; ; Group Policy template for Citrix ICA Client ; ; Copyright 2006 Citrix Systems ; CLASS MACHINE CATEGORY !!Citrix #if version >= 4 EXPLAIN !!Explain_Citrix #endif CATEGORY !!ICAClient #if version >= 4 EXPLAIN !!Explain_ICAClient #endif ; ; Remotely disable the ICA Client. ; POLICY !!Policy_EnableICAClient EXPLAIN !!Explain_EnableICAClient KEYNAME "Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions" PART !!Part_EnableICAClient_Enable CHECKBOX DEFCHECKED VALUENAME "AllowConnection" VALUEON NUMERIC 1 VALUEOFF NUMERIC 0 END PART PART !!Part_EnableICAClient_Minimum NUMERIC VALUENAME "Version Minimum" MIN 10000 MAX 100000 DEFAULT 10000 END PART END POLICY POLICY "Configure Program Neighborhood Agent Connection" KEYNAME "Software\Citrix\PNAgent" PART !!Config_PNAgent_URL EDITTEXT DEFAULT "https://servername/Citrix/PNAgent/config.xml" VALUENAME "ServerURL" END PART END POLICY CATEGORY !!Network #if version >= 4 EXPLAIN !!Explain_Network #endif CATEGORY !!Proxy #if version >= 4 EXPLAIN !!Explain_Proxy #endif ; ; Remotely define which proxy to use. ; POLICY !!Policy_ProxyLockdown KEYNAME "Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy" EXPLAIN !!Explain_ProxyLockdown PART !!Part_Proxy_ProxyTypeLockdown COMBOBOX VALUENAME "ProxyType" SUGGESTIONS "Auto" "None" "SOCKS" "SOCKSv4" "SOCKSv5" "Secure" "Script" END SUGGESTIONS END PART PART !!Part_Proxy_ProxyHostLockdown EDITTEXT VALUENAME "ProxyHost" END PART PART !!Part_Proxy_ProxyPortLockdown EDITTEXT VALUENAME "ProxyPort" END PART PART !!Part_Proxy_ProxyAutoConfigUrlLockdown EDITTEXT VALUENAME "ProxyAutoConfigUrl" END PART PART !!Part_Proxy_ProxyBypassListLockdown EDITTEXT VALUENAME "ProxyBypassList" END PART END POLICY ; ; Remotely define which Alternate proxy to use ; POLICY !!Policy_AltProxyLockdown KEYNAME "Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy" EXPLAIN !!Explain_AltProxyLockdown PART !!Part_AltProxy_ProxyTypeLockdown COMBOBOX VALUENAME "AltProxyType" SUGGESTIONS "Auto" "None" "SOCKS" "SOCKSv4" "SOCKSv5" "Secure" "Script" END SUGGESTIONS END PART PART !!Part_AltProxy_ProxyHostLockdown EDITTEXT VALUENAME "AltProxyHost" END PART PART !!Part_AltProxy_ProxyPortLockdown EDITTEXT VALUENAME "AltProxyPort" END PART PART !!Part_AltProxy_ProxyAutoConfigUrlLockdown EDITTEXT VALUENAME "AltProxyAutoConfigUrl" END PART PART !!Part_AltProxy_ProxyBypassListLockdown EDITTEXT VALUENAME "AltProxyBypassList" END PART PART !!Part_AltProxy_ProxyFallbackLockdown CHECKBOX DEFCHECKED VALUENAME "ProxyFallback" VALUEON "true,false" VALUEOFF "false" END PART END POLICY ; ; Remotely define which proxy to use. ; POLICY !!Policy_ProxySocks KEYNAME "Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy" EXPLAIN !!Explain_ProxySocks PART !!Part_ProxySocks_Version DROPDOWNLIST VALUENAME "ICASOCKSProtocolVersion" ITEMLIST NAME "Disabled" VALUE "-1,default" DEFAULT NAME "Detect version" VALUE "0,4,5" NAME "SOCKS v4" VALUE "4" NAME "SOCKS v5" VALUE "5" END ITEMLIST END PART PART !!Part_ProxySocks_ProxyHostLockdown EDITTEXT VALUENAME "ICASOCKSProxyHost" END PART PART !!Part_ProxySOCKS_ProxyPortLockdown EDITTEXT VALUENAME "ICASOCKSProxyPortNumber" END PART END POLICY ; ; Remotely define which proxy to use. ; POLICY !!Policy_ProxyAuthentication KEYNAME "Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy" EXPLAIN !!Explain_ProxyAuthentication PART !!Policy_ProxyExplicitAuthenticationEnabled CHECKBOX DEFCHECKED VALUENAME "ProxyAuthenticationPrompt" VALUEON "*" VALUEOFF "false" END PART PART !!Policy_ProxyBasicAuthenticationEnabled CHECKBOX DEFCHECKED VALUENAME "ProxyAuthenticationBasic" VALUEON "*" VALUEOFF "false" END PART PART !!Policy_ProxyNTLMAuthenticationEnabled CHECKBOX DEFCHECKED VALUENAME "ProxyAuthenticationNTLM" VALUEON "*" VALUEOFF "false" END PART PART !!Part_Proxy_Socks5User EDITTEXT VALUENAME "ProxyUsername" END PART PART !!Part_Proxy_Socks5Password EDITTEXT VALUENAME "ProxyPassword" END PART END POLICY END CATEGORY ; ; Remotely define SSL Settings ; POLICY !!Policy_SSLLockdown KEYNAME "Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\SSL" EXPLAIN !!Explain_SSLLockdown PART !!Part_SSL_EnabledLockdown CHECKBOX DEFCHECKED VALUENAME "SSLEnable" VALUEON "true" VALUEOFF "*" END PART PART !!Part_SSL_SSLProxyHostLockdown COMBOBOX VALUENAME "SSLProxyHost" SUGGESTIONS "*:443" END SUGGESTIONS END PART PART !!Part_SSL_SSLProtocolLockdown DROPDOWNLIST VALUENAME "SecureChannelProtocol" ITEMLIST NAME "Detect version" VALUE "" DEFAULT NAME "TLS v1.0" VALUE "TLS" NAME "SSL v3.0" VALUE "SSL" END ITEMLIST END PART PART !!Part_SSL_CiphersuiteLockdown DROPDOWNLIST VALUENAME "SSLCiphers" ITEMLIST NAME "Detect version" VALUE "" DEFAULT NAME "Government" VALUE "GOV" NAME "Commercial" VALUE "COM" END ITEMLIST END PART PART !!Part_SSL_RevocationLockdown DROPDOWNLIST VALUENAME "SSLCertificateRevocationCheckPolicy" ITEMLIST NAME "Default" VALUE "" DEFAULT NAME "Disabled" VALUE "NoCheck" NAME "Only check locally stored CRLs" VALUE "CheckNoNetworkAccess" NAME "Retrieve CRLs from network" VALUE "FullAccessCheck" NAME "Require CRLs for connection" VALUE "FullAccessCheckAndCrlRequired" END ITEMLIST END PART END POLICY ; ; Remotely configure the Client Selective Trust feature. ; POLICY !!Policy_ConfigureClientSelectiveTrust EXPLAIN !!Explain_ConfigureClientSelectiveTrust KEYNAME "Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\ClientSelectiveTrust" PART !!Part_EnableClientSelectiveTrust CHECKBOX DEFCHECKED VALUENAME "EnableClientSelectiveTrust" VALUEON "true" VALUEOFF "*" END PART PART !!Part_ConfigureClientSelectiveTrust_IEZone COMBOBOX KEYNAME "SOFTWARE\Citrix\ICA Client\Engine\Configuration\Region Identification\Trusted Region\Evidence" VALUENAME "InternetExplorerZone" SUGGESTIONS "Trusted" "Trusted,Intranet" END SUGGESTIONS END PART PART !!Part_ConfigureClientSelectiveTrust_EffectiveAddress COMBOBOX KEYNAME "SOFTWARE\Citrix\ICA Client\Engine\Configuration\Region Identification\Trusted Region\Evidence" VALUENAME "EffectiveAddress" SUGGESTIONS "*.finance.citrix.com,*.sales.citrix.com" "cps*.citrix.com" END SUGGESTIONS END PART END POLICY ; ; Remotely enable Auto Client Reconnect. ; POLICY !!Policy_ClientAutoReconnect EXPLAIN !!Explain_ClientAutoReconnect KEYNAME "Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Reconnection" PART !!Part_ClientAutoReconnect_Reconnect CHECKBOX DEFCHECKED VALUENAME "TransportReconnectEnabled" VALUEON "*" VALUEOFF "false" END PART PART !!Part_ClientAutoReconnect_CGP CHECKBOX DEFCHECKED KEYNAME "Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\CGP" VALUENAME "CGPAddress" VALUEON "" VALUEOFF "0.0.0.0" END PART PART !!Part_ClientAutoReconnect_Attempts EDITTEXT VALUENAME "TransportReconnectRetries" END PART PART !!Part_ClientAutoReconnect_Delay EDITTEXT VALUENAME "TransportReconnectDelay" END PART END POLICY END CATEGORY CATEGORY !!Authentication #if version >= 4 EXPLAIN !!Explain_Authentication #endif ; ; Remotely define smartcard Settings ; For Windows 2000 servers, use DisableCtrlAltDel=false ; POLICY !!Policy_Smartcard EXPLAIN !!Explain_Smartcard KEYNAME "Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Smartcard" VALUENAME "SmartCardAllowed" VALUEON "*" VALUEOFF "false" PART !!Part_Smartcard_Enable CHECKBOX DEFCHECKED VALUENAME "SmartCardAllowed" VALUEON "*" VALUEOFF "false" END PART PART !!Part_SmartcardPin_Enable CHECKBOX KEYNAME "Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Smartcard" VALUENAME "DisableCtrlAltDel" VALUEON "true,false" VALUEOFF "*" ACTIONLISTON KEYNAME "Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon\Local Credentials" VALUENAME "SSOnUserSetting" VALUE "true,false" KEYNAME "Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon\Local Credentials" VALUENAME "UseLocalUserAndPassword" VALUE "true,false" KEYNAME "Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon\Local Credentials" VALUENAME "EnableSSOnThruICAFile" VALUE "true" END ACTIONLISTON END PART END POLICY ; ; Remotely define logon Settings ; POLICY !!Policy_KerberosLockdown EXPLAIN !!Explain_KerberosLockdown KEYNAME "Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon\Kerberos" VALUENAME "SSPIEnabled" VALUEON "true,false" VALUEOFF "false" ACTIONLISTON KEYNAME "Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon\Local Credentials" VALUENAME "SSOnUserSetting" VALUE "true,false" KEYNAME "Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon\Local Credentials" VALUENAME "EnableSSOnThruICAFile" VALUE "true" END ACTIONLISTON END POLICY ; ; Remotely define Logon Settings ; POLICY !!Policy_LocalCredentialsLockdown EXPLAIN !!Explain_LocalCredentialsLockdown KEYNAME "Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon\Local Credentials" VALUENAME "UseLocalUserAndPassword" VALUEON "true,false" VALUEOFF "false" ACTIONLISTON KEYNAME "Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon\Local Credentials" VALUENAME "SSOnUserSetting" VALUE "true,false" KEYNAME "Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon\Local Credentials" VALUENAME "EnableSSOnThruICAFile" VALUE "true" END ACTIONLISTON PART !!Part_LocalCredentialsLockdown_Enable CHECKBOX DEFCHECKED VALUENAME "UseLocalUserAndPassword" VALUEON "true,false" VALUEOFF "false" END PART PART !!Part_NovellCredentials CHECKBOX VALUENAME "SSOnCredentialType" VALUEON "NDS" VALUEOFF "Any,NT,NDS" END PART END POLICY ; ; Remotely define Logon Settings ; POLICY !!Policy_SavedCredentialsLockdown EXPLAIN !!Explain_SavedCredentialsLockdown KEYNAME "Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon\Saved Credentials" PART !!Part_SavedCredentialsLockdown_Enable CHECKBOX DEFCHECKED VALUENAME "Password" VALUEON "" VALUEOFF "xxxxxxxxx" END PART PART !!Part_SavedCredentialsLockdown_Username EDITTEXT VALUENAME "Username" END PART PART !!Part_SavedCredentialsLockdown_Domain EDITTEXT VALUENAME "Domain" END PART END POLICY ; ; Remotely define Logon Settings ; POLICY !!Policy_WITicket EXPLAIN !!Explain_WITicket KEYNAME "Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon\Saved Credentials" PART !!Part_WITicket_Legacy_Enable CHECKBOX DEFCHECKED VALUENAME "ClearPassword" VALUEON "" VALUEOFF "xxxxxxxxx" END PART PART !!Part_WITicket_LogonTicket_Enable CHECKBOX DEFCHECKED KEYNAME "Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon\Ticket" VALUENAME "LogonTicket" VALUEON "" VALUEOFF "xxxxxxxxx" END PART END POLICY END CATEGORY CATEGORY !!VirtualChannels #if version >= 4 EXPLAIN !!Explain_VirtualChannels #endif ; ; Remotely define Drive Mapping options ; POLICY !!Policy_EnableDriveMapping EXPLAIN !!Explain_EnableDriveMapping KEYNAME "Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Drives" PART !!Part_EnableDriveMappingCheckbox CHECKBOX DEFCHECKED VALUENAME "CDMAllowed" VALUEON "true,false" VALUEOFF "false" END PART PART !!Part_EnableDriveMappingReadonly CHECKBOX VALUENAME "CDMReadOnly" VALUEON "true" VALUEOFF "false,true" END PART PART !!Part_EnableDriveMappingDisableDrives COMBOBOX VALUENAME "DisableDrives" SUGGESTIONS "C" "ABCDEFGHIJKLMNOPQRSTUVWXYZ" END SUGGESTIONS END PART END POLICY ; ; Remotely define Printer Settings ; POLICY !!Policy_EnablePrinterMapping EXPLAIN !!Explain_EnablePrinterMapping KEYNAME "Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Printing" VALUENAME "VSLAllowed" VALUEON "true,false" VALUEOFF "false" END POLICY ; ; Remotely define Hardware device access ; POLICY !!Policy_LocalPort EXPLAIN !!Explain_LocalPort KEYNAME "Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Serial Port" ACTIONLISTOFF KEYNAME "Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Serial Port" VALUENAME "COMAllowed" VALUE "false" KEYNAME "Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Serial Port" VALUENAME "VirtualCOMPortEmulation" VALUE "false" KEYNAME "Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Printing" VALUENAME "CPMAllowed" VALUE "false" END ACTIONLISTOFF PART !!Part_EnableSerialPortCheckbox CHECKBOX KEYNAME "Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Serial Port" DEFCHECKED VALUENAME "COMAllowed" VALUEON "true,false" VALUEOFF "false" END PART PART !!Part_EnableVirtualSerialPortCheckbox CHECKBOX KEYNAME "Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Serial Port" DEFCHECKED VALUENAME "VirtualCOMPortEmulation" VALUEON "true,false" VALUEOFF "false" END PART PART !!Part_EnableParallelPortCheckbox CHECKBOX KEYNAME "Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Printing" DEFCHECKED VALUENAME "CPMAllowed" VALUEON "true,false" VALUEOFF "false" END PART END POLICY ; ; Remotely define Printer Settings ; POLICY !!Policy_ImageCapture EXPLAIN !!Explain_ImageCapture KEYNAME "Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Image Capture" VALUENAME "TWAINAllowed" VALUEON "true,false" VALUEOFF "false" END POLICY ; ; Remotely define Bidirectional Audio Settings ; POLICY !!Policy_SpeechMike EXPLAIN !!Explain_SpeechMike KEYNAME "Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Audio" VALUENAME "EnableAudioInput" VALUEON "true,false" VALUEOFF "false" ACTIONLISTOFF KEYNAME "Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\SpeechMike" VALUENAME "EnableSpeechMike" VALUE "false" END ACTIONLISTOFF PART !!Part_BiDiAudio_Enable CHECKBOX DEFCHECKED VALUENAME "EnableAudioInput" VALUEON "true,false" VALUEOFF "false" END PART PART !!Part_SpeechMike_Enable CHECKBOX DEFCHECKED KEYNAME "Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\SpeechMike" VALUENAME "EnableSpeechMike" VALUEON "true,false" VALUEOFF "false" END PART END POLICY ; ; Remotely define Clipboard Settings ; POLICY !!Policy_Clipboard EXPLAIN !!Explain_Clipboard KEYNAME "Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Clipboard" VALUENAME "ClipboardAllowed" VALUEON "true,false" VALUEOFF "false" END POLICY END CATEGORY CATEGORY !!UserExperience #if version >= 4 EXPLAIN !!Explain_UserExperience #endif ; ; Remotely define the ICA Client Audio Settings ; POLICY !!Policy_Audio KEYNAME "Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Audio" EXPLAIN !!Explain_Audio PART !!Part_Audio_Enabled CHECKBOX DEFCHECKED VALUENAME "ClientAudio" VALUEON "true,false" VALUEOFF "false" END PART PART !!Part_Audio_Quality DROPDOWNLIST VALUENAME "AudioBandwidthLimit" ITEMLIST NAME "High" VALUE "0-" NAME "Medium" VALUE "1-" DEFAULT NAME "Low" VALUE "2-" END ITEMLIST END PART END POLICY ; ; Remotely define Display settings Settings ; POLICY !!Policy_Graphics KEYNAME "Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Thinwire Graphics" EXPLAIN !!Explain_Graphics PART !!Part_Graphics_ColorDepth DROPDOWNLIST VALUENAME "DesiredColor" ITEMLIST NAME "16 colors" VALUE "1" NAME "8-bit color" VALUE "2" NAME "16-bit color" VALUE "4" NAME "24-bit color" VALUE "5" DEFAULT END ITEMLIST END PART PART !!Part_Graphics_DiskCache CHECKBOX VALUENAME "PersistentCacheEnabled" VALUEON "*" VALUEOFF "false" END PART PART !!Part_Graphics_ImageAcceleration CHECKBOX DEFCHECKED VALUENAME "SpeedScreenIA" VALUEON "*" VALUEOFF "false" END PART PART !!Part_Graphics_SpeedScreenBrowser CHECKBOX DEFCHECKED VALUENAME "SpeedScreenBA" VALUEON "*" VALUEOFF "false" END PART PART !!Part_Graphics_SpeedScreenBrowserCompression CHECKBOX DEFCHECKED VALUENAME "SpeedScreenBACompressionEnabled" VALUEON "*" VALUEOFF "false" END PART PART !!Part_Graphics_SpeedScreenMultimedia CHECKBOX DEFCHECKED KEYNAME "Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Multimedia" VALUENAME "SpeedScreenMMA" VALUEON "*" VALUEOFF "false" END PART PART !!Part_Graphics_ZeroLatencyKeyboard CHECKBOX DEFCHECKED KEYNAME "Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Zero Latency" VALUENAME "ZLKeyboardMode" VALUEON "2,1,0" VALUEOFF "0" END PART PART !!Part_Graphics_ZeroLatencyMouse CHECKBOX DEFCHECKED KEYNAME "Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Zero Latency" VALUENAME "ZLMouseMode" VALUEON "2,1,0" VALUEOFF "0" END PART END POLICY ; ; Remotely define Display settings Settings ; POLICY !!Policy_Display KEYNAME "Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Thinwire Graphics" EXPLAIN !!Explain_Display PART !!Part_Display_Seamless COMBOBOX KEYNAME "Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Seamless Windows" VALUENAME "TWIMode" SUGGESTIONS "True" "False" END SUGGESTIONS END PART PART !!Part_Display_Width COMBOBOX VALUENAME "DesiredHRES" SUGGESTIONS "1024-" "800-" END SUGGESTIONS END PART PART !!Part_Display_Height COMBOBOX VALUENAME "DesiredVRES" SUGGESTIONS "734-" "600-" END SUGGESTIONS END PART PART !!Part_Display_Percent DROPDOWNLIST VALUENAME "ScreenPercent" ITEMLIST NAME "" VALUE "0" DEFAULT NAME "50%" VALUE "50" NAME "75%" VALUE "75%" NAME "Other" VALUE "" END ITEMLIST END PART PART !!Part_Display_FullScreen CHECKBOX VALUENAME "TWIFullScreenMode" VALUEON "true" VALUEOFF "*" END PART END POLICY ; ; Remotely define Display settings Settings ; POLICY !!Policy_PublishedApplications KEYNAME "Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Application Launching" EXPLAIN !!Explain_PublishedApplications PART !!Part_PublishedApplications_InitialProgram COMBOBOX VALUENAME "InitialProgram" SUGGESTIONS "#Notepad" "#*" END SUGGESTIONS END PART PART !!Part_PublishedApplications_SessionSharing CHECKBOX DEFCHECKED KEYNAME "Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Session Sharing" VALUENAME "EnableSessionSharing" VALUEON "*" VALUEOFF "false" END PART END POLICY END CATEGORY END CATEGORY END CATEGORY CLASS USER CATEGORY !!Citrix #if version >= 4 EXPLAIN !!Explain_Citrix #endif CATEGORY !!ICAClient #if version >= 4 EXPLAIN !!Explain_ICAClient #endif ; ; Remotely disable the ICA Client. ; POLICY !!Policy_EnableICAClient EXPLAIN !!Explain_EnableICAClient KEYNAME "Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions" PART !!Part_EnableICAClient_Enable CHECKBOX DEFCHECKED VALUENAME "AllowConnection" VALUEON NUMERIC 1 VALUEOFF NUMERIC 0 END PART PART !!Part_EnableICAClient_Minimum NUMERIC VALUENAME "Version Minimum" MIN 10000 MAX 100000 DEFAULT 10000 END PART END POLICY POLICY "Configure Program Neighborhood Agent Connection" KEYNAME "Software\Citrix\PNAgent" PART !!Config_PNAgent_URL EDITTEXT DEFAULT "https://servername/Citrix/PNAgent/config.xml" VALUENAME "ServerURL" END PART END POLICY CATEGORY !!Network #if version >= 4 EXPLAIN !!Explain_Network #endif CATEGORY !!Proxy #if version >= 4 EXPLAIN !!Explain_Proxy #endif ; ; Remotely define which proxy to use. ; POLICY !!Policy_ProxyLockdown KEYNAME "Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy" EXPLAIN !!Explain_ProxyLockdown PART !!Part_Proxy_ProxyTypeLockdown COMBOBOX VALUENAME "ProxyType" SUGGESTIONS "Auto" "None" "SOCKS" "SOCKSv4" "SOCKSv5" "Secure" "Script" END SUGGESTIONS END PART PART !!Part_Proxy_ProxyHostLockdown EDITTEXT VALUENAME "ProxyHost" END PART PART !!Part_Proxy_ProxyPortLockdown EDITTEXT VALUENAME "ProxyPort" END PART PART !!Part_Proxy_ProxyAutoConfigUrlLockdown EDITTEXT VALUENAME "ProxyAutoConfigUrl" END PART PART !!Part_Proxy_ProxyBypassListLockdown EDITTEXT VALUENAME "ProxyBypassList" END PART END POLICY ; ; Remotely define which Alternate proxy to use ; POLICY !!Policy_AltProxyLockdown KEYNAME "Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy" EXPLAIN !!Explain_AltProxyLockdown PART !!Part_AltProxy_ProxyTypeLockdown COMBOBOX VALUENAME "AltProxyType" SUGGESTIONS "Auto" "None" "SOCKS" "SOCKSv4" "SOCKSv5" "Secure" "Script" END SUGGESTIONS END PART PART !!Part_AltProxy_ProxyHostLockdown EDITTEXT VALUENAME "AltProxyHost" END PART PART !!Part_AltProxy_ProxyPortLockdown EDITTEXT VALUENAME "AltProxyPort" END PART PART !!Part_AltProxy_ProxyAutoConfigUrlLockdown EDITTEXT VALUENAME "AltProxyAutoConfigUrl" END PART PART !!Part_AltProxy_ProxyBypassListLockdown EDITTEXT VALUENAME "AltProxyBypassList" END PART PART !!Part_AltProxy_ProxyFallbackLockdown COMBOBOX VALUENAME "ProxyFallback" SUGGESTIONS "false" "true" END SUGGESTIONS END PART END POLICY ; ; Remotely define which proxy to use. ; POLICY !!Policy_ProxySocks KEYNAME "Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy" EXPLAIN !!Explain_ProxySocks PART !!Part_ProxySocks_Version DROPDOWNLIST VALUENAME "ICASOCKSProtocolVersion" ITEMLIST NAME "Disabled" VALUE "-1,default" DEFAULT NAME "Detect version" VALUE "0,4,5" NAME "SOCKS v4" VALUE "4" NAME "SOCKS v5" VALUE "5" END ITEMLIST END PART PART !!Part_ProxySocks_ProxyHostLockdown EDITTEXT VALUENAME "ICASOCKSProxyHost" END PART PART !!Part_ProxySOCKS_ProxyPortLockdown EDITTEXT VALUENAME "ICASOCKSProxyPortNumber" END PART END POLICY ; ; Remotely define which proxy to use. ; POLICY !!Policy_ProxyAuthentication KEYNAME "Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy" EXPLAIN !!Explain_ProxyAuthentication PART !!Policy_ProxyExplicitAuthenticationEnabled CHECKBOX DEFCHECKED VALUENAME "ProxyAuthenticationPrompt" VALUEON "*" VALUEOFF "false" END PART PART !!Policy_ProxyBasicAuthenticationEnabled CHECKBOX DEFCHECKED VALUENAME "ProxyAuthenticationBasic" VALUEON "*" VALUEOFF "false" END PART PART !!Policy_ProxyNTLMAuthenticationEnabled CHECKBOX DEFCHECKED VALUENAME "ProxyAuthenticationNTLM" VALUEON "*" VALUEOFF "false" END PART PART !!Part_Proxy_Socks5User EDITTEXT VALUENAME "ProxyUsername" END PART PART !!Part_Proxy_Socks5Password EDITTEXT VALUENAME "ProxyPassword" END PART END POLICY END CATEGORY ; ; Remotely define SSL Settings ; POLICY !!Policy_SSLLockdown KEYNAME "Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\SSL" EXPLAIN !!Explain_SSLLockdown PART !!Part_SSL_EnabledLockdown CHECKBOX DEFCHECKED VALUENAME "SSLEnable" VALUEON "true" VALUEOFF "*" END PART PART !!Part_SSL_SSLProxyHostLockdown COMBOBOX VALUENAME "SSLProxyHost" SUGGESTIONS "*:443" END SUGGESTIONS END PART PART !!Part_SSL_SSLProtocolLockdown DROPDOWNLIST VALUENAME "SecureChannelProtocol" ITEMLIST NAME "Detect version" VALUE "" DEFAULT NAME "TLS v1.0" VALUE "TLS" NAME "SSL v3.0" VALUE "SSL" END ITEMLIST END PART PART !!Part_SSL_CiphersuiteLockdown DROPDOWNLIST VALUENAME "SSLCiphers" ITEMLIST NAME "Detect version" VALUE "" DEFAULT NAME "Government" VALUE "GOV" NAME "Commercial" VALUE "COM" END ITEMLIST END PART PART !!Part_SSL_RevocationLockdown DROPDOWNLIST VALUENAME "SSLCertificateRevocationCheckPolicy" ITEMLIST NAME "Default" VALUE "" DEFAULT NAME "Disabled" VALUE "NoCheck" NAME "Only check locally stored CRLs" VALUE "CheckNoNetworkAccess" NAME "Retrieve CRLs from network" VALUE "FullAccessCheck" NAME "Require CRLs for connection" VALUE "FullAccessCheckAndCrlRequired" END ITEMLIST END PART END POLICY ; ; Remotely configure the Client Selective Trust feature. ; POLICY !!Policy_ConfigureClientSelectiveTrust EXPLAIN !!Explain_ConfigureClientSelectiveTrust KEYNAME "Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\ClientSelectiveTrust" PART !!Part_EnableClientSelectiveTrust CHECKBOX DEFCHECKED VALUENAME "EnableClientSelectiveTrust" VALUEON "true" VALUEOFF "*" END PART END POLICY ; ; Remotely enable Auto Client Reconnect. ; POLICY !!Policy_ClientAutoReconnect EXPLAIN !!Explain_ClientAutoReconnect KEYNAME "Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Reconnection" PART !!Part_ClientAutoReconnect_Reconnect CHECKBOX DEFCHECKED VALUENAME "TransportReconnectEnabled" VALUEON "*" VALUEOFF "false" END PART PART !!Part_ClientAutoReconnect_CGP CHECKBOX DEFCHECKED KEYNAME "Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\CGP" VALUENAME "CGPAddress" VALUEON "" VALUEOFF "0.0.0.0" END PART PART !!Part_ClientAutoReconnect_Attempts EDITTEXT VALUENAME "TransportReconnectRetries" END PART PART !!Part_ClientAutoReconnect_Delay EDITTEXT VALUENAME "TransportReconnectDelay" END PART END POLICY END CATEGORY CATEGORY !!Authentication #if version >= 4 EXPLAIN !!Explain_Authentication #endif ; ; Remotely define smartcard Settings ; For Windows 2000 servers, use DisableCtrlAltDel=false ; POLICY !!Policy_Smartcard EXPLAIN !!Explain_Smartcard KEYNAME "Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Smartcard" VALUENAME "SmartCardAllowed" VALUEON "*" VALUEOFF "false" PART !!Part_Smartcard_Enable CHECKBOX DEFCHECKED VALUENAME "SmartCardAllowed" VALUEON "*" VALUEOFF "false" END PART PART !!Part_SmartcardPin_Enable CHECKBOX KEYNAME "Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Smartcard" VALUENAME "DisableCtrlAltDel" VALUEON "true,false" VALUEOFF "*" ACTIONLISTON KEYNAME "Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon\Local Credentials" VALUENAME "SSOnUserSetting" VALUE "true,false" KEYNAME "Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon\Local Credentials" VALUENAME "UseLocalUserAndPassword" VALUE "true,false" KEYNAME "Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon\Local Credentials" VALUENAME "EnableSSOnThruICAFile" VALUE "true" END ACTIONLISTON END PART END POLICY ; ; Remotely define logon Settings ; POLICY !!Policy_KerberosLockdown EXPLAIN !!Explain_KerberosLockdown KEYNAME "Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon\Kerberos" VALUENAME "SSPIEnabled" VALUEON "true,false" VALUEOFF "false" ACTIONLISTON KEYNAME "Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon\Local Credentials" VALUENAME "SSOnUserSetting" VALUE "true,false" KEYNAME "Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon\Local Credentials" VALUENAME "EnableSSOnThruICAFile" VALUE "true" END ACTIONLISTON END POLICY ; ; Remotely define Logon Settings ; POLICY !!Policy_LocalCredentialsLockdown EXPLAIN !!Explain_LocalCredentialsLockdown KEYNAME "Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon\Local Credentials" VALUENAME "UseLocalUserAndPassword" VALUEON "true,false" VALUEOFF "false" ACTIONLISTON KEYNAME "Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon\Local Credentials" VALUENAME "SSOnUserSetting" VALUE "true,false" KEYNAME "Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon\Local Credentials" VALUENAME "EnableSSOnThruICAFile" VALUE "true" END ACTIONLISTON PART !!Part_LocalCredentialsLockdown_Enable CHECKBOX DEFCHECKED VALUENAME "UseLocalUserAndPassword" VALUEON "true,false" VALUEOFF "false" END PART PART !!Part_NovellCredentials CHECKBOX VALUENAME "SSOnCredentialType" VALUEON "NDS" VALUEOFF "Any,NT,NDS" END PART END POLICY ; ; Remotely define Logon Settings ; POLICY !!Policy_SavedCredentialsLockdown EXPLAIN !!Explain_SavedCredentialsLockdown KEYNAME "Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon\Saved Credentials" PART !!Part_SavedCredentialsLockdown_Enable CHECKBOX DEFCHECKED VALUENAME "Password" VALUEON "" VALUEOFF "xxxxxxxxx" END PART PART !!Part_SavedCredentialsLockdown_Username EDITTEXT VALUENAME "Username" END PART PART !!Part_SavedCredentialsLockdown_Domain EDITTEXT VALUENAME "Domain" END PART END POLICY ; ; Remotely define Logon Settings ; POLICY !!Policy_WITicket EXPLAIN !!Explain_WITicket KEYNAME "Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon\Saved Credentials" PART !!Part_WITicket_Legacy_Enable CHECKBOX DEFCHECKED VALUENAME "ClearPassword" VALUEON "" VALUEOFF "xxxxxxxxx" END PART PART !!Part_WITicket_LogonTicket_Enable CHECKBOX DEFCHECKED KEYNAME "Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon\Ticket" VALUENAME "LogonTicket" VALUEON "" VALUEOFF "xxxxxxxxx" END PART END POLICY END CATEGORY CATEGORY !!VirtualChannels #if version >= 4 EXPLAIN !!Explain_VirtualChannels #endif ; ; Remotely define Drive Mapping options ; POLICY !!Policy_EnableDriveMapping EXPLAIN !!Explain_EnableDriveMapping KEYNAME "Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Drives" PART !!Part_EnableDriveMappingCheckbox CHECKBOX DEFCHECKED VALUENAME "CDMAllowed" VALUEON "true,false" VALUEOFF "false" END PART PART !!Part_EnableDriveMappingReadonly CHECKBOX VALUENAME "CDMReadOnly" VALUEON "true" VALUEOFF "false,true" END PART PART !!Part_EnableDriveMappingDisableDrives COMBOBOX VALUENAME "DisableDrives" SUGGESTIONS "C" "ABCDEFGHIJKLMNOPQRSTUVWXYZ" END SUGGESTIONS END PART END POLICY ; ; Remotely define Printer Settings ; POLICY !!Policy_EnablePrinterMapping EXPLAIN !!Explain_EnablePrinterMapping KEYNAME "Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Printing" VALUENAME "VSLAllowed" VALUEON "true,false" VALUEOFF "false" END POLICY ; ; Remotely define Hardware device access ; POLICY !!Policy_LocalPort EXPLAIN !!Explain_LocalPort KEYNAME "Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Serial Port" ACTIONLISTOFF KEYNAME "Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Serial Port" VALUENAME "COMAllowed" VALUE "false" KEYNAME "Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Serial Port" VALUENAME "VirtualCOMPortEmulation" VALUE "false" KEYNAME "Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Printing" VALUENAME "CPMAllowed" VALUE "false" END ACTIONLISTOFF PART !!Part_EnableSerialPortCheckbox CHECKBOX KEYNAME "Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Serial Port" DEFCHECKED VALUENAME "COMAllowed" VALUEON "true,false" VALUEOFF "false" END PART PART !!Part_EnableVirtualSerialPortCheckbox CHECKBOX KEYNAME "Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Serial Port" DEFCHECKED VALUENAME "VirtualCOMPortEmulation" VALUEON "true,false" VALUEOFF "false" END PART PART !!Part_EnableParallelPortCheckbox CHECKBOX KEYNAME "Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Printing" DEFCHECKED VALUENAME "CPMAllowed" VALUEON "true,false" VALUEOFF "false" END PART END POLICY ; ; Remotely define Printer Settings ; POLICY !!Policy_ImageCapture EXPLAIN !!Explain_ImageCapture KEYNAME "Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Image Capture" VALUENAME "TWAINAllowed" VALUEON "true,false" VALUEOFF "false" END POLICY ; ; Remotely define Bidirectional Audio Settings ; POLICY !!Policy_SpeechMike EXPLAIN !!Explain_SpeechMike KEYNAME "Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Audio" VALUENAME "EnableAudioInput" VALUEON "true,false" VALUEOFF "false" ACTIONLISTOFF KEYNAME "Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\SpeechMike" VALUENAME "EnableSpeechMike" VALUE "false" END ACTIONLISTOFF PART !!Part_BiDiAudio_Enable CHECKBOX DEFCHECKED VALUENAME "EnableAudioInput" VALUEON "true,false" VALUEOFF "false" END PART PART !!Part_SpeechMike_Enable CHECKBOX DEFCHECKED KEYNAME "Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\SpeechMike" VALUENAME "EnableSpeechMike" VALUEON "true,false" VALUEOFF "false" END PART END POLICY ; ; Remotely define Clipboard Settings ; POLICY !!Policy_Clipboard EXPLAIN !!Explain_Clipboard KEYNAME "Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Clipboard" VALUENAME "ClipboardAllowed" VALUEON "true,false" VALUEOFF "false" END POLICY END CATEGORY CATEGORY !!UserExperience #if version >= 4 EXPLAIN !!Explain_UserExperience #endif ; ; Remotely define the ICA Client Audio Settings ; POLICY !!Policy_Audio KEYNAME "Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Audio" EXPLAIN !!Explain_Audio PART !!Part_Audio_Enabled CHECKBOX DEFCHECKED VALUENAME "ClientAudio" VALUEON "true,false" VALUEOFF "false" END PART PART !!Part_Audio_Quality DROPDOWNLIST VALUENAME "AudioBandwidthLimit" ITEMLIST NAME "High" VALUE "0-" NAME "Medium" VALUE "1-" DEFAULT NAME "Low" VALUE "2-" END ITEMLIST END PART END POLICY ; ; Remotely define Display settings Settings ; POLICY !!Policy_Graphics KEYNAME "Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Thinwire Graphics" EXPLAIN !!Explain_Graphics PART !!Part_Graphics_ColorDepth DROPDOWNLIST VALUENAME "DesiredColor" ITEMLIST NAME "16 colors" VALUE "1" NAME "8-bit color" VALUE "2" NAME "16-bit color" VALUE "4" NAME "24-bit color" VALUE "5" DEFAULT END ITEMLIST END PART PART !!Part_Graphics_DiskCache CHECKBOX VALUENAME "PersistentCacheEnabled" VALUEON "*" VALUEOFF "false" END PART PART !!Part_Graphics_ImageAcceleration CHECKBOX DEFCHECKED VALUENAME "SpeedScreenIA" VALUEON "*" VALUEOFF "false" END PART PART !!Part_Graphics_SpeedScreenBrowser CHECKBOX DEFCHECKED VALUENAME "SpeedScreenBA" VALUEON "*" VALUEOFF "false" END PART PART !!Part_Graphics_SpeedScreenBrowserCompression CHECKBOX DEFCHECKED VALUENAME "SpeedScreenBACompressionEnabled" VALUEON "*" VALUEOFF "false" END PART PART !!Part_Graphics_SpeedScreenMultimedia CHECKBOX DEFCHECKED KEYNAME "Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Multimedia" VALUENAME "SpeedScreenMMA" VALUEON "*" VALUEOFF "false" END PART PART !!Part_Graphics_ZeroLatencyKeyboard CHECKBOX DEFCHECKED KEYNAME "Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Zero Latency" VALUENAME "ZLKeyboardMode" VALUEON "2,1,0" VALUEOFF "0" END PART PART !!Part_Graphics_ZeroLatencyMouse CHECKBOX DEFCHECKED KEYNAME "Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Zero Latency" VALUENAME "ZLMouseMode" VALUEON "2,1,0" VALUEOFF "0" END PART END POLICY ; ; Remotely define Display settings Settings ; POLICY !!Policy_Display KEYNAME "Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Thinwire Graphics" EXPLAIN !!Explain_Display PART !!Part_Display_Seamless COMBOBOX KEYNAME "Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Seamless Windows" VALUENAME "TWIMode" SUGGESTIONS "True" "False" END SUGGESTIONS END PART PART !!Part_Display_Width COMBOBOX VALUENAME "DesiredHRES" SUGGESTIONS "1024-" "800-" END SUGGESTIONS END PART PART !!Part_Display_Height COMBOBOX VALUENAME "DesiredVRES" SUGGESTIONS "734-" "600-" END SUGGESTIONS END PART PART !!Part_Display_Percent DROPDOWNLIST VALUENAME "ScreenPercent" ITEMLIST NAME "" VALUE "0" DEFAULT NAME "50%" VALUE "50" NAME "75%" VALUE "75%" NAME "Other" VALUE "" END ITEMLIST END PART PART !!Part_Display_FullScreen CHECKBOX VALUENAME "TWIFullScreenMode" VALUEON "true" VALUEOFF "*" END PART END POLICY ; ; Remotely define Display settings Settings ; POLICY !!Policy_PublishedApplications KEYNAME "Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Application Launching" EXPLAIN !!Explain_PublishedApplications PART !!Part_PublishedApplications_InitialProgram COMBOBOX VALUENAME "InitialProgram" SUGGESTIONS "#Notepad" "#*" END SUGGESTIONS END PART PART !!Part_PublishedApplications_SessionSharing CHECKBOX DEFCHECKED KEYNAME "Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Session Sharing" VALUENAME "EnableSessionSharing" VALUEON "*" VALUEOFF "false" END PART END POLICY END CATEGORY END CATEGORY END CATEGORY [strings] Config_PNAgent_URL="Set Program Neighborhood Agent Path" ; ; Group Policy Directory Structure ; Citrix="Citrix Components" Explain_Citrix="The group policies in this folder can be used to manage your Citrix Systems Access Infrastructure." ICAClient="Presentation Server Client" Explain_ICAClient="The Citrix Presentation Server Client is used to connect to remote applications and desktops in server farms." Network="Network