazzle;

HKCU\Soware\Citrix\Receiver\SR\Store”

+ primaryStoreID

+\Properties;

HKLM\SOFTWARE\Policies\Citrix\Dazzl;

HKLM\SOFTWARE\Citrix\Dazzle

WSCReconnectModeUser Registry is not created during

installation.

HKCU\Soware\Citrix\Dazzle;

HKCU\Soware\Citrix\Receiver\SR\Store”

+ primaryStoreID+\Properties;

HKLM\SOFTWARE\Policies\Citrix\Dazzle;

HKLM\SOFTWARE

\Citrix\Dazzle

Registry keys for 64-bit machines

Registry name Default value

Locations in order of

preference

RemoveAppsOnLogo False HKLM\SOFTWARE\Wow6432Node\Policies\Citrix\Dazzle;

HKLM\SOFTWARE\Wow6432Node\Citrix\Dazzle;

HKCU\Soware\Citrix\Dazzle;

HKCU\Soware\Citrix\Receiver\SR\Store”

+ primaryStoreID +

\Properties

RemoveAppsOnExit False HKLM\SOFTWARE\Wow6432Node\Policies\Citrix\Dazzle;

HKLM\SOFTWARE\Wow6432Node\Citrix\Dazzle;

HKCU\Soware\Citrix\Dazzle;

HKCU\Soware\Citrix\Receiver\SR\Store”

+ primaryStoreID +

\Properties

Citrix Receiver for Windows 4.9 LTSR

Registry name Default value

Locations in order of

preference

PutShortcutsOnDesktop False HKCU\Soware\Citrix\Receiver\SR\Store+StoreID

+\Properties;

HKCU\Soware\Citrix\Receiver\SR\Store”

+ primaryStoreID +

\Properties;

HKCU\Soware\Citrix\Dazzle;

HKLM\SOFTWARE\Wow6432Node\Policies\Citrix\Dazzle;

HKLM

\SOFTWARE\Wow6432Node\Citrix\Dazzle

PutShortcutsInStartMenu True HKCU\Soware\Citrix\Receiver\SR\Store+StoreID+\Properties;

HKCU\Soware\Citrix\Receiver\SR\Store”

+ primaryStoreID +

\Properties;

HKCU\Soware\Citrix\Dazzle;

HKLM\SOFTWARE\Wow6432Node\Policies\Citrix\Dazzle;

HKLM\SOFTWARE\Wow6432Node\Citrix\Dazzle

SelfServiceMode True HKLM\SOFTWARE\Wow6432Node\Policies\Citrix\Dazzle;

HKLM\SOFTWARE\Wow6432Node\Citrix\Dazzle

UseCategoryAsStartMenuPath True HKCU\Soware\Citrix\Receiver\SR\Store+StoreID

+\Properties;

HKCU\Soware\Citrix\Receiver\SR\Store”

+ primaryStoreID +

\Properties;

HKCU\Soware\Citrix\Dazzle;

HKLM\SOFTWARE\Wow6432Node\Policies\Citrix\Dazzle;

HKLM

\SOFTWARE\Wow6432Node\Citrix\Dazzle

StartMenuDir ”” (empty) HKCU\Soware\Citrix\Receiver\SR\Store+StoreID

+\Properties;

HKCU\Soware\Citrix\Receiver\SR\Store”

+ primaryStoreID +

\Properties;

HKCU\Soware\Citrix\Dazzle;

HKLM\SOFTWARE\Wow6432Node\Policies\Citrix\Dazzle;

HKLM

\SOFTWARE\Wow6432Node\Citrix\Dazzle

Citrix Receiver for Windows 4.9 LTSR

Registry name Default value

Locations in order of

preference

DesktopDir ”” (empty) HKCU\Soware\Citrix\Receiver\SR\Store+StoreID

+\Properties;

HKCU\Soware\Citrix\Receiver\SR\Store”

+ primaryStoreID +

\Properties;

HKCU\Soware\Citrix\Dazzle;

HKLM\SOFTWARE\Wow6432Node\Policies\Citrix\Dazzle;

HKLM\SOFTWARE\Wow6432Node\Citrix\Dazzle

AutoReinstallModifiedApps True HKCU\Soware\Citrix\Receiver\SR\Store+StoreID

+\Properties;

HKCU\Soware\Citrix\Receiver\SR\Store”

+ primaryStoreID +

\Properties;

HKCU\Soware\Citrix\Dazzle;

HKLM\SOFTWARE\Wow6432Node\Policies\Citrix\Dazzle;

HKLM\SOFTWARE\Wow6432Node\Citrix\Dazzle

HideEditStoresDialog True inSelfServiceMode, and

False inNonSelfServiceMode

HKLM\SOFTWARE\Wow6432Node\Policies\Citrix\Dazzle;

HKLM\SOFTWARE\Wow6432Node\Citrix\Dazzle;

HKCU\Soware\Citrix\Dazzle;

HKCU\Soware\Citrix\Receiver\SR\Store”

+ primaryStoreID +

\Properties

WSCSupported True HKCU\Soware\Citrix\Dazzle;

HKCU\Soware\Citrix\Receiver\SR\Store”

+ primaryStoreID

+\Properties;

HKLM\SOFTWARE\Wow6432Node\Policies\Citrix\Dazzle;

HKLM\SOFTWARE\Wow6432Node\Citrix\Dazzle

WSCReconnectAll True HKCU\Soware\Citrix\Dazzle;

HKCU\Soware\Citrix\Receiver\SR\Store”

+ primaryStoreID +

\Properties;

HKLM\SOFTWARE\Wow6432Node\Policies\Citrix\Dazzle;

HKLM\SOFTWARE\Wow6432Node\Citrix\Dazzle

Citrix Receiver for Windows 4.9 LTSR

Registry name Default value

Locations in order of

preference

WSCReconnectMode 3 HKCU\Soware\Citrix\Dazzle;

HKCU\Soware\Citrix\Receiver\SR\Store”

+ primaryStoreID

+\Properties;

HKLM\SOFTWARE\Wow6432Node\Policies\Citrix\Dazzle;

HKLM\SOFTWARE\Wow6432Node\Citrix\Dazzle

WSCReconnectModeUser Registry is not created during

installation.

HKCU\Soware\Citrix\Dazzle;

HKCU\Soware\Citrix\Receiver\SR\Store”

+ primaryStoreID+\Properties;

HKLM\SOFTWARE\Wow6432Node\Policies\Citrix\Dazzle;

HKLM\SOFTWARE\Wow6432Node\Citrix\Dazzle

Configuring application display using graphical user interface

Note: Shortcuts can be set only for the subscribed applications and desktops.

1. Logon to Citrix Receiver for Windows.

2. Right click on the Citrix Receiver for Windows icon in the notification area and click Advanced

Preferences.

The Advanced Preferences window appears.

3. Click Settings Option.

Note

: By default, Show Applications in Start Menu option is selected.

4. Specify the folder name. This moves all the subscribed apps to the specified folder in the Start

menu. Applications can be added both to a new or existing folder in the Start menu. On enabling

this feature, both existing and newly added applications get added to the specified folder.

5. Select the checkbox Show Applications on Desktop under Desktop Options pane.

6. Specify the folder name. This moves all the subscribed apps to the specified folder on your local

desktop.

7. Select the checkbox Enable dierent path for Start Menu and Desktop under Category Op-

tions. This creates the shortcuts and category folder for applications as defined in the applica-

tion properties server. For ex, IT Apps, Finance Apps

Note: By default, Category as Start Menu Path option is selected.

a) Select Category as Start Menu Path to display the subscribed apps and their category

folder as defined in the application properties server in the Windows Start menu.

Citrix Receiver for Windows 4.9 LTSR

b) Select Category as Desktop Path to display the subscribed apps and their category folder

as defined in the application properties server on your local desktop.

8. Click OK.

Configuring reconnect options using graphical user interface

Aer logging on to the server, users can reconnect to all of their desktops or applications at any time.

By default, Reconnect Options opens desktops or applications that are disconnected, plus any that

are currently running on another client device. You can configure Reconnect Options to reconnect

only those desktops or applications that the user disconnected from previously.

1. Logon to Citrix Receiver for Windows.

2. Right click on the Citrix Receiver for Windows icon in the system tray and click Advanced Pref-

erences. The Avanced Preferences window appears.

3. Click Settings Option.

4. Click Reconnect Options.

5. Select Enable for Workspace Control Support to allow the users to reconnect to all of their

desktops or applications at any time.

a) Select Reconnect to all active and disconnected sessions to allow users to reconnect to

both the active and disconnected sessions.

b) Select Reconnect to disconnected sessions only to allow users to reconnect only to the

disconnected sessions.

Note: Supported Reconnect Mode takes the value as set in the GPO. Users can modify this

option by navigating to Administrative Templates > Citrix Components > Citrix Receiver >

SelfService>Control when Receiver attempts to reconnect to existing sessions.

To modify this option via registry, see Knowledge Center article CTX136339.

6. Click OK.

Hiding Settings Option using command line interface

Option /DisableSetting

Description Suppresses Settings Option to be displayed in

the Advanced Preferences dialog.

Sample usage CitrixReceiver.exe /DisableSetting=3

Citrix Receiver for Windows 4.9 LTSR

If you want both Application Display and

Reconnect Options to be displayed in the

Settings Option..

Enter CitrixReceiver.exe /DisableSetting=0

If you want Settings Option to be hidden in the

Advanced Preferences dialog

Enter CitrixReceiver.exe /DisableSetting=3

If you want Settings Option to display only

Application Display

Enter CitrixReceiver.exe /DisableSetting=2

If you want Settings Option to display only

Reconnect Options

Enter CitrixReceiver.exe /DisableSetting=1

Configuring the Group Policy Object administrative template

March 19, 2019

Citrix recommends using the Windows Group Policy Object Editor to configure Citrix Receiver

for Windows. Citrix Receiver for Windows includes administrative template files (receiver.adm or

receiver.admx\receiver.adml -depending on the Operating System) in the installation directory.

Note:

• Starting with Citrix Receiver for Windows Version 4.6, the installation directory includes Cit-

rixBase.admx and CitrixBase.adml files. Citrix recommends that you use the CitrixBase.admx

and CitrixBase.adml files to ensure that the options are correctly organized and displayed within

the Group Policy Object Editor.

• The .adm file is for use with Windows XP Embedded platforms only. The .admx/.adml files are

for use with Windows Vista/Windows Server 2008 and all later versions of Windows.

• If Citrix Receiver for Windows is installed with VDA, admx/adml files are found in the Citrix

Receiver for Windows installation directory. For example: <installation directory>\Online

Plugin\Configuration.

• If Citrix Receiver for Windows is installed without VDA, the admx/adml files are typically found

in the C:\Program Files\Citrix\ICA Client\Configuration directory.

See the table below for information on Citrix Receiver for Windows templates files and their respective

location.

Note:

Citrix recommends that you use the GPO template files provided with latest Citrix Receiver for Win-

dows.

Citrix Receiver for Windows 4.9 LTSR

File Type File Location

receiver.adm <Installation Directory>\ICA

Client\Configuration

receiver.admx <Installation Directory>\ICA

Client\Configuration

receiver.adml <Installation Directory>\ICA

Client\Configuration\[MUIculture]

CitrixBase.admx <Installation Directory>\ICA

Client\Configuration

CitrixBase.adml <Installation Directory>\ICA

Client\Configuration\[MUIculture]

Note:

• If the CitrixBase.admx\adml is not added to the local GPO, the Enable ICA File Signing policy

might be lost.

• When upgrading Citrix Receiver for Windows, you must add the latest template files to local

GPO as explained in the procedure below. While importing the latest files, previous settings are

retained.

To add the receiver.adm template file to the local GPO (Windows XP Embedded Operating system

only):

Note: You can use .adm template files to configure Local GPO and/or Domain-Based GPO.

1. As an administrator, open the Group Policy Editor by either running gpedit.msc locally from the

Start menu when applying policies to a single computer, or by using the Group Policy Manage-

ment Console when applying domain policies. Note: If you already imported the Citrix Receiver

for Windows template into the Group Policy Editor, you can leave out steps 2 to 5.

2. In the le pane of the Group Policy Editor, select the Administrative Templates folder.

3. From the Action menu, choose Add/Remove Templates.

4. Select Add and browse tothe template file location<Installation Directory>\ICA Client\Configuration\receiver.adm

5. Select Open to add the template and then Close to return to the Group Policy Editor.

Citrix Receiver for window template file will be available on local GPO in path

Administrative Tem-

plates > Classic Administrative Templates (ADM) > Citrix Components > Citrix Receiver.

Aer the .adm template files are added to the local GPO, the following message is displayed:

Citrix Receiver for Windows 4.9 LTSR

“The following entry in the [strings] section is too long and has been truncated:

Click OK to ignore the message.

To add the receiver.admx/adml template files to the local GPO (later versions of Windows Oper-

ating System):

Note: You can use admx/adml template files to configure Local GPO and/or Domain-Based GPO. Refer

Microso MSDN article on managing ADMX files.

1. Aer installing Citrix Receiver for Windows, copy the template files.

admx:

From: <Installation Directory>\ICA Client\Configuration\receiver.admx

To: %systemroot%\policyDefinitions

From: <Installation Directory>\ICA Client\Configuration\CitrixBase.admx

To: %systemroot%\policyDefinitions

adml:

From: <Installation Directory>\ICA Client\Configuration\[MUIculture]receiver.adml

To: %systemroot%\policyDefinitions\[MUIculture]

From: <Installation Directory>\ICA Client\Configuration\[MUIculture]\CitrixBase.adml

To: %systemroot%\policyDefinitions\[MUIculture]

Note:

Citrix Receiver for Window template files are available on local GPO in Administrative

Templates > Citrix Components > Citrix Receiver folder only when the user adds the Cit-

rixBase.admx/CitrixBase.adml to the \ policyDefinitions folder.

Providing users with account information

March 19, 2019

Provide users with the account information they need to access virtual desktops and applications.

You can provide this information by:

• Configuring email-based account discovery

• Providing users with a provisioning file

• Providing users with the account information to enter maunally.

Citrix Receiver for Windows 4.9 LTSR

Important

Citrix recommends you to restart Citrix Receiver for Windows aer the installation. This is to en-

sure that users can add accounts and that Citrix Receiver for Windows can discover USB devices

that were in a suspended state during installation.

A dialog appears indicating a successful installation, followed by the Add Account dialog. For a first

time user, the Add Account dialog requires you to enter an email or server address to setup an ac-

count.

Suppressing Add Account dialog

Add Account dialog is displayed when the store is not configured. Users can use this window to set up

a Citrix Receiver account by entering email address or a server URL.

Citrix Receiver for Windows determines the NetScaler Gateway, StoreFront server, or AppController

virtual appliance associated with the email address and then prompts the user to log on for enumer-

ation.

Add account dialog can be suppressed in the following ways:

1. At system logon

Select

Do not show this window automatically at logon

to prevent the Add Account window

to pop-up on subsequent logon.

This setting is specific to per user and resets during Citrix Receiver for Windows Reset action.

2. Command line Installation

Install Citrix Receiver for Windows as an administrator using Command Line Interface with the

following switch:

CitrixReceiver.exe /ALLOWADDSTORE=N.

This is a per machine setting; hence the behavior shall be applicable for all users.

The following message is displayed when Store is not configured.

Additionally, Add Account dialog can be suppressed in the following ways.

Note: Citrix recommends users to suppress the Add Account dialog either using System logon or Com-

mand Line Interface methods.

• Renaming Citrix execution file:

Rename the CitrixReceiver.exe to CitrixReceiverWeb.exe to alter the behavior of Add Account

dialog. By renaming the file, Add Account dialog is not displayed from the Start menu.

See Deploy Receiver for Windows from Receiver for Web for more information related to Citrix

Receiver for Web

Citrix Receiver for Windows 4.9 LTSR

• Group Policy Object:

To hide Add Account button from the Citrix Receiver for Windows installation wizard, disable

EnableFTUpolicy under Self-Service node in Local Group Policy editor as shown below.

This is per machine setting, hence the behavior shall be applicable for all users.

To load template file, see Configure Receiver with the Group Policy Object template.

Configure email-based account discovery

When you configure Citrix Receiver for Windows for email-based account discovery, users enter their

email address rather than a server URL during initial Citrix Receiver for Windows installation and con-

figuration. Citrix Receiver for Windows determines the NetScaler Gateway or StoreFront Server asso-

ciated with the email address based on Domain Name System (DNS) Service (SRV) records and then

prompts the user to log on to access virtual desktops and applications.

Note:

Email-based account discovery is not supported for deployments with Web Interface.

To configure NetScaler Gateway, see Connecting to StoreFront by using email-based discovery in the

NetScaler Gateway documentation.

Provide users with provisioning files

StoreFront provides provisioning files that users can open to connect to stores.

You can use StoreFront to create provisioning files containing connection details for accounts. Make

these files available to your users to enable them to configure Citrix Receiver for Windows automati-

cally. Aer installing Citrix Receiver for Windows, users simply open the file to configure Citrix Receiver

for Windows. If you configure Citrix Receiver for Web sites, users can also obtain Citrix Receiver for Win-

dows provisioning files from those sites.

• For more information, see To export store provisioning files for users in the StoreFront docu-

mentation.

Provide users with account information to enter manually

To enable users to set up accounts manually, be sure to distribute the information they need to con-

nect to their virtual desktops and applications.

• For connections to a StoreFront store, provide the URL for that server. For example: https://

servername.company.com

For web interface deployments, provide the URL for the XenApp Services site.

Citrix Receiver for Windows 4.9 LTSR

• For connections through NetScaler Gateway, first determine whether user should see all config-

ured stores or just the store that has remote access enabled for a particular NetScaler Gateway.

– To present all configured stores: Provide users with the NetScaler Gateway fully-qualified

domain name.

– To limit access to a particular store: Provide users with the NetScaler Gateway fully-

qualified domain name and the store name in the form:

NetScalerGatewayFQDN?MyStoreName

For example, if a store named “SalesApps” has remote access enabled for server1.com

and a store named “HRApps” has remote access enabled for server2.com, a user must en-

ter server1.com?SalesApps to access SalesApps or enter server2.com?HRApps to access

HRApps. This feature requires that a first-time user create an account by entering a URL

and is not available for email-based discovery.

When a user enters the details for a new account, Citrix Receiver for Windows attempts to verify the

connection. If successful, Citrix Receiver for Windows prompts the user to log on to the account.

To manage accounts, a Citrix Receiver user opens the Citrix Receiver for Windows home page, clicks ,

and then clicks Accounts.

Sharing multiple store accounts automatically

Warning

Using Registry Editor incorrectly can cause serious problems that can require you to reinstall the

operating system. Citrix cannot guarantee that problems resulting from incorrect use of Registry

Editor can be solved. Use Registry Editor at your own risk. Make sure you back up the registry

before you edit it.

