You can use the
Receiver Desktop Lock when users do not need to interact with the local
desktop. Users can still use the Desktop Viewer (if enabled), however it has
only the required set of options on the toolbar: Ctrl+Alt+Del, Preferences,
Devices, and Disconnect.
Citrix Receiver Desktop Lock works on domain-joined machines, which are SSON-enabled (Single Sign-On) and store configured; it can also be used on non-domain joined machines without SSON enabled. It does not support PNA sites. Previous versions of Desktop Lock are not supported when you upgrade to Receiver for Windows 4.2.x.
You must install Citrix Receiver for Windows with the /includeSSON flag. You must configure the store and single sign-on, either using the adm/admx file or cmdline option. For more information, refer to Install and configure Citrix Receiver using the command line.
Then, install the
Receiver Desktop Lock as an administrator using the
CitrixReceiverDesktopLock.MSI available at
System requirements for Citrix Receiver Desktop Lock
Working with Receiver Desktop Lock
To install Receiver Desktop Lock
This procedure installs Receiver for Windows so that virtual desktops appear using Receiver Desktop Lock. For deployments that use smart cards, see To configure smart cards for use with devices running Receiver Desktop Lock
- Log on using a local administrator account.
- At a command prompt, run the following command (located in the Citrix Receiver and Plug-ins > Windows > Receiver folder on the installation media).
For command details, see the Receiver for Windows install documentation at Configure and install Receiver for Windows using command-line parameters.
- In the same folder on the installation media, double-click CitrixReceiverDesktopLock.MSI . The Desktop Lock wizard opens. Follow the prompts.
- When the installation completes, restart the user device. If you have permission to access a desktop and you log on as a domain user, the device appears using Receiver Desktop Lock.
To allow administration of the user device after installation, the account used to install CitrixReceiverDesktopLock.msi is excluded from the replacement shell. If that account is later deleted, you will not be able to log on and administer the device.
To run a silent install of Receiver Desktop Lock, use the following command line: msiexec /i CitrixReceiverDesktopLock.msi /qn
To configure Receiver Desktop Lock
Grant access to only one virtual desktop running Receiver Desktop Lock per user.
Using Active Directory policies, prevent users from hibernating virtual desktops.
Use the same administrator account to configure Receiver Desktop Lock as you did to install it.
- Ensure that the Receiver.admx (or Receiver.adml) and Receiver_usb.admx (.adml) files are loaded into Group Policy (where the policies appear in Computer Configuration or User Configuration > Administrative Templates > Classic Administrative Templates (ADMX) > Citrix Components). The .admx files are located in %Program Files%\Citrix\ICA Client\Configuration\.
- USB preferences - When a user plugs in a USB device, that device is automatically remoted to the virtual desktop; no user interaction is required. The virtual desktop is responsible for controlling the USB device and displaying it in the user interface.
- Enable the USB policy rule.
- In Citrix Receiver > Remoting client devices > Generic USB Remoting, enable and configure the Existing USB Devices and New USB Devices policies.
- Drive mapping - In Citrix Receiver > Remoting client devices, enable and configure the Client drive mapping policy.
- Microphone - In Citrix Receiver > Remoting client devices, enable and configure the Client microphone policy.
To configure smart cards for use with devices running Receiver Desktop Lock
- Configure StoreFront.
- Configure the XML Service to use DNS Address Resolution for Kerberos support.
- Configure StoreFront sites for HTTPS access, create a server certificate signed by your domain certificate authority, and add HTTPS binding to the default website.
- Ensure pass-through with smart card is enabled (enabled by default).
- Enable Kerberos.
- Enable Kerberos and Pass-through with smart card.
- Enable Anonymous access on the IIS Default Web Site and use Integrated Windows Authentication.
- Ensure the IIS Default Web Site does not require SSL and ignores client certificates.
- Use the Group Policy Management Console to configure Local Computer Policies on the user device.
- Import the Receiver.admx template from %Program Files%\Citrix\ICA Client\Configuration\.
- Expand Administrative Templates > Classic Administrative Templates (ADMX) > Citrix Components > Citrix Receiver > User authentication.
- Enable Smart card authentication.
- Enable Local user name and password.
- Configure the user device before installing Receiver Desktop Lock.
- Add the URL for the Delivery Controller to the Windows Internet Explorer Trusted Sites list.
- Add the URL for the first Delivery Group to the Internet Explorer Trusted Sites list in the form desktop://delivery-group-name.
- Enable Internet Explorer to use automatic logon for Trusted Sites.
When Receiver Desktop Lock is installed on the user device, a consistent smart card removal policy is enforced. For example, if the Windows smart card removal policy is set to Force logoff for the desktop, the user must log off from the user device as well, regardless of the Windows smart card removal policy set on it. This ensures that the user device is not left in an inconsistent state. This applies only to user devices with the Receiver Desktop Lock.
Windows shortcut keys to the remote session
shortcut keys are passed to the remote session. This section highlights some of
the common ones.
- Win+D -
Minimize all windows on the desktop.
- Alt+Tab -
Change active window.
Ctrl+F1 and the Desktop Viewer toolbar.
- Windows+All Character
- Win+C - Open
- Win+Q - Search
- Win+H - Share
- Win+K - Devices
- Win+I -
- Win+Q - Search
- Win+W - Search
- Win+F - Search
Windows 8 apps
- Win+Z - Get to
- Win+. - Snap
app to the left.
- Win+Shift+. -
Snap app to the right.
- Ctrl+Tab -
Cycle through app history.
- Alt+F4 - Close
- Win+D - Open
- Win+, - Peek at
- Win+B - Back to
- Win+U - Open
Ease of Access Center.
- Ctrl+Esc -
- Win+Enter -
Open Windows Narrator.
- Win+X - Open
system utility settings menu.
- Win+PrintScrn -
Take a screen shot and save to pictures.
- Win+Tab - Open
- Win+T - Preview
open windows in taskbar.