Thursday, 1 April 2010

Citrix Web Client 12.0 - “A remote application is trying to access files on your computer”…

We’ve had some fun with the new v12.0 XenApp Client – by default each user on web interface sites is asked when they launch applications that try to use the local drives.  The message below pops up, which is nicely redesigned since the previous versions.

image

If the user clicks Yes, access to resources such as local drive mappings is then enabled (read only if the checkbox was clicked).  Otherwise, you can get errors such as “The folder ‘c:\*.*’ isn’t accessible”.

clip_image002

The solution to this is a registry fix that can be rolled out via a login script, SMS, etc.  The registry file can be downloaded from here (though I have not followed their instructions exactly… http://support.citrix.com/article/CTX124871

Basically, download the reg file from this site and look for this line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Client Selective Trust\oidIntranetRegionIcaAuthorizationDecision\FileSecurityPermission]
"stereotype"="DbScalar"
@="3"

Change the 3 (prompt) to a 2 (full access)

[HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Client Selective Trust\oidIntranetRegionIcaAuthorizationDecision\FileSecurityPermission]
"stereotype"="DbScalar"
@="2"

And apply the reg file.  On command line this would be:

reg import c:\ssonregupx86.reg

 

Solution for v11.2 client

[Apologies for those who may have been misled by this article in the past – I originally  posted this as a solution for the v12.0 client – actually v12.0 pays no attention to the webica.ini file.  This works fine on v11.2 though, which exhibits the same problem, albeit with different error messages]

If you want to avoid errors such as this, decide whether you want applications to have access to local drives (different for everyone I’m sure, but you probably do), create a text file called “webica.ini” at these locations automatically at logon:

Windows Vista and 7:  C:\Users\%USERNAME%\AppData\Roaming\ICAClient

Window XP and 2000: C:\Documents and Settings\%USERNAME%\Application Data\ICAClient

The file contents for allow access and never ask is:

[Access]
GlobalSecurityAccess=405

2 comments:

Anonymous said...

I tried this method of creating the webica.ini file after I had denied permission and it didn't work. Tested on Windows 7. Registry key seems to be the only way

hosting-web said...

This is a very important issue and this slide is very helpful. I would mention that many of us readers actually are definitely blessed to live in a fantastic website with very many special  professionals with beneficial points.Hosting in India

Post a Comment