If you have more than one store account, you can configure Citrix Receiver for Windows to automat-

ically connect to all accounts when establishing a session. To automatically view all accounts when

opening Citrix Receiver for Windows:

For 32-bit systems, create the key “CurrentAccount”:

Location: HKLM\Soware\Citrix\Dazzle

KeyName: CurrentAccount

Value: AllAccount

Type: REG_SZ

For 64-bit systems, create the key “CurrentAccount”:

Location: HKLM\Soware\Wow6432Node\Citrix\Dazzle

Citrix Receiver for Windows 4.9 LTSR

KeyName: CurrentAccount

Value: AllAccount

Type: REG_SZ

Configuring auto-update

March 19, 2019

When you configure auto-update from Citrix Receiver for Windows, follow the methods below in the

order of priority:

1. Group Policy Object administrative template

2. Command line interface

3. Advanced Preferences (per-user)

Configuring using the Group Policy Object administrative template

1. As an administrator, open the Citrix Receiver Group Policy Object administrative template by

running gpedit.msc.

• If you are applying the policy on a single computer, launch the Citrix Receiver Group Policy

Object administrative template from the Start menu.

• If you are applying the policy on a domain, launch the Citrix Receiver Group Policy Object

administrative template by using the Group Policy Management console.

2. Under the Computer Configuration node, go to Administrative Templates > Citrix Compo-

nents > Citrix Receiver > AutoUpdate.

3. Select the Set the Delay in Checking for Update policy. This policy allows you to stage the

rollout for a period.

4. Select Enabled, and from the Delay Group drop-down, select one of the following options:

• Fast – Update rollout happens at the beginning of the delivery period.

• Medium – Update rollout happens at the mid-delivery period.

• Slow – Update rollout happens at the end of the delivery period.

5. Click Apply and OK to save the Policy.

6. In the AutoUpdate Templates section, select the Enable or Disable AutoUpdate policy.

7. Select Enabled and set the values as required:

• From the Enable AutoUpdate Policy drop-down, select one of the following options:

Citrix Receiver for Windows 4.9 LTSR

– Auto – You are notified when an update is available (default).

– Manual – You are not notified when updates are available. Check for updates manu-

ally.

• Select LTSR ONLY to get updates for LTSR only.

• From the auto-update-DeferUpdate-Count drop-down, select a value between -1 and 30,

where

– -1 – indicates that you can defer the notifications any number of times (default value=-

1).

– 0 – indicates that the Remind me later option is not displayed.

– Any other number – indicates that the Remind me later option is displayed in that

count. For example, if you set the value to 10, the Remind me later option is displayed

10 times.

8. Click Apply and OK to save the policy.

Configuring using the command line interface

While installing Citrix Receiver for Windows

To configure auto-update settings as an administrator using command-line settings during Citrix Re-

ceiver installation:

• /AutoUpdateCheck= auto/manual/disabled

• /AutoUpdateStream= LTSR/Current. Where, LTSR refers to Long Term Service Release and Cur-

rent refers to the current release.

• /DeferUpdateCount= any value between -1 and 30

• /AURolloutPriority= auto/fast/medium/slow

Forexample: CitrixReceiver.exe / AutoUpdateCheck=auto /AutoUpdateStream= Current /DeferUpdateCount=-

1 / AURolloutPriority= fast

• To configure auto-update settings as a user using command-line settings during Citrix Receiver

installation

– /AutoUpdateCheck=auto/manual

For example: CitrixReceiver.exe / AutoUpdateCheck=auto

Editing auto-update settings using the Group Policy Object administrative template overrides the set-

tings applied during Citrix Receiver for Windows installation for all users.

Aer Citrix Receiver for Windows installation

Auto-update can be configured aer installing Citrix Receiver for Windows.

To use the command line:

Citrix Receiver for Windows 4.9 LTSR

Open Windows Command Prompt and change the directory to where CitrixReceiverUpdater.exe

is located. Typically, CitrixReceiverUpdater.exe is located at CitrixReceiverInstallLocation\Citrix\Ica

Client\Receiver.

You can also set the auto-update command-line policy using this binary.

For example: Administrators can use all the four options:

• CitrixReceiverUpdater.exe/ AutoUpdateCheck=auto /AutoUpdateStream= STSR /DeferUpdateCount=-

1 / AURolloutPriority= fast

Configuring using the graphical user interface

An individual user can override the auto-update setting using the Advanced Preferences dialog. This

is a per-user configuration and the settings apply only to the current user.

1. Right-click Citrix Receiver for Windows from the notification area.

2. Select Advanced Preferences and click Auto Update.

The auto-update dialog appears.

3. Select one of the following options:

• Yes, notify me

• No, don’t notify me

• Use administrator specified settings

4. Click Save.

Configuring Auto-update using StoreFront

1. Use a text editor to open the web.configfile, which is typically locatedin the C:\inetpub\wwwroot\Citrix\Roaming

directory.

2. Locate the user account element in the file (Store is the account name of your deployment)

For example: <account id=… name=”Store”>

Before the </account> tag, navigate to the properties of that user account:

</properties>

3. Add the auto-update tag aer <clear /> tag.

Citrix Receiver for Windows 4.9 LTSR

1 <account>

3 <clear />

5 <account id=”d1197d2c-ac82-4f13-9346-2ee14d4b0202” name=”F84Store”

7 description=”” published=”true” updaterType=”Citrix”

remoteAccessType=”None”>

9 <annotatedServices>

11 <clear />

13 <annotatedServiceRecord serviceRef=”1__Citrix_F84Store”>

15 <metadata>

17 <plugins>

19 <clear />

21 </plugins>

23 <trustSettings>

25 <clear />

27 </trustSettings>

29 <properties>

31 <property name=”Auto-Update-Check” value=”auto” />

33 <property name=”Auto-Update-DeferUpdate-Count” value=”1”

35 <property name=”Auto-Update-LTSR-Only” value=”

FALSE” />

37 <property name=”Auto-Update-Rollout-Priority” value=”fast

” />

39 </properties>

Citrix Receiver for Windows 4.9 LTSR

41 </metadata>

43 </annotatedServiceRecord>

45 </annotatedServices>

47 <metadata>

49 <plugins>

51 <clear />

53 </plugins>

55 <trustSettings>

57 <clear />

59 </trustSettings>

61 <properties>

63 <clear />

65 </properties>

67 </metadata>

69 </account>

auto-update-Check

This indicates that Citrix Receiver for Windows detects when an update is available.

Valid values:

• Auto – You are notified when an update is available (default).

• Manual –You are not notified when updates are available. Check for updates manually.

• Disabled – Disable auto-update.

auto-update-LTSR-Only

This indicates that Citrix Receiver for Windows must accept updates only for LTSR.

Valid values:

Citrix Receiver for Windows 4.9 LTSR

• True – auto-updates checks only for LTSR updates of Citrix Receiver for Windows

• False – auto-update checks for non-LTSR updates of Citrix Receiver for Windows as well.

auto-update-DeferUpdate-Count

This indicates the number of counts you can defer the notifications. The Remind me later option is

displayed in the count of the set value.

Valid values:

• -1 – indicates that you can defer the notifications any number of times (default value=-1).

• 0 – indicates that the Remind me later option is not displayed.

• Any other number – indicates that the Remind me later option is displayed in that count. For

example, if you set the value to 10, the Remind me later option is displayed 10 times.

auto-update-Rollout-Priority:

This indicates the period that you can set for the rollout.

Valid values:

• Fast – Update rollout happens at the beginning of the delivery period.

• Medium – Update rollout happens at the mid-delivery period.

• Slow – Update rollout happens at the end of the delivery period.

Limitations:

1. Your system must have access to the internet.

2. Receiver for Web users cannot download the StoreFront policy automatically.

3. If you have configured an SSL intercepting outbound proxy, you must add an exception to the Re-

ceiver auto-update Signature service https://citrixupdates.cloud.com and the down-

load location https://downloadplugins.citrix.com.

4. By default, auto-update is disabled on the VDA. This includes RDS multi-user server machines,

VDI and RemotePC machines.

5. auto-update is disabled on machines where Desktop Lock is installed.

Optimize the environment

October 26, 2018

You can optimize the environment:

• Reduce application launch time

• Facilitate the connection of devices to published resources

• Support DNS name resolution

Citrix Receiver for Windows 4.9 LTSR

• Use proxy servers with XenDesktop connections

• Enable access to anonymous applications

• Check Single Sign-on configuration

Reducing application launch time

August 6, 2018

Use the session pre-launch feature to reduce application launch time during normal or high traic

periods, thus providing users with a better experience. The pre-launch feature allows a pre-launch

session to be created when a user logs on to Citrix Receiver for Windows, or at a scheduled time if the

user is already logged on.

This pre-launch session reduces the launch time of the first application. When a user adds a new

account connection to Citrix Receiver for Windows, session pre-launch does not take eect until the

next session. The default application ctxprelaunch.exe is running in the session, but it is not visible to

the user.

Session pre-launch is supported for StoreFront deployments as of the StoreFront 2.0 release. For

Web Interface deployments, be sure to use the Web Interface Save Password option to avoid logon

prompts. Session pre-launch is not supported for XenDesktop 7 deployments.

Session pre-launch is disabled by default. To enable session pre-launch, specify the EN-

ABLEPRELAUNCH=true parameter on the Receiver command line or set the EnablePreLaunch

registry key to true. The default setting, null, means that pre-launch is disabled.

Note: If the client machine has been configured to support Domain Passthrough (SSON) authentica-

tion, then prelaunch is automatically enabled. If you want to use Domain Passthrough (SSON) without

prelaunch, then set the

EnablePreLaunch registry key value to

false.

Caution: Editing the registry incorrectly can cause serious problems that may require you to reinstall

your operating system. Citrix cannot guarantee that problems resulting from the incorrect use of Reg-

istry Editor can be solved. Use Registry Editor at your own risk. Be sure to back up the registry before

you edit it.

The registry locations are:

HKEY_LOCAL_MACHINE\Soware[Wow6432Node]Citrix\Dazzle

HKEY_CURRENT_USER\Soware\Citrix\Dazzle

There are two types of pre-launch:

Citrix Receiver for Windows 4.9 LTSR

• Just-in-time pre-launch. Pre-Launch starts immediately aer the user’s credentials are au-

thenticated whether or not it is a high-traic period. Typically used for normal traic periods. A

user can trigger just-in-time pre-launch by restarting Citrix Receiver for Windows.

• Scheduled pre-launch. Pre-launch starts at a scheduled time. Scheduled pre-launch starts

only when the user device is already running and authenticated. If those two conditions are not

met when the scheduled pre-launch time arrives, a session does not launch. To spread network

and server load, the session launches within a window of when it is scheduled. For example, if

the scheduled pre-launch is scheduled for 1:45 p.m., the session actually launches between 1:15

p.m. and 1:45 p.m. Typically used for high-traic periods.

Configuring pre-launch on a XenApp server consists of creating, modifying, or deleting pre-launch ap-

plications, as well as updating user policy settings that control the pre-launch application. See “To

pre-launch applications to user devices” in the XenApp documentation for information about config-

uring session pre-launch on the XenApp server.

Customizing the pre-launch feature using the receiver.admx file is not supported. However, you can

change the pre-launch configuration by modifying registry values during or aer Citrix Receiver for

Windows installation. There are three HKLM values and two HKCU values:

• The HKLM values are written during client installation.

• The HKCU values enable you to provide dierent users on the same machine with dierent set-

tings. Users can change the HKCU values without administrative permission. You can provide

your users with scripts to accomplish this.

HKEY_LOCAL_MACHINE registry values

For Windows 7 and 8, 64-bit: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Citrix\ICA

Client\Prelaunch

Forall other supported32-bitWindows operatingsystems: HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA

Client\Prelaunch

Name: UserOverride

Values:

0 - Use the HKEY_LOCAL_MACHINE values even if HKEY_CURRENT_USER values are also present.

1 - Use HKEY_CURRENT_USER values if they exist; otherwise, use the HKEY_LOCAL_MACHINE values.

Name: State

Values:

0 - Disable pre-launch.

1 - Enable just-in-time pre-launch. (Pre-Launch starts aer the user’s credentials are authenticated.)

Citrix Receiver for Windows 4.9 LTSR

2 - Enable scheduled pre-launch. (Pre-launch starts at the time configured for Schedule.)

Name: Schedule

Value:

The time (24 hour format) and days of week for scheduled pre-launch entered in the following format:

HH:MM M:T:W:TH:F:S:SU where HH

and MM are hours and

minutes. M:T:W:TH:F:S:SU are

the days of the week. For

example, to enable scheduled

pre-launch on Monday,

Wednesday, and Friday at 1:45

p.m., set Schedule as

Schedule=13:45

1:0:1:0:1:0:0 . The session

actually launches between

1:15 p.m. and 1:45 p.m.

HKEY_CURRENT_USER registry values

HKEY_CURRENT_USER\SOFTWARE\Citrix\ICA Client\Prelaunch

The State and Schedule keys have the same values as for HKEY_LOCAL_MACHINE.

Mapping client devices

October 26, 2018

Citrix Receiver for Windows supports device mapping on user devicesso they are available from within

a session. Users can:

• Transparently access local drives, printers, and COM ports.

• Cut and paste between the session and the local Windows clipboard.

• Hear audio (system sounds and .wav files) played from the session.

During logon, Citrix Receiver for Windows informs the server of the available client drives, COM ports,

and LPT ports. By default, client drives are mapped to server drive letters and server print queues are

created for client printers so they appear to be directly connected to the session. These mappings are

available only for the current user during the current session. They are deleted when the user logs o

and recreated the next time the user logs on.

You can use the redirection policy settings to map user devices not automatically mapped at logon.

For more information, see the XenDesktop or XenApp documentation.

Citrix Receiver for Windows 4.9 LTSR

Turn o user device mappings

You can configure user device mapping including options for drives, printers, and ports, using the

Windows Server Manager tool. For more information about the available options, see your Remote

Desktop Services documentation.

Redirect client folders

Client folder redirection changes the way client-side files are accessible on the host-side session.

When you enable only client drive mapping on the server, client-side full volumes are automatically

mapped to the sessions as Universal Naming Convention (UNC) links. When you enable client folder

redirection on the server and the user configures it on the user device, the portion of the local volume

specified by the user is redirected.

Only the user-specified folders appear as UNC links inside sessions instead of the complete file system

on the user device. If you disable UNC links through the registry, client folders appear as mapped

drives inside the session. For more information, including how to configure client folder redirection

for user devices, see the XenDesktop 7 documentation.

Map client drives to host-side drive letters

Client drive mapping allows drive letters on the host-side to be redirected to drives that exist on the

user device. For example, drive H in a Citrix user session can be mapped to drive C of the user device

running Citrix Receiver for Windows.

Client drive mapping is built into the standard Citrix device redirection facilities transparently. To File

Manager, Windows Explorer, and your applications, these mappings appear like any other network

mappings.

The server hosting virtual desktops and applications can be configured during installation to map

client drives automatically to a given set of drive letters. The default installation maps drive letters

assigned to client drives starting with V and works backward, assigning a drive letter to each fixed

drive and CD-ROM drive. (Floppy drives are assigned their existing drive letters.) This method yields

the following drive mappings in a session:

Client drive letter Is accessed by the server as:

A A

B B

C V

D U

Citrix Receiver for Windows 4.9 LTSR

The server can be configured so that the server drive letters do not conflict with the client drive letters;

in this case the server drive letters are changed to higher drive letters. For example, changing server

drives C to M and D to N allows client devices to access their C and D drives directly. This method yields

the following drive mappings in a session:

Client drive letter Is accessed by the server as:

A A

B B

C C

D D

The drive letter used to replace the server drive C is defined during Setup. All other fixed drive and CD-

ROM drive letters are replaced with sequential drive letters (for example; C > M, D > N, E > O). These

drive letters must not conflict with any existing network drive mappings. If a network drive is mapped

to the same drive letter as a server drive letter, the network drive mapping is not valid.

When a user device connects to a server, client mappings are reestablished unless automatic client

device mapping is disabled. Client drive mapping is enabled by default. To change the settings, use

the Remote Desktop Services (Terminal Services) Configuration tool. You can also use policies to give

you more control over how client device mapping is applied. For more information about policies,

see the XenDesktop or XenApp documentation in Citrix Product Documentation.

HDX Plug and Play USB device redirection

Updated: 2015-01-27

HDX Plug and Play USB device redirection enables dynamic redirection of media devices, including

cameras, scanners, media players, and point of sale (POS) devices to the server. You or the user can

restrict redirection of all or some of the devices. Edit policies on the server or apply group policies on

the user device to configure the redirection settings. For more information, see USB and client drive

considerations in the XenApp and XenDesktop documentation.

Important: If you prohibit Plug and Play USB device redirection in a server policy, the user cannot

override that policy setting.

A user can set permissions in Citrix Receiver for Windows to always allow or reject device redirection

or to be prompted each time a device is connected. The setting aects only devices plugged in aer

the user changes the setting.

Citrix Receiver for Windows 4.9 LTSR

To map a client COM port to a server COM port

Client COMport mapping allows devices attached tothe COM ports of the user device to be used during

sessions. These mappings can be used like any other network mappings.

You can map client COM ports at the command prompt. You can also control client COM port mapping

from the Remote Desktop (Terminal Services) Configuration tool or using policies. For information

about policies, see the XenDesktop or XenApp documentation.

Important: COM port mapping is not TAPI-compatible.

1. For XenDesktop 7 deployments, enable the Client COM port redirection policy setting.

2. Log on to Citrix Receiver for Windows.

3. At a command prompt, type:

net use comx: \\client\comz:

where x is the number of the COM port on the server (ports 1 through 9 are availablefor mapping)

and z is the number of the client COM port you want to map.

4. To confirm the operation, type:

net use

at a command prompt. The list that appears contains mapped drives, LPT ports, and mapped

COM ports.

To use this COM port in a virtual desktop or application, install your user device to the mapped

name. For example, if you map COM1 on the client to COM5 on the server, install your COM port

device on COM5 during the session. Use this mapped COM port as you would a COM port on the

user device.

Supporting DNS name resolution

August 6, 2018

You can configure Citrix Receiver for Windows that use the Citrix XML Service to request a Domain

Name Service (DNS) name for a server instead of an IP address.

Important: Unless your DNS environment is configured specifically to use this feature, Citrix recom-

mends that you do not enable DNS name resolution in the server farm.

Citrix Receiver for Windows connecting to published applications through the Web Interface also use

the Citrix XML Service. For Citrix Receiver for Windows connecting through the Web Interface, the Web

server resolves the DNS name on behalf of the Citrix Receiver for Windows.