routing" Explain_Network="These policies can be used to control how the Citrix Presentation Server Client routes its connections to a server farm." Authentication="User authentication" Explain_Authentication="These policies control how the Citrix Presentation Server Client authenticates its user to a remote application or desktop." VirtualChannels="Remoting client devices" Explain_VirtualChannels="These policies control how the server accesses client machine resources. The Citrix Presentation Server Client can be configured to allow remote applications to use disk-drives, printers, etc. as if running on the client machine." UserExperience="User experience" Explain_UserExperience="The Citrix Presentation Server Client can be configured to interact with client machine applications in different ways. These settings can be used to control how client machines present remote applications and desktops to the user." Proxy="Proxy" Explain_Proxy="The Citrix Presentation Server Client can be configured to use specific proxy routing for remote application and desktops. These settings allow client proxies to be configured independently of other programs on the client machine." ; ; Top Level Policies ; Policy_EnableICAClient="Allow client connections" Explain_EnableICAClient="Use this policy to enable or completely disable connections from the Citrix Presentation Server client. \n\nWhen this policy is not configured, the client will allow connection to servers. \n\nWhen this policy is enabled, the client will only connect to a server if the "Enable client" option is selected, and if its version number is greater or equal to the "Minimum client version". \n\nWhen the policy is disabled, the client will not allow connections to any servers. \n\n\nTroubleshooting:\nIf a connection is refused because the client is not enabled, the error message " ERROR: Cannot connect to the Citrix Presentation Server. The Server (…) is not trusted for ICA connections. Connections to the (All Regions) Region are not allowed by lockdown settings. Please contact your administrator." appears. \n\nIf the client does not allow a connection because the version number is too low, the error message "Error number 2321: ICA Client Configuration Manager: The ICA Client version is too low to run using the installed configuration data." appears." Part_EnableICAClient_Enable="Enable client" Part_EnableICAClient_Minimum="Minimum client version" ; ; Network Policies ; ; ; Proxy Policies ; Policy_ProxyLockdown="Configure client proxy settings" Explain_ProxyLockdown="Use this policy to configure the primary network proxies that the client can use when connecting to a remote application or desktop. \n\nWhen this policy is not configured, the client will use its own settings to decide whether to connect through a proxy server. \n\nWhen this policy is enabled, the client will use the proxy configured based on the proxy type selected:\n\nProxy type: None\n\nWhen "None" is selected, the client will attempt to connect to the server directly without traversing a proxy server.\n\nProxy type: Auto\n\nWhen "Auto" is selected, the client will use the local machine settings to determine which proxy server to use for a connection. This is usually the settings used by the Web browser installed on the machine.\n\nProxy type: Script\n\nWhen "Script" is selected, the client will retrieve a JavaScript based ".pac" file from the URL specified in the "Proxy script URLs" policy option. The ".pac" file is executed to identify which proxy server should be used for the connection.\n\nProxy type: Secure\n\nWhen "Secure" is selected, the client will contact the proxy identified by the "Proxy host names" and "Proxy ports" settings. The negotiation protocol will use a "HTTP CONNECT" header request specifying the desired destination address. This proxy protocol is commonly used for HTTP based traffic, and supports GSSAPI proxy authentication.\n\nProxy Type: SOCKS/SOCKS V4/SOCKS V5\n\nWhen a "SOCKS" proxy is selected, the client will perform a SOCKS V4 or SOCKS V5 handshake to the proxy identified by the "Proxy hostnames" and "Proxy ports" settings. The "SOCKS" option will detect and use the correct version of Socks.\n\n\nFor any proxy type, you can provide a list of servers that do not traverse the proxy. These should be placed in the "Bypass server list".\n\n\nTroubleshooting:\nSome client platforms do not support the "Auto" proxy type due to operating system limitations. See the appropriate Administrator's Guide for details. For these platforms, the proxy settings should be manually set on the client device. \n\nWhen configuring the Web Interface server, an appropriate proxy server can be indicated for the particular location of the client. When configuring proxies via Group Policy, it is important to avoid overriding these settings. Where multiple proxies can be chosen, simply use a comma-separated list of options with the first being the default. \n\nMost Intranet client deployments should use the "None" option for the proxy type, otherwise the client may attempt to connect over the Internet. For more advanced deployments the "Bypass server list" option can be used, alternatively ".pac" scripts or Trusted Server Configuration are available to suit the network topology. \n\nSome proxy servers will automatically disconnect connections that are idle for a certain length of time. This can cause client sessions to be disconnected when not in use. A server-side option "ICA Keep-Alive" is available to send extra data packets during periods of inactivity that can be used prevent proxies closing connections." Part_Proxy_ProxyTypeLockdown="Proxy types" Part_Proxy_ProxyHostLockdown="Proxy host names" Part_Proxy_ProxyPortLockdown="Proxy ports" Part_Proxy_ProxyAutoConfigUrlLockdown="Proxy script URLs" Part_Proxy_ProxyBypassListLockdown="Bypass server list" ; ; AltProxy Policies ; Policy_AltProxyLockdown="Configure client failover proxy settings" Explain_AltProxyLockdown="Use this policy to configure alternative network proxies that the client can use if the primary network proxy fails to connect to a remote application or desktop. \n\nWhen this policy is not configured, the client will use its own settings to decide whether to connect through a proxy server. \n\nWhen this policy is enabled, the client will attempt a connection using an alternative proxy if connection to a primary proxy fails. The failover proxy settings operate in an identical fashion to the primary proxy settings. \n\nIf both the primary and alternative proxy fail to service the connection, selecting the "Failover to direct" check box instructs the client to attempt a final direct connection with no proxies.\n\n\nTroubleshooting:\nSome proxy failures can make the client appear to hang on connection. This is usually due to the proxy server reattempting the connection itself, or having a long time-out period. Depending on the network topology, it may be preferable to configure the Web Interface server to identify the currently functioning proxy, or alter the proxy server time-out settings." Part_AltProxy_ProxyTypeLockdown="Proxy types" Part_AltProxy_ProxyHostLockdown="Proxy host names" Part_AltProxy_ProxyPortLockdown="Proxy ports" Part_AltProxy_ProxyAutoConfigUrlLockdown="Proxy script URLs" Part_AltProxy_ProxyBypassListLockdown="Bypass server list" Part_AltProxy_ProxyFallbackLockdown="Failover to direct" ; ; SOCKS Proxy Policies ; Policy_ProxySocks="Configure SOCKS proxy settings" Explain_ProxySocks="Use this policy to configure the use of additional SOCKS proxies that are required for some advanced network topologies. \n\nWhen enabled, the client will examine the "SOCKS protocol version" setting. If connection via SOCKS is not disabled, the client will attempt to connect using the SOCKS proxy specified by the "Proxy host names" and "Proxy ports" settings. \n\nThe client supports connections using either SOCKS v4 or SOCKS v5 proxy servers. Alternatively, it can attempt to automatically detect the version being used by the proxy server. \n\n\nTroubleshooting:\nThe SOCKS proxy settings are designed for traversing a proxy in addition to the primary or alternative proxy server. When traversing only a single proxy, these SOCKS proxy settings should be disabled." Part_ProxySocks_Version="SOCKS protocol version" Part_ProxySocks_ProxyHostLockdown="Proxy host names" Part_ProxySOCKS_ProxyPortLockdown="Proxy ports" ; ; Proxy Authentication Policies ; Policy_ProxyAuthentication="Configure proxy authentication" Explain_ProxyAuthentication="Use this policy to