If you are having issues with the Citrix ICA security setting when running applications in the Virtual Office CS or SaaS environment, you need to modify webica.ini to force the ICA client security setting to allow access. The location of webica.ini varies by the version of Citrix that is installed on the computer. When opening applications on Virtual Office CS you may get the message 'Security Warning, An online application is attempting to access information on a device attached to your computer. Block access or Permit use'. Clicking on permit use will allow you to navigate to the local drives on your computer. You can also mark the box 'Do not ask me again for this site'.
When trying to export or save a file to your local workstation you may receive the error, 'Application does not have permission to create new files in the destination directory. Please enter a new path or correct the permissions.' Try the steps below or create a folder on the C drive and export or save the file there.
Having the wrong version of Citrix installed on a computer can cause various problems, including session drops, inability to connect, and more. To verify that the correct version of Citrix is installed on a computer, follow the steps below.
However, when using WS(1911) connecting to a 715CU4 site and then to a desktop or server vda running VDA 1912 the user can transfer files between the local client and Citrix session! If you connect to the same desktop or server vda from a local client running Citrix Receiver, then the policy prohibits file transfer as expected! Citrix – Allow Full Access to Local Drive For most versions of the Citrix plugins we use (and there are multiple versions), once you are connected there is an icon that shows up in the System Tray of Windows, by the clock. To change the file access setting: Log into the XenApp page (farinapps.farin.com or iprice.farin.com) on the machine. You can also achieve this in Ivanti UWM, Citrix WEM, LiquidWare ProfileUnity or any one of the many UEM tools out there that can handle folders, shortcuts and ini file creation. Firstly, you need to identify two things:-a) the name you want to appear on your shortcut – e.g. Departmental Drive #1. If you need access to local computing resources (such as printers, thumb drives, or local hard drives), install Citrix Workspace on each computer that you will use to access BC Apps. Citrix Workspace is currently installed on all computers in the Libraries. I am using Matlab 2018a within the Citrix receiver. That means, I run the Citrix receiver and it runs Matlab on a server. From this Matlab instance, I can access my local drive, in fact if I click 'open' then the window below appears, and I can open any file I want on my local pc.
On Windows 7 or 8:
- Do one of the following:
◾On Windows 7, click the Start menu.
◾On Windows 8, press Windows key + X on your keyboard. - Click Control Panel.
- Click Uninstall a Program under Programs in the Category view, or click Programs and Features in the Large icons or Small icons view.
- For each item with 'Citrix' in the name, look at the Version column. There should be two items listed: VO Citrix version 14.4.1000 and Citrix Receiver.
On Windows 10:
- Click the Start menu, then choose Settings.
- Choose System > Apps & Features.
- There should be two items listed: VO Citrix version 14.4.1000 and Citrix Receiver.
- Open an application in the Virtual Office CS or SaaS environment.
- Right-click the Citrix Receiver icon in the system tray and choose Connection Center > Preferences.
- In the File Access tab make sure Read and write is selected.
- Close all applications that are running in the Virtual Office CS or SaaS environment.
- Determine whether user account control is on or off.
- Windows 10: Click the Start button and choose Control Panel, in the search field enter uac then click Change User Account Control settings.
- Windows 8: Run a search, enter user account control, and click Change User Account Control Settings.
- Windows 7: Click the Start button, enter user account control in the Search programs and files field, and press ENTER.
If the slider bar is set to 'Never notify,' user account control is off. If the slider bar is at any other setting, user account control is on.
- Click the appropriate link to view the remaining steps.
- Open Windows Explorer and navigate to the appropriate folder.
Version of Citrix ICA Client File location 10.0 or lower C:Windows 10.1 or higher C:UsersAppDataRoamingICAClient
Note: If you don’t see the AppData folder, click here for more information.
Complete these steps to change a setting for viewing files and folders.
- Open Windows Explorer and choose Tools > Folder Options.
- Click the View tab.
- Click the Show hidden files, folders, and drives option, and click OK.
You should now be able to see the AppData folder.
- Double-click webica.ini and open it in Notepad. The file will look similar to this.
[Access]
GlobalSecurityAccess=403
The value set on the GlobalSecurityAccess line controls the file security settings for all new connections to applications. The values are:
- 405 = Full Access
- 404 = Read Access
- 403 = No Access
- -1 = No security setting is configured
- You need to change the value of GlobalSecurityAccess. You have two options:
- change the value to 405 to allow access to local drives, or
- change the value to -1 to enable the file access security prompt to appear when the user opens applications through Virtual Office CS or SaaS.
