Gateway

Configuring Process Policies

When creating a session or preauthentication policy, you can define a rule that requires all user devices to have a particular process running when users log on. The process can be any application and can include customized applications.

Note: The list of all processes running on a Windows-based computer appears on the Processes tab of Windows Task Manager.

To configure a process policy

  1. In the configuration utility, in the navigation pane, do one of the following:
    1. In the configuration utility, on the Configuration tab, in the navigation pane, expand Citrix Gateway > Policies and then click Session.
    2. In the configuration utility, on the Configuration tab, in the navigation pane, expand Citrix Gateway > Policies > Authentication/Authorization, and then click Pre-Authentication EPA.
  2. In the details pane, on the Policies tab, click Add.
  3. In Name, type a name for the policy.
  4. Next to Match Any Expression, click Add.
  5. In the Add Expression dialog box, in Expression Type, select Client Security.
  6. Configure the settings for the following:
    1. In Component, select Process.
    2. In Name, type the name of the application.
    3. In Operator, select EXISTS or NOTEXISTS, click OK and then click Close.

When you configure an endpoint analysis policy (pre-authentication or post-authentication) to check for a process, you can configure an MD5 checksum.

When you create the expression for the policy, you can add the MD5 checksum to the process you are checking for. For example, if you are checking to see if notepad.exe is running on the user device, the expression is: CLIENT.APPLICATION.PROCESS(notepad.exe_md5_388b8fbc36a8558587afc90fb23a3b00) EXISTS

Configuring Process Policies