Enable ICA File Signing
Supported on: ADMX Migrator encountered a policy that does not have a supportedOn value.
Description
Use this policy to enable and configure ICA File Signing.
Registry
HKLM
Software\Policies\Citrix\ICA Client\ICA File Signing This policy sets several registry values:
version Enabled:
version = 1 Disabled:
version = (deleted) enabled Enabled:
enabled = 1 Disabled:
enabled = (deleted) citrixparam1 Unsigned Parameters Enabled:
citrixparam1 = Border Disabled:
citrixparam1 = (deleted) citrixparam2 Unsigned Parameters Enabled:
citrixparam2 = BackgroundColor Disabled:
citrixparam2 = (deleted) citrixparam3 Unsigned Parameters Enabled:
citrixparam3 = TextColor Disabled:
citrixparam3 = (deleted) citrixparam4 Unsigned Parameters Enabled:
citrixparam4 = DesiredColor Disabled:
citrixparam4 = (deleted) citrixparam5 Unsigned Parameters Enabled:
citrixparam5 = Client-Type Disabled:
citrixparam5 = (deleted) citrixparam6 Unsigned Parameters Enabled:
citrixparam6 = EnableIPCSessionControl Disabled:
citrixparam6 = (deleted) citrixparam7 Unsigned Parameters Enabled:
citrixparam7 = IconIndex Disabled:
citrixparam7 = (deleted) citrixparam8 Unsigned Parameters Enabled:
citrixparam8 = IconPath Disabled:
citrixparam8 = (deleted) citrixparam9 Unsigned Parameters Enabled:
citrixparam9 = TransportDriver Disabled:
citrixparam9 = (deleted) citrixparam10 Unsigned Parameters Enabled:
citrixparam10 = DesiredHRes Disabled:
citrixparam10 = (deleted) citrixparam11 Unsigned Parameters Enabled:
citrixparam11 = DesiredVRes Disabled:
citrixparam11 = (deleted) citrixparam12 Unsigned Parameters Enabled:
citrixparam12 = ScalingMode Disabled:
citrixparam12 = (deleted) citrixparam13 Unsigned Parameters Enabled:
citrixparam13 = TWIMode Disabled:
citrixparam13 = (deleted) citrixparam14 Unsigned Parameters Enabled:
citrixparam14 = ConnectionBar Disabled:
citrixparam14 = (deleted) citrixparam15 Unsigned Parameters Enabled:
citrixparam15 = RTWIMode Disabled:
citrixparam15 = (deleted) disableCheckForTrustedLaunchers Unsigned Parameters Enabled:
disableCheckForTrustedLaunchers = 0 Disabled:
disableCheckForTrustedLaunchers = (deleted) REG Builder
BETAConfigure the state and elements to generate .reg, PowerShell, Intune, and SCCM outputs.
These exports replicate the policy's registry effect. Editing the registry directly is not the same as applying the GPO through the management console (no gpupdate, no central reporting). Test before production; HKLM changes require administrator rights.
.reg file
Windows Registry Editor Version 5.00
; Exported from gporais.com
; Policy: Enable ICA File Signing
; State: Enabled
; Supported on: ADMX Migrator encountered a policy that does not have a supportedOn value.
[HKEY_LOCAL_MACHINE\Software\Policies\Citrix\ICA Client\ICA File Signing]
"version"=dword:00000001
"enabled"=dword:00000001
"promptUser"=dword:00000000
"disableCheckForTrustedLaunchers"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Policies\Citrix\ICA Client\ICA File Signing\Unsigned Parameters]
"citrixparam1"="Border"
"citrixparam2"="BackgroundColor"
"citrixparam3"="TextColor"
"citrixparam4"="DesiredColor"
"citrixparam5"="Client-Type"
"citrixparam6"="EnableIPCSessionControl"
"citrixparam7"="IconIndex"
"citrixparam8"="IconPath"
"citrixparam9"="TransportDriver"
"citrixparam10"="DesiredHRes"
"citrixparam11"="DesiredVRes"
"citrixparam12"="ScalingMode"
"citrixparam13"="TWIMode"
"citrixparam14"="ConnectionBar"
"citrixparam15"="RTWIMode"
"disableCheckForTrustedLaunchers"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Policies\Citrix\ICA Client\ICA File Signing\Trusted Certificates]
