en-US citrix user

Secure ICA file session launch

Citrix Workspace App

Supported on: All Citrix Workspace supported platforms

Description

This policy allows session launch from Citrix-signed executables only. It blocks session launch from any other untrusted processes and disables direct session launch using the ICA file.

Registry

HKCU SOFTWARE\Policies\Citrix

Value name: BlockDirectICAFileLaunches

Enabled: BlockDirectICAFileLaunches = 1

Disabled: BlockDirectICAFileLaunches = 0

REG Builder

BETA

Configure the state and elements to generate .reg, PowerShell, Intune, and SCCM outputs.

These exports replicate the policy's registry effect. Editing the registry directly is not the same as applying the GPO through the management console (no gpupdate, no central reporting). Test before production; HKLM changes require administrator rights.

.reg file

Windows Registry Editor Version 5.00

; Exported from gporais.com
; Policy: Secure ICA file session launch
; State: Enabled
; Supported on: All Citrix Workspace supported platforms

[HKEY_CURRENT_USER\SOFTWARE\Policies\Citrix]
"BlockDirectICAFileLaunches"=dword:00000001