control the authentication mechanisms that the client uses when connecting to a proxy server. Authenticating proxy servers can be used to monitor data traffic in large network deployments. \n\nIn general, authentication is handled by the operating system but in some scenarios, the user may be provided with a specific user name and password. To prevent the user from being specifically prompted for these credentials, clear the "Prompt user for credentials" check box. This will force the client to attempt an anonymous connection. Alternatively, you can configure the client to connect using credentials passed to it by the Web Interface server, or these can be explicitly specified via Group Policy using the "Explicit user name" and "Explicit password" options. \n\n\nTroubleshooting:\nIn general NTLM proxy authentication will be performed under the control of the Domain Controller, and cannot be controlled by the client. Both client and proxy will need to be configured with the appropriate domain level trust relations. \n\nProxy authentication cannot be linked to the pass-through authentication feature of the client. In general, the proxy password will be unrelated to users' passwords." Policy_ProxyExplicitAuthenticationEnabled="Prompt user for credentials" Policy_ProxyBasicAuthenticationEnabled="Allow clear text authentication" Policy_ProxyNTLMAuthenticationEnabled="Allow NTLM hash authentication" Part_Proxy_Socks5User="Explicit user name" Part_Proxy_Socks5Password="Explicit password" ; ; Network Policies ; ; ; Client Reconnect and CGP Policies ; Policy_ClientAutoReconnect="Session reliability and automatic reconnection" Explain_ClientAutoReconnect="Use this policy to control how the client behaves when a network failure causes the connection to be dropped. \n\nWhen this policy is enabled, the client will attempt to reconnect to a server only if "Enable reconnection" is selected. By default three reconnection attempts are made, but this can be altered using the "Number of retries" setting. Similarly the delay between retries can be altered from the default of 30 seconds using the "Retry delay" setting. \n\nA separate setting, "Enable SSL/TLS reconnection", is provided to allow reconnection to an SSL/TLS server. Support for this setting depends on the SSL server configuration. \n\n\nTroubleshooting:\nSome proxy servers will automatically disconnect connections that are idle for a certain length of time. This can cause client sessions to be disconnected when not in use. A server-side option "ICA Keep-Alive" is available to send extra data packets during periods of inactivity that can be used prevent proxies from closing connections." Part_ClientAutoReconnect_Reconnect="Enable reconnection" Part_ClientAutoReconnect_CGP="Enable SSL/TLS reconnection" Part_ClientAutoReconnect_Attempts="Number of retries" Part_ClientAutoReconnect_Delay="Retry delay (seconds)" ; ; SSL/TLS Policies ; Policy_SSLLockdown="TLS/SSL data encryption and server identification" Explain_SSLLockdown="Use this policy to configure the TLS/SSL options that help to ensure that the client connects to genuine remote applications and desktops. TLS and SSL encrypt the transferred data to prevent third-parties viewing or modifying the data traffic. Citrix recommends that any connections over untrusted networks use TLS/SSL or another encryption solution with at least the same level of protection.\n\nWhen this policy is enabled, the client will apply these settings to all TLS/SSL connections performed by the client. The checkbox "Require SSL for all connections" can be used to force the client to use the TLS or SSL protocol for all connections that it performs.\n\nTLS and SSL identify remote servers by the common name on the security certificate sent by the server during connection negotiation. Usually the common name is the DNS name of the server, for example www.citrix.com. It is possible to restrict the common names to which the client will connect by specifying a comma-separated list in the "Allowed SSL servers" setting. Note that a wildcard address, for example "*.citrix.com:443", will match all common names that end with ".citrix.com". The information contained in a certificate is guaranteed to be correct by the certificate's issuer.\n\nSome security policies have requirements related to the exact choice of cryptography used for a connection. By default the client will automatically select either TLS v1.0 or SSL v3.0 (with preference for TLS v1.0) depending on what the server supports. This can be restricted to only TLS v1.0 or SSL v3.0 using the "SSL/TLS version" setting.\n\nSimilarly, certain security policies have requirements relating to the cryptographic ciphersuites used for a connection. By default the client will automatically negotiate a suitable ciphersuite from the five listed below. If necessary, it is possible to restrict to just the ciphersuites in one of the two lists.\n\nGovernment Ciphersuites:\n TLS_RSA_WITH_AES_256_CBC_SHA\n TLS_RSA_WITH_3DES_EDE_CBC_SHA\n\nCommercial Ciphersuites:\n TLS_RSA_WITH_AES_128_CBC_SHA\n TLS_RSA_WITH_RC4_128_SHA\n TLS_RSA_WITH_RC4_128_MD5\n\n\nCertificate Revocation List (CRL) checking is an advanced feature supported by some certificate issuers. It allows security certificates to be revoked (invalidated before their expiry date) in the case of cryptographic compromise of the certificate private key, or simply an unexpected change in DNS name.\n\nValid CRLs must be downloaded periodically from the certificate issuer and stored locally. This can be controlled through the selection made in "CRL verification"\n\nDisabled:\n\nWhen "Disabled" is selected, no CRL checking will be performed.\n\n\nOnly check locally stored CRLs:\n\nWhen "Only check locally stored CRLs" is selected, any CRLs that have been previously installed or downloaded will be used in certificate validation. If a certificate is found to be revoked, the connection will fail.\n\n\nRetrieve CRLs from network:\n\nWhen "Retrieve CRLs from network" is selected, the client will attempt to retrieve CRLs from the relevant certificate issuers. If a certificate is found to be revoked, the connection will fail.\n\n\nRequire CRLs for connection:\n\nWhen "Require CRLs for connection" is selected, the client will attempt to retrieve CRLs from the relevant certificate issuers. If a certificate is found to be revoked, the connection will fail. If the client is unable to retrieve a valid CRL, the connection will fail.\n\n\nTroubleshooting:\nError Message: "SSL Error 61: You have not chosen to trust "" the issuer of the server's security certificate". The common name and other information on a security certificate is guaranteed to be accurate by the certificate's issuer. For a connection to be successful, the client must trust the certificate's issuer to make that guarantee.\n\nError Message: "SSL Error 59: The server sent a security certificate identifying 'xxx'. The SSL connection was to 'yyy'". The common name did not match the server the client was expecting to connect to." Part_SSL_EnabledLockdown="Require SSL for all connections" Part_SSL_SSLProxyHostLockdown="Allowed SSL servers" Part_SSL_SSLProtocolLockdown="SSL/TLS version" Part_SSL_CiphersuiteLockdown="SSL ciphersuite" Part_SSL_RevocationLockdown="CRL verification" ; ; Client Selective Trust Policy ; Policy_ConfigureClientSelectiveTrust="Configure trusted server configuration" Explain_ConfigureClientSelectiveTrust="Use this policy to control how the client identifies the published application or desktop it is connecting to. The client will determine a trust level, called a "trust region" with a connection. The trust region will then determine how the client is configured for the connection. \n\nWhen this policy is enabled, the client can be forced to perform region identification using the "Enforce trusted server configuration" option. \n\nBy default, region identification is based on the address of the server the client is connecting to. To be a member of the trusted region, the server must be a member of the Windows Trusted Sites zone. You can configure this using the "Windows Internet zone" setting. \n\nAlternatively, for compatibility with non-Windows clients, the server address can be specifically trusted using the "Address" setting. This is a comma-separated list of servers supporting the use of wildcards, for example, cps*.citrix.com. \n\n\nTroubleshooting:\nIn the default configuration, when trusted server configuration prevents the client from connecting, the following error message is displayed:\n\n " ERROR: Cannot connect to the Citrix Presentation Server. The server (xxx) is not trusted for ICA connections. Connections to the (Untrusted Region) Region are not allowed by lockdown settings. Please contact your administrator."