; List values: enter one value per line in the builder UI. PowerShell
# Exported from gporais.com
# Policy: Enable ICA File Signing
# State: Enabled
# Supported on: ADMX Migrator encountered a policy that does not have a supportedOn value.
$path = 'HKLM:\Software\Policies\Citrix\ICA Client\ICA File Signing'
New-Item -Path $path -Force | Out-Null
Set-ItemProperty -Path $path -Name 'version' -Value 1 -Type DWord
Set-ItemProperty -Path $path -Name 'enabled' -Value 1 -Type DWord
Set-ItemProperty -Path $path -Name 'promptUser' -Value 0 -Type DWord
Set-ItemProperty -Path $path -Name 'disableCheckForTrustedLaunchers' -Value 0 -Type DWord
$path = 'HKLM:\Software\Policies\Citrix\ICA Client\ICA File Signing\Unsigned Parameters'
New-Item -Path $path -Force | Out-Null
Set-ItemProperty -Path $path -Name 'citrixparam1' -Value 'Border' -Type String
Set-ItemProperty -Path $path -Name 'citrixparam2' -Value 'BackgroundColor' -Type String
Set-ItemProperty -Path $path -Name 'citrixparam3' -Value 'TextColor' -Type String
Set-ItemProperty -Path $path -Name 'citrixparam4' -Value 'DesiredColor' -Type String
Set-ItemProperty -Path $path -Name 'citrixparam5' -Value 'Client-Type' -Type String
Set-ItemProperty -Path $path -Name 'citrixparam6' -Value 'EnableIPCSessionControl' -Type String
Set-ItemProperty -Path $path -Name 'citrixparam7' -Value 'IconIndex' -Type String
Set-ItemProperty -Path $path -Name 'citrixparam8' -Value 'IconPath' -Type String
Set-ItemProperty -Path $path -Name 'citrixparam9' -Value 'TransportDriver' -Type String
Set-ItemProperty -Path $path -Name 'citrixparam10' -Value 'DesiredHRes' -Type String
Set-ItemProperty -Path $path -Name 'citrixparam11' -Value 'DesiredVRes' -Type String
Set-ItemProperty -Path $path -Name 'citrixparam12' -Value 'ScalingMode' -Type String
Set-ItemProperty -Path $path -Name 'citrixparam13' -Value 'TWIMode' -Type String
Set-ItemProperty -Path $path -Name 'citrixparam14' -Value 'ConnectionBar' -Type String
Set-ItemProperty -Path $path -Name 'citrixparam15' -Value 'RTWIMode' -Type String
Set-ItemProperty -Path $path -Name 'disableCheckForTrustedLaunchers' -Value 0 -Type DWord
$path = 'HKLM:\Software\Policies\Citrix\ICA Client\ICA File Signing\Trusted Certificates'
New-Item -Path $path -Force | Out-Null
# List values: enter one value per line in the builder UI. Intune XML
No direct Policy CSP / OMA-URI mapping for this policy. Use the Intune Remediation tab, or ingest the ADMX in Intune. Intune Remediation
# === Detection script ===
# Exported from gporais.com
# Policy: Enable ICA File Signing
# State: Enabled
# Supported on: ADMX Migrator encountered a policy that does not have a supportedOn value.
function Test-RegistryValue {
param(
[Parameter(Mandatory = $true)][string]$Path,
[Parameter(Mandatory = $true)][string]$Name,
[object]$Expected,
[ValidateSet('String', 'DWord', 'MultiString')][string]$Kind = 'String',
[switch]$Absent
)
try {
$item = Get-ItemProperty -LiteralPath $Path -Name $Name -ErrorAction Stop
} catch {
return $Absent.IsPresent
}
if ($Absent.IsPresent) { return $false }
$actual = $item.$Name
if ($Kind -eq 'DWord') { return ([int64]$actual) -eq ([int64]$Expected) }
if ($Kind -eq 'MultiString') {
$actualValues = @($actual)
$expectedValues = @($Expected)
if ($actualValues.Count -ne $expectedValues.Count) { return $false }
for ($i = 0; $i -lt $expectedValues.Count; $i++) {
if ([string]$actualValues[$i] -ne [string]$expectedValues[$i]) { return $false }
}
return $true
}
return [string]$actual -eq [string]$Expected
}
# HKLM:\Software\Policies\Citrix\ICA Client\ICA File Signing\Trusted Certificates: List values: enter one value per line in the builder UI.
