We’ve had some fun with the new v12.0 XenApp Client – by default each user on web interface sites is asked when they launch applications that try to use the local drives. The message below pops up, which is nicely redesigned since the previous versions.
If the user clicks Yes, access to resources such as local drive mappings is then enabled (read only if the checkbox was clicked). Otherwise, you can get errors such as “The folder ‘c:\*.*’ isn’t accessible”.
The solution to this is a registry fix that can be rolled out via a login script, SMS, etc. The registry file can be downloaded from here (though I have not followed their instructions exactly… http://support.citrix.com/article/CTX124871
Basically, download the reg file from this site and look for this line:
[HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Client Selective Trust\oidIntranetRegionIcaAuthorizationDecision\FileSecurityPermission]
"stereotype"="DbScalar"
@="3"
Change the 3 (prompt) to a 2 (full access)
[HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Client Selective Trust\oidIntranetRegionIcaAuthorizationDecision\FileSecurityPermission]
"stereotype"="DbScalar"
@="2"
And apply the reg file. On command line this would be:
reg import c:\ssonregupx86.reg
Solution for v11.2 client
[Apologies for those who may have been misled by this article in the past – I originally posted this as a solution for the v12.0 client – actually v12.0 pays no attention to the webica.ini file. This works fine on v11.2 though, which exhibits the same problem, albeit with different error messages]
If you want to avoid errors such as this, decide whether you want applications to have access to local drives (different for everyone I’m sure, but you probably do), create a text file called “webica.ini” at these locations automatically at logon:
Windows Vista and 7: C:\Users\%USERNAME%\AppData\Roaming\ICAClient
Window XP and 2000: C:\Documents and Settings\%USERNAME%\Application Data\ICAClient
The file contents for allow access and never ask is:
[Access]
GlobalSecurityAccess=405
1 comments:
I tried this method of creating the webica.ini file after I had denied permission and it didn't work. Tested on Windows 7. Registry key seems to be the only way
Post a Comment