Silent authentication for Citrix Workspace
Supported on: All Citrix Workspace supported platforms
Description
Use this policy to enable silent authentication for Citrix Workspace. This policy is functional only if self-service mode is disabled and is recommended when domain pass through (single sign on) is configured for Citrix Workspace on domain-joined devices. Enabled indicates that Citrix Workspace app attempts to login to Citrix Workspace automatically at system start up. You must enable silent authentication for this option to work. Disabled or Not Configured indicates that Citrix Workspace app does not reattempt login to Citrix Workspace automatically at system start up. You must login to Citrix Workspace app manually even if single sign-on is enabled
Registry
SOFTWARE\Policies\Citrix\Dazzle Value name: EnableSilentAuthForCloudStore
Enabled: EnableSilentAuthForCloudStore = true
Disabled: EnableSilentAuthForCloudStore = false
REG Builder
BETAConfigure the state and elements to generate .reg, PowerShell, Intune, and SCCM outputs.
These exports replicate the policy's registry effect. Editing the registry directly is not the same as applying the GPO through the management console (no gpupdate, no central reporting). Test before production; HKLM changes require administrator rights.
.reg file
Windows Registry Editor Version 5.00
; Exported from gporais.com
; Policy: Silent authentication for Citrix Workspace
; State: Enabled
; Supported on: All Citrix Workspace supported platforms
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Citrix\Dazzle]
"EnableSilentAuthForCloudStore"="true" PowerShell
# Exported from gporais.com
# Policy: Silent authentication for Citrix Workspace
# State: Enabled
# Supported on: All Citrix Workspace supported platforms
$path = 'HKLM:\SOFTWARE\Policies\Citrix\Dazzle'
New-Item -Path $path -Force | Out-Null
Set-ItemProperty -Path $path -Name 'EnableSilentAuthForCloudStore' -Value 'true' -Type String Intune XML
No direct Policy CSP / OMA-URI mapping for this policy. Use the Intune Remediation tab, or ingest the ADMX in Intune. Intune Remediation
# === Detection script ===
# Exported from gporais.com
# Policy: Silent authentication for Citrix Workspace
# State: Enabled
# Supported on: All Citrix Workspace supported platforms
function Test-RegistryValue {
param(
[Parameter(Mandatory = $true)][string]$Path,
[Parameter(Mandatory = $true)][string]$Name,
[object]$Expected,
[ValidateSet('String', 'DWord', 'MultiString')][string]$Kind = 'String',
[switch]$Absent
)
try {
$item = Get-ItemProperty -LiteralPath $Path -Name $Name -ErrorAction Stop
} catch {
return $Absent.IsPresent
}
if ($Absent.IsPresent) { return $false }
$actual = $item.$Name
if ($Kind -eq 'DWord') { return ([int64]$actual) -eq ([int64]$Expected) }
if ($Kind -eq 'MultiString') {
$actualValues = @($actual)
$expectedValues = @($Expected)
if ($actualValues.Count -ne $expectedValues.Count) { return $false }
for ($i = 0; $i -lt $expectedValues.Count; $i++) {
if ([string]$actualValues[$i] -ne [string]$expectedValues[$i]) { return $false }
}
return $true
}
return [string]$actual -eq [string]$Expected
}
$checks = @(
(Test-RegistryValue -Path 'HKLM:\SOFTWARE\Policies\Citrix\Dazzle' -Name 'EnableSilentAuthForCloudStore' -Expected 'true' -Kind String)
)
if ($checks -notcontains $false) {
Write-Output 'Compliant'
exit 0
}
Write-Output 'Non-compliant'
exit 1
# === Remediation script ===
# Exported from gporais.com
# Policy: Silent authentication for Citrix Workspace
# State: Enabled
# Supported on: All Citrix Workspace supported platforms
$path = 'HKLM:\SOFTWARE\Policies\Citrix\Dazzle'
New-Item -Path $path -Force | Out-Null
Set-ItemProperty -Path $path -Name 'EnableSilentAuthForCloudStore' -Value 'true' -Type String SCCM CI
# Exported from gporais.com
# Policy: Silent authentication for Citrix Workspace
# State: Enabled
# Supported on: All Citrix Workspace supported platforms
# SCCM Configuration Item guidance:
# Create a Configuration Item of type "Setting: Script".
# Discovery script: use the Detection script below.
# Remediation script: use the Remediation script below.
# Compliance rule: the Discovery script output equals 'Compliant'.
# === Detection script ===
# Exported from gporais.com
# Policy: Silent authentication for Citrix Workspace
# State: Enabled
# Supported on: All Citrix Workspace supported platforms
function Test-RegistryValue {
param(
[Parameter(Mandatory = $true)][string]$Path,
[Parameter(Mandatory = $true)][string]$Name,
[object]$Expected,
[ValidateSet('String', 'DWord', 'MultiString')][string]$Kind = 'String',
[switch]$Absent
)
try {
$item = Get-ItemProperty -LiteralPath $Path -Name $Name -ErrorAction Stop
} catch {
return $Absent.IsPresent
}
if ($Absent.IsPresent) { return $false }
$actual = $item.$Name
if ($Kind -eq 'DWord') { return ([int64]$actual) -eq ([int64]$Expected) }
if ($Kind -eq 'MultiString') {
$actualValues = @($actual)
$expectedValues = @($Expected)
if ($actualValues.Count -ne $expectedValues.Count) { return $false }
for ($i = 0; $i -lt $expectedValues.Count; $i++) {
if ([string]$actualValues[$i] -ne [string]$expectedValues[$i]) { return $false }
}
return $true
}
return [string]$actual -eq [string]$Expected
}
$checks = @(
(Test-RegistryValue -Path 'HKLM:\SOFTWARE\Policies\Citrix\Dazzle' -Name 'EnableSilentAuthForCloudStore' -Expected 'true' -Kind String)
)
if ($checks -notcontains $false) {
Write-Output 'Compliant'
exit 0
}
Write-Output 'Non-compliant'
exit 1
# === Remediation script ===
# Exported from gporais.com
# Policy: Silent authentication for Citrix Workspace
# State: Enabled
# Supported on: All Citrix Workspace supported platforms
$path = 'HKLM:\SOFTWARE\Policies\Citrix\Dazzle'
New-Item -Path $path -Force | Out-Null
Set-ItemProperty -Path $path -Name 'EnableSilentAuthForCloudStore' -Value 'true' -Type String