{"id":3946,"date":"2012-06-26T20:56:06","date_gmt":"2012-06-26T18:56:06","guid":{"rendered":"https:\/\/ingmarverheij.com\/?p=3946"},"modified":"2013-06-15T13:46:52","modified_gmt":"2013-06-15T11:46:52","slug":"citrix-receiversecurity-warning-demystified","status":"publish","type":"post","link":"https:\/\/ingmarverheij.com\/en\/citrix-receiversecurity-warning-demystified\/","title":{"rendered":"“Citrix Receiver – Security Warning” explained and demystified"},"content":{"rendered":"\n

\"Citrix<\/a>When you\u2019ve worked with a Citrix XenApp or XenDesktop environment you must be familiar with the Security Warning dialog. It prevents a remote machine (your hosted application or desktop) from accessing resources on the client device, a security boundary you want to protect when from unmanaged systems.<\/p>\n

But on managed systems you want to prevent this message, you don\u2019t want your users to be confronted with a message you tell them to accept (otherwise it won\u2019t work and they\u2019re to blame).<\/p>\n

In this article I\u2019ll explain why this message is displayed and how you can prevent it.<\/p>\n

<\/p>\n

Resources types<\/h2>\n

A users can be confronted with a security warning dialog for different resources, this depends on the client used:<\/p>\n\n\n\n\n\n\n\n
Resource description<\/strong><\/td>\nClient version < 12.0<\/strong><\/td>\nClient version > 12.0<\/strong><\/td>\n<\/tr>\n
Client drives<\/td>\nX<\/td>\nX<\/td>\n<\/tr>\n
Microphone and webcams<\/td>\nX<\/td>\nX (only audio)<\/td>\n<\/tr>\n
PDA devices<\/td>\nX<\/td>\n–<\/td>\n<\/tr>\n
USB and other devices<\/td>\nX<\/td>\n–<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

 <\/p>\n

Client versions<\/h2>\n

\u201cBack in the old days\u201d, or when you\u2019re using Citrix Presentation Server 4.5 or older, a Citrix ICA Client is used with a version lower than 12.0.  The security warning dialog can be configured with the webica.ini<\/em> file in the users profile.<\/p>\n

The Citrix Receiver (version 12.0 and up) ignores the webica.ini<\/em> file and is solely configured via the registry. A new feature with the name \u2018Client Selective Trust\u2019 was introduced to allow a more fine grained configuration that can be set via a group policy.<\/p>\n

 <\/p>\n

Before version 12.0<\/h2>\n

When you\u2019re using a Citrix ICA client before version 12.0 the user will be asked what access level should be allowed. The users can choose between three access levels:<\/p>\n