- Save webica.ini.
You must manually create the webica.ini file.
- Right-click the desktop, choose New > Text Document, and name the file webica.txt.
- Double-click the file to open it in Notepad.
- Copy the following two lines of text and paste them into the file.
[Access]
GlobalSecurityAccess=405
- Open Windows Explorer and choose Tools > Folder Options.
- Click the View tab and verify that the Hide extensions for known file types checkbox is not marked.
- On the desktop, right-click the file, choose Rename, and change the file extension from TXT to INI.
- Copy the file and paste it into the C:Windows folder.
- Open Windows Explorer and navigate to the appropriate folder.
Was this article helpful?
Great! Can you tell us why? (optional)
We're sorry. Can you tell us why? (optional)
Continuing education and training Get the most out of your Thomson Reuters Tax & Accounting products. Our continued learning packages will teach you how to better use the tools you already own, while earning CPE credit. Learn more. |
Product information and alerts |
Contact Support Chat |
Working Scenarios:
1. Disabling Client Selective Trust
2. Using IE instead with Client Selective Trust enabled
Background
With the introduction of Receiver 3.x client, administrators can configure the default behavior for device access when connecting to a Citrix XenDesktop or XenApp environment. By default, the Desktop Viewer client device restrictions are based on the Internet region and this behavior can be changed by creating the Client Selective Trust feature registry keys under the HKey_Local_Machine hive in the registry and by modifying the required values.
With the default value, one of the following dialog boxes appear when accessing local files, webcams, or microphones:
- HDX File Access
- HDX Microphone and Webcam
Instructions
To configure default device access behavior of Receiver, XenDesktop or XenApp, complete the following steps:
Note: In the ADM template there is the 'Create Client Service Trust Key' value, which can be used to automatically create all the required registry keys otherwise import registry keys first and make changes in registry values as explained and then apply ADM files and perform changes for ADM files. If you have applied ADM files first and then registry changes, there could be a possibility of continued unresolved issues. Using ADM files ONLY and not importing registry hive or making changes to registry values will not resolve the issue. Both steps are required and should be applied in the correct order: Step 1. Registry Hive, Step 2. ADM File.
It is also applicable for Citrix Receiver 4.x.
Caution! Refer to the Disclaimer at the end of this article before using Registry Editor.
Download the appropriate registry settings file that is attached to this article and import to a client device.
Note: The attachment contains the file for a 32-bit and a 64-bit operating system.
Open one of the following registry keys on the computer:
HKEY_LOCAL_MACHINESOFTWARECitrixICA ClientClient Selective Trust
Or
HKEY_LOCAL_MACHINESOFTWAREWow6432NodeCitrixICA ClientClient Selective Trust.
Note: The key 'HKEY_CURRENT_USERSOFTWARECitrixICA ClientClient Selective Trust' has higher priority than 'HKLMSOFTWARECitrixICA ClientClient Selective Trust'. This Key will be created every time a user makes changes in the preferences of Receiver. As this key has priority, it needs to be deleted at every reboot.- In the appropriate region(s), change the default value of any of the following resources according to the list of Access Values:
Resource Key | Resource Description |
FileSecurityPermission | Client Drives |
MicrophoneAndWebcamSecurityPermission | Microphones and Webcams |
ScannerAndDigitalCameraSecurityPermission | USB and Other Devices |
0 = No Access
1 = Read Only Access
2 = Full Access
3 = Prompt User for Access
Export the Client Selective Trust key to a new .reg file.
Import the modified .reg file on each client device.
This process can be automated by using a log on script.
Note: Included in the ZIP archive are the Group Policy ADM files specifically for x86 or x64 operating systems which create the required registry keys on the client machine and add the ability to modify the values as explained in the preceding section. If an Organizational Unit (OU) or group of computers contains multiple architectures, ensure to use a method such as Windows Management Instrumentation (WMI) filtering to apply the appropriate settings.
For clients supporting adml/admx format templates follow: https://msdn.microsoft.com/en-us/library/bb530196.aspx
Additional Resources
- Citrix Documentation - Configure Receiver with the Group Policy Object template
- CTX124921 - Citrix Online Plug-in 12.0 Ignores Webica.ini Settings
- Citrix Receiver - Latest Download