$checks = @(
(Test-RegistryValue -Path 'HKLM:\Software\Policies\Citrix\ICA Client\ICA File Signing' -Name 'version' -Expected 1 -Kind DWord)
(Test-RegistryValue -Path 'HKLM:\Software\Policies\Citrix\ICA Client\ICA File Signing' -Name 'enabled' -Expected 1 -Kind DWord)
(Test-RegistryValue -Path 'HKLM:\Software\Policies\Citrix\ICA Client\ICA File Signing\Unsigned Parameters' -Name 'citrixparam1' -Expected 'Border' -Kind String)
(Test-RegistryValue -Path 'HKLM:\Software\Policies\Citrix\ICA Client\ICA File Signing\Unsigned Parameters' -Name 'citrixparam2' -Expected 'BackgroundColor' -Kind String)
(Test-RegistryValue -Path 'HKLM:\Software\Policies\Citrix\ICA Client\ICA File Signing\Unsigned Parameters' -Name 'citrixparam3' -Expected 'TextColor' -Kind String)
(Test-RegistryValue -Path 'HKLM:\Software\Policies\Citrix\ICA Client\ICA File Signing\Unsigned Parameters' -Name 'citrixparam4' -Expected 'DesiredColor' -Kind String)
(Test-RegistryValue -Path 'HKLM:\Software\Policies\Citrix\ICA Client\ICA File Signing\Unsigned Parameters' -Name 'citrixparam5' -Expected 'Client-Type' -Kind String)
(Test-RegistryValue -Path 'HKLM:\Software\Policies\Citrix\ICA Client\ICA File Signing\Unsigned Parameters' -Name 'citrixparam6' -Expected 'EnableIPCSessionControl' -Kind String)
(Test-RegistryValue -Path 'HKLM:\Software\Policies\Citrix\ICA Client\ICA File Signing\Unsigned Parameters' -Name 'citrixparam7' -Expected 'IconIndex' -Kind String)
(Test-RegistryValue -Path 'HKLM:\Software\Policies\Citrix\ICA Client\ICA File Signing\Unsigned Parameters' -Name 'citrixparam8' -Expected 'IconPath' -Kind String)
(Test-RegistryValue -Path 'HKLM:\Software\Policies\Citrix\ICA Client\ICA File Signing\Unsigned Parameters' -Name 'citrixparam9' -Expected 'TransportDriver' -Kind String)
(Test-RegistryValue -Path 'HKLM:\Software\Policies\Citrix\ICA Client\ICA File Signing\Unsigned Parameters' -Name 'citrixparam10' -Expected 'DesiredHRes' -Kind String)
(Test-RegistryValue -Path 'HKLM:\Software\Policies\Citrix\ICA Client\ICA File Signing\Unsigned Parameters' -Name 'citrixparam11' -Expected 'DesiredVRes' -Kind String)
(Test-RegistryValue -Path 'HKLM:\Software\Policies\Citrix\ICA Client\ICA File Signing\Unsigned Parameters' -Name 'citrixparam12' -Expected 'ScalingMode' -Kind String)
(Test-RegistryValue -Path 'HKLM:\Software\Policies\Citrix\ICA Client\ICA File Signing\Unsigned Parameters' -Name 'citrixparam13' -Expected 'TWIMode' -Kind String)
(Test-RegistryValue -Path 'HKLM:\Software\Policies\Citrix\ICA Client\ICA File Signing\Unsigned Parameters' -Name 'citrixparam14' -Expected 'ConnectionBar' -Kind String)
(Test-RegistryValue -Path 'HKLM:\Software\Policies\Citrix\ICA Client\ICA File Signing\Unsigned Parameters' -Name 'citrixparam15' -Expected 'RTWIMode' -Kind String)
(Test-RegistryValue -Path 'HKLM:\Software\Policies\Citrix\ICA Client\ICA File Signing\Unsigned Parameters' -Name 'disableCheckForTrustedLaunchers' -Expected 0 -Kind DWord)
(Test-RegistryValue -Path 'HKLM:\Software\Policies\Citrix\ICA Client\ICA File Signing' -Name 'promptUser' -Expected 0 -Kind DWord)
(Test-RegistryValue -Path 'HKLM:\Software\Policies\Citrix\ICA Client\ICA File Signing' -Name 'disableCheckForTrustedLaunchers' -Expected 0 -Kind DWord)
)
if ($checks -notcontains $false) {
Write-Output 'Compliant'
exit 0
}
Write-Output 'Non-compliant'