Citrix Receiver for Windows 4.9 LTSR

DNS name resolution is disabled by default in the server farm and enabled by default on the Citrix

Receiver for Windows . When DNS name resolution is disabled in the farm, any Citrix Receiver for Win-

dows request for a DNS name returns an IP address. There is no need to disable DNS name resolution

on Citrix Receiver for Windows.

To disable DNS name resolution for specific user devices

If your server deployment uses DNS name resolution and you experience issues with specific user

devices, you can disable DNS name resolution for those devices.

Caution: Using Registry Editor incorrectly can cause serious problems that can require you to reinstall

the operating system. Citrix cannot guarantee that problems resulting from incorrect use of Registry

Editor can be solved. Use Registry Editor at your own risk. Make sure you back up the registry before

you edit it.

1. Add a string registry key xmlAddressResolutionType to HKEY_LOCAL_MACHINE\Soware\Wow6432Node\Citrix\ICA

Client\Engine\Lockdown Profiles\All Regions\Lockdown\Application Browsing.

2. Set the value to IPv4-Port.

3. Repeat for each user of the user devices.

Using proxy servers with XenDesktop

February 13, 2019

If you do not use proxy servers in your environment, correct the Internet Explorer proxy settings on any

user devices running Internet Explorer 7.0 on Windows XP. By default, this configuration automatically

detects proxy settings. If proxy servers are not used, users will experience unnecessary delays during

the detection process. For instructions on changing the proxy settings, consult your Internet Explorer

documentation. Alternatively, you can also change proxy settings using the Web Interface. For more

information, consult the Web Interface documentation.

Using Configuration Checker to validate Single Sign-on configuration

October 26, 2018

Starting with Release 4.5 of Citrix Receiver for Windows, Configuration Checker helps users to run a

test to ensure Single Sign-on is configured properly. The test runs on dierent checkpoints of the

Single Sign-on configuration and displays the configuration results.

1. Logon to Citrix Receiver for Windows.

Citrix Receiver for Windows 4.9 LTSR

2. Right-click Citrix Receiver for Windows in the notification area and select Advanced Prefer-

ences. The Advanced Preferences window appears.

3. Select Configuration Checker. The Citrix Configuration Checker window appears.

4. Select SSONChecker from the Select pane.

5. Click Run. A progress bar appears, displaying the status of the test.

The Configuration Checker window has the following columns:

1. Status: Displays the result of a test on a specific check point.

• A green check mark indicates that the specific checkpoint is configured properly.

• A blue I indicates information about the checkpoint.

• A Red X indicates that the specific checkpoint is not configured properly.

2. Provider: Displays the name of the module on which the test is run. In this case, Single Sign-on.

3. Suite: Indicates the category of the test. For example, Installation.

4. Test: Indicates the name of the specific test that is run.

5. Details: Provides additional information about the test, irrespective of pass or fail. The user

gets more information about each checkpoint and the corresponding results.

The following tests are performed:

1. Installed with Single Sign-on

2. Logon credential capture

3. Network Provider registration: The test result against Network Provider registration displays

a green check mark only when “Citrix Single Sign-on” is set to be first in the list of Network

Providers. If Citrix Single Sign-on appears anywhere else in the list, the test result against Net-

work Provider registration appears with a blue I and additional information.

4. Single Sign-on process is running

5. Group Policy: By default, this policy is configured on the client.

6. Internet Settings for Security Zones: Ensure that you add the Store/XenApp Service URL to the

list of Security Zones in the Internet Options. If the Security Zones is configured via Group pol-

icy, any change in the policy requires the Advanced Preference window to be reopened for the

changes to take eect and to display the correct status of the test.

7. Authentication method for Web Interface/StoreFront.

Note: If the user is accessing Receiver for Web, the test results are not applicable.

If Citrix Receiver for Windows is configured with multiple stores, the authentication method test runs

on all configured stores.

Note: The test results can be saved as reports and the default format for the report is .txt.

Citrix Receiver for Windows 4.9 LTSR

Hiding the Configuration Checker option from the Advanced Preferences dialog:

1. As an administrator, open the Group Policy Editor by either running gpedit.msc locally from the

Start menu when applying policies to a single computer, or by using the Group Policy Manage-

ment Console when applying domain policies.

2. In the Group Policy Editor, go to Citrix Components > Citrix Receiver > Self Service > Disable-

ConfigChecker.

3. Select Enabled.

This hides the Configuration Checker option from the Advanced Preferences window.

4. Click Apply and OK.

5. Open a command prompt.

6. Run gpupdate /force command.

For the changes to take eect, close and reopen the Advance Preferences dialog.

Limitations:

Configuration Checker does not include the checkpoint for the configuration of Trust requests sent to

the XML service on XenApp/XenDesktop servers.

Improve the user experience

August 28, 2020

You can improve your user experience with the following features:

Configuring generic client Input Method Editors (IME)

Configuring generic client IME using the command line interface

To enable generic client IME, run the wfica32.exe /localime:on command from the Citrix Receiver for

Windows installation folder (C:\Program Files (x86)\Citrix\ICA Client).

Note

You can use the command line switch wfica32.exe /localime:on to enable both generic client

IME and keyboard layout synchronization.

To disable generic client IME, run the wfica32.exe /localgenericime:o command from the Citrix Re-

ceiver for Windows installation folder (C:\Program Files (x86)\Citrix\ICA Client). This command does

not aect keyboard layout synchronization settings.

If you have disabled generic client IME using the command line interface, you can enable the feature

again by running the wfica32.exe /localgenericime:on command.

Citrix Receiver for Windows 4.9 LTSR

Toggle:

Citrix Receiver for Windows supports toggle functionality for this feature. You can run the wfica32.exe

/localgenericime:on command to enable or disable the feature. However, the keyboard layout syn-

chronization settings take precedence over the toggle switch. If keyboard layout synchronization is

set to O, toggling does not enable generic client IME.

Configuring generic client IME using the graphical user interface

Generic client IME requires VDA Version 7.13 or later.

Generic client IME feature can be enabled by enabling keyboard layout synchronization. For more

information, see Keyboard layout synchronization.

Citrix Receiver for Windows allows you to configure dierent options to use generic client IME. You can

select from one these options based on your requirements and usage.

1. In an active application session, right-click the Citrix Receiver icon in the notification area and

select Connection Center.

2. Select Preferences and click Local IME.

The options below are available to support dierent IME modes:

1. Enable Server IME – select this option to disable local IME. This option means that only the

languages set on the server can be used.

2. Set Local IME to High Performance mode –select this option to use local IME with limited band-

width. This option restricts the candidate window functionality.

3. Set Local IME to Best Experience mode – select this option to use local IME with best user

experience. This option consumes high bandwidth. By default, this option is selected when

generic client IME is enabled.

The change in settings is applied only in the current session.

Enabling hotkey configuration using a registry editor

When generic client IME is enabled, you can use the Shi+F4 hotkeys to select dierent IME modes.

The dierent options for IME modes appear in the top-right corner of the session.

By default, the hotkey for generic client IME is disabled.

In the registry editor, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Citrix\ICA

Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Hot Keys.

Select AllowHotKey and change the default value to 1.

Citrix Receiver for Windows 4.9 LTSR

Note

Hotkey functionality is supported in both desktop and application sessions.

Limitations:

1. Generic client IME does not support UWP (Universal Windows Platform) apps such as Search UI,

and the Edge browser of the Windows 10 operating system. As a workaround, use the server IME

instead.

2. Generic client IME is not supported on Internet Explorer Version 11 in Protected Mode. As a

workaround, you can disable Protected Mode by using Internet Options. To do this, click Se-

curity and clear Enable Protected Mode.

Keyboard layout

Keyboard layout synchronization enables users to switch among preferred keyboard layouts on the

client device. This feature is disabled by default.

To enable keyboard layout synchronization:

1. From the Citrix Receiver for Windows notification area icon, select Advanced Preferences > Lo-

cal keyboard layout setting > Yes.

2. Click Save.

You can disable the feature by selecting No.

You can also enable and disable keyboard layout synchronization through the command line by run-

ning wfica32:exe /localime:on or wfica32:exe /localime:o from the Citrix Receiver for Windows

installation folder (C:\program files (x86)\Citrix\ICA Client).

Note: Using the local keyboard layout option activates the Client IME (Input Method Editor). If users

working in Japanese, Chinese or Korean prefer to use the Server IME, they must disable the local key-

board layout option by selecting No, or running wfica32:exe /localime:o. The session will revert to

the keyboard layout provided by the remote server when they connect to the next session.

Sometimes, switching the client keyboard layout does not take eect in an active session. To resolve

this issue, log o from Citrix Receiver for Windows and login again.

Limitations:

• Remote applications which run with elevated privilege (for example, right click an application

icon > Run as administrator) can’t be synchronized with the client keyboard layout. To work

around this issue, manually change the keyboard layout on the server side (VDA) or disable UAC.

• If the user changes the keyboard layout on the client to a layout which is not supported on the

server, then the keyboard layout synchronization feature will be disabled for security reasons

- an unrecognized keyboard layout is treated as a potential security threat. To restore the key-

board layout synchronization feature, the user should log o and back on to the session.

Citrix Receiver for Windows 4.9 LTSR

• When RDP is deployed as an application and the user is working within an RDP session, it is not

possible to change the keyboard layout using Alt + Shi shortcuts. To work around this, the user

can use the language bar in the RDP session to switch the keyboard layout.

• This feature is disabled in Windows Server 2016 due to a third-party issue which may intro-

duce performance risk. The feature can be enabled with a registry setting on the VDA: in

HKLM\Soware\Citrix\ICA\IcaIme, add a new key called DisableKeyboardSync and set the

value to 0.

Warning

Editing the registry incorrectly can cause serious problems that may require you to reinstall your

operating system. Citrix cannot guarantee that problems resulting from the incorrect use of Reg-

istry Editor can be solved. Use Registry Editor at your own risk. Be sure to back up the registry

before you edit it.

Relative Mouse

Relative Mouse support provides an option to interpret the mouse position in a relative rather than an

absolute manner. This capability is required for applications that demand relative mouse input rather

than absolute.

Note: This feature can be applied in a published desktop session only.

To enable Relative Mouse support

1. Logon to Citrix Receiver for Windows

2. Launch a published desktop session

3. From the Desktop Viewer toolbar, select Preferences.

The Citrix Receiver - Preferences window appears.

4. Select Connections.

5. Under Relative Mouse settings, enable Use relative mouse.

6. Click Apply and OK.

Note: This is a per session feature. It does not persist aer reconnecting to a disconnected session.

Users must re-enable the feature every time they connect or reconnect to the published desktop.

Hardware decoding

When using Citrix Receiver for Windows (with HDX engine 14.4), the GPU can be used for H.264 decod-

ing wherever it is available at the client. The API layer used for GPU decoding is DXVA (DirectX Video

Acceleration).

Citrix Receiver for Windows 4.9 LTSR

For more information, see Improved User Experience: Hardware Decoding for Citrix Windows

Receiver.

Note

This feature is not enabled by default for embedded GPUs.

To enable hardware decoding:

1. Copy “receiver.adml” from “root\Citrix\ICAClient\Configuration\en” to “C:\Windows\PolicyDefinitions\en-

US”.

2. Copy “receiver.admx” from “root\Citrix\ICAClient\Configuration” to “C:\Windows\PolicyDefinitions\”.

3. Navigate to Local Group policy editor.

4. Under Computer Configuration-> Administrative Templates -> Citrix Receiver -> User Experi-

ence, open Hardware Acceleration for graphics.

5. Select Enabled and click OK.

To validate if the policy was applied and hardware acceleration is being used for an active ICA session,

look for the following registry entries:

Registry Path: HKCU\Soware\Citrix\ICA Client\CEIP\Data\GfxRender\<session ID>

Tip

The value for Graphics_GfxRender_Decoder and Graphics_GfxRender_Renderer should be 2.

If the value is 1, that means CPU based decoding is being used.

When using the hardware decoding feature, consider the following limitations:

• If the client has two GPU’s and if one of the monitors is active on the 2nd GPU, CPU decoding

will be used.

• When connecting to a XenApp 7.x server running on Windows Server 2008 R2, Citrix recom-

mends that you do not to use hardware decoding on the user’s Windows device. If enabled,

issues like slow performance while highlighting text and flickering issues will be seen.

Client-side microphone input

Citrix Receiver for Windows supports multiple client-side microphone input. Locally installed micro-

phones can be used for:

• Real-time activities, such as sophone calls and Web conferences.

• Hosted recording applications, such as dictation programs.

• Video and audio recordings.

Citrix Receiver for Windows users can select whether to use microphones attached to their device by

changing a Connection Center setting. XenDesktop users can also use the XenDesktop Viewer Prefer-

ences to disable their microphones and webcams.

Citrix Receiver for Windows 4.9 LTSR

Multi-monitor support

You can use up to eight monitors with Citrix Receiver for Windows.

Each monitor in a multiple monitor configuration has its own resolution designed by its manufacturer.

Monitors can have dierent resolutions and orientations during sessions.

Sessions can span multiple monitors in two ways:

• Full screen mode, with multiple monitors shown inside the session; applications snap to moni-

tors as they would locally.

XenDesktop: To display the Desktop Viewer window across any rectangular subset of monitors,

resize the window across any part of those monitors and click Maximize.

• Windowed mode, with one single monitor image for the session; applications do not snap to

individual monitors.

XenDesktop: When any desktop in the same assignment (formerly “desktop group”) is launched sub-

sequently, the window setting is preserved and the desktop is displayed across the same monitors.

Multiple virtual desktops can be displayed on one device provided the monitor arrangement is rectan-

gular. If the primary monitor on the device is used by the XenDesktop session, it becomes the primary

monitorin the session. Otherwise, the numerically lowestmonitor in the session becomes the primary

monitor.

To enable multi-monitor support, ensure the following:

• The user device is configured to support multiple monitors.

• The user device operating system must be able to detect each of the monitors. On Windows

platforms, to verify that this detection occurs, on the user device, view the Settings tab in the

Display Settings dialog box and confirm that each monitor appears separately.

• Aer your monitors are detected:

– XenDesktop: Configure the graphics memory limit using the Citrix Machine Policy setting

Display memory limit.

– XenApp: Depending on the version of the XenApp server you have installed:

Configure the graphics memory limit using the Citrix Computer Policy setting Display

memory limit.

From the Citrix management console for the XenApp server, select the farm and in the

task pane, select Modify Server Properties > Modify all properties > Server Default >

HDX Broadcast > Display (or Modify Server Properties > Modify all properties > Server

Default > ICA > Display) and set the Maximum memory to use for each session’s graph-

ics.

Ensure the setting is large enough (in kilobytes) to provide suicient graphic memory. If this setting

is not high enough, the published resource is restricted to the subset of the monitors that fits within

the size specified.

Citrix Receiver for Windows 4.9 LTSR

For information about calculating the session’s graphic memory requirements for XenApp and Xen-

Desktop, see Knowledge Center article CTX115637.

Printer setting overrides on devices

If the Universal printing optimization defaults policy setting Allow non-administrators to modify these

settings is enabled, users can override the Image Compression and Image and Font Caching options

specified in that policy setting.

To override the printer settings on the user device

1. From the Print menu available from an application on the user device, choose Properties.

2. On the Client Settings tab, click Advanced Optimizations and make changes to the Image Com-

pression and Image and Font Caching options.

On-screen keyboard control

To enable touch-enabled access to virtual applications and desktops from Windows tablets, Citrix Re-

ceiver for Windows automatically displays the on-screen keyboard when you activate a text entry field,

and when the device is in tent or tablet mode.

On some devices and in some circumstances, Citrix Receiver for Windows cannot accurately detect

the mode of the device, and the on-screen keyboard may appear when you do not want it to.

To suppress the on-screen keyboard from appearing when using a convertible device ,create

a REG_DWORD value DisableKeyboardPopup in HKEY_CURRENT_USER\SOFTWARE\Citrix\ICA

Client\Engine\Configuration\Advanced\Modules\MobileReceiver and set the value to 1.

Note: On a x64 machine, create the value in HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Citrix\ICA

Client\Engine\Configuration\Advanced\Modules\MobileReceiver.

The keys can be set to 3 dierent modes as given below:

• Automatic: AlwaysKeyboardPopup = 0; DisableKeyboardPopup = 0

• Always popup (on-screen keyboard): AlwaysKeyboardPopup = 1; DisableKeyboardPopup = 0

• Never popup (on-screen keyboard): AlwaysKeyboardPopup = 0; DisableKeyboardPopup = 1

Keyboard shortcuts

You can configure combinations of keys that Receiver interprets as having special functionality. When

the keyboard shortcuts policy is enabled, you can specify Citrix Hotkey mappings, behavior of Win-

dows hotkeys, and keyboard layout for sessions.

Citrix Receiver for Windows 4.9 LTSR

1. As an administrator, open the Group Policy Editor by either running gpedit.msc locally from the

Start menu when applying policies to a single computer or by using the Group Policy Manage-

ment Console when applying domain policies.

Note: If you already imported the Citrix Receiver for Windows template into the Group Policy

Editor, you can omit Steps 2 to 5.

2. In the le pane of the Group Policy Editor, select the Administrative Templates folder.

3. From the Action menu, choose Add/Remove Templates.

4. Choose Add and browseto the Receiver Configurationfolder(usually C:\Program Files\Citrix\ICA

Client\Configuration) and select the Citrix Receiver for Windows template file.

Note: Depending on the version of the Windows Operating System, select the Citrix Receiver

for Windows template file (receiver.adm or receiver.admx/receiver.adml).

5. Select Open to add the template and then Close to return to the Group Policy Editor.

6. In the Group Policy Editor, go to Administrative Templates > Classic Administrative Templates

(ADM) > Citrix Components > Citrix Receiver > User Experience > Keyboard shortcuts.

7. From the Action menu, choose Properties, select Enabled, and choose the desired options.

Citrix Receiver for Windows support for 32-bit color icons

Citrix Receiver for Windows supports 32-bit high color icons and automatically selects the color depth

for applications visible in the Citrix Connection Center dialog box, the Start menu, and task bar to

provide for seamless applications.

Caution: Editing the registry incorrectly can cause serious problems that may require you to reinstall

your operating system. Citrix cannot guarantee that problems resulting from the incorrect use of Reg-

istry Editor can be solved. Use Registry Editor at your own risk. Be sure to back up the registry before

you edit it.

To set a preferred depth, you can add a string registry key named TWIDesiredIconColor to

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Citrix\ICA Client\Engine\Lockdown Profiles\All

Regions\Preferences and set it to the desired value. The possible color depths for icons are 4, 8, 16,

24, and 32 bits-per-pixel. The user can select a lower color depth for icons if the network connection

is slow.

Enabling Desktop Viewer

Dierent enterprises have dierent corporate needs. Your requirements for the way users access vir-

tual desktops may vary from user to user and may vary as your corporate needs evolve. The user

experience of connecting to virtual desktops and the extent of user involvement in configuring the

connections depend on how you set up Citrix Receiver for Windows.

