Accès au matériel client
Pris en charge sur : Toutes les plates-formes Citrix Workspace prises en charge
Description
Utilisez cette stratégie pour spécifier le nombre maximal de ports série pris en charge par la plate-forme cliente. Vous pouvez également utiliser cette stratégie pour activer et limiter l'accès des applications ou bureaux distants aux ports série, USB et parallèles du client. Cela permet au serveur d'utiliser le matériel connecté localement. Dépannage : La synchronisation de PDA (agenda électronique) à distance utilise des « ports COM virtuels ». Il s'agit de connexions à des ports série qui sont routées via des connexions USB. Pour cette raison, il est nécessaire d'activer l'accès aux ports série pour utiliser la synchronisation de PDA.
Registre
Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Serial Port Cette stratégie définit plusieurs valeurs de registre :
COMAllowed COMAllowed = (non défini) COMAllowed = false VirtualCOMPortEmulation VirtualCOMPortEmulation = (non défini) VirtualCOMPortEmulation = false CPMAllowed CPMAllowed = (non défini) CPMAllowed = false REG Builder
BETAConfigurez l'état et les éléments pour générer les sorties .reg, PowerShell, Intune et SCCM.
Ces exports reproduisent l'effet registre de la stratégie. Modifier le registre directement n'équivaut pas à appliquer la GPO via la console (pas de gpupdate, pas de suivi centralisé). Testez avant la production ; HKLM nécessite des droits administrateur.
Fichier .reg
Windows Registry Editor Version 5.00
; Exported from gporais.com
; Policy: Accès au matériel client
; State: Enabled
; Supported on: Toutes les plates-formes Citrix Workspace prises en charge
[HKEY_CURRENT_USER\Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Serial Port]
; "COMAllowed" = (not defined)
; "VirtualCOMPortEmulation" = (not defined)
; "CPMAllowed" = (not defined)
"MaxPort"=""
"COMAllowed"=dword:00000001
"VirtualCOMPortEmulation"=dword:00000001
"CPMAllowed"=dword:00000001 PowerShell
# Exported from gporais.com
# Policy: Accès au matériel client
# State: Enabled
# Supported on: Toutes les plates-formes Citrix Workspace prises en charge
$path = 'HKCU:\Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Serial Port'
New-Item -Path $path -Force | Out-Null
# COMAllowed = (not defined)
# VirtualCOMPortEmulation = (not defined)
# CPMAllowed = (not defined)
Set-ItemProperty -Path $path -Name 'MaxPort' -Value '' -Type String
Set-ItemProperty -Path $path -Name 'COMAllowed' -Value 1 -Type DWord
Set-ItemProperty -Path $path -Name 'VirtualCOMPortEmulation' -Value 1 -Type DWord
Set-ItemProperty -Path $path -Name 'CPMAllowed' -Value 1 -Type DWord Intune XML
Aucune correspondance directe Policy CSP / OMA-URI pour cette stratégie. Utilisez l'onglet Intune Remediation, ou importez l'ADMX dans Intune. Intune Remediation
# === Detection script ===
# Exported from gporais.com
# Policy: Accès au matériel client
# State: Enabled
# Supported on: Toutes les plates-formes Citrix Workspace prises en charge
function Test-RegistryValue {
param(
[Parameter(Mandatory = $true)][string]$Path,
[Parameter(Mandatory = $true)][string]$Name,
[object]$Expected,
[ValidateSet('String', 'DWord', 'MultiString')][string]$Kind = 'String',
[switch]$Absent
)
try {
$item = Get-ItemProperty -LiteralPath $Path -Name $Name -ErrorAction Stop
} catch {
return $Absent.IsPresent
}
if ($Absent.IsPresent) { return $false }
$actual = $item.$Name
if ($Kind -eq 'DWord') { return ([int64]$actual) -eq ([int64]$Expected) }
if ($Kind -eq 'MultiString') {
$actualValues = @($actual)
$expectedValues = @($Expected)
if ($actualValues.Count -ne $expectedValues.Count) { return $false }
for ($i = 0; $i -lt $expectedValues.Count; $i++) {
if ([string]$actualValues[$i] -ne [string]$expectedValues[$i]) { return $false }
}
return $true
}
return [string]$actual -eq [string]$Expected
}
# HKCU:\Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Serial Port\COMAllowed: COMAllowed= is not representable as a registry value.
# HKCU:\Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Serial Port\VirtualCOMPortEmulation: VirtualCOMPortEmulation= is not representable as a registry value.
# HKCU:\Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Serial Port\CPMAllowed: CPMAllowed= is not representable as a registry value.
