Bloquer le lancement de DoubleHop
Pris en charge sur : Toutes les plates-formes Citrix Workspace prises en charge
Description
Si cette option est activée, les applications et bureaux virtuels configurés avec des stratégies App Protection ne peuvent pas être lancés à partir d’un bureau virtuel.
Registre
HKLM
Software\Policies\Citrix\AppProtection Nom de valeur : BlockDoubleHopLaunch
Activé : BlockDoubleHopLaunch = 1
Désactivé : BlockDoubleHopLaunch = 0
REG Builder
BETAConfigurez l'état et les éléments pour générer les sorties .reg, PowerShell, Intune et SCCM.
Ces exports reproduisent l'effet registre de la stratégie. Modifier le registre directement n'équivaut pas à appliquer la GPO via la console (pas de gpupdate, pas de suivi centralisé). Testez avant la production ; HKLM nécessite des droits administrateur.
Fichier .reg
Windows Registry Editor Version 5.00
; Exported from gporais.com
; Policy: Bloquer le lancement de DoubleHop
; State: Enabled
; Supported on: Toutes les plates-formes Citrix Workspace prises en charge
[HKEY_LOCAL_MACHINE\Software\Policies\Citrix\AppProtection]
"BlockDoubleHopLaunch"=dword:00000001 PowerShell
# Exported from gporais.com
# Policy: Bloquer le lancement de DoubleHop
# State: Enabled
# Supported on: Toutes les plates-formes Citrix Workspace prises en charge
$path = 'HKLM:\Software\Policies\Citrix\AppProtection'
New-Item -Path $path -Force | Out-Null
Set-ItemProperty -Path $path -Name 'BlockDoubleHopLaunch' -Value 1 -Type DWord Intune XML
Aucune correspondance directe Policy CSP / OMA-URI pour cette stratégie. Utilisez l'onglet Intune Remediation, ou importez l'ADMX dans Intune. Intune Remediation
# === Detection script ===
# Exported from gporais.com
# Policy: Bloquer le lancement de DoubleHop
# State: Enabled
# Supported on: Toutes les plates-formes Citrix Workspace prises en charge
function Test-RegistryValue {
param(
[Parameter(Mandatory = $true)][string]$Path,
[Parameter(Mandatory = $true)][string]$Name,
[object]$Expected,
[ValidateSet('String', 'DWord', 'MultiString')][string]$Kind = 'String',
[switch]$Absent
)
try {
$item = Get-ItemProperty -LiteralPath $Path -Name $Name -ErrorAction Stop
} catch {
return $Absent.IsPresent
}
if ($Absent.IsPresent) { return $false }
$actual = $item.$Name
if ($Kind -eq 'DWord') { return ([int64]$actual) -eq ([int64]$Expected) }
if ($Kind -eq 'MultiString') {
$actualValues = @($actual)
$expectedValues = @($Expected)
if ($actualValues.Count -ne $expectedValues.Count) { return $false }
for ($i = 0; $i -lt $expectedValues.Count; $i++) {
if ([string]$actualValues[$i] -ne [string]$expectedValues[$i]) { return $false }
}
return $true
}
return [string]$actual -eq [string]$Expected
}
$checks = @(
(Test-RegistryValue -Path 'HKLM:\Software\Policies\Citrix\AppProtection' -Name 'BlockDoubleHopLaunch' -Expected 1 -Kind DWord)
)
if ($checks -notcontains $false) {
Write-Output 'Compliant'
exit 0
}
Write-Output 'Non-compliant'
exit 1
# === Remediation script ===
# Exported from gporais.com
# Policy: Bloquer le lancement de DoubleHop
# State: Enabled
# Supported on: Toutes les plates-formes Citrix Workspace prises en charge
$path = 'HKLM:\Software\Policies\Citrix\AppProtection'
New-Item -Path $path -Force | Out-Null
Set-ItemProperty -Path $path -Name 'BlockDoubleHopLaunch' -Value 1 -Type DWord SCCM CI
# Exported from gporais.com
# Policy: Bloquer le lancement de DoubleHop
# State: Enabled
# Supported on: Toutes les plates-formes Citrix Workspace prises en charge
# SCCM Configuration Item guidance:
# Create a Configuration Item of type "Setting: Script".
# Discovery script: use the Detection script below.
# Remediation script: use the Remediation script below.
# Compliance rule: the Discovery script output equals 'Compliant'.
# === Detection script ===
# Exported from gporais.com
# Policy: Bloquer le lancement de DoubleHop
# State: Enabled
# Supported on: Toutes les plates-formes Citrix Workspace prises en charge
function Test-RegistryValue {
param(
[Parameter(Mandatory = $true)][string]$Path,
[Parameter(Mandatory = $true)][string]$Name,
[object]$Expected,
[ValidateSet('String', 'DWord', 'MultiString')][string]$Kind = 'String',
[switch]$Absent
)
try {
$item = Get-ItemProperty -LiteralPath $Path -Name $Name -ErrorAction Stop
} catch {
return $Absent.IsPresent
}
if ($Absent.IsPresent) { return $false }
$actual = $item.$Name
if ($Kind -eq 'DWord') { return ([int64]$actual) -eq ([int64]$Expected) }
if ($Kind -eq 'MultiString') {
$actualValues = @($actual)
$expectedValues = @($Expected)
if ($actualValues.Count -ne $expectedValues.Count) { return $false }
for ($i = 0; $i -lt $expectedValues.Count; $i++) {
if ([string]$actualValues[$i] -ne [string]$expectedValues[$i]) { return $false }
}
return $true
}
return [string]$actual -eq [string]$Expected
}
$checks = @(
(Test-RegistryValue -Path 'HKLM:\Software\Policies\Citrix\AppProtection' -Name 'BlockDoubleHopLaunch' -Expected 1 -Kind DWord)
)
if ($checks -notcontains $false) {
Write-Output 'Compliant'
exit 0
}
Write-Output 'Non-compliant'
exit 1
# === Remediation script ===
# Exported from gporais.com
# Policy: Bloquer le lancement de DoubleHop
# State: Enabled
# Supported on: Toutes les plates-formes Citrix Workspace prises en charge
$path = 'HKLM:\Software\Policies\Citrix\AppProtection'
New-Item -Path $path -Force | Out-Null
Set-ItemProperty -Path $path -Name 'BlockDoubleHopLaunch' -Value 1 -Type DWord