Symptoms
After upgrading to Presentation Server 3.0/4.0, administrators may be able to connect to an ICA Desktop session, even if the “Only run Published Applications” check box is selected in the Advanced Properties of the ICA Connection Configuration.
Cause
A change was made in Presentation Server 3.0/4.0 as documented in the Administrator’s Guide under the Configuring Advanced ICA Connection Options section starting on page 199.
Resolution
A new registry value has been created to allow administrators to be able to toggle this new behavior as described above. Adding the below registry value will not allow administrators to connect to an ICA Desktop session.
**In order for the following registry value to work, Fix # 123106 must be applied to the server. This fix was first included in post Hotfix Rollup Pack (HRP) 04 Hotfix MPSE300R04W2k3008 for Presentation Server 3.0 for Windows 2003 and is included in HRP 05 and later. Citrix Presentation Server 4.0 HRP 02 will contain this fix.**
Caution! This item requires you to edit the registry. Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Citrix cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk.
The following registry value needs to be added and set to 0x1:
Registry Path: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Citrix
Value Name: DenyAdminICADesktopAccess
Type: REG_DWORD
Value: 0x1
Status
This is as designed.
