Remote applications
Supported on: ADMX Migrator encountered a policy that does not have a supportedOn value.
Description
Use this policy to configure the client's handling of remote applications. When enabled, this policy uses the list in the "Application" box to determine which published applications can be directly launched by the client. You can request that remote applications share sessions (run in a single ICA connection). This provides a better user experience, but is sometimes not desirable. The session sharing feature can be disabled by clearing the "Session sharing" check box. Troubleshooting: Published applications are denoted by a # in front of the application name. Omitting the # symbol attempts to launch a particular program or desktop. A computer running Citrix XenApp will not allow this by default, and rejects the connection, displaying: "You do not have access to this session." Session sharing is controlled by the SessionSharingKey that prevents applications launched from different Web Interface servers from sharing sessions. In addition, applications with different graphics or security settings are prevented from sharing sessions.
Registry
Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Application Launching REG Builder
BETAConfigure the state and elements to generate .reg, PowerShell, Intune, and SCCM outputs.
These exports replicate the policy's registry effect. Editing the registry directly is not the same as applying the GPO through the management console (no gpupdate, no central reporting). Test before production; HKLM changes require administrator rights.
.reg file
Windows Registry Editor Version 5.00
; Exported from gporais.com
; Policy: Remote applications
; State: Enabled
; Supported on: ADMX Migrator encountered a policy that does not have a supportedOn value.
[HKEY_LOCAL_MACHINE\Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Application Launching]
"InitialProgram"=""
"EnableSessionSharing"=dword:00000001 PowerShell
# Exported from gporais.com
# Policy: Remote applications
# State: Enabled
# Supported on: ADMX Migrator encountered a policy that does not have a supportedOn value.
$path = 'HKLM:\Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Application Launching'
New-Item -Path $path -Force | Out-Null
Set-ItemProperty -Path $path -Name 'InitialProgram' -Value '' -Type String
Set-ItemProperty -Path $path -Name 'EnableSessionSharing' -Value 1 -Type DWord Intune XML
No direct Policy CSP / OMA-URI mapping for this policy. Use the Intune Remediation tab, or ingest the ADMX in Intune. Intune Remediation
# === Detection script ===
# Exported from gporais.com
# Policy: Remote applications
# State: Enabled
# Supported on: ADMX Migrator encountered a policy that does not have a supportedOn value.
function Test-RegistryValue {
param(
[Parameter(Mandatory = $true)][string]$Path,
[Parameter(Mandatory = $true)][string]$Name,
[object]$Expected,
[ValidateSet('String', 'DWord', 'MultiString')][string]$Kind = 'String',
[switch]$Absent
)
try {
$item = Get-ItemProperty -LiteralPath $Path -Name $Name -ErrorAction Stop
} catch {
return $Absent.IsPresent
}
if ($Absent.IsPresent) { return $false }
$actual = $item.$Name
if ($Kind -eq 'DWord') { return ([int64]$actual) -eq ([int64]$Expected) }
if ($Kind -eq 'MultiString') {
$actualValues = @($actual)
$expectedValues = @($Expected)
if ($actualValues.Count -ne $expectedValues.Count) { return $false }
for ($i = 0; $i -lt $expectedValues.Count; $i++) {
if ([string]$actualValues[$i] -ne [string]$expectedValues[$i]) { return $false }
}
return $true
}
return [string]$actual -eq [string]$Expected
}
$checks = @(
(Test-RegistryValue -Path 'HKLM:\Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Application Launching' -Name 'InitialProgram' -Expected '' -Kind String)
(Test-RegistryValue -Path 'HKLM:\Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Application Launching' -Name 'EnableSessionSharing' -Expected 1 -Kind DWord)
)
if ($checks -notcontains $false) {
Write-Output 'Compliant'
exit 0
}
Write-Output 'Non-compliant'
exit 1
# === Remediation script ===
# Exported from gporais.com
# Policy: Remote applications
# State: Enabled
# Supported on: ADMX Migrator encountered a policy that does not have a supportedOn value.
$path = 'HKLM:\Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Application Launching'
New-Item -Path $path -Force | Out-Null
Set-ItemProperty -Path $path -Name 'InitialProgram' -Value '' -Type String
Set-ItemProperty -Path $path -Name 'EnableSessionSharing' -Value 1 -Type DWord SCCM CI
# Exported from gporais.com
# Policy: Remote applications
# State: Enabled
# Supported on: ADMX Migrator encountered a policy that does not have a supportedOn value.
# SCCM Configuration Item guidance:
# Create a Configuration Item of type "Setting: Script".
# Discovery script: use the Detection script below.
# Remediation script: use the Remediation script below.
# Compliance rule: the Discovery script output equals 'Compliant'.
# === Detection script ===
# Exported from gporais.com
# Policy: Remote applications
# State: Enabled
# Supported on: ADMX Migrator encountered a policy that does not have a supportedOn value.
function Test-RegistryValue {
param(
[Parameter(Mandatory = $true)][string]$Path,
[Parameter(Mandatory = $true)][string]$Name,
[object]$Expected,
[ValidateSet('String', 'DWord', 'MultiString')][string]$Kind = 'String',
[switch]$Absent
)
try {
$item = Get-ItemProperty -LiteralPath $Path -Name $Name -ErrorAction Stop
} catch {
return $Absent.IsPresent
}
if ($Absent.IsPresent) { return $false }
$actual = $item.$Name
if ($Kind -eq 'DWord') { return ([int64]$actual) -eq ([int64]$Expected) }
if ($Kind -eq 'MultiString') {
$actualValues = @($actual)
$expectedValues = @($Expected)
if ($actualValues.Count -ne $expectedValues.Count) { return $false }
for ($i = 0; $i -lt $expectedValues.Count; $i++) {
if ([string]$actualValues[$i] -ne [string]$expectedValues[$i]) { return $false }
}
return $true
}
return [string]$actual -eq [string]$Expected
}
$checks = @(
(Test-RegistryValue -Path 'HKLM:\Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Application Launching' -Name 'InitialProgram' -Expected '' -Kind String)
(Test-RegistryValue -Path 'HKLM:\Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Application Launching' -Name 'EnableSessionSharing' -Expected 1 -Kind DWord)
)
if ($checks -notcontains $false) {
Write-Output 'Compliant'
exit 0
}
Write-Output 'Non-compliant'
exit 1
# === Remediation script ===
# Exported from gporais.com
# Policy: Remote applications
# State: Enabled
# Supported on: ADMX Migrator encountered a policy that does not have a supportedOn value.
$path = 'HKLM:\Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Application Launching'
New-Item -Path $path -Force | Out-Null
Set-ItemProperty -Path $path -Name 'InitialProgram' -Value '' -Type String
Set-ItemProperty -Path $path -Name 'EnableSessionSharing' -Value 1 -Type DWord