Hide Client Drive mappings for ICA sessions

April 11, 2013 Leave a comment

Client Drive mappings is a great feature of XenApp / XenDesktop, although this presents a security concern depending on the environment, it is sometimes necessary to allow local file access for your XenApp and/or XenDesktop as part of the work flow.

While assisting an old coworker at my last company, he was presented with the challenge of allowing client drive mappings, however only allow to show specific drive.

Environment:

  • Windows 2003 SP3/Windows 2008 R2
  • Citrix XenApp 5.0 / 6.5
  • PVS 6.1.16
  • Citrix Receiver 13.x
  • Web Interface 5.4

Issue:

Disable specific Client Drive Mappings from enumerating within an ICA session.

Solution:

Registry:

  • Log on to a client machine with Receiver 13.x installed, as a user with administrative rights.
  • For 64bit operating systems, navigate to registry path: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientDrive
  • For 32bit operating systems, navigate to registry path: HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientDrive
  • At the DisableDrives string value, add the value data as the Client Drive letter\s to be disabled. Do not add commas between drive letters while disabling multiple drives.

 

 

Web Interface Site

  • Navigate to C:\inetpub\wwwroot\Citrix\NAME OF SITE\conf.
  • Open default.ica with notepad.
  • Under the section [WFCLIENT] add DisableDrives=DriveLetter.
  • All ICA sessions launched from the corresponding Web Interface Browser Site has the specified Client Drive disabled.

 

Advertisement

Filed under XenApp, XenDesktop Tagged with