exit 1
# === Remediation script ===
# Exported from gporais.com
# Policy: Enable ICA File Signing
# State: Enabled
# Supported on: ADMX Migrator encountered a policy that does not have a supportedOn value.
$path = 'HKLM:\Software\Policies\Citrix\ICA Client\ICA File Signing'
New-Item -Path $path -Force | Out-Null
Set-ItemProperty -Path $path -Name 'version' -Value 1 -Type DWord
Set-ItemProperty -Path $path -Name 'enabled' -Value 1 -Type DWord
Set-ItemProperty -Path $path -Name 'promptUser' -Value 0 -Type DWord
Set-ItemProperty -Path $path -Name 'disableCheckForTrustedLaunchers' -Value 0 -Type DWord
$path = 'HKLM:\Software\Policies\Citrix\ICA Client\ICA File Signing\Unsigned Parameters'
New-Item -Path $path -Force | Out-Null
Set-ItemProperty -Path $path -Name 'citrixparam1' -Value 'Border' -Type String
Set-ItemProperty -Path $path -Name 'citrixparam2' -Value 'BackgroundColor' -Type String
Set-ItemProperty -Path $path -Name 'citrixparam3' -Value 'TextColor' -Type String
Set-ItemProperty -Path $path -Name 'citrixparam4' -Value 'DesiredColor' -Type String
Set-ItemProperty -Path $path -Name 'citrixparam5' -Value 'Client-Type' -Type String
Set-ItemProperty -Path $path -Name 'citrixparam6' -Value 'EnableIPCSessionControl' -Type String
Set-ItemProperty -Path $path -Name 'citrixparam7' -Value 'IconIndex' -Type String
Set-ItemProperty -Path $path -Name 'citrixparam8' -Value 'IconPath' -Type String
Set-ItemProperty -Path $path -Name 'citrixparam9' -Value 'TransportDriver' -Type String
Set-ItemProperty -Path $path -Name 'citrixparam10' -Value 'DesiredHRes' -Type String
Set-ItemProperty -Path $path -Name 'citrixparam11' -Value 'DesiredVRes' -Type String
Set-ItemProperty -Path $path -Name 'citrixparam12' -Value 'ScalingMode' -Type String
Set-ItemProperty -Path $path -Name 'citrixparam13' -Value 'TWIMode' -Type String
Set-ItemProperty -Path $path -Name 'citrixparam14' -Value 'ConnectionBar' -Type String
Set-ItemProperty -Path $path -Name 'citrixparam15' -Value 'RTWIMode' -Type String
Set-ItemProperty -Path $path -Name 'disableCheckForTrustedLaunchers' -Value 0 -Type DWord
$path = 'HKLM:\Software\Policies\Citrix\ICA Client\ICA File Signing\Trusted Certificates'