\n\nThe server identified in the "xxx" must be added to the Windows Trusted Sites zone (as either http:// or https:// for SSL connections) for the connection to succeed. \n\nNote that for SSL connections, the certificate common name must be trusted. For non-SSL connections all servers that are contacted must be individually trusted. This means that when using application browsing, both the XML service and the server this redirects to must be trusted." Part_ConfigureClientSelectiveTrust_IEZone="Windows internet zone" Part_ConfigureClientSelectiveTrust_EffectiveAddress ="Address" Part_EnableClientSelectiveTrust="Enforce trusted server configuration" ; ; Smartcard Policy ; Policy_Smartcard="Smart card authentication" Explain_Smartcard="Use this policy to control how the client uses smart cards attached to the client device. \n\nWhen enabled, this policy allows the remote server to access smart cards attached to the client device for authentication and other purposes. \n\nWhen disabled, the server cannot access smart cards attached to the client device. \n\n\nTroubleshooting:\nWhen using smart cards in a Citrix environment, the smart card device driver must be installed on the server. When using a different operating system on the client machine, it may be necessary to ensure that the smart card device drivers in use interoperate correctly." Part_Smartcard_Enable="Allow smart card authentication" Part_SmartcardPin_Enable="Use pass-through authentication for PIN" ; ; Web Interface tickets. ; Policy_WITicket="Web Interface authentication ticket" Explain_WITicket="Use this policy to control the ticketing infrastructure used when authenticating through the Web Interface. \n\nWhen this policy is enabled, legacy Web Interface ticketing can be disabled by clearing the "Legacy ticket handling" check box. Legacy Web Interface ticketing was implemented by passing a single-use authentication cookie to the server in the ClearText password field. \n\nStarting with version 4.5 of the Web Interface, the client handles an authentication token in the form of an opaque LogonTicket with an associated interpretation defined by the LogonTicketType. This functionality can be disabled by clearing the "Web Interface 4.5 and above" check box." Part_WITicket_Legacy_Enable="Legacy ticket handling" Part_WITicket_LogonTicket_Enable="Web Interface 4.5 and above" ; ; Kerberos authentication. ; Policy_KerberosLockdown="Kerberos authentication" Explain_KerberosLockdown="Use this policy to control how the client uses Kerberos to authenticate the user to the remote application or desktop.\n\nWhen enabled, this policy allows the client to authenticate the user using the Kerberos protocol. Kerberos is a Domain Controller authorised authentication transaction that avoids the need to transmit the real user credential data to the server. \n\nWhen disabled, the client will not attempt Kerberos authentication. \n\n\nTroubleshooting:\nThe machine running the client and the server running the remote application must be in domains that have a trust relationship. The Domain Controller must be aware that the Citrix Presentation Server will be performing a full user logon (interactive logon) using Kerberos. This is configured using the "Trust for Delegated Authentication" settings on the Domain Controller.\n\nWhen connecting using the Web Interface, the Web Interface server must be aware that the client will connect using Kerberos authentication. This is necessary because by default the Web Interface server will use an IP address for the destination server whereas Kerberos authentication requires a Fully Qualified Domain Name.\n\nBoth client and server machines must have correctly registered DNS entries. This is necessary because endpoints will authenticate each other during connection." ; ; SSon. ; Policy_LocalCredentialsLockdown="Local user name and password" Explain_LocalCredentialsLockdown="Use this policy to instruct the client to use the same logon credentials (pass-through authentication) for the Citrix Presentation Server as the client machine. \n\nWhen this policy is enabled, the client can be prevented from using the current user's logon credentials to authenticate to the remote server by clearing the "Enable pass-through authentication" check box. \n\nWhen run in a Novell Directory Server environment, selecting the "Use Novell Directory Server credentials" check box requests that the client uses the user’s NDS credentials. \n\n\nTroubleshooting:\nTo enable pass-through authentication, the client must have been installed by an administrator, and the "Allow Local Credential Pass-through" option must have been selected at that time. \n\nEach user can choose to disable pass-through authentication through the client registry settings, the Program Neighbourhood window, or by editing their copy of AppSrv.ini. To enable pass-through authentication, the user's copy of AppSrv.ini must contain the setting "EnableSSonThruICAFile=true". \n\nProgram Neighborhood and Program Neighborhood Agent have additional logic that allow them to be treated more leniently when choosing to use pass-through authentication. The user can control the behaviour of these ICA sessions using the client registry settings." Part_LocalCredentialsLockdown_Enable="Enable pass-through authentication" Part_NovellCredentials="Use Novell Directory Server credentials" ; ; Locally stored credentials. ; Policy_SavedCredentialsLockdown="Locally stored credentials" Explain_SavedCredentialsLockdown="Use this policy to control how user credentials data stored on users’ machines or placed in ICA files is used to authenticate the user to the remote published application or desktop. \n\nWhen this policy is enabled, you can prevent locally stored passwords being automatically sent to remote servers by clearing the "Allow authentication using locally stored credentials" check box. This causes any password fields to be replaced with dummy data. \n\nIn addition, the "User name" and "Domain" options can be used to restrict or override which users can be automatically authenticate to servers. These can be specified as comma-separated lists. \n\n\nTroubleshooting:\nDepending on the client type and configuration settings, credentials stored on the user’s machine may be encrypted using the user’s local logon credentials (DPAPI). If a user’s local logon password is reset, these credentials may become irretrievable." Part_SavedCredentialsLockdown_Enable="Allow authentication using locally stored credentials" Part_SavedCredentialsLockdown_Username="User name" Part_SavedCredentialsLockdown_Domain="Domain" Policy_EnableDriveMapping="Client drive mapping" Explain_EnableDriveMapping="Use this policy to enable and restrict the remote application or desktop's access to the client file systems. \n\nWhen enabled, the client will completely deny client drive mapping (CDM) virtual channel access to the client's file system if the check box "Enable client drive mapping" is not selected. This stops the DLL implementing the client drive mapping virtual channel (vdcdmn.dll) from loading on client start up. At this point, you can delete the DLL from the client package. \n\nIf CDM is enabled, further options are available to restrict the type of access available to the server. If the "Read-only client drives" check box is selected, the CDM virtual channel only permits read access to client drives. \n\nAccess to Windows drives can be disabled by entering the relevant drive letter in the "Do not map drives" box. This is a concatenation of all drives that should not be mapped when connecting to a published application or desktop, for example "ABFK" disables the drives A, B, F and K. \n\n\nTroubleshooting:\nThese policies do not override the selections made by the user in the File Security dialog boxes. These can be accessed at any time via the Client Connection Center." Part_EnableDriveMappingCheckbox="Enable client drive mapping" Part_EnableDriveMappingReadonly="Read-only client drives" Part_EnableDriveMappingDisableDrives="Do not map drives" Policy_EnablePrinterMapping="Client printers" Explain_EnablePrinterMapping="Use this policy to enable and restrict the remote application or desktop's access to client printers. \n\nWhen this policy is disabled, the client prevents the server from accessing or printing to printers available to the client device." Part_EnablePrinterMapping="Map client printers" Policy_LocalPort="Client hardware access" Explain_LocalPort="Use this policy to enable and restrict the remote application or desktop's access to the client’s serial, USB, and parallel ports. This allows the server to use locally attached hardware. \n\n\nTroubleshooting:\nRemote PDA synchronization uses "virtual COM ports". These are serial port connections that are routed through USB connections. It is necessary to enable serial port access to use PDA synchronization for this reason." Part_EnableSerialPortCheckbox="Map serial ports" Part_EnableVirtualSerialPortCheckbox="Allow PDA synchronization" Part_EnableParallelPortCheckbox="Map parallel ports" Policy_ImageCapture="Image capture" Explain_ImageCapture="Use this policy to enable and restrict the remote application or desktop's access to scanners, webcams, and other imaging devices on the client device." Policy_SpeechMike="Client microphone" Explain_SpeechMike="Use this policy to enable and restrict the remote application or desktop's access to local audio capture devices (microphones). \n\nThe additional controls and indicators provided by the Philips SpeechMike device can be disabled by clearing the "Use remote SpeechMike controls" check box." Part_BiDiAudio_Enable="Enable client microphone" Part_SpeechMike_Enable="Use remote SpeechMike controls" Policy_Clipboard="Clipboard" Explain_Clipboard="Use this policy to enable and restrict the remote application or desktop's access to the client clipboard contents." Part_Clipboard_Enabled="Enable clipboard" Policy_Audio="Client audio settings" Explain_Audio="Use this policy to control how sound effects and music produced by remote applications or desktops are directed to the client machine. \n\nWhen this policy is enabled, the "Enable audio" check box can be used to completely disable client audio mapping. This does not affect the client to server audio data, which is controlled through the "Remoting client devices" policy. \n\nIt is also possible to control the audio quality. Three quality levels are supported: low, medium and high. This setting affects both server to client and client to server audio quality. Note that the bandwidth requirements for high quality audio could make this setting unsuitable for many deployments. \n\n\nTroubleshooting:\nThe server audio options take precedence over these settings, so selecting high quality from the client might not result in a high quality audio being used. The server cannot increase the quality of the audio selected by the client.\n\nWhen using voice dictation software, it is usually necessary to select high quality audio settings. \n\nAudio settings are chosen on a per-session basis, not per-application. All applications sharing a session will share the same audio settings." Part_Audio_Enabled="Enable audio" Part_Audio_Quality="Sound quality" Policy_Graphics="Client graphics settings" Explain_Graphics="Use this policy to control the quality of graphics presented by remote applications or desktops. Lower quality graphics can help to improve the user experience when there is restricted bandwidth available. \n\nColor depth:\n\nThis specifies the preferred color depth for a session. In general, low color depths give better performance over low bandwidth; however some of the compression technologies available can only be used with full color, so the effective performance depends on the individual application and usage pattern. The server may choose not to honor the color depth setting chosen because higher color depths result in heavy memory usage on the servers. \n\n\nDisk-based caching:\n\nFor client devices with limited RAM, better compression rates can be achieved by saving temporary graphics objects to the disk cache. \n\n\nLossy compression:\n\nFor maximum compression and responsiveness, the server will sometimes allow the transfered image data to degrade in quality. This usually occurs when the connection is slow, or bandwidth is limited and large area updates are taking place. This is not appropriate for all applications and usages. Clearing this setting forces all image data to be transmitted at full quality.\n\n\nSpeedScreen browser acceleration:\n\nThis feature allows images being displayed by Microsoft Internet Explorer to be specially handled by the SpeedBrowse Browser Acceleration virtual channel. This improves responsiveness when using Microsoft Internet Explorer remotely.\n\n\nSpeedScreen browser acceleration lossy compression:\n\nThis is an extension to the SpeedScreen browser acceleration setting, allowing images displayed by Microsoft Internet Explorer to be degraded before transmission to the client. This is not appropriate for all applications and usages. Clearing this option forces all Web browser image data to be transmitted at full quality.\n\n\nRemote Video:\n\nThe remote video option allows the server to directly stream certain video data to the client. This provides better performance than decompressing and recompressing video data on the computer running Citrix Presentation Server.\n\n\nSpeedScreen Latency Reduction:\n\nEnabling SpeedScreen Latency Reduction settings allows the client to predict how mouse movement and text entry will appear on the server. This results in the user getting immediate feedback when typing or moving the mouse pointer." Part_Graphics_ColorDepth="Color depth" Part_Graphics_ImageAcceleration="Lossy compression" Part_Graphics_SpeedScreenBrowser="SpeedScreen Browser Acceleration" Part_Graphics_SpeedScreenBrowserCompression="SpeedScreen Browser Acceleration - lossy compression" Part_Graphics_SpeedScreenMultimedia="Remote video" Part_Graphics_ZeroLatencyKeyboard="SpeedScreen Latency Reduction - keyboard local echo" Part_Graphics_ZeroLatencyMouse="SpeedScreen Latency Reduction - mouse pointer prediction" Part_Graphics_DiskCache="Disk-based caching" Policy_Display="Client display settings" Explain_Display="Use this policy to control how the client presents remote applications and desktops to the end user. Remote applications can be seamlessly integrated with local applications, or the entire local environment can be replaced with a remote desktop. \n\nSeamless windows: \n\nWhen set to false this setting allows the client to disable the use of seamless windows, instead displaying a fixed size window. When set to true it forces the client to request seamless windows, although the server may choose to reject this request.\n\n\nWindow width and height:\n\nThese settings determine window width and height. It is possible to define ranges of preferred values (for example 800-). The server may choose to ignore this value. This setting is ignored when seamless windows is in use. \n\n\nWindow percent:\n\nThis can be used as an alternative to manually choosing the width and height. It selects a window size as a fixed percentage of the entire screen. The server may choose to ignore this value. This setting is ignored when seamless windows is in use.\n\n\nFull screen:\n\nThis setting switches the client to full screen mode. The server display will completely cover the client display." Part_Display_Seamless="Seamless windows" Part_Display_Width="Window width" Part_Display_Height="Window height" Part_Display_Percent="Window percent" Part_Display_FullScreen="Full screen" Policy_PublishedApplications="Remote applications" Explain_PublishedApplications="Use this policy to configure the client's handling of remote applications. \n\nWhen enabled, this policy uses the list in the "Application" box to determine which published applications can be directly launched by the client. \n\nYou can request that remote applications share sessions (run in a single ICA connection). This provides a better user experience, but is sometimes not desirable. The session sharing feature can be disabled by clearing the "Session sharing" check box. \n\n\nTroubleshooting:\nPublished applications are denoted by a # in front of the application name. Omitting the # symbol attempts to launch a particular program or desktop. A computer running Citrix Presentation Server will not allow this by default, and rejects the connection, displaying: "You do not have access to this session."\n\nSession sharing is controlled by the SessionSharingKey that prevents applications launched from different Web Interface servers from sharing sessions. In addition, applications with different graphics or security settings are prevented from sharing sessions." Part_PublishedApplications_InitialProgram="Application" Part_PublishedApplications_SessionSharing="Session sharing"