Anti-DLL Injection
Supported on: All Citrix Workspace supported platforms
Description
Use this policy to enable/disable Anti-DLL Injection for Citrix Auth Manager, Citrix Workspace app UI and Citrix Virtual Apps and Desktops. By default Anti-DLL injection is disabled. When the policy is: Not Configured - Anti-DLL injection is disabled. Enabled - User can configure Anti-DLL injection individually for Citrix Auth Manager, Citrix Workspace app UI and Citrix Virtual Apps and Desktops. Disabled - Anti-DLL injection will be disabled for Citrix Auth Manager, Citrix Workspace app UI and Citrix Virtual Apps and Desktops.
Registry
SOFTWARE\Policies\Citrix\AppProtection REG Builder
BETAConfigure the state and elements to generate .reg, PowerShell, Intune, and SCCM outputs.
These exports replicate the policy's registry effect. Editing the registry directly is not the same as applying the GPO through the management console (no gpupdate, no central reporting). Test before production; HKLM changes require administrator rights.
.reg file
Windows Registry Editor Version 5.00
; Exported from gporais.com
; Policy: Anti-DLL Injection
; State: Enabled
; Supported on: All Citrix Workspace supported platforms
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Citrix\AppProtection]
"EnableAntiDLLInjectionCitrixAuthManager"=dword:00000001
"EnableAntiDLLInjectionCitrixWorkspaceappUI"=dword:00000001
"EnableAntiDLLInjectionCVAD"=dword:00000001 PowerShell
# Exported from gporais.com
# Policy: Anti-DLL Injection
# State: Enabled
# Supported on: All Citrix Workspace supported platforms
$path = 'HKLM:\SOFTWARE\Policies\Citrix\AppProtection'
New-Item -Path $path -Force | Out-Null
Set-ItemProperty -Path $path -Name 'EnableAntiDLLInjectionCitrixAuthManager' -Value 1 -Type DWord
Set-ItemProperty -Path $path -Name 'EnableAntiDLLInjectionCitrixWorkspaceappUI' -Value 1 -Type DWord
Set-ItemProperty -Path $path -Name 'EnableAntiDLLInjectionCVAD' -Value 1 -Type DWord Intune XML
No direct Policy CSP / OMA-URI mapping for this policy. Use the Intune Remediation tab, or ingest the ADMX in Intune. Intune Remediation
# === Detection script ===
# Exported from gporais.com
# Policy: Anti-DLL Injection
# State: Enabled
# Supported on: All Citrix Workspace supported platforms
function Test-RegistryValue {
param(
[Parameter(Mandatory = $true)][string]$Path,
[Parameter(Mandatory = $true)][string]$Name,
[object]$Expected,
[ValidateSet('String', 'DWord', 'MultiString')][string]$Kind = 'String',
[switch]$Absent
)
try {
$item = Get-ItemProperty -LiteralPath $Path -Name $Name -ErrorAction Stop
} catch {
return $Absent.IsPresent
}
if ($Absent.IsPresent) { return $false }
$actual = $item.$Name
if ($Kind -eq 'DWord') { return ([int64]$actual) -eq ([int64]$Expected) }
if ($Kind -eq 'MultiString') {
$actualValues = @($actual)
$expectedValues = @($Expected)
if ($actualValues.Count -ne $expectedValues.Count) { return $false }
for ($i = 0; $i -lt $expectedValues.Count; $i++) {
if ([string]$actualValues[$i] -ne [string]$expectedValues[$i]) { return $false }
}
return $true
}
return [string]$actual -eq [string]$Expected
}
$checks = @(
(Test-RegistryValue -Path 'HKLM:\SOFTWARE\Policies\Citrix\AppProtection' -Name 'EnableAntiDLLInjectionCitrixAuthManager' -Expected 1 -Kind DWord)
(Test-RegistryValue -Path 'HKLM:\SOFTWARE\Policies\Citrix\AppProtection' -Name 'EnableAntiDLLInjectionCitrixWorkspaceappUI' -Expected 1 -Kind DWord)
(Test-RegistryValue -Path 'HKLM:\SOFTWARE\Policies\Citrix\AppProtection' -Name 'EnableAntiDLLInjectionCVAD' -Expected 1 -Kind DWord)
)
if ($checks -notcontains $false) {
Write-Output 'Compliant'
exit 0
}
Write-Output 'Non-compliant'
exit 1
# === Remediation script ===
# Exported from gporais.com
# Policy: Anti-DLL Injection
# State: Enabled
# Supported on: All Citrix Workspace supported platforms
$path = 'HKLM:\SOFTWARE\Policies\Citrix\AppProtection'
New-Item -Path $path -Force | Out-Null
Set-ItemProperty -Path $path -Name 'EnableAntiDLLInjectionCitrixAuthManager' -Value 1 -Type DWord
Set-ItemProperty -Path $path -Name 'EnableAntiDLLInjectionCitrixWorkspaceappUI' -Value 1 -Type DWord
Set-ItemProperty -Path $path -Name 'EnableAntiDLLInjectionCVAD' -Value 1 -Type DWord SCCM CI
