When
you first connect to shared drives on a Citrix session you will get a security
warning like the one below
If someone has clicked read only and ticked the do not ask again box.
then to allow read/write access again
For
each target environment that is accessed a unique registry key is made in
registry with the name
HKCU\SOFTWARE\Citrix\ICA Client\Client Selective
Trust\{GUID}.
It seems that the {GUID} is generated during runtime and
(therefore) cannot be predicted. You can find what GUID belongs to what
connection by reading the value HKCU\SOFTWARE\Citrix\ICA Client\Client
Selective Trust\{GUID}\RegionName\@.
This value contains the name of the
environment.
HKCU\SOFTWARE\Citrix\ICA Client\Client Selective Trust\{GUID}.
It seems that the {GUID} is generated during runtime and (therefore) cannot be predicted. You can find what GUID belongs to what connection by reading the value HKCU\SOFTWARE\Citrix\ICA Client\Client Selective Trust\{GUID}\RegionName\@.
This value contains the name of the environment.
Preventing the message
The message van be configured per resource type, where each resource type is a subkey of ICA Client\Client Selective Trust\{GUID}IcaAuthorizationDecision (no \ after the GUID!).
| Resource type | Subkey |
| Client drives | FileSecurityPermission |
| Microphones and webcams | MicrophoneAndWebcamSecurityPermission |
| PDA devices | PdaSecurityPermission |
| USB and other devices | ScannerAndDigitalCameraSecurityPermission |
The access level can be set in the default (@) value where the number represents an access level
| Value | Description |
| 0 | No access |
| 1 | Read access |
| 2 | Full access |
| 3 | Prompt the user for access |
The access level can be set per accessed environment (per GUID) or per region. By configuring the access level on the HKEY_LOCAL_MACHINE (HKLM) hive instead on the HKEY_CURRENT_USER (HKCU) hive the setting is inherited by all users.
If you can to configure the access permission per region you need to change the value of IsIsmDeferalEnabled to true and set the access level per resource type.
The regions that can be configured in HKLM match the regions that can be found (and configured) in Internet Explorer.
| Zone | Subkey |
| Internet | oidInternetRegion |
| Local Intranet | oidIntranetRegion |
| Trusted sites | oidTrustedSitesRegion |
| Restricted sites | oidRestrictedSitesRegion |
Keep in mind that if you configure the settings on a x64 operating system the keys are stored inHKLM\SOFTWARE\Wow6432Node\Citrix\ICA Client\Client Selective Trust.
No comments:
Post a Comment