Unable to save default application on UPM on Windows Desktop OS VDAs after February MS updates

book

Article ID: CTX691100

calendar_today

Updated On:

Description

After Microsoft Windows Updates on February 2024, Desktop OS VDAs using Citrix Profile Manager (UPM profiles) are unable to save default applications

As part of the February 2024 updates (KB5034763 for Windows 10 and KB5034765 for Windows 11), Microsoft introduced a new driver called the "User Choice Protection Driver" (UCPD.sys). This driver prevents direct editing of specific Registry keys associated with URL associations (HTTP, HTTPS) and the PDF file extension.

On UPM logs we will see the following errors when local profile is copied to UPM profile at logoff:

ERROR;ApplyRegistryChanges: RegSetValueEx: Setting value <ProgId> in key <upm_USER-SID_network\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\UserChoice> failed with: Access is denied.
ERROR;ApplyRegistryChanges: RegSetValueEx: Setting value <ProgId> in key <upm_USER-SI_network\SOFTWARE\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice> failed with: Access is denied.
ERROR;ApplyRegistryChanges: RegSetValueEx: Setting value <ProgId> in key <upm_USER-SI_network\SOFTWARE\Microsoft\Windows\Shell\Associations\UrlAssociations\https\UserChoice> failed with: Access is denied.

Resolution

Workaround: disable UCPD driver
1. Set the startup type of UserChoice Protection Driver to disabled.
New-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\UCPD" -Name "Start" -Value 4 -PropertyType DWORD -Force
2. Deactivate the UCPD Velocity task in the Task Scheduler.
Delete or disable the "UCPD velocity" scheduled task under \Microsoft\Windows\AppxDeploymentClient.

A reboot is needed for these changes to take effect.