Store authentication tokens
Supported on: All Citrix Workspace supported platforms
Description
Use this policy to store authentication tokens. Authentication tokens are encrypted and stored on the disk so that you don’t need to reenter the credentials in case of a system reboot or when Citrix Workspace App is restarted. Enabled or Not Configured indicates that the authentication tokens are stored. This is the default option. Disabled indicates that the authentication tokens are not stored and that you must re-enter the credentials in case of a system reboot or when Citrix Workspace App is restarted. This policy is only applicable to cloud deployments.
Registry
SOFTWARE\Policies\Citrix\Dazzle Value name: StoreAuthenticationTokens
Enabled: StoreAuthenticationTokens = true
Disabled: StoreAuthenticationTokens = false
REG Builder
BETAConfigure the state and elements to generate .reg, PowerShell, Intune, and SCCM outputs.
These exports replicate the policy's registry effect. Editing the registry directly is not the same as applying the GPO through the management console (no gpupdate, no central reporting). Test before production; HKLM changes require administrator rights.
.reg file
Windows Registry Editor Version 5.00
; Exported from gporais.com
; Policy: Store authentication tokens
; State: Enabled
; Supported on: All Citrix Workspace supported platforms
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Citrix\Dazzle]
"StoreAuthenticationTokens"="true" PowerShell
# Exported from gporais.com
# Policy: Store authentication tokens
# State: Enabled
# Supported on: All Citrix Workspace supported platforms
$path = 'HKLM:\SOFTWARE\Policies\Citrix\Dazzle'
New-Item -Path $path -Force | Out-Null
Set-ItemProperty -Path $path -Name 'StoreAuthenticationTokens' -Value 'true' -Type String Intune XML
No direct Policy CSP / OMA-URI mapping for this policy. Use the Intune Remediation tab, or ingest the ADMX in Intune. Intune Remediation
# === Detection script ===
# Exported from gporais.com
# Policy: Store authentication tokens
# State: Enabled
# Supported on: All Citrix Workspace supported platforms
function Test-RegistryValue {
param(
[Parameter(Mandatory = $true)][string]$Path,
[Parameter(Mandatory = $true)][string]$Name,
[object]$Expected,
[ValidateSet('String', 'DWord', 'MultiString')][string]$Kind = 'String',
[switch]$Absent
)
try {
$item = Get-ItemProperty -LiteralPath $Path -Name $Name -ErrorAction Stop
} catch {
return $Absent.IsPresent
}
if ($Absent.IsPresent) { return $false }
$actual = $item.$Name
if ($Kind -eq 'DWord') { return ([int64]$actual) -eq ([int64]$Expected) }
if ($Kind -eq 'MultiString') {
$actualValues = @($actual)
$expectedValues = @($Expected)
if ($actualValues.Count -ne $expectedValues.Count) { return $false }
for ($i = 0; $i -lt $expectedValues.Count; $i++) {
if ([string]$actualValues[$i] -ne [string]$expectedValues[$i]) { return $false }
}
return $true
}
return [string]$actual -eq [string]$Expected
}
$checks = @(
(Test-RegistryValue -Path 'HKLM:\SOFTWARE\Policies\Citrix\Dazzle' -Name 'StoreAuthenticationTokens' -Expected 'true' -Kind String)
)
if ($checks -notcontains $false) {
Write-Output 'Compliant'
exit 0
}
Write-Output 'Non-compliant'
exit 1
# === Remediation script ===
# Exported from gporais.com
# Policy: Store authentication tokens
# State: Enabled
# Supported on: All Citrix Workspace supported platforms
$path = 'HKLM:\SOFTWARE\Policies\Citrix\Dazzle'
New-Item -Path $path -Force | Out-Null
Set-ItemProperty -Path $path -Name 'StoreAuthenticationTokens' -Value 'true' -Type String SCCM CI
# Exported from gporais.com
# Policy: Store authentication tokens
# State: Enabled
# Supported on: All Citrix Workspace supported platforms
# SCCM Configuration Item guidance:
# Create a Configuration Item of type "Setting: Script".
# Discovery script: use the Detection script below.
# Remediation script: use the Remediation script below.
# Compliance rule: the Discovery script output equals 'Compliant'.
# === Detection script ===
# Exported from gporais.com
# Policy: Store authentication tokens
# State: Enabled
# Supported on: All Citrix Workspace supported platforms
function Test-RegistryValue {
param(
[Parameter(Mandatory = $true)][string]$Path,
[Parameter(Mandatory = $true)][string]$Name,
[object]$Expected,
[ValidateSet('String', 'DWord', 'MultiString')][string]$Kind = 'String',
[switch]$Absent
)
try {
$item = Get-ItemProperty -LiteralPath $Path -Name $Name -ErrorAction Stop
} catch {
return $Absent.IsPresent
}
if ($Absent.IsPresent) { return $false }
$actual = $item.$Name
if ($Kind -eq 'DWord') { return ([int64]$actual) -eq ([int64]$Expected) }
if ($Kind -eq 'MultiString') {
$actualValues = @($actual)
$expectedValues = @($Expected)
if ($actualValues.Count -ne $expectedValues.Count) { return $false }
for ($i = 0; $i -lt $expectedValues.Count; $i++) {
if ([string]$actualValues[$i] -ne [string]$expectedValues[$i]) { return $false }
}
return $true
}
return [string]$actual -eq [string]$Expected
}
$checks = @(
(Test-RegistryValue -Path 'HKLM:\SOFTWARE\Policies\Citrix\Dazzle' -Name 'StoreAuthenticationTokens' -Expected 'true' -Kind String)
)
if ($checks -notcontains $false) {
Write-Output 'Compliant'
exit 0
}
Write-Output 'Non-compliant'
exit 1
# === Remediation script ===
# Exported from gporais.com
# Policy: Store authentication tokens
# State: Enabled
# Supported on: All Citrix Workspace supported platforms
$path = 'HKLM:\SOFTWARE\Policies\Citrix\Dazzle'
New-Item -Path $path -Force | Out-Null
Set-ItemProperty -Path $path -Name 'StoreAuthenticationTokens' -Value 'true' -Type String