Citrix Receiver for Windows 4.9 LTSR

Use the Desktop Viewer when users need to interact with their virtual desktop. The user’s virtual

desktop can be a published virtual desktop, or a shared or dedicated desktop. In this access scenario,

the Desktop Viewer toolbar functionality allows the user to open a virtual desktop in a window and

pan and scale that desktop inside their local desktop. Users can set preferences and work with more

than one desktop using multiple XenDesktop connections on the same user device.

Note: Your users must use Citrix Receiver for Windows to change the screen resolution on their virtual

desktops. They cannot change Screen Resolution using Windows Control Panel.

Keyboard input in Desktop Viewer sessions

In Desktop Viewer sessions, Windows logo key+L is directed to the local computer.

Ctrl+Alt+Delete is directed to the local computer.

Key presses that activate StickyKeys, FilterKeys, and ToggleKeys (Microso accessibility features) are

normally directed to the local computer.

As an accessibility feature of the Desktop Viewer, pressing Ctrl+Alt+Break displays the Desktop Viewer

toolbar buttons in a pop-up window.

Ctrl+Esc is sent to the remote, virtual desktop.

Note: By default, if the Desktop Viewer is maximized, Alt+Tab switches focus between windows inside

the session. If the Desktop Viewer is displayed in a window, Alt+Tab switches focus between windows

outside the session.

Hotkey sequences are key combinations designed by Citrix. For example, the Ctrl+F1 sequence repro-

duces Ctrl+Alt+Delete, and Shi+F2 switches applications between full-screen and windowed mode.

You cannot use hotkey sequences with virtual desktops displayed in the Desktop Viewer (that is, with

XenDesktop sessions), but you can use them with published applications (that is, with XenApp ses-

sions).

Connect to virtual desktops

From within a desktop session, users cannot connect to the same virtual desktop. Attempting to do

so will disconnect the existing desktop session. Therefore, Citrix recommends:

• Administrators should not configure the clients on a desktop to point to a site that publishes the

same desktop

• Users should not browse to a site that hosts the same desktop if the site is configured to auto-

matically reconnect users to existing sessions

• Users should not browse to a site that hosts the same desktop and try to launch it

Be aware that a user who logs on locally to a computer that is acting as a virtual desktop blocks con-

nections to that desktop.

Citrix Receiver for Windows 4.9 LTSR

If your users connect to virtual applications (published with XenApp) from within a virtual desktop

and your organization has a separate XenApp administrator, Citrix recommends working with them to

define device mapping such that desktop devices are mapped consistently within desktop and appli-

cation sessions. Because local drives are displayed as network drives in desktop sessions, the XenApp

administrator needs to change the drive mapping policy to include network drives.

Changing the status indicator time-out

You can change the amount of time the status indicator displays when a user is launching a session. To

alterthe time out period, createa REG_DWORDvalueSI INACTIVE MS in HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA

CLIENT\Engine. The REG_DWORD value can be set to 4 if you want the status indicator to disappear

sooner.

Caution:

Editing the registry incorrectly can cause serious problems that may require you to reinstall your

operating system. Citrix cannot guarantee that problems resulting from the incorrect use of Reg-

istry Editor can be solved. Use Registry Editor at your own risk. Be sure to back up the registry

before you edit it.

Customer Experience Improvement Program (CEIP)

Data Collected Description What we Use it for

Configuration and usage data The Citrix Customer

Experience Improvement

Program (CEIP) gathers

configuration and usage data

from Receiver for Windows

and automatically sends the

data to Citrix.

This data helps Citrix improve

the quality, reliability, and

performance of Receiver.

Citrix will handle your data in accordance with the terms of your contract with Citrix, and protect it as

specified in the Citrix Services Security Exhibit available on the Citrix Trust Center.

You might turn o this feature by performing the procedure below:

1. Right-click the Citrix Receiver icon from the notification area

2. Select Advanced Preferences.

The Advanced Preferences dialog appears.

3. Select Data Collection.

Citrix Receiver for Windows 4.9 LTSR

4. Select No, Thanks to disable CEIP or to forego participation.

5. Click Save.

The specific data elements collected by this feature are:

Operating System

Version

Receiver Version External devices

connected

Screen Resolution

Flash Version Desktop Lock

Configuration

Touch enabled Authentication

configuration

Session launch

method

Graphics

Configuration

Desktop Viewer

configuration

Printing

Connection error Time to launch Receiver Language VDA information

SSON State Installer State Time to install Connection protocol

Internet Explorer

version

Secure connections

November 16, 2018

To maximize the security of your environment, the connections between Citrix Receiver for Windows

and the resources you publish must be secured. You can configure various types of authentication for

your Citrix Receiver for Windows soware, including smart card authentication, certificate revocation

list checking, and Kerberos pass-through authentication.

Windows NT Challenge/Response (NTLM) authentication is supported by default on Windows com-

puters.

Configure domain pass-through authentication

October 9, 2019

For information on configuring domain pass-through authentication, see Knowledge Center article

CTX133982.

Citrix Receiver for Windows 4.9 LTSR

Citrix Receiver for Windows installation with Single Sign-on

There are two ways to enable domain pass-through (SSON) when installing Citrix Receiver for Win-

dows:

• using the command line installation

• using the graphical user interface

Enable domain pass-through using the command line interface

To enable domain pass-through (SSON) using the command line interface:

1. Install Citrix Receiver 4.x with the /includeSSON switch.

• Install one or more StoreFront stores (you can complete this step at a later stage); installing

StoreFront stores is not a prerequisite for setting up domain pass-through authentication.

• Verify that pass-through authentication is enabled by starting Citrix Receiver, then con-

firm that the ssonsvr.exe process is running in Task Manager aer rebooting the end point

where Citrix Receiver is installed.

Note

For information on the syntax for adding one or more StoreFront stores, see Configure and install

Receiver for Windows using command-line parameters.

Enable domain pass-through using the graphical user interface

To enable domain pass-through using the graphical user interface:

1. Locate the Citrix Receiver for Windows installation file (CitrixReceiver.exe).

2. Double click CitrixReceiver.exe to launch the installer.

3. In the Enable Single Sign-on installation wizard, select the Enable single sign-on checkbox to

install Citrix Receiver for Windows with the SSON feature enabled; this is equivalent to installing

Citrix Receiver for Windows using the command line switch /includeSSON.

The image below illustrates how to enable Single Sign-on:

Note

The Enable Single Sign-on installation wizard is available only for fresh installation on a domain

joined machine.

Verify that pass-through authentication is enabled by restarting Citrix Receiver for Windows, and then

confirm that the ssonsvr.exe process is running in Task Manager aer rebooting the endpoint on

which Citrix Receiver for Windows is installed.

Citrix Receiver for Windows 4.9 LTSR

Group policy settings for SSON

Use the information in this section to configure group policy settings for SSON authentication.

Note

The default value of the GPO policy setting related to SSON is Enable pass-through authenti-

cation.

Configuring SSON using Group Policy Object administrative template

1. Open gpedit.msc, right-click Computer Configuration > Administrative Templates - > Citrix

Component-> Citrix Receiver-> User Authentication.

2. Enable the following local computer GPO settings (on the user’s local machine and/or on the

VDA desktop golden image):

• Choose the local user name and password.

• Select Enabled.

• Select Enable pass-through authentication.

3. Reboot the endpoint (on which Citrix Receiver for Windows is installed) or the VDA desktop

golden image.

Using an ADM file for SSON group policy

Use the following procedure to configure group policy settings using an ADM file:

1. Open the local group policy editor by selecting Computer Configuration > Right-click Admin-

istrative Templates > Choose Add/Remove Templates.

2. Click Add to add a ADM template.

3. Aer successfully adding the receiver.adm template, expand Computer Configuration > Ad-

ministrative Templates > Classic Administrative Templates (ADM) > Citrix Components >

Citrix Receiver > User authentication.

4. Open Internet Explorer on the local machine and/or on the VDA desktop golden image.

5. In Internet Settings > Security > Trusted Sites, add the StoreFront server(s) fully qualified

domain name (FQDN), without the store path, to the list. For example, https://storefront

.example.com

Note: You can also add the StoreFront server to the Trusted Sites using a Microso GPO. The

GPO is called Site to Zone Assignment List; you can find this list in Computer Configuration

> Administrative Templates > Windows Components > Internet Explorer > Internet Control

Panel > Security Page.

6. Log o, and log back on to the Citrix Receiver endpoint.

Citrix Receiver for Windows 4.9 LTSR

When Citrix Receiver opens, if the current user is logged on to the domain, the user’s credentials are

passed through to StoreFront, along with enumerated apps and desktops within Citrix Receiver, in-

cluding the user’s Start menu settings. When the user clicks an icon, Citrix Receiver passes through

the user’s domain credentials to the Delivery Controller and the app (or desktop) opens.

Enable Delivery Controller to trust XML

Use the following procedure to configure SSON on StoreFront and Web Interface:

1. Log on to the Delivery Controller(s) as an administrator.

2. Open Windows PowerShell (with administrative privileges). Using PowerShell, you can issue

commands to enable the Delivery Controller to trust XML requests sent from StoreFront.

3. Type Add-PSSnapin Citrix*, and press Enter.

4. Type Set-BrokerSite -TrustRequestsSentToTheXmlServicePort $True, and press Enter.

5. Close PowerShell.

Configuring SSON on StoreFront and Web Interface

StoreFront configuration

To configure SSON on StoreFront and Web Interface, open Citrix Studio on the StoreFront Server and

select Authentication->Add /Remove Methods. Select Domain pass-through.

Web Interface configuration

To configure SSON on the Web Interface, select Citrix Web Interface Management > XenApp Sevices

Sites > Authentication Methods and enable Pass-through.

Configure domain pass-through authentication with Kerberos

October 4, 2018

This topic applies only to connections between Citrix Receiver for Windows and StoreFront, XenDesk-

top, or XenApp.

Citrix Receiver for Windows supports Kerberos for domain pass-through authentication for deploy-

ments that use smart cards. Kerberos is one of the authentication methods included in Integrated

Windows Authentication (IWA).

When Kerberos authentication is enabled, Kerberos authenticates without passwords for Citrix Re-

ceiver for Windows, thus preventing Trojan horse-style attacks on the user device to gain access to

Citrix Receiver for Windows 4.9 LTSR

passwords. Users can log on to the user device with any authentication method; for example, a bio-

metric authenticator such as a fingerprint reader, and still access published resources without further

authentication.

Citrix Receiver for Windows handles pass-through authentication with Kerberos as follows when Citrix

Receiver for Windows, StoreFront, XenDesktop and XenApp are configured for smart card authentica-

tion and a user logs on with a smart card:

1. The Citrix Receiver for Windows Single Sign-on service captures the smart card PIN.

2. Citrix Receiver for Windows uses IWA (Kerberos) to authenticate the user to StoreFront. Store-

Front then provides Citrix Receiver for Windows with information about available virtual desk-

tops and apps.

Note: You do not have to use Kerberos authentication for this step. Enabling Kerberos on Citrix

Receiver for Windows is only needed to avoid an extra PIN prompt. If you do not use Kerberos

authentication, Citrix Receiver for Windows authenticates to StoreFront using the smart card

credentials.

3. The HDX engine (previously referred to as the ICA client) passes the smart card PIN to XenDesk-

top or XenApp to log the user on to the Windows session. XenDesktop or XenApp then deliver

the requested resources.

To use Kerberos authentication with Citrix Receiver for Windows, make sure your Kerberos configura-

tion conforms to the following.

• Kerberos works only between Citrix Receiver for Windows and servers that belong to the same

or to trusted Windows Server domains. Servers must also be trusted for delegation, an option

you configure through the Active Directory Users and Computers management tool.

• Kerberos must be enabled on the domain and in XenDesktop and XenApp. For enhanced secu-

rity and to ensure that Kerberos is used, disable on the domain any non-Kerberos IWA options.

• Kerberos logon is not available for Remote Desktop Services connections configured to use Ba-

sic authentication, to always use specified logon information, or to always prompt for a pass-

word.

The remainder of this topic describes how to configure domain pass-through authentication for the

most common scenarios. If you are migrating to StoreFront from Web Interface and previously used a

customized authentication solution, contact your Citrix Support representative for more information.

Warning

Some of the configurations described in this topic include registry edits. Using Registry Editor in-

correctly can cause serious problems that can require you to reinstall the operating system. Cit-

rix cannot guarantee that problems resulting from incorrect use of Registry Editor can be solved.

Use Registry Editor at your own risk. Make sure you back up the registry before you edit it.

Citrix Receiver for Windows 4.9 LTSR

To configure domain pass-through authentication with Kerberos for use with smart

cards

If you are not familiar with smart card deployments in a XenDesktop environment, we recommend

that you review the smart card information in the Secure your deployment section in the XenDesktop

documentation before continuing.

When you install Citrix Receiver for Windows, include the following command-line option:

• /includeSSON

This option installs the single sign-on component on the domain-joined computer, enabling

Citrix Receiver for Windows to authenticate to StoreFront using IWA (Kerberos). The single sign-

on component stores the smart card PIN, which is then used by the HDX engine when it remotes

the smart card hardware and credentials to XenDesktop. XenDesktop automatically selects a

certificate from the smart card and obtains the PIN from the HDX engine.

A related option, ENABLE_SSON, is enabled by default and should remain enabled.

If a security policy prevents enabling single sign-on on a device, configure Citrix Receiver for

Windows through the following policy:

Administrative Templates > Classic Administrative Templates (ADM) > Citrix Components > Citrix

Receiver > User authentication > Local user name and password

Note

: In this scenario you want to allow the HDX engine to use smart card authentication and

not Kerberos, so do not use the option ENABLE_KERBEROS=Yes, which would force the HDX

engine to use Kerberos.

To apply the settings, restart Citrix Receiver for Windows on the user device.

To configure StoreFront:

• In the default.ica file located on the StoreFront server, set DisableCtrlAltDel to false.

Note: This step is not required if all client machines are running Citrix Receiver for Windows 4.2

or above.

• When you configure the authenticationservice on the StoreFront server, select the Domain pass-

through check box. That setting enables Integrated Windows Authentication. You do not need

to select the Smart card check box unless you also have non domain joined clients connecting

to Storefront with smart cards.

For more information about using smart cards with StoreFront, refer to Configure the authentication

service in the StoreFront documentation.

About FastConnect API and HTTP basic authentication

The FastConnect API uses the HTTP Basic Authentication method, which is frequently confused

with authentication methods associated with domain pass-through, Kerberos, and IWA. Citrix

Citrix Receiver for Windows 4.9 LTSR

recommends that you disable IWA on StoreFront and in ICA group policy.

Configure smart card authentication

March 19, 2019

Citrix Receiver for Windows supports the following smart card authentication features. For informa-

tion about XenDesktop and StoreFront configuration, refer to the documentation for those compo-

nents. This topic describes Citrix Receiver for Windows configuration for smart cards.

• Pass-through authentication (single sign-on) – Pass-through authentication captures

smart card credentials when users log on to Citrix Receiver for Windows. Citrix Receiver for

Windows uses the captured credentials as follows:

– Users of domain-joined devices who log on to Citrix Receiver for Windows with smart card

credentialscan startvirtual desktopsand applications without needing to re-authenticate.

– Users of non-domain-joined devices who log on to Citrix Receiver for Windows with smart

card credentials must enter their credentials again to start a virtual desktop or application.

Pass-through authentication requires StoreFront and Citrix Receiver for Windows configuration.

• Bimodal authentication – Bimodal authentication oers users a choice between using a smart

card and entering their user name and password. This feature is useful if the smart card cannot

be used (for example, the user has le it at home or the logon certificate has expired). Dedicated

stores must be set up per site to allow this, using the DisableCtrlAltDel method set to False to

allow smart cards. Bimodal authentication requires StoreFront configuration. If NetScaler Gate-

way is present in the solution, is also requires configuration.

Bimodal authentication also now gives the StoreFront administrator the opportunity to oer

the end user both user name and password and smart card authentication to the same store by

selecting them in the StoreFront Console. See StoreFront documentation.

• Multiple certificates – Multiple certificates can be available for a single smart card and if multi-

ple smart cards are in use. When a user inserts a smart card into a cardreader, the certificatesare

available to all applications running on the user device, including Citrix Receiver for Windows.

To change how certificates are selected, configure Citrix Receiver for Windows.

• Client certificate authentication – Client certificate authentication requires NetScaler Gate-

way and StoreFront configuration.

– For access to StoreFront resources through NetScaler Gateway, users might have to re-

authenticate aer removing a smart card.

Citrix Receiver for Windows 4.9 LTSR

– When the NetScaler Gateway SSL configuration is set to mandatory client certificate au-

thentication, operation is more secure. However mandatory client certificate authentica-

tion is not compatible with bimodal authentication.

• Double hop sessions – If a double-hop is required, a further connection is established between

Receiver and the user’s virtual desktop. Deployments supporting double hops are described in

the XenDesktop documentation.

• Smart card-enabled applications – Smart card-enabled applications, such as Microso Out-

look and Microso Oice, allow users to digitally sign or encrypt documents available in virtual

desktop or application sessions.

Prerequisites:

This topic assumes familiarity with the smart card topics in the XenDesktop and StoreFront documen-

tation.

Limitations:

• Certificates must be stored on a smart card, not the user device.

• Citrix Receiver for Windows does not save the user certificate choice, but can store the PIN when

configured. The PIN is only cached in non-paged memory for the duration of the user session

and is not stored to disk at any point.

• Citrix Receiver for Windows does not reconnect sessions when a smart card is inserted.

• When configured for smart card authentication, Citrix Receiver for Windows does not support

virtual private network (VPN) single-sign on or session pre-launch. To use VPN tunnels with

smart card authentication, users must install the NetScaler Gateway Plug-in and log on through

a web page, using their smart cards and PINs to authenticate at each step. Pass-through authen-

tication to StoreFront with the NetScaler Gateway Plug-in is not available for smart card users.

• Citrix Receiver for Windows Updater communications with citrix.com and the Merchandising

Server is not compatible with smart card authentication on NetScaler Gateway.

Warning

Some of the configuration described in this topic include registry edits. Using Registry Editor in-

correctly can cause serious problems that can require you to reinstall the operating system. Cit-

rix cannot guarantee that problems resulting from incorrect use of Registry Editor can be solved.

Use Registry Editor at your own risk. Make sure you back up the registry before you edit it.

To enable single sign-on for smart card authentication

To configure Citrix Receiver for Windows, include the following command-line option when you install

it:

• ENABLE_SSON=Yes

Citrix Receiver for Windows 4.9 LTSR

Single sign-on is another term for pass-through authentication. Enabling this setting prevents

Citrix Receiver for Windows from displaying a second prompt for a PIN.

