Configure SOCKS proxy settings
Supported on: All Citrix Workspace supported platforms
Description
Use this policy to configure the use of additional SOCKS proxies that are required for some advanced network topologies. When enabled, the client will examine the "SOCKS protocol version" setting. If connection via SOCKS is not disabled, the client will attempt to connect using the SOCKS proxy specified by the "Proxy host names" and "Proxy ports" settings. The client supports connections using either SOCKS v4 or SOCKS v5 proxy servers. Alternatively, it can attempt to automatically detect the version being used by the proxy server. Troubleshooting: The SOCKS proxy settings are designed for traversing a proxy in addition to the primary or alternative proxy server. When traversing only a single proxy, these SOCKS proxy settings should be disabled.
Registry
Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy REG Builder
BETAConfigure the state and elements to generate .reg, PowerShell, Intune, and SCCM outputs.
These exports replicate the policy's registry effect. Editing the registry directly is not the same as applying the GPO through the management console (no gpupdate, no central reporting). Test before production; HKLM changes require administrator rights.
.reg file
Windows Registry Editor Version 5.00
; Exported from gporais.com
; Policy: Configure SOCKS proxy settings
; State: Enabled
; Supported on: All Citrix Workspace supported platforms
[HKEY_LOCAL_MACHINE\Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy]
"ICASOCKSProtocolVersion"="0,4,5"
"ICASOCKSProxyHost"=""
"ICASOCKSProxyPortNumber"="" PowerShell
# Exported from gporais.com
# Policy: Configure SOCKS proxy settings
# State: Enabled
# Supported on: All Citrix Workspace supported platforms
$path = 'HKLM:\Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy'
New-Item -Path $path -Force | Out-Null
Set-ItemProperty -Path $path -Name 'ICASOCKSProtocolVersion' -Value '0,4,5' -Type String
Set-ItemProperty -Path $path -Name 'ICASOCKSProxyHost' -Value '' -Type String
Set-ItemProperty -Path $path -Name 'ICASOCKSProxyPortNumber' -Value '' -Type String Intune XML
No direct Policy CSP / OMA-URI mapping for this policy. Use the Intune Remediation tab, or ingest the ADMX in Intune. Intune Remediation
# === Detection script ===
# Exported from gporais.com
# Policy: Configure SOCKS proxy settings
# State: Enabled
# Supported on: All Citrix Workspace supported platforms
function Test-RegistryValue {
param(
[Parameter(Mandatory = $true)][string]$Path,
[Parameter(Mandatory = $true)][string]$Name,
[object]$Expected,
[ValidateSet('String', 'DWord', 'MultiString')][string]$Kind = 'String',
[switch]$Absent
)
try {
$item = Get-ItemProperty -LiteralPath $Path -Name $Name -ErrorAction Stop
} catch {
return $Absent.IsPresent
}
if ($Absent.IsPresent) { return $false }
$actual = $item.$Name
if ($Kind -eq 'DWord') { return ([int64]$actual) -eq ([int64]$Expected) }
if ($Kind -eq 'MultiString') {
$actualValues = @($actual)
$expectedValues = @($Expected)
if ($actualValues.Count -ne $expectedValues.Count) { return $false }
for ($i = 0; $i -lt $expectedValues.Count; $i++) {
if ([string]$actualValues[$i] -ne [string]$expectedValues[$i]) { return $false }
}
return $true
}
return [string]$actual -eq [string]$Expected
}
$checks = @(
(Test-RegistryValue -Path 'HKLM:\Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy' -Name 'ICASOCKSProtocolVersion' -Expected '0,4,5' -Kind String)
(Test-RegistryValue -Path 'HKLM:\Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy' -Name 'ICASOCKSProxyHost' -Expected '' -Kind String)
(Test-RegistryValue -Path 'HKLM:\Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy' -Name 'ICASOCKSProxyPortNumber' -Expected '' -Kind String)
)
if ($checks -notcontains $false) {
Write-Output 'Compliant'
exit 0
}
Write-Output 'Non-compliant'
exit 1
# === Remediation script ===
# Exported from gporais.com
# Policy: Configure SOCKS proxy settings
# State: Enabled
# Supported on: All Citrix Workspace supported platforms
$path = 'HKLM:\Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy'
New-Item -Path $path -Force | Out-Null
Set-ItemProperty -Path $path -Name 'ICASOCKSProtocolVersion' -Value '0,4,5' -Type String
Set-ItemProperty -Path $path -Name 'ICASOCKSProxyHost' -Value '' -Type String
Set-ItemProperty -Path $path -Name 'ICASOCKSProxyPortNumber' -Value '' -Type String SCCM CI
# Exported from gporais.com
# Policy: Configure SOCKS proxy settings
# State: Enabled
# Supported on: All Citrix Workspace supported platforms
# SCCM Configuration Item guidance:
# Create a Configuration Item of type "Setting: Script".
# Discovery script: use the Detection script below.
# Remediation script: use the Remediation script below.
# Compliance rule: the Discovery script output equals 'Compliant'.
# === Detection script ===
# Exported from gporais.com
# Policy: Configure SOCKS proxy settings
# State: Enabled
# Supported on: All Citrix Workspace supported platforms
function Test-RegistryValue {
param(
[Parameter(Mandatory = $true)][string]$Path,
[Parameter(Mandatory = $true)][string]$Name,
[object]$Expected,
[ValidateSet('String', 'DWord', 'MultiString')][string]$Kind = 'String',
[switch]$Absent
)
try {
$item = Get-ItemProperty -LiteralPath $Path -Name $Name -ErrorAction Stop
} catch {
return $Absent.IsPresent
}
if ($Absent.IsPresent) { return $false }
$actual = $item.$Name
if ($Kind -eq 'DWord') { return ([int64]$actual) -eq ([int64]$Expected) }
if ($Kind -eq 'MultiString') {
$actualValues = @($actual)
$expectedValues = @($Expected)
if ($actualValues.Count -ne $expectedValues.Count) { return $false }
for ($i = 0; $i -lt $expectedValues.Count; $i++) {
if ([string]$actualValues[$i] -ne [string]$expectedValues[$i]) { return $false }
}
return $true
}
return [string]$actual -eq [string]$Expected
}
$checks = @(
(Test-RegistryValue -Path 'HKLM:\Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy' -Name 'ICASOCKSProtocolVersion' -Expected '0,4,5' -Kind String)
(Test-RegistryValue -Path 'HKLM:\Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy' -Name 'ICASOCKSProxyHost' -Expected '' -Kind String)
(Test-RegistryValue -Path 'HKLM:\Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy' -Name 'ICASOCKSProxyPortNumber' -Expected '' -Kind String)
)
if ($checks -notcontains $false) {
Write-Output 'Compliant'
exit 0
}
Write-Output 'Non-compliant'
exit 1
# === Remediation script ===
# Exported from gporais.com
# Policy: Configure SOCKS proxy settings
# State: Enabled
# Supported on: All Citrix Workspace supported platforms
$path = 'HKLM:\Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy'
New-Item -Path $path -Force | Out-Null
Set-ItemProperty -Path $path -Name 'ICASOCKSProtocolVersion' -Value '0,4,5' -Type String
Set-ItemProperty -Path $path -Name 'ICASOCKSProxyHost' -Value '' -Type String
Set-ItemProperty -Path $path -Name 'ICASOCKSProxyPortNumber' -Value '' -Type String