en-US citrix computer

Local Application Protection

Citrix Workspace App

Supported on: All Citrix Workspace supported platforms

Description

The Local Application Protection policy provides Anti-Keylogging and Anti-ScreenCapture protection to the locally installed applications on the Microsoft Windows operating system. When the policy is: - Not Configured - The Local Application Protection feature isn't integrated with the locally installed applications. - Enabled - Citrix Workspace app enables the Local Application Protection feature for the locally installed applications. - Disabled - Citrix Workspace app disables the Local Application Protection feature for the locally installed applications. The List of protected local applications field allows the administrator to add information of the local applications that must be protected. For example: { "containers": [ { "containerID": "4F402876-AB1A-4E9A-8B54-DE3CA0BFC23F", "containerName": "Text Editors", "antiKeyloggingEnabled": "true", "antiScreenCaptureEnabled": "false", "applications": [ { "applicationName": "notepad", "filePath": "C:\\windows\\system32\\notepad.exe", }, { "applicationName": "word", "filePath": "C:\\Program Files\\Microsoft Office\\root\\Office16\\winword.exe", "publisher": "Microsoft Corporation", "signature": "f9a36937c16d0a69a43981dacb6b5686fad84543", "fileMinVersion": "16.0.0.1", "fileMaxVersion": "16.0.15601.20148" } ] }, { "containerID": "GUID", "containerName": "container name", "antiKeyloggingEnabled": "true", "antiScreenCaptureEnabled": "false", "applications": [ { "applicationName": "application name", "filePath": "path-to-exe", "publisher": "signer name", "signature": "certificate thumprint", "fileMinVersion": "Minimum file version", "fileMaxVersion": "maximum file version" } ] } ] }

Registry

HKLM SOFTWARE\Policies\Citrix\AppProtection

More options available

Options

List of Protected Local Applications:
localAppProtection multiText

REG Builder

BETA

Configure the state and elements to generate .reg, PowerShell, Intune, and SCCM outputs.

These exports replicate the policy's registry effect. Editing the registry directly is not the same as applying the GPO through the management console (no gpupdate, no central reporting). Test before production; HKLM changes require administrator rights.

.reg file

Windows Registry Editor Version 5.00

; Exported from gporais.com
; Policy: Local Application Protection
; State: Enabled
; Supported on: All Citrix Workspace supported platforms

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Citrix\AppProtection]
"localAppProtection"=hex(7):00,00
; REG_MULTI_SZ: one string per input line; edit in regedit if you need richer formatting.