Alternatively, you can perform the configuration through these policy and registry changes:

• Administrative Templates > Classic Administrative Templates (ADM) > Citrix Components > Citrix

Receiver > User authentication > Local user name and password

• Set SSONCheckEnabled to false in either of the following registry keys if the single sign-on com-

ponent is not installed. The key prevents the Citrix Receiver for Windows authentication man-

ager from checking for the single sign-on component, thus allowing Citrix Receiver for Windows

to authenticate to StoreFront.

HKEY_CURRENT_USER\Soware\Citrix\AuthManager\protocols\integratedwindows\

HKEY_LOCAL_MACHINE\Soware\Citrix\AuthManager\protocols\integratedwindows\

Alternatively, it is possible to enable smart card authentication to Storefront instead of Kerberos. To

enable smart card authenticationto StoreFront instead of Kerberos, install Citrix Receiverfor Windows

with the command line options below. This requires administrator privileges. The machine does not

need to be joined to a domain.

• /includeSSON installs single sign-on (pass-through) authentication. Enables credential caching

and the use of pass-through domain-based authentication.

• If the user is logging on to the endpoint with a dierent method to smart card for Receiver au-

thentication (for example, user name and password), the command line is:

1 /includeSSON LOGON_CREDENTIAL_CAPTURE_ENABLE=No

This prevents the credentials being captured at log on time and allows Citrix Receiver for Win-

dows to store the PIN when logging on to Citrix Receiver for Windows.

• Go to Policy > Administrative Templates > Classic Administrative Templates (ADM) > Citrix Com-

ponents > Citrix Receiver > User Authentication > Local user name and password.

Enable pass-through authentication. Depending on the configuration and security settings, you

may need to select the Allow pass-through authentication for all ICA option for pass-through

authentication to work.

To configure StoreFront:

• When you configure the authentication service, select the Smart card check box.

For more information about using smart cards with StoreFront, see Configure the authentication ser-

vice in the StoreFront documentation.

Citrix Receiver for Windows 4.9 LTSR

To enable user devices for smart card use

1. Import the certificate authority root certificate into the device’s keystore.

2. eware.

3. Install and configure Citrix Receiver for Windows.

To change how certificates are selected

By default, if multiple certificates are valid, Citrix Receiver for Windows prompts the user to choose a

certificate from the list. Alternatively, you can configure Citrix Receiver for Windows to use the default

certificate (per the smart card provider) or the certificate with the latest expiry date. If there are no

valid logon certificates, the user is notified, and given the option to use an alternate logon method if

available.

A valid certificate must have all of these characteristics:

• The current time of the clock on the local computer is within the certificate validity period.

• The Subject public key must use the RSA algorithm and have a key length of 1024, 2048, or 4096

bits.

• Key Usage must contain Digital Signature.

• Subject Alternative Name must contain the User Principal Name (UPN).

• Enhanced Key Usage must contain Smart Card Logon and Client Authentication, or All Key Us-

ages.

• One of the Certificate Authorities on the certificate’s issuer chain must match one of the permit-

ted Distinguished Names (DN) sent by the server in the TLS handshake.

Change how certificates are selected by using either of the following methods:

• On the Citrix Receiver for Windows command line, specify the optionAM\CERTIFICATESELECTIONMODE

={ Prompt | SmartCardDefault | LatestExpiry }.

Prompt is the default. For SmartCardDefault or LatestExpiry, if multiple certificates meet the

criteria, Citrix Receiver for Windows prompts the user to choose a certificate.

• Add the following key valuetothe registry key HKCU or HKLM\Soware\[Wow6432Node]\Citrix\AuthManager:

CertificateSelectionMode={ Prompt | SmartCardDefault | LatestExpiry }.

Values defined in HKCU take precedence over values in HKLM to best assist the user in selecting

a certificate.

To use CSP PIN prompts

By default, the PIN prompts presented to users are provided by Citrix Receiver for Windows rather

than the smart card Cryptographic Service Provider (CSP). Citrix Receiver for Windows prompts users

to enter a PIN when required and then passes the PIN to the smart card CSP. If your site or smart

Citrix Receiver for Windows 4.9 LTSR

card has more stringent security requirements, such as to disallow caching the PIN per-process or per-

session, you can configure Citrix Receiver for Windows to instead use the CSP components to manage

the PIN entry, including the prompt for a PIN.

Change how PIN entry is handled by using either of the following methods:

• On the Citrix Receiver for Windows command line, specify the optionAM_SMARTCARDPINENTRY=CSP.

• Add the following key valuetothe registry key HKLM\Soware\[Wow6432Node]\Citrix\AuthManager:

SmartCardPINEntry=CSP.

Enable certificate revocation list checking for improved security

August 6, 2018

When certificate revocation list (CRL) checking is enabled, Citrix Receiver checks whether or not the

server’s certificate is revoked. By forcing Citrix Receiver to check this, you can improve the crypto-

graphic authentication of the server and the overall security of the TLS connection between a user

device and a server.

You can enable several levels of CRL checking. For example, you can configure Citrix Receiver to check

only its local certificate list or to check the local and network certificate lists. In addition, you can

configure certificate checking to allow users to log on only if all CRLs are verified.

If you are making this change on a local computer, exit Citrix Receiver if it is running. Make sure all

Citrix Receiver components, including the Connection Center, are closed.

1. As an administrator, open the Group Policy Editor by either running gpedit.msc locally from the

Start menu when applying policies to a single computer or by using the Group Policy Manage-

ment Console when applying domain policies.

Note: If you already imported the Citrix Receiver for Windows template into the Group Policy

Editor, you can omit Steps 2 to 5.

2. In the le pane of the Group Policy Editor, select the Administrative Templates folder.

3. From the Action menu, choose Add/Remove Templates.

4. Choose Add and browse to the Configuration folder for the Receiver (usually C:\Program

Files\Citrix\ICA Client\Configuration) and select the Citrix Receiver for Windows template file.

Note: Depending on the version of the Windows operating system, select the Citrix Receiver for

Windows template file (receiver.adm or receiver.admx/receiver.adml).

5. Select Open to add the template and then Close to return to the Group Policy Editor.

6. In the Group Policy Editor, go to Administrative Templates > Classic Administrative Templates

(ADM) > Citrix Components > Citrix Receiver > Network routing > TLS/SSL data encryption and

server identification.

7. From the Action menu, choose Properties and select Enabled.

Citrix Receiver for Windows 4.9 LTSR

8. From the CRL verification drop-down menu, select one of the options.

• Disabled. No certificate revocation list checking is performed.

• Only check locally stored CRLs. CRLs that were installed or downloaded previously are

used in certificate validation. Connection fails if the certificate is revoked.

• Require CRLs for connection. CRLs locally and from relevant certificate issuers on the net-

work are checked. Connection fails if the certificate is revoked or not found.

• Retrieve CRLs from network. CRLs from the relevant certificate issuers are checked. Con-

nection fails if the certificate is revoked.

If you do not set CRL verification, it defaults to Only check locally stored CRLs.

Secure communications

September 4, 2020

To secure the communication between XenDesktop Sites or XenApp server farms and Citrix Receiver

for Windows, you can integrate your Citrix Receiver for Windows connections using security technolo-

gies such as the following:

• Citrix NetScaler Gateway. For information, refer to topics in this section as well as the NetScaler

Gateway, and StoreFront documentation.

Note: Citrix recommends using NetScaler Gateway to secure communications between Store-

Front servers and user devices.

• A firewall. Network firewalls can allow or block packets based on the destination address and

port. If you are using Citrix Receiver for Windows through a network firewall that maps the

server’s internal network IP address to an external Internet address (that is, network address

translation, or NAT), configure the external address.

• Trusted server configuration.

• For XenApp or Web Interface deployments only; not applicable to XenDesktop 7: A SOCKS proxy

server or secure proxy server (also known as security proxy server, HTTPS proxy server). You can

use proxy servers to limit access to and from your network and to handle connections between

Receiver and servers. Receiver supports SOCKS and secure proxy protocols.

• For XenApp or Web Interface deployments only; not applicable to XenDesktop 7, XenDesktop

7.1, XenDesktop 7.5, or XenApp 7.5: SSL Relay solutions with Transport Layer Security (TLS) pro-

tocols.

• For XenApp 7.6 and XenDesktop 7.6, you can enable an SSL connection directly between users

and VDAs.

Citrix Receiverfor Windows is compatible with and functions in environments where the Microso Spe-

cialized Security - Limited Functionality (SSLF) desktop security templates are used. These templates

are supported on various Windows platforms. Refer to the Windows security guides on the Microso

Citrix Receiver for Windows 4.9 LTSR

documentation for more information about the templates and related settings.

Configure and enable TLS

March 19, 2019

This topic applies to XenApp and XenDesktop Version 7.6 and later.

To use TLS encryption for all Citrix Receiver for Windows communications, configure the user device,

Citrix Receiver for Windows , and, if using Web Interface, the server running the Web Interface. For

information about securing StoreFront communications, see Secure section in the StoreFront docu-

mentation. For more information see Web Interface documentation.

Pre-requisites:

User devices must meet the requirements specified in the System requirements.

Use this policy to configure the TLS options that ensure the Citrix Receiver for Windows securely iden-

tifies the server that it is connecting to, and encrypts all communication with the server.

You can use the options below to:

• Enforce use of TLS. Citrix recommends that all connections over untrusted networks, including

the Internet, use TLS.

• Enforce use of FIPS (Federal Information Processing Standards) Approved cryptography and

help comply with the recommendations in NIST SP 800-52. These options are disabled by de-

fault.

• Enforce use of a specific version of TLS, and specific TLS cipher suites, Citrix supports TLS 1.0,

TLS 1.1 and TLS 1.2 protocols between Citrix Receiver for Windows, and XenApp or XenDesktop.

• Connect only to specific servers.

• Check for revocation of the server certificate.

• Check for a specific server certificate issuance policy.

• Select a particular client certificate, if the server if is configured to request one.

To configure TLS support using Group Policy Object administrative template

1. As an administrator, open the Citrix Receiver Group Policy Object administrative template by

running gpedit.msc.

• To apply the policy on a single computer, launch the Citrix Receiver Group Policy Object

administrative template from the Start menu.

• To apply the policy on a domain, launch the Citrix Receiver Group Policy Object adminis-

trative template using the Group Policy Management Console.

Citrix Receiver for Windows 4.9 LTSR

2. Under the Computer Configuration node, go to Administrative Templates > Citrix Receiver >

Network routing, and select the TLS and Compliance Mode Configuration policy.

3. Select Enabled to enable secure connections and to encrypt communication on the server. Set

the following options:

Note: Citrix recommends TLS for secure connections.

4. Select Require TLS for all connections to force Citrix Receiver for Windows to use TLS for all

connections to published applications and desktops.

5. From the Security Compliance Mode drop-down, select the appropriate option:

• None - No compliance mode is enforced.

• SP800-52 – Select SP800-52 for compliance with NIST SP 800-52. Select this option only

if the servers or gateway complies with NIST SP 800-52 recommendations.

Note:

If you select SP800-52, FIPS Approved cryptography is automatically used, even if Enable

FIPS is not selected. You must also enable the Windows security option, System Cryp-

tography: Use FIPS-compliant algorithms for encryption, hashing, and signing. Oth-

erwise, Citrix Receiver for Windows might fail to connect to published applications and

desktops.

If you select SP800-52, you must select either the Certificate Revocation Check Policy

setting with Full Access Check, or Full access check and CRL required.

If you select SP800-52, Citrix Receiver for Windows verifies that the server certificate com-

plies with the recommendations in NIST SP 800-52. If the server certificate does not com-

ply, Citrix Receiver for Windows might fail to connect.

6. Enable FIPS – Select this option to enforce the use of FIPS approved cryptography. You must

also enable the Windows security option from the operating system group policy, System Cryp-

tography: Use FIPS-compliant algorithms for encryption, hashing, and signing. Otherwise,

Citrix Receiver for Windows might fail to connect to published applications and desktops.

7. From the Allow TLS Servers drop-down, select the port number. You can ensure that Citrix Re-

ceiver connects only to a specified server by a comma-separated list. You can specify wildcards

and port numbers. For example, *.citrix.com:4433 allows connections to any server whose com-

mon name ends with .citrix.com on port 4433. The issuer of the certificate asserts the accuracy

of the information in a security certificate. If Citrix Receiver does not recognize and trust the

issuer, the connection is rejected.

8. From the TLS version drop-down, select any of the following options:

• TLS 1.0, TLS 1.1, or TLS 1.2 - This is the default setting. This option is recommended only

if there is a business requirement for TLS 1.0 for compatibility.

Citrix Receiver for Windows 4.9 LTSR

• TLS 1.1 or TLS 1.2 – Use this option to ensure that the ICA connections use either TLS 1.1 or

TLS 1.2

• TLS 1.2 - This option is recommended if TLS 1.2 is a business requirement.

9. TLS cipher suite - To enforce the use of specific TLS cipher suites, select either Government

(GOV), Commercial (COM), or All (ALL). In certain cases of NetScaler Gateway configurations,

you might need to select COM.

Citrix Receiver for Windows supports RSA keys of 1024, 2048, and 3072-bit lengths. Root certifi-

cates with RSA keys of 4096-bit length are also supported.

Note: Citrix does not recommend using RSA keys of 1024-bit length.

See the table below that lists all the supported cipher suites.

• Any: When “Any” is set, the policy is not configured and any of the following cipher suites

are allowed.

– TLS_RSA_WITH_RC4_128_MD5

– TLS_RSA_WITH_RC4_128_SHA

– TLS_RSA_WITH_3DES_EDE_CBC_SHA

– TLS_RSA_WITH_AES_128_CBC_SHA

– TLS_RSA_WITH_AES_256_CBC_SHA

– TLS_RSA_WITH_AES_128_GCM_SHA256

– TLS_RSA_WITH_AES_256_GCM_SHA384

• Commercial: When “Commercial” is set, only the following cipher suites are allowed:

– TLS_RSA_WITH_RC4_128_MD5

– TLS_RSA_WITH_RC4_128_SHA

– TLS_RSA_WITH_AES_128_CBC_SHA

– TLS_RSA_WITH_AES_128_GCM_SHA256

• Government: When “Government” is set, only the following cipher suites are allowed:

– TLS_RSA_WITH_AES_256_CBC_SHA

– TLS_RSA_WITH_3DES_EDE_CBC_SHA

– TLS_RSA_WITH_AES_128_GCM_SHA256

– TLS_RSA_WITH_AES_256_GCM_SHA384

10. From the Certificate Revocation Check Policy drop-down, select any of the following:

Citrix Receiver for Windows 4.9 LTSR

• Check with No Network Access - Certificate Revocation list check is performed. Only local

certificate revocation list stores are used. All distribution points are ignored. Finding the

Certificate RevocationList is not mandatory to verify the server certificate that is presented

by the target SSL Relay/Secure Gateway server.

• Full Access Check - Certificate Revocation List check is performed. Local Certificate Re-

vocation List stores and all distribution points are used. If revocation information for a

certificate is found, the connection is rejected. Finding a Certificate Revocation List is not

critical for verification of the server certificate presented by the target server.

• Full Access Check and CRL Required - Certificate Revocation List check is performed, ex-

cluding the root CA. Local Certificate Revocation List stores and all distribution points are

used. If revocation information for a certificate is found, the connection is rejected. Find-

ing all required Certificate Revocation Lists is critical for verification.

• Full Access Check and CRL Required All - Certificate Revocation List check is performed,

including the root CA. Local Certificate Revocation List stores and all distribution points

are used. If revocation information for a certificate is found, the connection is rejected.

Finding all required Certificate Revocation Lists is critical for verification.

• No Check - No Certificate Revocation List check is performed.

11. Using the Policy Extension OID, you can limit Citrix Receiver for Windows to connect only to

servers with a specific certificate issuance policy. When you select Policy Extension OID, Citrix

Receiver for Windows accepts only server certificates containing that Policy Extension OID.

12. From the Client Authentication drop-down, select any of the following:

• Disabled - Client Authentication is disabled.

• Display certificate selector - Always prompt the user to select a certificate.

• Select automatically if possible - Prompt the user only if there a choice of the certificate

to identify.

• Not configured – Indicates that client authentication is not configured.

• Use specified certificate - Use the client certificate as set in the Client Certificate option.

13. Use the Client Certificate setting to specify the identifying certificate’s thumbprint to avoid

prompting the user unnecessarily.

14. Click Apply and OK to save the policy.

The following table lists the cipher suites in each set:

Citrix Receiver for Windows 4.9 LTSR

TLS

cipher

suite

GOV COM ALL GOV COM ALL GOV COM ALL

Enable

FIPS

O O O On On On On On On

Security

Com-

pli-

ance

Mode

SP800-

O O O O O O On On On

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384X X X X

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384X X X X

TLS_RSA_WITH_AES_256_GCM_SHA384X X X X X X

TLS_RSA_WITH_AES_128_GCM_SHA256X X X X X X X X X

TLS_RSA_WITH_AES_256_CBC_SHA256X X X X

TLS_RSA_WITH_AES_256_CBC_SHAX X X X X X

TLS_RSA_WITH_AES_128_CBC_SHAX X X X X X

TLS_RSA_WITH_RC4_128_SHAX X

TLS_RSA_WITH_RC4_128_MD5X X

TLS_RSA_WITH_3DES_EDE_CBC_SHAX X X X X X

Configure smart card authentication for Web Interface 5.4

October 26, 2018

If Citrix Receiver for Windows is installed with a SSON component, pass-through authentication is

enabled by default even if the PIN pass-through for smart card is not enabled on the XenApp PNAgent

site; the pass-through setting for authenticationmethods will no longer be eective. The screen below

illustrates how to enable smart card as the authentication method when Citrix Receiver for Windows

is properly configured with SSON.

Citrix Receiver for Windows 4.9 LTSR

See How to Manually install and configure Citrix Receiver for Pass-through Authentication for more

information.

Use the smart card removal policy to control the behavior for smart card removal when a user authen-

ticates to the Citrix Web Interface 5.4 PNAgent site.

When this policy is enabled, the user is logged o from the XenApp session if the smart card is removed

from the client device. However, the user is still logged into Citrix Receiver for Windows.

For this policy to take eect, the smart card removal policy must set in Web Interface XenApp Services

site. The settings can be found on Web Interface 5.4, XenApp Services Site > Pass-through with

smart card > Enable Roaming > Logo the sessions when smart card removed.

When the smart card removal policy is disabled, the user’s XenApp session is disconnected if the smart

card is removed from the client device; smart card removal on the Web Interface XenApp Services site

does not have any eect.

Note: There are separate policies for 32bit and 64bit clients. For 32bit devices, the policy name is

Smartcard Removal Policy (32Bit machine) and for 64bit devices, the policy name is Smartcard

Removal Policy (64Bit machine).