New-Item -Path $path -Force | Out-Null
# List values: enter one value per line in the builder UI. SCCM CI
# Exported from gporais.com
# Policy: Enable ICA File Signing
# State: Enabled
# Supported on: ADMX Migrator encountered a policy that does not have a supportedOn value.
# SCCM Configuration Item guidance:
# Create a Configuration Item of type "Setting: Script".
# Discovery script: use the Detection script below.
# Remediation script: use the Remediation script below.
# Compliance rule: the Discovery script output equals 'Compliant'.
# === Detection script ===
# Exported from gporais.com
# Policy: Enable ICA File Signing
# State: Enabled
# Supported on: ADMX Migrator encountered a policy that does not have a supportedOn value.
function Test-RegistryValue {
param(
[Parameter(Mandatory = $true)][string]$Path,
[Parameter(Mandatory = $true)][string]$Name,
[object]$Expected,
[ValidateSet('String', 'DWord', 'MultiString')][string]$Kind = 'String',
[switch]$Absent
)
try {
$item = Get-ItemProperty -LiteralPath $Path -Name $Name -ErrorAction Stop
} catch {
return $Absent.IsPresent
}
if ($Absent.IsPresent) { return $false }
$actual = $item.$Name
if ($Kind -eq 'DWord') { return ([int64]$actual) -eq ([int64]$Expected) }
if ($Kind -eq 'MultiString') {
$actualValues = @($actual)
$expectedValues = @($Expected)
if ($actualValues.Count -ne $expectedValues.Count) { return $false }
for ($i = 0; $i -lt $expectedValues.Count; $i++) {
if ([string]$actualValues[$i] -ne [string]$expectedValues[$i]) { return $false }
}
return $true
}
return [string]$actual -eq [string]$Expected
}
# HKLM:\Software\Policies\Citrix\ICA Client\ICA File Signing\Trusted Certificates: List values: enter one value per line in the builder UI.
$checks = @(
(Test-RegistryValue -Path 'HKLM:\Software\Policies\Citrix\ICA Client\ICA File Signing' -Name 'version' -Expected 1 -Kind DWord)
(Test-RegistryValue -Path 'HKLM:\Software\Policies\Citrix\ICA Client\ICA File Signing' -Name 'enabled' -Expected 1 -Kind DWord)
(Test-RegistryValue -Path 'HKLM:\Software\Policies\Citrix\ICA Client\ICA File Signing\Unsigned Parameters' -Name 'citrixparam1' -Expected 'Border' -Kind String)
(Test-RegistryValue -Path 'HKLM:\Software\Policies\Citrix\ICA Client\ICA File Signing\Unsigned Parameters' -Name 'citrixparam2' -Expected 'BackgroundColor' -Kind String)
(Test-RegistryValue -Path 'HKLM:\Software\Policies\Citrix\ICA Client\ICA File Signing\Unsigned Parameters' -Name 'citrixparam3' -Expected 'TextColor' -Kind String)
(Test-RegistryValue -Path 'HKLM:\Software\Policies\Citrix\ICA Client\ICA File Signing\Unsigned Parameters' -Name 'citrixparam4' -Expected 'DesiredColor' -Kind String)
(Test-RegistryValue -Path 'HKLM:\Software\Policies\Citrix\ICA Client\ICA File Signing\Unsigned Parameters' -Name 'citrixparam5' -Expected 'Client-Type' -Kind String)
(Test-RegistryValue -Path 'HKLM:\Software\Policies\Citrix\ICA Client\ICA File Signing\Unsigned Parameters' -Name 'citrixparam6' -Expected 'EnableIPCSessionControl' -Kind String)
(Test-RegistryValue -Path 'HKLM:\Software\Policies\Citrix\ICA Client\ICA File Signing\Unsigned Parameters' -Name 'citrixparam7' -Expected 'IconIndex' -Kind String)
(Test-RegistryValue -Path 'HKLM:\Software\Policies\Citrix\ICA Client\ICA File Signing\Unsigned Parameters' -Name 'citrixparam8' -Expected 'IconPath' -Kind String)
(Test-RegistryValue -Path 'HKLM:\Software\Policies\Citrix\ICA Client\ICA File Signing\Unsigned Parameters' -Name 'citrixparam9' -Expected 'TransportDriver' -Kind String)
(Test-RegistryValue -Path 'HKLM:\Software\Policies\Citrix\ICA Client\ICA File Signing\Unsigned Parameters' -Name 'citrixparam10' -Expected 'DesiredHRes' -Kind String)