$checks = @(
(Test-RegistryValue -Path 'HKCU:\Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Serial Port' -Name 'MaxPort' -Expected '' -Kind String)
(Test-RegistryValue -Path 'HKCU:\Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Serial Port' -Name 'COMAllowed' -Expected 1 -Kind DWord)
(Test-RegistryValue -Path 'HKCU:\Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Serial Port' -Name 'VirtualCOMPortEmulation' -Expected 1 -Kind DWord)
(Test-RegistryValue -Path 'HKCU:\Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Serial Port' -Name 'CPMAllowed' -Expected 1 -Kind DWord)
)
if ($checks -notcontains $false) {
Write-Output 'Compliant'
exit 0
}
Write-Output 'Non-compliant'
exit 1
# === Remediation script ===
# Exported from gporais.com
# Policy: Accès au matériel client
# State: Enabled
# Supported on: Toutes les plates-formes Citrix Workspace prises en charge
$path = 'HKCU:\Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Serial Port'
New-Item -Path $path -Force | Out-Null
# COMAllowed = (not defined)
# VirtualCOMPortEmulation = (not defined)
# CPMAllowed = (not defined)
Set-ItemProperty -Path $path -Name 'MaxPort' -Value '' -Type String
Set-ItemProperty -Path $path -Name 'COMAllowed' -Value 1 -Type DWord
Set-ItemProperty -Path $path -Name 'VirtualCOMPortEmulation' -Value 1 -Type DWord
Set-ItemProperty -Path $path -Name 'CPMAllowed' -Value 1 -Type DWord SCCM CI
# Exported from gporais.com
# Policy: Accès au matériel client
# State: Enabled
# Supported on: Toutes les plates-formes Citrix Workspace prises en charge
# SCCM Configuration Item guidance:
# Create a Configuration Item of type "Setting: Script".
# Discovery script: use the Detection script below.
# Remediation script: use the Remediation script below.
# Compliance rule: the Discovery script output equals 'Compliant'.
# === Detection script ===
# Exported from gporais.com
# Policy: Accès au matériel client
# State: Enabled
# Supported on: Toutes les plates-formes Citrix Workspace prises en charge
function Test-RegistryValue {
param(
[Parameter(Mandatory = $true)][string]$Path,
[Parameter(Mandatory = $true)][string]$Name,
[object]$Expected,
[ValidateSet('String', 'DWord', 'MultiString')][string]$Kind = 'String',
[switch]$Absent
)
try {
$item = Get-ItemProperty -LiteralPath $Path -Name $Name -ErrorAction Stop
} catch {
return $Absent.IsPresent
}
if ($Absent.IsPresent) { return $false }
$actual = $item.$Name
if ($Kind -eq 'DWord') { return ([int64]$actual) -eq ([int64]$Expected) }
if ($Kind -eq 'MultiString') {
$actualValues = @($actual)
$expectedValues = @($Expected)
if ($actualValues.Count -ne $expectedValues.Count) { return $false }
for ($i = 0; $i -lt $expectedValues.Count; $i++) {
if ([string]$actualValues[$i] -ne [string]$expectedValues[$i]) { return $false }
}
return $true
}
return [string]$actual -eq [string]$Expected
}
# HKCU:\Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Serial Port\COMAllowed: COMAllowed= is not representable as a registry value.
# HKCU:\Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Serial Port\VirtualCOMPortEmulation: VirtualCOMPortEmulation= is not representable as a registry value.
# HKCU:\Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Serial Port\CPMAllowed: CPMAllowed= is not representable as a registry value.
$checks = @(
(Test-RegistryValue -Path 'HKCU:\Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Serial Port' -Name 'MaxPort' -Expected '' -Kind String)
(Test-RegistryValue -Path 'HKCU:\Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Serial Port' -Name 'COMAllowed' -Expected 1 -Kind DWord)
(Test-RegistryValue -Path 'HKCU:\Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Serial Port' -Name 'VirtualCOMPortEmulation' -Expected 1 -Kind DWord)
(Test-RegistryValue -Path 'HKCU:\Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Serial Port' -Name 'CPMAllowed' -Expected 1 -Kind DWord)
)
if ($checks -notcontains $false) {
Write-Output 'Compliant'
exit 0
}
Write-Output 'Non-compliant'
exit 1
# === Remediation script ===
# Exported from gporais.com
# Policy: Accès au matériel client
# State: Enabled
# Supported on: Toutes les plates-formes Citrix Workspace prises en charge
$path = 'HKCU:\Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Serial Port'
New-Item -Path $path -Force | Out-Null
# COMAllowed = (not defined)
# VirtualCOMPortEmulation = (not defined)
# CPMAllowed = (not defined)
Set-ItemProperty -Path $path -Name 'MaxPort' -Value '' -Type String
Set-ItemProperty -Path $path -Name 'COMAllowed' -Value 1 -Type DWord
Set-ItemProperty -Path $path -Name 'VirtualCOMPortEmulation' -Value 1 -Type DWord
Set-ItemProperty -Path $path -Name 'CPMAllowed' -Value 1 -Type DWord