How to Prevent Users from Changing Client Device Access Settings for 12.x Plug-in and later versions of Receiver for Windows Using Client Selective Trust
Article ID: CTX128792
Updated On:
Description
This article is intended for Citrix administrators and technical teams only.
Non-admin users must contact their company’s Help Desk/IT support team and can refer to CTX297149 for more information.
This article provides information on how to prevent users from changing Client Device Access Settings for 12.x Plug-in and later versions of Receiver for Windows using Client Selective Trust. Note: By default, all client device access are set to 0 (no access), users can still access the connection center and change Client Device Access values.
Background
For newer releases refer to CTX133565 - How to Configure Default Device Access Behavior of Receiver, XenDesktop and XenApp
With Online Plug-in 12.x, client device access in ICA sessions formerly configured with the webica.ini file is now done with the registry key Client Selective Trust (HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Client Selective Trust) as described in CTX124921 – Citrix Online Plug-in 12.0 Ignores Webica.ini Settings.Instructions
In addition to specifying 0 for no access for all categories (File Security, MicrophoneAndWebcamSecurityPermission, PdaSecurityPermission, ScannerAndDigitalCameraSecurityPermission) in all zones (oidInternetRegionIcaAuthorizationDecision, oidIntranetRegionIcaAuthorizationDecision, oidRestrictedSitesRegionIcaAuthorizationDecision, oidTrustedSitesRegionIcaAuthorizationDecision), set the following value to False:
oidPredefinedSecurityPolicySettings\InstantiatedSecurityPolicyEditable\defaultAs a result, all fields in the connection center will be unavailable and users cannot change the security settings predefined by an administrator.
Issue/Introduction
Additional Information