Smart card support and removal changes

Consider the following when connecting to a XenApp 6.5 PNAgent site:

• Beginning with Citrix Receiver for Windows 4.5, smart card login is supported for PNAgent site

logins.

• The smart card removal policy has changed on the PNAgent Site:

A XenApp session is logged o when the smart card is removed – if the PNAgent site is configured

with smart card as the authentication method, the corresponding policy has to be configured on

Receiver for Windows to enforce the XenApp session for logo. Enable roaming for smart card

authentication on the XenApp PNAgent site and enable the smart card removal policy, which

logs o XenApp from the Receiver session; the user is still logged into the Receiver session.

Known issue

When a user logs in to the PNAgent site using smart card authentication, the username is displayed

as Logged On.

Connect with Secure Gateway

August 6, 2018

Citrix Receiver for Windows 4.9 LTSR

This topic applies only to deployments using the Web Interface.

You can use the Secure Gateway in either Normal mode or Relay mode to provide a secure channel

for communication between Citrix Receiver for Windows and the server. No Citrix Receiver for Win-

dows configuration is required if you are using the Secure Gateway in Normal mode and users are

connecting through the Web Interface.

Citrix Receiver for Windows uses settings that are configured remotely on the server running the Web

Interface to connect to servers running the Secure Gateway. See the topics for the Web Interface for

information about configuring proxy server settings for Citrix Receiver for Windows.

For more information about configuring proxy server settings, see Web Interface documentation.

If the Secure Gateway Proxy is installed on a server in the secure network, you can use the Secure

Gateway Proxy in Relay mode.

If you are using Relay mode, the Secure Gateway server functions as a proxy and you must configure

Citrix Receiver for Windows to use:

• The fully qualified domain name (FQDN) of the Secure Gateway server.

• The port number of the Secure Gateway server. Note that Relay mode is not supported by Se-

cure Gateway Version 2.0.

The FQDN must list, in sequence, the following three components:

• Host name

• Intermediate domain

• op-level domain

For example: my_computer.my_company.com is an FQDN, because it lists, in sequence, a host name

(my_computer), an intermediate domain (my_company), and a top-level domain (com). The combina-

tion of intermediate and top-level domain (my_company.com) is generally referred to as the domain

name.

Connect through a firewall

March 19, 2019

Network firewalls can allow or block packets based on the destination address and port. If you are

using a firewall in your deployment, Citrix Receiverfor Windows mustbe able tocommunicate through

the firewall with both the Web server and Citrix server.

Common Citrix Communication Ports

Citrix Receiver for Windows 4.9 LTSR

Source Type Port Details

Citrix Receiver TCP 80/443 Communication with

StoreFront

ICA/HDX TCP 1494 Access to applications

and virtual desktops

ICA/HDX with Session

Reliability

TCP 2598 Access to applications

and virtual desktops

ICA/HDX over SSL TCP 443 Access to applications

and virtual desktops

ICA/HDX from HTML5

Receiver

TCP 8008 Access to applications

and virtual desktops

ICA/HDX Audio over

UDP

TCP 16500-16509 Port range for

ICA/HDX audio

IMA TCP 2512 Independent

Management

Architecture (IMA)

Management Console TCP 2513 Citrix Management

Consoles and *WCF

services Note: For

FMA based platforms

7.5 and later, port

2513 is NOT used.

Application/Desktop

Request

TCP 80/8080/443 XML Service

STA TCP 80/8080/443 Secure Ticketing

Authority (embedded

into XML Service)

Note

In XenApp 6.5 port 2513 is used by XenApp Command Remoting Services through WCF.

If the firewall is configured for Network Address Translation (NAT), you can use the Web Interface to

define mappings from internal addresses to external addresses and ports. For example, if your Xe-

nApp or XenDesktop server is not configured with an alternate address, you can configure the Web

Interface to provide an alternate address to Receiver. Citrix Receiver for Windows then connects to

the server using the external address and port number. For more information, see the Web Interface

documentation.

Citrix Receiver for Windows 4.9 LTSR

Connect through a proxy server

August 6, 2018

Proxy servers are used to limit access to and from your network, and to handle connections between

Citrix Receiverfor Windows and servers. Citrix Receiver for Windows supportsSOCKS and secure proxy

protocols.

When communicating with the server farm, Receiver uses proxy server settings that are configured

remotely on the server running Receiver for Web or the Web Interface. For information about proxy

server configuration, refer to StoreFront or Web Interface documentation.

In communicating with the Web server, Receiver uses the proxy server settings that are configured

through the Internet settings of the default Web browser on the user device. You must configure the

Internet settings of the default Web browser on the user device accordingly.

Configure the proxy settings using the registry editor to enforce Citrix Receiver for Windows to honor

or discard the proxy server during connections.

Warning

Editing the registry incorrectly can cause serious problems that may require you to reinstall your

operating system. Citrix cannot guarantee that problems resulting from the incorrect use of Reg-

istry

1. Navigate to HKLM\Soware\Citrix\AuthManager\

2. Set the ProxyEnabled(REG_SZ) .

a) True - indicates that Citrix Receiver for Windows honors the proxy server during connec-

tions.

b) False - indicates that Citrix Receiver for Windows discards the proxy server during connec-

tions.

3. Close the registry editor.

4. Restart the Citrix Receiver for Windows session for the changes to take eect.

Enforce trust relationship

October 26, 2018

Trusted server configuration identifies and enforces trust relations in Citrix Receiver for Windows con-

nections.

When you enable Trusted server feature, Citrix Receiver for Windows specifies the requirements and

decides if the connection to the server can be trusted or not. For example, a Citrix Receiver for Win-

Citrix Receiver for Windows 4.9 LTSR

dows connecting to a certain address (such as (https://*.citrix.com) with a specific connection

type (such as TLS) is directed to a trusted zone on the server

When you enable this feature, connected server resides in the Windows Trusted Sites zone. For in-

structions about adding servers to the Windows Trusted Sites zone, see the Internet Explorer online

help.

To enable trusted server configuration using Group Policy Object administrative template

Pre-requisite:

Exit from the Citrix Receiver for Windows components including the Connection Center.

1. As an administrator, open the Citrix Receiver Group Policy Object administrative template by

running gpedit.msc.

a) To apply the policy on a single computer, launch the Citrix Receiver Group Policy Object

administrative template from the Start menu.

b) To apply the policy on a domain, launch the Citrix Receiver Group Policy Object adminis-

trative template using the Group Policy Management Console.

2. Under the Computer Configuration node, go to Administrative Templates > Classic Adminis-

trative Templates (ADM) > Citrix Components > Citrix Receiver > Network Routing > Config-

ure trusted server configuration.

3. Select Enabled to force Citrix Receiver for Windows to perform region identification.

4. Select Enforce trusted server configuration. This forces the client toperform the identification

using a trusted server.

5. From the Windows internet zone drop-down, select the client server address. This setting is

applicable only to Windows Trusted Site zone.

6. In the Address field, set the client server address for trusted site zone other than Windows. You

can use a comma-separated list.

7. Click OK and Apply.

Elevation level and wfcrun32.exe

August 6, 2018

When User Access Control (UAC) is enabled on devices running Windows 10, Windows 8, Windows 7,

only processes at the same elevation/integrity level as wfcrun32.exe can launch virtual applications.

Example 1:

When wfcrun32.exe is running as a normal user (un-elevated), other processes such as Receiver must

be running as a normal user to launch applications through wfcrun32.exe.

Example 2:

Citrix Receiver for Windows 4.9 LTSR

When wfcrun32.exe is running in elevated mode, other processes such as Receiver, Connection Center,

and third party applications using the ICA Client Object that are running in non-elevated mode cannot

communicate with wfcrun32.exe.

ICA file signing to protect against application or desktop launches from

untrusted servers

July 8, 2020

This topic applies only to deployments with Web Interface using Administrative Templates.

The ICA File Signing feature helps protect users from unauthorized application or desktop launches.

Citrix Receiver for Windows verifies that a trusted source generated the application or desktop launch

based on administrative policy and protects against launches from untrusted servers. You can config-

ure this Citrix Receiver for Windows security policy for application or desktop launch signature verifi-

cation using Group Policy Objects or StoreFront. ICA file signing is not enabled by default. For infor-

mation about enabling ICA file signing for StoreFront, refer to the StoreFront documentation.

For Web Interface deployments, the Web Interface enables and configures application or desktop

launches to include a signature during the launch process using the Citrix ICA File Signing Service.

The service can sign ICA files using a certificate from the computer’s personal certificate store.

To use Group Policy Objects to enable and configure application or desktop launch signature verifica-

tion, follow this procedure:

1. As an administrator, open the Group Policy Editor by either running gpedit.msc locally from the

Start menu when applying policies to a single computer or by using the Group Policy Manage-

ment Console when applying domain policies.

Note: If you already imported the ica-file-signing.adm template into the Group Policy Editor,

you can omit Steps 2 to 5.

2. In the le pane of the Group Policy Editor, select the Administrative Templates folder.

3. From the Action menu, choose Add/Remove Templates.

4. Choose Add and browse to the Citrix Receiver for Windows configuration folder (usually

C:\Program Files\Citrix\ICA Client\Configuration) and select ica-file-signing.adm.

5. Select Open to add the template and then Close to return to the Group Policy Editor.

6. In the Group Policy Editor, go to Administrative Templates > Classic Administrative Templates

(ADM) > Citrix Components > Citrix Receiver and navigate to Enable ICA File Signing.

7. If you choose Enabled, you can add signing certificate thumbprints to the white list of trusted

certificate thumbprints or remove signing certificate thumbprints from the white list by click-

ing Show and using the Show Contents screen. You can copy and paste the signing certificate

Citrix Receiver for Windows 4.9 LTSR

thumbprints from the signing certificate properties. Use the Policy drop-down menu to select

Only allow signed launches (more secure) or Prompt user on unsigned launches (less secure).

Option Description

Only allow signed launches (more secure) Allows only properly signed application or

desktop launches from a trusted server. The

user sees a Security Warning message in Citrix

Receiver for Windows if an application or

desktop launch has an invalid signature. The

user cannot continue and the unauthorized

launch is blocked.

Prompt user on unsigned launches (less

secure)

Prompts the user every time an unsigned or

invalidly signed application or desktop

attempts to launch. The user can either

continue the application launch or abort the

launch (default).

To select and distribute a digital signature certificate

When selecting a digital signature certificate, Citrix recommends you choose from this prioritized list:

1. Buy a code-signing certificate or SSL signing certificate from a public Certificate Authority (CA).

2. If your enterprise has a private CA, create a code-signing certificate or SSL signing certificate

using the private CA.

3. Use an existing SSL certificate, such as the Web Interface server certificate.

4. Create a new root CA certificate and distribute it to user devices using GPO or manual installa-

tion.

Citrix Receiver for Windows Help

August 6, 2018

What is Citrix Receiver?

August 6, 2018

Citrix Receiver for Windows 4.9 LTSR

Citrix Receiver provides access to virtual desktops and apps from any device, making it easy to work

from anywhere. Receiver is secure, easy to use, and consistent across devices.

Note: Your administrator might not give you access to all features described in these topics.

Add accounts or switch servers

October 26, 2018

If your help desk asks you to add an account or use a dierent NetScaler Gateway, follow these steps:

To add a Citrix Receiver for Windows account

1. In the Citrix Receiver for Windo wshome page, click the down arrow and then click Accounts.

2. In the Add Account window, click Add and then complete the information provided by your help

desk.

To use a dierent NetScaler Gateway

Your company might use a NetScaler Gateway to verify your identity.

1. Right-click the Citrix Receiver for Windows icon and then click About.

2. From the NetScaler Gateway menu, choose a server.

Change how desktops look and work

October 26, 2018

Your virtual desktop is displayed in a window. Use the buttons on the window’s toolbar to move and

resize the desktop and to control how files and devices are accessed. A small toolbar grip button is

displayed at the top of the window or (if maximized) the screen. Click the grip to display the toolbar.

To move the toolbar to another position on the screen

You can move the toolbar to a convenient position that does not obscure other window’s content or

controls.

• Click the toolbar grip that appears at the top of the window or screen, and move it le or right.

Citrix Receiver for Windows 4.9 LTSR

To control how local files are accessed

A virtual desktop may need to access files on your local computer. You can control the extent to which

this happens.

• On the toolbar, click Preferences > File Access and select one of the following options and click

OK:

Option Description

Read and write Allow the virtual desktop to read and write to

local files.

Read only Allow the virtual desktop to read but not write

to local files.

No access Do not allow the virtual desktop to access local

files.

Ask me each time Display a prompt each time the virtual desktop

needs to access local files.

To set up a microphone or webcam

Follow this procedure if you want to change the way your virtual desktop accesses a local microphone

or webcam.

• On the toolbar, click Preferences > Connections, and select one of the following options:

Option Description

Connect automatically Allow the microphone or webcam to be used

on the virtual desktop.

Do not connect Do not allow the microphone or webcam to be

used on the virtual desktop.

Ask me Prompt me when the virtual desktop needs to

access the microphone or webcam.

1. In Global Settings select your Preferred Webcam.

2. Click OK.

Limitation:

• The Preferred Webcam dialog displays in the Citrix Connection Center even when the Windows

Media Redirection policy is set to Disabled in the Desktop Delivery Controller.

Citrix Receiver for Windows 4.9 LTSR

Display your devices in the Desktop Viewer

November 19, 2018

Citrix Receiver for Windows detects the devices that you have connected to your computer and allows

you to choose the devices you want to use with your hosted desktop and applications.

You can use the settings in Preferences > Connections to customize whether or not you want devices,

such as microphone and webcams, to connect to your virtual session.

• Devices connected to the local machine display in the Device list in Preferences > Devices.

• If you have connected a device and you cannot see it in the Device list, click Refresh.

• Once connected, devices display as Optimized, Policy Restricted or Generic.

Device Description

Optimized The device has a Citrix virtual channel and is

automatically available in both the remote

session and the local machine at the same

time. The Current Connection column for

Optimized devices shows the device is

connected in both the Local machine and the

Remote session. The Redirect check box is

selected and cannot be edited. You can toggle

between Optimized and Generic using the

Switch to button in the Virtual Channel

column. For example, select Switch to Generic

if the virtual channel does not support the full

functionality of the device.

Generic The device does not have a Citrix virtual

channel and cannot be used on the local

machine and the remote session at the same

time. Select the Redirect check box to toggle

the availability of the device between the

remote session and local machine. You can see

the current connection status in the Current

Connection column.

Citrix Receiver for Windows 4.9 LTSR

Device Description

Policy Restricted The administrator has set a policy to restrict

this type of device. For example, USB mice and

keyboards are usually policy restricted by

default because their behavior is handled

automatically in the remote session without

USB support. Other devices, such as network

devices, may be restricted for security reasons.

The Current Connection column for Policy

Restricted devices shows Local machine only.

You cannot select the Redirect check box on

Policy Restricted devices.

Manage my passwords

October 26, 2018

Citrix Single Sign-on manages the information you need to log on to password-protected programs

and Web sites. Your user information is stored on a server that you can contact from any computer in

your company that runs Single Sign-on. That means you can access your own programs, settings, and

work as you move around your facilities.

In addition to automating the logon process, Single Sign-on saves you time by eliminating calls to your

company’s computer help desk to have your Windows password reset or account unlocked. Single

Sign-on can even generate new, highly secure passwords for you.

Depending upon how your company sets it up, Single Sign-on starts when you log on to your computer

or when you open your first password-protected program or Web site. At this time, Single Sign-on

connects with the server on which your user information is stored and confirms your identity. From

this point, you are logged on to any program or Web site for which you stored your logon information.

You may also be prompted to add logon information when you start programs or open Web sites for

which no information is currently stored.

Depending on how your company set it up, you may be able to start Single Sign-on from your Start

menu:

• From the Start menu, click All Programs > Citrix > Citrix Single Sign-on.

Single Sign-on shuts down only when you exit Citrix Receiver for Windows, but you can pause Single

Sign-on without shutting it down.

Citrix Receiver for Windows 4.9 LTSR

Important: Single Sign-on is a very flexible program, allowing companies to set it up in ways that best

meet their needs. Not all features described here will be available to all users. Feature availability is

at the discretion of your company. In some instances, entire tasks, such as revealing your passwords,

may not be available. In other cases, the steps described for a task may be somewhat dierent. Eort

has been taken to identify these variations, but you may discover others. Feel free to contact Citrix at

Citrix documentation when these situations occur.

Use Account Self-Service

August 6, 2018

If it is available in your company, Single Sign-on’s Account Self-Service feature gives you the ability to:

• Unlock your Windows account if you receive a message stating that it is locked

• Reset your Windows account password if you forgot it and cannot log on to your computer.

The Account Self-Service button is available from the Switch Users screen (for Windows Vista, Win-

dows 7, Windows Server 2008, or Windows Server 2008 R2) or Log On to Windows and Unlock Com-

puter dialog boxes (for other supported Windows operating systems) . Clicking this button starts the

Account Self-Service Wizard.

With Account Self-Service, you can now resolve these issues yourself, rather than call your company’s

computer help desk.

Important: When using Account Self-Service, you will be asked to confirm your identity by providing

the answers to your Single Sign-on security questions. If you do not know the answers to your secu-

rity question, call your company’s computer help desk to unlock your Windows account or reset your

Windows password.

To unlock your account (Windows Vista/Windows 7/Windows Server 2008/Windows

Server 2008 R2)

1. When prompted, press CTRL+ALT+DELETE.

2. Do one of the following:

• At the Welcome screen, click Switch User.

The Switch User screen appears.

• At the Welcome screen, click Other Credentials.

The Switch User screen appears.

3. Click Account Self-Service. The Account Self-Service screen appears.

4. Click Click here to reset your password or unlock your account, located beneath the Account

Self-Service title, to start the Account Self-Service Wizard.

Citrix Receiver for Windows 4.9 LTSR

5. On the Welcome to the Account Self-Service Wizard page, click Unlock my account and then

click Next.

6. On the Identify Your Account page, ensure your correct user name and domain appear and

click Next. The Unlock My Account page appears.

7. On the Unlock My Account page, click Next to see the first security question.

8. In the Answer box, type the answer to the first security question and click Next. If there are

additional security questions, the next question appears.

9. Repeat Step 8 until the Unlock Account page appears.

10. On the Unlock Account page, click Next.

11. On the Account Unlock Successful page, click Finish.

To reset your Windows account password (Windows Vista/Windows 7/Windows Server

2008/Windows Server 2008 R2)

1. When prompted, press CTRL+ALT+DELETE.

2. Do one of the following:

• At the Welcome screen, click Switch User.

The Switch User screen appears.

• At the Welcome screen, click Other Credentials.

The Switch User screen appears.

