Citrix Virtual Apps and Desktops

Local App Access and URL redirection


Local App Access seamlessly integrates locally installed Windows applications into a hosted desktop environment without switching from one desktop to another. With Local App Access, you can:

  • Access applications installed locally on a physical laptop, PC, or other device directly from the virtual desktop.
  • Provide a flexible application delivery solution. If users have local applications that you cannot virtualize or that IT does not maintain, those applications still behave as though they are installed on a virtual desktop.
  • Eliminate the double-hop latency when applications are hosted separately from the virtual desktop. Do so by putting a shortcut to the published application on the user’s Windows device.
  • Use applications such as:
    • Video conferencing software such as GoToMeeting.
    • Specialty or niche applications that are not yet virtualized.
    • Applications and peripherals that would otherwise transfer large amounts of data from a user device to a server and back to the user device. For example, DVD burners and TV tuners.

In Citrix Virtual Apps and Desktops, hosted desktop sessions use URL redirection to start Local App Access applications. URL redirection makes the application available under more than one URL address. It launches a local browser (based on the browser’s URL block list) by selecting embedded links within a browser in a desktop session. If you navigate to a URL that is not present in the block list, the URL is opened in the desktop session again.

URL redirection works only for desktop sessions, not application sessions. The only redirection feature you can use for application sessions is host-to-client content redirection, which is a type of server FTA (File Type Association) redirection. This FTA redirects certain protocols to the client, such as HTTP, HTTPS, RTSP, or MMS. For example, if you only open embedded links with HTTP, the links directly open with the client application. There is no URL block list or allow list support.

When Local App Access is enabled, URLs that are displayed to users as links from locally running applications, from user-hosted applications, or as shortcuts on the desktop are redirected in one of the following ways:

  • From the user’s computer to the hosted desktop
  • From the Citrix Virtual Apps and Desktops server to the user’s computer
  • Rendered in the environment in which they are started (not redirected)

To specify the redirection path of content from specific websites, configure the URL allow list and URL block list on the Virtual Delivery Agent. Those lists contain multi-string registry keys that specify the URL redirection policy settings. For more information, see the Local App Access policy settings.

URLs can be rendered on the VDA with the following exceptions:

  • Geo/Locale information — Websites that require locale information, such as or (opens a country specific page based on the Geo). For example, if the VDA is provisioned from a data center in the UK and the client is connecting from India, the user expects to see Instead, the user sees
  • Multimedia content — Websites containing rich media content, when rendered on the client device, give the end users a native experience and also save bandwidth even in high latency networks. This feature redirects sites with other media types such as Silverlight. This process is in a secure environment. That is, the URLs that the administrator approves are run on the client while the rest of the URLs are redirected to the VDA.

In addition to URL redirection, you can use FTA redirection. FTA starts local applications when a file is encountered in the session. If the local app is started, the local app must have access to the file to open it. Therefore, you can only open files that reside on network shares or on client drives (using client drive mapping) using local applications. For example, when opening a PDF file, if a PDF reader is a local app, then the file opens using that PDF reader. Because the local app can access the file directly, there is no network transfer of the file through ICA to open the file.

Requirements, considerations, and limitations

We support Local App Access on the valid operating systems for VDAs for Windows Multi-session OS and for VDAs for Windows Single-session OS. Local App Access requires Citrix Workspace app for Windows version 4.1 (minimum). The following browsers are supported:

  • Edge, latest version
  • Firefox, latest version and extended support release
  • Chrome, latest version

Review the following considerations and limitations when using Local App Access and URL redirection.

  • Local App Access is designed for full-screen, virtual desktops spanning all monitors:
    • The user experience can be confusing if you use Local App Access with a virtual desktop that runs in windowed mode or does not cover all monitors.
    • Multiple monitors — When one monitor is maximized, it becomes the default desktop for all applications started in that session. This default occurs even if the subsequent applications typically start on another monitor.
    • The feature supports one VDA. There is no integration with multiple concurrent VDAs.
  • Some applications can behave unexpectedly, affecting users:
    • The drive letters might confuse users, such as local C: rather than virtual desktop C: drive.
    • Available printers in the virtual desktop are not available to local applications.
    • Applications that require elevated permissions cannot be started as client-hosted applications.
    • There is no special handling for single-instance applications (such as Windows Media Player).
    • Local applications appear with the Windows theme of the local machine.
    • Full-screen applications are not supported. These applications include applications that open to a full screen, such as PowerPoint slide shows or photo viewers that cover the entire desktop.
    • Local App Access copies the properties of the local application (such as the shortcuts on the client’s desktop and Start menu) on the VDA. However, it does not copy other properties such as shortcut keys and read-only attributes.
    • Applications that customize how overlapping window order is handled can have unpredictable results. For example, some windows might be hidden.
    • Shortcuts are not supported, including My Computer, Recycle Bin, Control Panel, Network Drive shortcuts, and folder shortcuts.
    • The following file types and files are not supported: custom file types, files with no associated programs, zip files, and hidden files.
    • Taskbar grouping is not supported for mixed 32-bit and 64-bit client-hosted or VDA applications. That is, grouping 32-bit local applications with 64-bit VDA applications.
    • Applications cannot be started using COM. For example, if you click an embedded Office document from within an Office application, the process start cannot be detected, and the local application integration fails.
  • Double-hop scenarios, where a user is starting a virtual desktop from within another virtual desktop session, are not supported.
  • URL redirection supports only explicit URLs (that is, URLs appearing in the browser’s address bar or found using the in-browser navigation, depending on the browser).
  • URL redirection works only with desktop sessions, not with application sessions.
  • The local desktop folder in a VDA session does not allow users to create files.
  • Multiple instances of a locally running application behave according to the taskbar settings established for the virtual desktop. However, shortcuts to locally running applications are not grouped with running instances of those applications. They are also not grouped with running instances of hosted applications or pinned shortcuts to hosted applications. Users can close only windows of locally running applications from the Taskbar. Although users can pin local application windows to the desktop Taskbar and Start menu, the applications might not start consistently when using these shortcuts.
  • If you set the Allow Local App Access policy setting to Enabled, browser content redirection isn’t supported. By default, Local App Access is prohibited.

