Advertisements

Hide Client Drive mappings for ICA sessions

Client Drive mappings is a great feature of XenApp / XenDesktop, although this presents a security concern depending on the environment, it is sometimes necessary to allow local file access for your XenApp and/or XenDesktop as part of the work flow.

While assisting an old coworker at my last company, he was presented with the challenge of allowing client drive mappings, however only allow to show specific drive.

Environment:

  • Windows 2003 SP3/Windows 2008 R2
  • Citrix XenApp 5.0 / 6.5
  • PVS 6.1.16
  • Citrix Receiver 13.x
  • Web Interface 5.4

Issue:

Disable specific Client Drive Mappings from enumerating within an ICA session.

Solution:

Registry:

  • Log on to a client machine with Receiver 13.x installed, as a user with administrative rights.
  • For 64bit operating systems, navigate to registry path: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientDrive
  • For 32bit operating systems, navigate to registry path: HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientDrive
  • At the DisableDrives string value, add the value data as the Client Drive letter\s to be disabled. Do not add commas between drive letters while disabling multiple drives.

 

 

Web Interface Site

  • Navigate to C:\inetpub\wwwroot\Citrix\NAME OF SITE\conf.
  • Open default.ica with notepad.
  • Under the section [WFCLIENT] add DisableDrives=DriveLetter.
  • All ICA sessions launched from the corresponding Web Interface Browser Site has the specified Client Drive disabled.

 

Advertisements

About CyberRuiz
Highly motivated with over 12 years experience on Citrix/VMWare/Microsoft/technologies. Exceptional communication skills and team player. CCIA – Citrix Certified Integration Architect. CCEA – Citrix Certified Enterprise Administrator. VCP – VMWare Certified Professional in ESX 2.x, VI3, VI4 MCSE – Microsoft Certified Systems Engineer

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: