Configure NetScaler LAN proxy manually
Supported on: All Citrix Workspace supported platforms
Description
Citrix Workspace app supports session launches using the NetScaler LAN proxy. If both static proxy and dynamic proxies are configured, the dynamic proxy configuration takes precedence. You can configure static proxy: Select the Configure NetScaler LAN proxy manually policy. Select Enabled and then provide the host name and port number. Click Apply and OK.
Registry
Software\Policies\Citrix\ICA Client\Engine\Network Routing\Proxy\NetScaler LAN Proxy Value name: StaticProxyEnabled
Enabled: StaticProxyEnabled = 1
Disabled: StaticProxyEnabled = 0
This policy sets several registry values:
ProxyHost ProxyHost = ProxyHost = (deleted) ProxyPort ProxyPort = 443 ProxyPort = (deleted) REG Builder
BETAConfigure the state and elements to generate .reg, PowerShell, Intune, and SCCM outputs.
These exports replicate the policy's registry effect. Editing the registry directly is not the same as applying the GPO through the management console (no gpupdate, no central reporting). Test before production; HKLM changes require administrator rights.
.reg file
Windows Registry Editor Version 5.00
; Exported from gporais.com
; Policy: Configure NetScaler LAN proxy manually
; State: Enabled
; Supported on: All Citrix Workspace supported platforms
[HKEY_LOCAL_MACHINE\Software\Policies\Citrix\ICA Client\Engine\Network Routing\Proxy\NetScaler LAN Proxy]
"StaticProxyEnabled"=dword:00000001
"ProxyHost"=""
"ProxyPort"=dword:000001bb
"ProxyHost"=""
"ProxyPort"=dword:000001bb PowerShell
# Exported from gporais.com
# Policy: Configure NetScaler LAN proxy manually
# State: Enabled
# Supported on: All Citrix Workspace supported platforms
$path = 'HKLM:\Software\Policies\Citrix\ICA Client\Engine\Network Routing\Proxy\NetScaler LAN Proxy'
New-Item -Path $path -Force | Out-Null
Set-ItemProperty -Path $path -Name 'StaticProxyEnabled' -Value 1 -Type DWord
Set-ItemProperty -Path $path -Name 'ProxyHost' -Value '' -Type String
Set-ItemProperty -Path $path -Name 'ProxyPort' -Value 443 -Type DWord
Set-ItemProperty -Path $path -Name 'ProxyHost' -Value '' -Type String
Set-ItemProperty -Path $path -Name 'ProxyPort' -Value 443 -Type DWord Intune XML
No direct Policy CSP / OMA-URI mapping for this policy. Use the Intune Remediation tab, or ingest the ADMX in Intune. Intune Remediation
# === Detection script ===
# Exported from gporais.com
# Policy: Configure NetScaler LAN proxy manually
# State: Enabled
# Supported on: All Citrix Workspace supported platforms
function Test-RegistryValue {
param(
[Parameter(Mandatory = $true)][string]$Path,
[Parameter(Mandatory = $true)][string]$Name,
[object]$Expected,
[ValidateSet('String', 'DWord', 'MultiString')][string]$Kind = 'String',
[switch]$Absent
)
try {
$item = Get-ItemProperty -LiteralPath $Path -Name $Name -ErrorAction Stop
} catch {
return $Absent.IsPresent
}
if ($Absent.IsPresent) { return $false }
$actual = $item.$Name
if ($Kind -eq 'DWord') { return ([int64]$actual) -eq ([int64]$Expected) }
if ($Kind -eq 'MultiString') {
$actualValues = @($actual)
$expectedValues = @($Expected)
if ($actualValues.Count -ne $expectedValues.Count) { return $false }
for ($i = 0; $i -lt $expectedValues.Count; $i++) {
if ([string]$actualValues[$i] -ne [string]$expectedValues[$i]) { return $false }
}
return $true
}
return [string]$actual -eq [string]$Expected
}
$checks = @(
(Test-RegistryValue -Path 'HKLM:\Software\Policies\Citrix\ICA Client\Engine\Network Routing\Proxy\NetScaler LAN Proxy' -Name 'StaticProxyEnabled' -Expected 1 -Kind DWord)
(Test-RegistryValue -Path 'HKLM:\Software\Policies\Citrix\ICA Client\Engine\Network Routing\Proxy\NetScaler LAN Proxy' -Name 'ProxyHost' -Expected '' -Kind String)
(Test-RegistryValue -Path 'HKLM:\Software\Policies\Citrix\ICA Client\Engine\Network Routing\Proxy\NetScaler LAN Proxy' -Name 'ProxyPort' -Expected 443 -Kind DWord)
(Test-RegistryValue -Path 'HKLM:\Software\Policies\Citrix\ICA Client\Engine\Network Routing\Proxy\NetScaler LAN Proxy' -Name 'ProxyHost' -Expected '' -Kind String)
(Test-RegistryValue -Path 'HKLM:\Software\Policies\Citrix\ICA Client\Engine\Network Routing\Proxy\NetScaler LAN Proxy' -Name 'ProxyPort' -Expected 443 -Kind DWord)
)
if ($checks -notcontains $false) {
Write-Output 'Compliant'
exit 0
}
Write-Output 'Non-compliant'
exit 1
# === Remediation script ===
# Exported from gporais.com
# Policy: Configure NetScaler LAN proxy manually
# State: Enabled
# Supported on: All Citrix Workspace supported platforms
$path = 'HKLM:\Software\Policies\Citrix\ICA Client\Engine\Network Routing\Proxy\NetScaler LAN Proxy'