# Exported from gporais.com
# Policy: Anti-DLL Injection
# State: Enabled
# Supported on: All Citrix Workspace supported platforms
# SCCM Configuration Item guidance:
# Create a Configuration Item of type "Setting: Script".
# Discovery script: use the Detection script below.
# Remediation script: use the Remediation script below.
# Compliance rule: the Discovery script output equals 'Compliant'.
# === Detection script ===
# Exported from gporais.com
# Policy: Anti-DLL Injection
# State: Enabled
# Supported on: All Citrix Workspace supported platforms
function Test-RegistryValue {
param(
[Parameter(Mandatory = $true)][string]$Path,
[Parameter(Mandatory = $true)][string]$Name,
[object]$Expected,
[ValidateSet('String', 'DWord', 'MultiString')][string]$Kind = 'String',
[switch]$Absent
)
try {
$item = Get-ItemProperty -LiteralPath $Path -Name $Name -ErrorAction Stop
} catch {
return $Absent.IsPresent
}
if ($Absent.IsPresent) { return $false }
$actual = $item.$Name
if ($Kind -eq 'DWord') { return ([int64]$actual) -eq ([int64]$Expected) }
if ($Kind -eq 'MultiString') {
$actualValues = @($actual)
$expectedValues = @($Expected)
if ($actualValues.Count -ne $expectedValues.Count) { return $false }
for ($i = 0; $i -lt $expectedValues.Count; $i++) {
if ([string]$actualValues[$i] -ne [string]$expectedValues[$i]) { return $false }
}
return $true
}
return [string]$actual -eq [string]$Expected
}
$checks = @(
(Test-RegistryValue -Path 'HKLM:\SOFTWARE\Policies\Citrix\AppProtection' -Name 'EnableAntiDLLInjectionCitrixAuthManager' -Expected 1 -Kind DWord)
(Test-RegistryValue -Path 'HKLM:\SOFTWARE\Policies\Citrix\AppProtection' -Name 'EnableAntiDLLInjectionCitrixWorkspaceappUI' -Expected 1 -Kind DWord)
(Test-RegistryValue -Path 'HKLM:\SOFTWARE\Policies\Citrix\AppProtection' -Name 'EnableAntiDLLInjectionCVAD' -Expected 1 -Kind DWord)
)
if ($checks -notcontains $false) {
Write-Output 'Compliant'
exit 0
}
Write-Output 'Non-compliant'
exit 1
# === Remediation script ===
# Exported from gporais.com
# Policy: Anti-DLL Injection
# State: Enabled
# Supported on: All Citrix Workspace supported platforms
$path = 'HKLM:\SOFTWARE\Policies\Citrix\AppProtection'
New-Item -Path $path -Force | Out-Null
Set-ItemProperty -Path $path -Name 'EnableAntiDLLInjectionCitrixAuthManager' -Value 1 -Type DWord
Set-ItemProperty -Path $path -Name 'EnableAntiDLLInjectionCitrixWorkspaceappUI' -Value 1 -Type DWord
Set-ItemProperty -Path $path -Name 'EnableAntiDLLInjectionCVAD' -Value 1 -Type DWord