(Test-RegistryValue -Path 'HKLM:\Software\Policies\Citrix\ICA Client\ICA File Signing\Unsigned Parameters' -Name 'citrixparam11' -Expected 'DesiredVRes' -Kind String)
(Test-RegistryValue -Path 'HKLM:\Software\Policies\Citrix\ICA Client\ICA File Signing\Unsigned Parameters' -Name 'citrixparam12' -Expected 'ScalingMode' -Kind String)
(Test-RegistryValue -Path 'HKLM:\Software\Policies\Citrix\ICA Client\ICA File Signing\Unsigned Parameters' -Name 'citrixparam13' -Expected 'TWIMode' -Kind String)
(Test-RegistryValue -Path 'HKLM:\Software\Policies\Citrix\ICA Client\ICA File Signing\Unsigned Parameters' -Name 'citrixparam14' -Expected 'ConnectionBar' -Kind String)
(Test-RegistryValue -Path 'HKLM:\Software\Policies\Citrix\ICA Client\ICA File Signing\Unsigned Parameters' -Name 'citrixparam15' -Expected 'RTWIMode' -Kind String)
(Test-RegistryValue -Path 'HKLM:\Software\Policies\Citrix\ICA Client\ICA File Signing\Unsigned Parameters' -Name 'disableCheckForTrustedLaunchers' -Expected 0 -Kind DWord)
(Test-RegistryValue -Path 'HKLM:\Software\Policies\Citrix\ICA Client\ICA File Signing' -Name 'promptUser' -Expected 0 -Kind DWord)
(Test-RegistryValue -Path 'HKLM:\Software\Policies\Citrix\ICA Client\ICA File Signing' -Name 'disableCheckForTrustedLaunchers' -Expected 0 -Kind DWord)
)
if ($checks -notcontains $false) {
Write-Output 'Compliant'
exit 0
}
Write-Output 'Non-compliant'
exit 1
# === Remediation script ===
# Exported from gporais.com
# Policy: Enable ICA File Signing
# State: Enabled
# Supported on: ADMX Migrator encountered a policy that does not have a supportedOn value.
$path = 'HKLM:\Software\Policies\Citrix\ICA Client\ICA File Signing'
New-Item -Path $path -Force | Out-Null
Set-ItemProperty -Path $path -Name 'version' -Value 1 -Type DWord
Set-ItemProperty -Path $path -Name 'enabled' -Value 1 -Type DWord
Set-ItemProperty -Path $path -Name 'promptUser' -Value 0 -Type DWord
Set-ItemProperty -Path $path -Name 'disableCheckForTrustedLaunchers' -Value 0 -Type DWord
$path = 'HKLM:\Software\Policies\Citrix\ICA Client\ICA File Signing\Unsigned Parameters'
New-Item -Path $path -Force | Out-Null
Set-ItemProperty -Path $path -Name 'citrixparam1' -Value 'Border' -Type String
Set-ItemProperty -Path $path -Name 'citrixparam2' -Value 'BackgroundColor' -Type String
Set-ItemProperty -Path $path -Name 'citrixparam3' -Value 'TextColor' -Type String
Set-ItemProperty -Path $path -Name 'citrixparam4' -Value 'DesiredColor' -Type String
Set-ItemProperty -Path $path -Name 'citrixparam5' -Value 'Client-Type' -Type String
Set-ItemProperty -Path $path -Name 'citrixparam6' -Value 'EnableIPCSessionControl' -Type String
Set-ItemProperty -Path $path -Name 'citrixparam7' -Value 'IconIndex' -Type String
Set-ItemProperty -Path $path -Name 'citrixparam8' -Value 'IconPath' -Type String
Set-ItemProperty -Path $path -Name 'citrixparam9' -Value 'TransportDriver' -Type String
Set-ItemProperty -Path $path -Name 'citrixparam10' -Value 'DesiredHRes' -Type String
Set-ItemProperty -Path $path -Name 'citrixparam11' -Value 'DesiredVRes' -Type String
Set-ItemProperty -Path $path -Name 'citrixparam12' -Value 'ScalingMode' -Type String
Set-ItemProperty -Path $path -Name 'citrixparam13' -Value 'TWIMode' -Type String
Set-ItemProperty -Path $path -Name 'citrixparam14' -Value 'ConnectionBar' -Type String
Set-ItemProperty -Path $path -Name 'citrixparam15' -Value 'RTWIMode' -Type String
Set-ItemProperty -Path $path -Name 'disableCheckForTrustedLaunchers' -Value 0 -Type DWord
$path = 'HKLM:\Software\Policies\Citrix\ICA Client\ICA File Signing\Trusted Certificates'
New-Item -Path $path -Force | Out-Null
# List values: enter one value per line in the builder UI.