3. Click Account Self-Service. The Account Self-Service screen appears.

4. Click Click here to reset your password or unlock your account, located beneath the Ac-

count Self-Service title, to start the Account Self-Service Wizard.

5. On the Welcome to the Account Self-Service Wizard page, click Reset my password and then

click Next.

6. On the Identify Your Account page, ensure that your correct user name and domain appear

and click Next. The Reset My Password page appears.

7. On the Reset My Password page, click Next to see the first security question.

8. In the Answer box, type the answer to the first security question and click Next.

9. Repeat Step 8 until the Enter New Password page appears.

10. On the Enter New Password page, type and confirm your new password, then click Next.

11. On the Password Change Successful page, click Finish to return to the Account Self-Service

screen where you can select and log on to your account.

To unlock your account (non-Windows Vista/Windows 7/Windows Server

2008/Windows Server 2008 R2)

1. Do one of the following:

• At the Welcome to Windows dialog box, press CTRL+ALT+DELETE and, if necessary, click

Options.

Citrix Receiver for Windows 4.9 LTSR

• At the Computer Locked dialog box, press CTRL+ALT+DELETE and then click Options.

2. Click Account Self-Service to start the Account Self-Service Wizard.

3. On the Welcome to the Account Self-Service Wizard page, click Unlock my account and then

click Next.

4. On the Identify Your Account page, ensure your correct user name and domain appear and

click Next. The Unlock My Account page appears.

5. On the Unlock My Account page, click Next to see the first security question.

6. In the Answer box, type the answer to the first security question and click Next. If there are

additional security questions, the next question appears.

7. Repeat Step 6 until the Unlock Account page appears.

8. On the Unlock Account page, click Next.

9. On the Account Unlock Successful page, click Finish.

To reset your Windows account password (non-Windows Vista/Windows 7/Windows

Server 2008/Windows Server 2008 R2)

1. Do one of the following:

• At the Welcome to Windows dialog box, press CTRL+ALT+DELETE and, if necessary, click

Options.

• At the Computer Locked dialog box, press CTRL+ALT+DELETE and then click Options.

2. Click Account Self-Service to start the Account Self-Service Wizard.

3. On the Welcome to the Account Self-Service Wizard page, click Reset my password and then

click Next.

4. On the Identify Your Account page, ensure that your correct user name and domain appear

and click

. The

Reset My Password

page appears.

5. On the Reset My Password page, click Next to see the first security question.

6. In the Answer box, type the answer to the first security question and click Next.

7. Repeat Step 6 until the Enter New Password page appears.

8. On the Enter New Password page, type and confirm your new password, then click Next.

9. On the Password Change Successful page, click Finish.

Change your password manually

October 26, 2018

1. Following the instructions for the Web site or program, change your password.

2. In the Microso Windows notification area, typically at the far right of the taskbar, right-click the

Citrix Receiver icon and select Passwords > Manage Passwords.

Citrix Receiver for Windows 4.9 LTSR

3. In the Manage Passwords window, select the desired program or Web site and click Edit.

Note: Your company might have activated an identity verification process at this point. If so,

enter your Windows user name and password when prompted. (If you log on using smart card

or other authentication method that does not require a user name and password, use that to

verify your identity when prompted.)

4. In the Password box, select the current contents and type the same password used in Step 1.

5. Click OK. This saves the new password in Single Sign-on.

Common questions and issues

August 6, 2018

The following is a list of questions and issues you might encounter as you work with Single Sign-on.

I received an error message that my password is going to expire

One of the best ways to keep your information secure is to change your password periodically. Based

on settings established by your company, Single Sign-on reminds you when your passwords are in

place too long.

You continue to get these messages until you change your password.

I do not want Single Sign-on to run now

There may be times when you do not want Single Sign-on to run. For instance, you may need to work

on a logon page without having Single Sign-on log you on to the program.

In these instances, use Single Sign-on’sPause feature. Using Pause stops the automated logon activity,

but keeps Single Sign-on open and available to you.

My new password is rejected by the program

You changed your password for a particular program using the Password Change Wizard, but when

you try to log on to that program, your new password is rejected by the program as being invalid.

The likely cause is that the new password was stored in Single sign-on, but not accepted by your pro-

gram. As a result, Single sign-on is submitting an incorrect password.

If it is made available by your company, use the Restore Previous Password feature to fix this problem.

Note: If this feature is not available, call your company’s computer help desk.

Citrix Receiver for Windows 4.9 LTSR

To restore a program’s previous password

1. In the Microso Windows notification area, typically at the far right of the taskbar, right-click the

Citrix Receiver icon and select Passwords > Manage Passwords.

2. In the Manage Passwords window, select the desired program or Web site and click Edit.

Note: Your company might have activated an identity verification process at this point. If so,

enter your Windows user name and password when prompted. (If you log on using smart card

or other authentication method that does not require a user name and password, use that to

verify your identity when prompted.)

A dialog box containing properties for the selected program appears.

3. Click Restore Previous Password and then click Yes to confirm your action.

My user data cannot be accessed

When you log on to your computer, Single sign-on connects with the server where your company

stores its Single sign-on user information. If the connection is successful and your identity is con-

firmed, Single sign-on starts.

If, for some reason, the connection or identification is not successful, Single sign-on will not start and

you are likely to receive an error message stating that your user data could not be accessed. Contact

your company’s computer help desk if this occurs.

My web browser is not working with Single Sign-on

Single sign-on provides support for use with Microso Internet Explorer only. Use of other Web

browsers may not provide the intended results.

Single Sign-on logs me back on aer I log o

In some instances, when you log o from a password-protected program or Web site, that program

might return to its logon screen. If this happens, depending on how your company set it up, Single

sign-on may react to the logon page by logging you back on to the program.

If this occurs, do one of the following:

• If your company made it available, use Single sign-on’s Pause feature before logging o

• If Pause is not available, log o from the programand quickly close the program’s window before

Single sign-on can log you back on

Note: Consider calling your company’s computer help desk to explain your situation and suggest the

Single sign-on administrator activate the advanced detection application definition setting Process

only the first logon for this application.

Citrix Receiver for Windows 4.9 LTSR

Should I do anything special before I work oline

If your company installed Single Sign-on on your computer, as opposed to running it over your com-

pany’s network from a server, refresh your license before working oline. This ensures you have the

full time allotted by the license until you can reconnect to your company’s network.

To refresh your Single Sign-on license

1. In the Microso Windows notification area, typically at the far right of the taskbar, right-click the

Citrix Receiver icon and select Passwords > Manage Passwords.

Note: Your company might have activated an identity verification process at this point. If so,

enter your Windows user name and password when prompted. (If you log on using smart card

or other authentication method that does not require a user name and password, use that to

verify your identify when prompted.)

2. Click About.

The About Citrix Single Sign-on window appears.

3. Click Refresh License.

4. Click OK.

The About Citrix Single Sign-on window closes.

Why does Single Sign-on lock my workstation?

Single sign-on locks your workstation whenever you request to do a task requiring an extra level of

security. These tasks might include changing or revealing a password.

Aer your workstation is locked, you verify your identity to Single sign-on by providing your account

password. In some cases, you may even be asked to provide your answers to the security questions.

Through such verification, Single sign-on prevents others from accessing your sensitive information.

While this may seem an annoyance, it is to protect you, your data, and your company.

Change your password automatically

August 6, 2018

The Single Sign-on Password Change Wizard automates the process of changing your password on

identified programs. Depending upon how your company sets up Single Sign-on, you may be able to

create your own password or allow Single Sign-on to create one for you.

Citrix Receiver for Windows 4.9 LTSR

Note: Because Password Change Wizard-generated passwords consist of random groupings of letters,

numbers, and other characters, the level of security for these passwords is very high. Because Single

sign-on manages the passwords and you do not have to remember them, consider using this feature.

Depending on how your company sets it up, the Password Change Wizard starts in one of two ways:

• When your program indicates that your password must be changed

• When you start your program’s password change process

In some instances, Single Sign-on may not detect the password change process and not start the Pass-

word Change Wizard. In these cases, you must manually change your password in both the Web site

or program and in Single Sign-on to ensure the passwords match.

Choose how to create your new password

If your company makes the choice available, the Choose how to create your new password page

of the Password Change Wizard allows you to choose how your new password will be created. The

options are:

• Choose a system-generated password

By selecting this option and clicking Next, the Password Change Wizard creates a highly secure

password. This password is not revealed to you during this process, because it is stored in Single

Sign-on and you do not need to know it. However, if your company sets Single sign-on to do so,

you can see the password aer exiting the wizard, if you want.

Note: Because Password Change Wizard-generated passwords consist of random groupings of

letters, numbers, and other characters, the level of security for these passwords is very high. Be-

cause Single sign-on manages the passwords and you do not have to remember them, consider

using this feature.

• Create your own password

By selecting this option and clicking Next, the Password Change Wizard allows you to create

and submit your own password. This password must follow any password policies set by your

company regarding length, complexity, and other factors that could aect security.

Wait for confirmation

The Waiting for confirmation page of the Password Change Wizard appears while the wizard deter-

mines whether the password change succeeded or failed.

If you determine that the password change is successful before the Password Change Wizard closes

the Waiting for confirmation page, click Skip to proceed to the Confirm password change page.

Citrix Receiver for Windows 4.9 LTSR

Confirm the password has changed

The Confirm password change page of the Password Change Wizard may appear if it is activated by

your company. If it appears, you are asked to determine whether or not the password change was

successful. Three options are available.

Yes:

The absence of the program’s password reset window or a success message are indications that the

password change was successful.

Selecting

Yes

and clicking

indicates to the Password Change Wizard that your password change

completed successfully. The wizard ends its process.

No:

The continued presence of the program’s password reset window or a Failure message are indications

that the password change was not successful.

Selecting No and clicking Next indicates to the Password Change Wizard that your program did not

accept your new password. The wizard ends its process without changing your password.

I don’t know:

Selecting I don’t know and clicking Next displays a page describing how to determine if the password

change was successful.

An additional way to determine the wizard’s success, if you created your own password, is to pause

Single sign-on and log on to the program with the new password.

Note: Youmight need to move the Password Change Wizardwindow to see if your program’s password

reset window is still open or if the program provided any password-related feedback.

Confirm the password has not changed

The Password not changed page appears if the Password Change Wizard detects that the password

change was not successful or you selected No on the Confirm password change page.

The Password not changed page oers two choices:

• Try a dierent password.

Use this option only if the program’s password change form is still open. If used aer the form

closes, the passwords in your program and Single Sign-on may not match.

Selecting Try a dierent password and clicking Next allows you to try to submit another pass-

word to the program. Depending on how your company set up Password Change Wizard, one

of the following occurs:

Citrix Receiver for Windows 4.9 LTSR

– The Choose how to create your new password page appears. You can select between a

system-generated password or one of your own creation.

– The Create your own password page appears.

– A system-generated password is created and is submitted. The Password Change Wizard

then seeks confirmation of password change success.

• Exit the wizard without further action.

Selecting Exit the wizard without further action ends further attempts to change your pro-

gram’s password. You can, however, restart the Password Change Wizard and try again at an-

other time.

Exit the wizard without further action

The Password Not Changed page of the Password Change Wizard appears if the password change

process failed or you selected No on the Confirm password change page.

If the Password Change Wizard failed, try the following to change your password:

• Click Finish on the Password Not Changed page to exit the wizard and then restart the wizard

to try again

• Manually change the password in the program and in Single Sign-on

• Call your company’s computer help desk

Exit the wizard aer a successful password change

The Password Change Successful page appears when the Password Change Wizard detects that the

password change was successful or you selected Yes on the Confirm password change page.

At this point, your new password is accepted by the program and stored in Single Sign-on.

Determine if the program accepted the new password

Selecting I don’t know and clicking Next on the Confirm password change page displays a page

describing how to determine if the password change was successful.

Another way to determine the wizard’s success is to pause Single Sign-on and log on to the program

with the new password.

Clicking Next on this page causes the Confirm password change page to reappear.

Create your own password

The Create your own password page of the Password Change Wizard appears if you selected Create

your own password on the Choose how to create your new password page. This page may not

Citrix Receiver for Windows 4.9 LTSR

appear if your company did not give you the option of creating your own passwords.

To prevent submitting a mistyped password, you must type your password in the New Password and

Confirm new password boxes. The Password Change Wizard lets you know if the passwords do not

match. If the passwords do match, the Next button becomes available.

The Password Change Wizard requires you to follow any password policies your company established.

Examples of the policies your company may establish are:

• Previous passwords cannot be reused

• Passwords must contain a mix of numbers and letters

• Passwords cannot include certain characters

• Passwords must be of a certain length

Pause and resume Single Sign-on

August 6, 2018

At times, during the course of your work, you might want to temporarily pause Single Sign-on. Rea-

sons to pause include:

• Working on a logon page without getting logged on to the program or Web site

• Working on the Internet without being asked to store logon information each time Single Sign-

on detects a logon form

Pausing is dierent from exiting in that Single Sign-on and its features are still running and available.

You are not, however, automatically logged on to password-protected programs or Web sites and you

are not prompted to store new logon information. Single Sign-on can be quickly resumed, though,

when you are ready to use it.

To pause Single sign-on:

• In the Microso Windows notification area, typically at the far right of the taskbar, right-click the

Citrix Receiver icon and select Passwords > Pause Single Sign-On.

To determine if Single sign-on is paused:

• In the Microso Windows notification area, typically at the far right of the taskbar, right-click

the Citrix Receiver icon and select Preferences and view the status of the Citrix Single Sign-on

Plug-in the Citrix Receiver Preferences window.

To resume Single sign-on:

• In the Microso Windows notification area, typically at the far right of the taskbar, right-click the

Citrix Receiver icon and select Passwords > Resume Single Sign-On.

Citrix Receiver for Windows 4.9 LTSR

Group programs in a password sharing group

October 26, 2018

Password sharing groups are created by your administrator. When a program is part of a password

sharing group, the password used for that program matches the password for all other programs

within the group. This allows you to update your password for all the programs in the group at once.

For example, if your administrator has created a password sharing group that includes your email,

accounting, word processing, data entry, and human resources applications, you can change your

password once and the password will be updated across the entire group.

If you use two dierent user names for a program within a password sharing group, you may need

two dierent passwords as well. You can remove the logon information with the dierent password

from its password sharing group, and any updates to that logon information will no longer aect other

stored passwords for programs within the group.

To change a shared password

1. In the Microso Windows notification area, typically at the far right of the taskbar, right-click the

Citrix Receiver icon and select Passwords > Manage Passwords.

2. In the Manage Passwords window, select the desired program or Web site and click Edit.

Note: Your company might have activated an identity verification process at this point. If so,

enter your Windows user name and password when prompted. (If you log on using smart card

or other authentication method that does not require a user name and password, use that to

verify your identity when prompted.)

If the program is part of a password sharing group, the dialog box that appears includes the

Change the password for this password sharing group link.

3. Click Change the password for this password sharing group and follow the directions in the

wizard.

To disassociate a program from a password sharing group

1. In the Microso Windows notification area, typically at the far right of the taskbar, right-click the

Citrix Receiver icon and select Passwords > Manage Passwords.

2. In the Manage Passwords window, select the desired program or Web site and click Edit.

Note: Your company might have activated an identity verification process at this point. If so,

enter your Windows user name and password when prompted. (If you log on using smart card

Citrix Receiver for Windows 4.9 LTSR

or other authentication method that does not require a user name and password, use that to

verify your identity when prompted.)

If the program is part of a password sharing group, the dialog box that appears includes the

Disassociate this logon from the password sharing group link.

3. Click Disassociate this logon from the password sharing group and follow the directions in

the wizard.

Store user names and passwords

October 26, 2018

If your company made this feature available, Single Sign-on automatically detects when you open

a password-protected Web site or start a password-protected program. If you previously stored your

user name, password, or other logon informationfor that Web site or programin Single Sign-on, Single

Sign-on automatically logs you on.

When you open a password-protected Web site or start a password-protected program for which you

have not yet stored your logon information, you can store your logon information in Single Sign-on in

the following ways, depending on which features of Single Sign-on your company made available:

• If Single Sign-on detects that you opened a password-protected Web site or started a password-

protected program, a dialog box automatically appears asking if you would like to store this

information

• If Single Sign-on does not detect the program, you can manually add the logon information

Single Sign-on stores logon information for:

• Windows-based programs. These are programs that are generally started from the Start menu

or your desktop. Lotus Notes is an example.

• Web-based programs or sites. These are programs or sites that you view and interact with

through your Web browser. Internet stores and Web-based training programs are examples.

Important

: Microso Internet Explorer (32-bit version) is the only Web browser supported by

Single Sign-on.

• Terminal emulator-based programs. These are the text-based programs usually associated

with a terminal emulator. These programs’ windows oen have a dark shade of a color, such as

green, for background, and a lighter shade of the same color for text.

Note: The requested logon information may vary from program to program. In most cases, you need

to provide your user name or ID and password. If you are asked for information you do not know,

contact your company’s computer help desk.

Citrix Receiver for Windows 4.9 LTSR

To store your logon information automatically

1. Open a password-protected Web site or start a password-protected program. The Web site’s

logon page or the program’s logon dialog box appears.

2. In the dialog box that appears asking if you want Single Sign-on to remember your password for

this Web site or program, click Remember.

3. If you are storing your logon information for a Web site or Web-based program, rectangles might

appear in the Web site logon window, surrounding the boxes and buttons used to submit logon

information. In the dialog box that appears asking if the correct boxes and buttons are selected,

click Yes.

4. In the New Logon dialog box, type your logon information and click Finish. The New Logon

dialog box closes, your logon information is stored in Single Sign-on, and Single Sign-on logs

you on to your program.

To store your logon information manually

1. Open a password-protected Web site or start a password-protected program. The Web site’s

logon page or the program’s logon dialog box appears.

2. If you do not see a dialog box asking if you want Single Sign-on to remember your password for

this Web site or program, prompt Single Sign-on to allow you to store your logon information

manually: In the Microso Windows notification area, typically at the far right of the taskbar,

right-click the Citrix Receiver icon and select Passwords > Submit Password.

Note: Your company might have activated an identity verification process at this point. If so,

enter your Windows user name and password when prompted. (If you log on using smart card

or other authentication method that does not require a user name and password, use that to

verify your identity when prompted.)

3. In the dialog box that appears asking if you want Single Sign-on to remember your password for

this Web site or program, click Remember.

4. If you are storing your logon information for a Web site or Web-based program, rectangles ap-

pear in the Web site logon window, surrounding the boxes and buttons used to submit logon

information. In the dialog box that appears asking if the correct boxes and buttons are selected,

click Yes.

5. In the New Logon dialog box, type your logon information and click Finish. The New Logon

dialog box closes, your logon information is stored in Single Sign-on, and Single Sign-on logs

you on to your program.