New-Item -Path $path -Force | Out-Null
Set-ItemProperty -Path $path -Name 'StaticProxyEnabled' -Value 1 -Type DWord
Set-ItemProperty -Path $path -Name 'ProxyHost' -Value '' -Type String
Set-ItemProperty -Path $path -Name 'ProxyPort' -Value 443 -Type DWord
Set-ItemProperty -Path $path -Name 'ProxyHost' -Value '' -Type String
Set-ItemProperty -Path $path -Name 'ProxyPort' -Value 443 -Type DWord SCCM CI
# Exported from gporais.com
# Policy: Configure NetScaler LAN proxy manually
# State: Enabled
# Supported on: All Citrix Workspace supported platforms
# SCCM Configuration Item guidance:
# Create a Configuration Item of type "Setting: Script".
# Discovery script: use the Detection script below.
# Remediation script: use the Remediation script below.
# Compliance rule: the Discovery script output equals 'Compliant'.
# === Detection script ===
# Exported from gporais.com
# Policy: Configure NetScaler LAN proxy manually
# State: Enabled
# Supported on: All Citrix Workspace supported platforms
function Test-RegistryValue {
param(
[Parameter(Mandatory = $true)][string]$Path,
[Parameter(Mandatory = $true)][string]$Name,
[object]$Expected,
[ValidateSet('String', 'DWord', 'MultiString')][string]$Kind = 'String',
[switch]$Absent
)
try {
$item = Get-ItemProperty -LiteralPath $Path -Name $Name -ErrorAction Stop
} catch {
return $Absent.IsPresent
}
if ($Absent.IsPresent) { return $false }
$actual = $item.$Name
if ($Kind -eq 'DWord') { return ([int64]$actual) -eq ([int64]$Expected) }
if ($Kind -eq 'MultiString') {
$actualValues = @($actual)
$expectedValues = @($Expected)
if ($actualValues.Count -ne $expectedValues.Count) { return $false }
for ($i = 0; $i -lt $expectedValues.Count; $i++) {
if ([string]$actualValues[$i] -ne [string]$expectedValues[$i]) { return $false }
}
return $true
}
return [string]$actual -eq [string]$Expected
}
$checks = @(
(Test-RegistryValue -Path 'HKLM:\Software\Policies\Citrix\ICA Client\Engine\Network Routing\Proxy\NetScaler LAN Proxy' -Name 'StaticProxyEnabled' -Expected 1 -Kind DWord)
(Test-RegistryValue -Path 'HKLM:\Software\Policies\Citrix\ICA Client\Engine\Network Routing\Proxy\NetScaler LAN Proxy' -Name 'ProxyHost' -Expected '' -Kind String)
(Test-RegistryValue -Path 'HKLM:\Software\Policies\Citrix\ICA Client\Engine\Network Routing\Proxy\NetScaler LAN Proxy' -Name 'ProxyPort' -Expected 443 -Kind DWord)
(Test-RegistryValue -Path 'HKLM:\Software\Policies\Citrix\ICA Client\Engine\Network Routing\Proxy\NetScaler LAN Proxy' -Name 'ProxyHost' -Expected '' -Kind String)
(Test-RegistryValue -Path 'HKLM:\Software\Policies\Citrix\ICA Client\Engine\Network Routing\Proxy\NetScaler LAN Proxy' -Name 'ProxyPort' -Expected 443 -Kind DWord)
)
if ($checks -notcontains $false) {
Write-Output 'Compliant'
exit 0
}
Write-Output 'Non-compliant'
exit 1
# === Remediation script ===
# Exported from gporais.com
# Policy: Configure NetScaler LAN proxy manually
# State: Enabled
# Supported on: All Citrix Workspace supported platforms
$path = 'HKLM:\Software\Policies\Citrix\ICA Client\Engine\Network Routing\Proxy\NetScaler LAN Proxy'
New-Item -Path $path -Force | Out-Null
Set-ItemProperty -Path $path -Name 'StaticProxyEnabled' -Value 1 -Type DWord
Set-ItemProperty -Path $path -Name 'ProxyHost' -Value '' -Type String
Set-ItemProperty -Path $path -Name 'ProxyPort' -Value 443 -Type DWord
Set-ItemProperty -Path $path -Name 'ProxyHost' -Value '' -Type String
Set-ItemProperty -Path $path -Name 'ProxyPort' -Value 443 -Type DWord