Citrix Receiver for Windows 4.9 LTSR

Storing Multiple User Names and Passwords for a Single Program

There are instances where you may have more than one account for a single program or Web site. For

example:

• You have access to a general email account for your department called Access Requests as well

as your own email account

• You are responsible for purchasing materials for two projects and have separate accounts for

each project at a vendor Web site

If your company made Single Sign-on’s multiple account feature available, you can store two or more

setsof account information for the same program or Web site. Aeryour multiple account information

is stored, Single Sign-on uses its LogonChooser to let you pick which set of logon informationyou want

to use to log on.

To add additional passwords for programs and Web sites already in Single Sign-on

1. In the Microso Windows notification area, typically at the far right of the taskbar, right-click the

Citrix Receiver icon and select Passwords > Manage Passwords.

2. In the Manage Passwords window, select the program or Web site to which you want to add an

additional logon account.

3. Click Copy.

Note: Your company might have activated an identity verification process at this point. If so,

enter your Windows user name and password when prompted. (If you log on using smart card

or other authentication method that does not require a user name and password, use that to

verify your identity when prompted.)

An additional listing of the program or Web page appears in the list.

4. Select the new listing and click Edit. A dialog box containing the logon information for the pro-

gram or Web site appears.

5. Change the logon information if necessary.

6. In the Application Name box, modify the program name or Web site name to help you dieren-

tiate it from the other instance of the program.

7. Click OK.

Logging on When You Have Multiple Accounts

If you have multiple accounts for a program or Web site, Single Sign-on starts Logon Chooser to let

you select which account you want to log on with.

To log on to a program or Web site for which you have multiple accounts stored in Single Sign-on:

Citrix Receiver for Windows 4.9 LTSR

1. Start the program or Web site. The Logon Chooser dialog box appears along with the program’s

logon page.

2. In the Logon Chooser dialog box, click the appropriate logon account and then click OK. The

Logon Chooser dialog box closes and Single Sign-on logs you on to the program or Web site.

August 6, 2018

1. From the Welcome to Security Questions Registration page, click Next to see the first security

question.

2. In the Answer box, type the answer to the first security question. Depending on your company’s

settings, your answer may appear as dots as you type. If so, you must retype your answer in the

Confirm Answer box.

Note: Your answers to the questions are case-sensitive. If you use an uppercase letter to reg-

ister your answers, you must also use the same uppercase letter when verifying your identity.

Similarly, if you use a period during registration, such as when identifying Ms. Shestack as your

favorite teacher, use that same period when verifying your identity.

3. Click Next. If there are additional security questions, the next question appears.

4. Repeat Steps 2 and 3 until the Submit Your Answers page appears.

5. On the Submit Your Answers page, click Next.

6. On the Security Questions Registration Successful page, click Finish. Your answers to the

security questions are stored.

Remove user names and passwords

August 6, 2018

This topic describes how to remove passwords saved by Single Sign-on. Receiver can also save your

passwords if you select Remember my password when you log on. To remove your password from

Receiver, right-click the Receiver icon, click About, expand Advanced, and then click Delete Pass-

words.

There may be times when you want to remove your logon account information from Single Sign-on.

For example:

• You have multiple accounts for a program or Web site stored, but no longer need all of them

Citrix Receiver for Windows 4.9 LTSR

• You have information stored for programs or Web sites you no longer use

Important: If you remove logon information that you are still using, Single Sign-on cannot automati-

cally log you on to that program or Web site and you will be asked to store that information again the

next time you start that program.

1. In the Microso Windows notification area, typically at the far right of the taskbar, right-click the

Citrix Receiver icon and select Passwords > Manage Passwords.

2. In the Manage Passwords window, select the desired program or Web site and click Remove.

Note: Your company might have activated an identity verification process at this point. If so,

enter your Windows user name and password when prompted. (If you log on using smart card

or other authentication method that does not require a user name and password, use that to

verify your identity when prompted.)

A dialog box appears asking you to confirm you want to delete the logon information for the

selected program.

3. Click Yes. The logon information is removed from Single Sign-on and no longer is listed in Man-

age Passwords window.

Note: If you return to the program or Web site, you will be asked if you want to store your logon

information.

Reveal your password

October 26, 2018

If your company made this feature available, Single sign-on allows you to view your passwords.

Note: Your company may have identified certain passwords that cannot be revealed.

Caution: Do not allow others to learn your passwords. Doing so puts your accounts and company

systems at risk.

1. In the Microso Windows notification area, typically at the far right of the taskbar, right-click the

Citrix Receiver icon and select Passwords > Manage Passwords.

2. In the Manage Passwords window, select the desired program or Web site and click Reveal Pass-

word.

Note: Your company might have activated an identity verification process at this point. If so,

enter your Windows user name and password when prompted. (If you log on using smart card

or other authentication method that does not require a user name and password, use that to

verify your identity when prompted.)

Citrix Receiver for Windows 4.9 LTSR

A new dialog box appears containing the password for the selected program.

3. Click OK to close the program’s password dialog box.

Set up Citrix Single Sign-on for the first time

August 6, 2018

Depending on how your company sets it up, Citrix Single Sign-on starts automatically, either when

you log on to your computer or when you start your first password-protected program or Web site.

If your company configured Single Sign-on to gather information from you as it runs for the first time,

you may be asked to answers to security questions, such as “Who was your favorite teacher?” Your

answer to these questions will help verify your identity if necessary.

Use apps when not connected to the Internet

August 6, 2018

You must be connected to the Internet to open an app the first time. Citrix Receiver for Windows in-

stalls some apps on your device so you can run them when not connected to the Internet. This instal-

lation might take several minutes.

Note: Oline access is not available for all users or apps. Your administrator determines how long you

can use an app oline before you are required to connect to the Internet.

Find desktops and apps

August 6, 2018

Your virtual desktops and apps are available from the Citrix Receiver for Windows home page on all of

your devices.

To get started, right-click the Citrix Receiver for Windows icon and then click Open.

Desktops and apps can also be in one or more of these locations:

• Windows Start menu – Desktops and apps added from Citrix Receiver for Windows are also

added to your Windows Start menu in a folder under All Programs.

• Desktop – Your administrator might provide shortcuts on your computer desktop. A shortcut

might be located inside a folder on your desktop.

Citrix Receiver for Windows 4.9 LTSR

• Web page – Your administrator might provide links on a web page to desktops and apps. Open

Internet Explorer, Firefox, or Google Chrome and then enter the URL provided by your adminis-

trator.

Manage sessions

August 6, 2018

The Citrix Connection Center displays all active connections established from Receiver.

To open Connection Center:

• Right-click the Receiver icon and then click Connection Center.

To exit a frozen virtual app

Select the app in Connection Center and then click Terminate.

To close all active virtual apps at once

Select the server in Connection Center and then click Log O.

To change how you see your desktops and apps

You can switch between “seamless” and “full screen” mode.

• Seamless mode. Desktops and apps are not contained within a session window. Each desktop

and app appears in its own resizable window, as if it is physically installed on your user device.

You can switch between apps and the local desktop.

• Full screen mode. Apps are placed in a desktop window.

To switch to full screen mode: Select the server in Connection Center, click Full Screen, and click OK.

To return to seamless mode: Press Shi + F2.

Refresh or remove apps

August 6, 2018

When you log o or exit Citrix Receiver for Windows, the apps are disconnected. Reconnect to the

session either by selecting Refresh Apps from the drop-down menu or clicking on app icon.

Citrix Receiver for Windows 4.9 LTSR

When the Self-service mode is disabled, to refresh apps when you access them exclusively using the

Start menu or desktop shortcuts, right-click on the Citrix Receiver for Windows from the notification

area and select Refresh.

Select Refresh Apps option to get the latest published apps and desktops from the StoreFront.

To remove an app from the App view, right-click the app and select Remove App.

Citrix Receiver for Windows Desktop Lock

March 19, 2019

You can use the Citrix Receiver for Windows Desktop Lock when you do not need to interact with the

local desktop. You can still use the Desktop Viewer (if enabled), however it has only the required set

of options on the toolbar: Ctrl+Alt+Del, Preferences, Devices, and Disconnect.

Citrix Receiver for Windows Desktop Lock works on domain-joined machines, which are SSON-

enabled (Single Sign-On) and store configured; it can also be used on non-domain joined machines

without SSON enabled. It does not support PNA sites. Previous versions of Desktop Lock are not

supported when you upgrade to Citrix Receiver for Windows 4.2 or later.

You must install Citrix Receiver for Windows with the /includeSSON flag. You must configure the store

and Single Sign-on, either using the adm/admx file or cmdline option. For more information, see

Install and configure Citrix Receiver using the command line.

Then, install the Citrix Receiver for Windows Desktop Lock as an administrator using the CitrixRe-

ceiverDesktopLock.MSI available in the Citrix Downloads page.

System requirements for Citrix Receiver Desktop Lock

• Microso Visual C++ 2005 Service Pack 1 Redistributable Package. For more information, see

the Microso Download page.

• Supported on Windows 7 (including Embedded Edition), Windows 7 Thin PC, Windows 8, and

Windows 8.1 and Windows 10 (Anniversary update included).

• Connects to StoreFront through native protocols only.

• Domain-joined and non-domain joined end points.

• User devices must be connected to a local area network (LAN) or wide area network (WAN).

Local App Access

Citrix Receiver for Windows 4.9 LTSR

Important

Enabling Local App Access may permit local desktop access unless a full lock down has been

applied with the Group Policy Object template or a similar policy. See Configure Local App Access

and URL redirection in XenApp and XenDesktop for more information.

Working with Citrix Receiver for Windows Desktop Lock

• You can use Citrix Receiver for Windows Desktop Lock with the following Citrix Receiver for Win-

dows features:

– 3Dpro, Flash, USB, HDX Insight, Microso Lync 2013 plug-in, and local app access

– Domain, two-factor, or smart card authentication only

• Disconnecting the Citrix Receiver for Windows Desktop Lock session logs out the end device.

• Flash redirection is disabled on Windows 8 and later versions. Flash redirection is enabled on

Windows 7.

• The Desktop Viewer is optimized for Citrix Receiver for Windows Desktop Lock with no Home,

Restore, Maximize, and Display properties.

• Ctrl+Alt+Del is available on the Viewer toolbar.

• Mostwindows shortcutkeys are passedto the remote session, with the exceptionof Windows+L.

For details, see Passing Windows shortcut keys to the remote session.

• Ctrl+F1 triggers Ctrl+Alt+Del when you disable the connection or Desktop Viewer for desktop

connections.

To install Citrix Receiver for Windows Desktop Lock

This procedure installs Citrix Receiver for Windows so that virtual desktops appear using Citrix Re-

ceiver for Windows Desktop Lock. For deployments that use smart cards, see

To configure smart cards for use with devices running Receiver Desktop Lock.

1. Log on using a local administrator account.

2. At a command prompt, run the following command (located in the Citrix Receiver and Plug-ins

> Windows > Citrix Receiver for Windows folder on the installation media).

For example:

1 CitrixReceiver.exe

2 /includeSSON

3 STORE0=”DesktopStore;https://my.storefront.server/Citrix/MyStore/

discovery;on;Desktop Store”

Citrix Receiver for Windows 4.9 LTSR

For command details, see the Citrix Receiver for Windows install documentation at Configure

and install Receiver for Windows using command-line parameters.

3. In the same folder on the installation media, double-click CitrixReceiverDesktopLock.MSI . The

Desktop Lock wizard opens. Follow the prompts.

4. When the installation completes, restart the user device. If you have permission to access a

desktop and you log on as a domain user, the device appears using Receiver Desktop Lock.

To allow administration of the user device aer installation, the account used to install CitrixRe-

ceiverDesktopLock.msi is excluded from the replacement shell. If that account is later deleted, you

will not be able to log on and administer the device.

To run a silent install of Receiver Desktop Lock, use the following command line: msiexec /i CitrixRe-

ceiverDesktopLock.msi /qn

To configure Citrix Receiver for Windows Desktop Lock

Grant access to only one virtual desktop running Citrix Receiver for Windows Desktop Lock per user.

Using Active Directory policies, prevent users from hibernating virtual desktops.

Use the same administrator account to configure Citrix Receiver for Windows Desktop Lock as you did

to install it.

• Ensure that the receiver.admx (or receiver.adml) and receiver_usb.admx (.adml) files are loaded

into Group Policy (where the policies appear in Computer Configuration or User Configuration >

Administrative Templates > Classic Administrative Templates (ADMX) > Citrix Components). The

.admx files are located in %Program Files%\Citrix\ICA Client\Configuration.

• USB preferences - When a user plugs in a USB device, that device is automatically remoted to the

virtual desktop; no user interaction is required. The virtual desktop is responsible for controlling

the USB device and displaying it in the user interface.

– Enable the USB policy rule.

– In Citrix Receiver > Remoting client devices > Generic USB Remoting, enable and configure

the Existing USB Devices and New USB Devices policies.

• Drive mapping - In Citrix Receiver > Remoting client devices, enable and configure the Client

drive mapping policy.

• Microphone - In Citrix Receiver > Remoting client devices, enable and configure the Client mi-

crophone policy.

To configure smart cards for use with devices running Citrix Receiver for Windows

Desktop Lock

1. Configure StoreFront.

Citrix Receiver for Windows 4.9 LTSR

a) Configure the XML Service to use DNS Address Resolution for Kerberos support.

b) Configure StoreFront sites for HTTPS access, create a server certificate signed by your do-

main certificate authority, and add HTTPS binding to the default website.

c) Ensure pass-through with smart card is enabled (enabled by default).

d) Enable Kerberos.

e) Enable Kerberos and Pass-through with smart card.

f) Enable Anonymous access on the IIS Default Web Site and use Integrated Windows Authen-

tication.

g) Ensure the IIS Default Web Site does not require SSL and ignores client certificates.

2. Use the Group Policy Management Console to configure Local Computer Policies on the user

device.

a) Import the Receiver.admx templatefrom %ProgramFiles%\Citrix\ICA Client\Configuration.

b) Expand Administrative Templates > Classic Administrative Templates (ADMX) > Citrix Com-

ponents > Citrix Receiver > User authentication.

c) Enable Smart card authentication.

d) Enable Local user name and password.

3. Configure the user device before installing Citrix Receiver for Windows Desktop Lock.

a) Add the URL for the Delivery Controller to the Windows Internet Explorer Trusted Sites list.

b) Add the URL for the first Delivery Group to the Internet Explorer Trusted Sites list in the

form desktop://delivery-group-name.

c) Enable Internet Explorer to use automatic logon for Trusted Sites.

When Citrix Receiver for Windows Desktop Lock is installed on the user device, a consistent smart card

removal policy is enforced. Forexample, if the Windows smart cardremoval policy is set toForce logo

for the desktop, the user must log o from the user device as well, regardless of the Windows smart

card removal policy set on it. This ensures that the user device is not le in an inconsistent state. This

applies only to user devices with the Citrix Receiver for Windows Desktop Lock.

To remove Citrix Receiver for Windows Desktop Lock

Be sure to remove both of the components listed below.

1. Log on with the same local administrator account that was used to install and configure Citrix

Receiver for Windows Desktop Lock.

2. From the Windows feature for removing or changing programs:

• Remove Citrix Receiver for Windows Desktop Lock.

• Remove Citrix Receiver for Windows.

Citrix Receiver for Windows 4.9 LTSR

Passing Windows shortcut keys to the remote session

Most windows shortcut keys are passed to the remote session. This section highlights some of the

common ones.

Windows

• Win+D - Minimize all windows on the desktop.

• Alt+Tab - Change active window.

• Ctrl+Alt+Delete - via Ctrl+F1 and the Desktop Viewer toolbar.

• Alt+Shi+Tab

• Windows+Tab

• Windows+Shi+Tab

• Windows+All Character keys

Windows 8

• Win+C - Open charms.

• Win+Q - Search charm.

• Win+H - Share charm.

• Win+K - Devices charm.

• Win+I - Settings charm.

• Win+Q - Search apps.

• Win+W - Search settings.

• Win+F - Search files.

indows 8 apps

• Win+Z - Get to app options.

• Win+. - Snap app to the le.

• Win+Shi+. - Snap app to the right.

• Ctrl+Tab - Cycle through app history.

• Alt+F4 - Close an app.

Desktop

• Win+D - Open desktop.

• Win+, - Peek at desktop.

• Win+B - Back to desktop.

Citrix Receiver for Windows 4.9 LTSR

Other

• Win+U - Open Ease of Access Center.

• Ctrl+Esc - Start screen.

• Win+Enter - Open Windows Narrator.

• Win+X - Open system utility settings menu.

• Win+PrintScrn - Take a screen shot and save to pictures.

• Win+Tab - Open switch list.

• Win+T - Preview open windows in taskbar.

SDK and API

October 26, 2018

Citrix Virtual Channel SDK

The Citrix Virtual Channel soware development kit (SDK) supports writing server-side applications

and client-side drivers for additional virtual channels using the ICA protocol. The server-side virtual

channel applications are on XenApp or XenDesktop servers. This version of the SDK supports writing

new virtual channels for Receiver for Windows. If you want to write virtual drivers for other client

platforms, contact Citrix Technical support.

The Virtual Channel SDK provides:

• The Citrix Virtual Driver Application Programming Interface (VDAPI) is used with the virtual chan-

nel functions in the Citrix Server API SDK (WFAPI SDK) to create new virtual channels. The virtual

channel support provided by VDAPI makes it easy to write your own virtual channels.

• The Windows Monitoring API, which enhances the visual experience and support for third-party

applications integrated with ICA.

• Working source code for virtual channel sample programs to demonstrate programming tech-

niques.

• The Virtual Channel SDK requires the WFAPI SDK to write the server side of the virtual channel.

For more information on the SDK documentation, see Citrix Virtual Channel SDK for Citrix Receiver for

Windows.

Fast Connect 3 Credential Insertion API

The Fast Connect 3 Credential Insertion API provides an interface that supplies user credentials to

the Single Sign-on (SSON) feature.This feature is available from Citrix Receiver for Windows Version

4.2 and later. Using this API, Citrix partners can provide authentication and SSO products that use

Citrix Receiver for Windows 4.9 LTSR

StoreFront or the Web Interface to log users on to virtual applications or desktops and then disconnect

users from those sessions.

For more information on the Fast Connect API documentation, see Fast Connect 3 Credential Insertion

API for Citrix Receiver for Windows.

Locations

Corporate Headquarters | 851 Cypress Creek Road Fort Lauderdale, FL 33309, United States

Silicon Valley | 4988 Great America Parkway Santa Clara, CA 95054, United States

Citrix Systems, Inc. and/or one or more of its subsidiaries, and may be registered with the U.S. Patent and Trademark Oice

and in other countries. All other marks are the property of their respective owner(s).

Citrix Product Documentation | docs.citrix.com March 17, 2021