Interaction with Windows

The Local App Access interaction with Windows includes the following behaviors.

  • Windows 8 and Windows Server 2012 shortcut behavior
    • Windows Store applications installed on the client are not enumerated as part of Local App Access shortcuts.
    • Image and video files are opened by default using Windows store applications. However, Local App Access enumerates the Windows store applications and opens shortcuts with desktop applications.
  • Local Programs
    • For Windows 7, the folder is available in the Start menu.
    • For Windows 8, Local Programs is available only when the user chooses All Apps as a category from the Start screen. Not all subfolders are displayed in Local Programs.
  • Windows 8 graphics features for applications
    • Desktop applications are restricted to the desktop area and are covered by the Start screen and Windows 8 style applications.
    • Local App Access applications do not behave like desktop applications in multi-monitor mode. In multi-monitor mode, the Start screen and the desktop display on different monitors.
  • Windows 8 and Local App Access URL Redirection
    • Because Windows 8 Internet Explorer has no add-ons enabled, use desktop Internet Explorer to enable URL redirection.
    • In Windows Server 2012, Internet Explorer disables add-ons by default. To implement URL Redirection, disable the Internet Explorer enhanced configuration. Then reset the Internet Explorer options and restart to ensure that add-ons are enabled for standard users.

Configure Local App Access and URL redirection

To use Local App Access and URL redirection with Citrix Workspace app:

  • Install the Citrix Workspace app on the local client machine. You can enable both features during the Citrix Workspace app installation or you can enable Local App Access template using the Group Policy editor.
  • Set the Allow Local App Access policy setting to Enabled. You can also configure URL allow list and block list policy settings for URL redirection. For more information, see Local App Access policy settings.

Enable Local App Access and URL redirection

To enable Local App Access for all local applications, follow these steps:

  1. Start Citrix Studio.
    • For on-premises deployments, open Citrix Studio from the Start menu.
    • For Cloud service deployments, go to Citrix Cloud > Virtual Apps and Desktops service > Manage tab.
  2. In the Studio navigation pane, click Policies.
  3. In the Actions pane, click Create Policy.
  4. In the Create Policy window, type “Allow Local App Access” in the search box and then click Select.
  5. In the Edit Setting window, select Allowed. By default, the Allow local app access policy is prohibited. When this setting is allowed, the VDA allows the end-user to decide whether published applications and Local App Access shortcuts are enabled in the session. (When this setting is prohibited, both published applications and Local App Access shortcuts do not work for the VDA.) This policy setting applies to the entire machine and the URL redirection policy.
  6. In the Create Policy window, type “URL redirection allow list” in the search box and then click Select. The URL redirection allow list specifies URLs to open in the default browser of the remote session.
  7. In the Edit Setting window, click Add to add the URLs and then click OK.
  8. In the Create Policy window, type “URL redirection block list” in the search box and then click Select. The URL redirection block list specifies URLs that are redirected to the default browser running on the endpoint.
  9. In the Edit Setting window, click Add to add the URLs and then click OK.
  10. On the Settings page, click Next.
  11. On the Users and Machines page, assign the policy to the applicable Delivery Groups and then click Next.
  12. On the Summary page, review the settings and then click Finish.

To enable URL redirection for all local applications during Citrix Workspace app installation, follow these steps:

  1. Enable URL redirection when you install the Citrix Workspace app for all users on a machine. Doing so also registers the browser add-ons required for URL redirection.
  2. From the command prompt, run the appropriate command to install the Citrix Workspace app using one of the following options:
    • For CitrixReceiver.exe, use /ALLOW_CLIENTHOSTEDAPPSURL=1.
    • For CitrixReceiverWeb.exe, use /ALLOW_CLIENTHOSTEDAPPSURL=1.

Enable the Local App Access template using the Group Policy editor


  • Before you enable the Local App Access template using the Group Policy editor, add the receiver.admx/adml template files to the local GPO. For more information, see Configuring the Group Policy Object administrative template.
  • Citrix Workspace app for Windows template files are available in the local GPO in Administrative Templates > Citrix Components > Citrix Workspace folder only when you add the CitrixBase.admx/CitrixBase.adml to the %systemroot%\policyDefinitions folder.

To enable the Local App Access template using the Group Policy editor, follow these steps:

  1. Run gpedit.msc.
  2. Go to Computer Configuration > Administrative Templates > Classic Administrative Templates (ADM) > Citrix Components > Citrix Workspace > User Experience.
  3. Click Local App Access settings.
  4. Select Enabled and then select Allow URL Redirection. For URL redirection, register browser add-ons using the command line described in the Register browser add-ons section further down in this article.

Provide access only to published applications

You can provide access to published applications using the Registry Editor or the PowerShell SDK.

To the Registry Editor, see The Local App Access for published applications in the list of features managed through the registry.

To use the PowerShell SDK:

  1. Open PowerShell on the machine where the Delivery Controller is running.
  2. Enter the following command: set-configsitemetadata -name "studio_clientHostedAppsEnabled" -value "true".

To have access to Add Local App Access Application in a Cloud service deployment, use the Citrix DaaS Remote PowerShell SDK. For more information, see Citrix DaaS Remote PowerShell SDK.

  1. Download the installer:

  2. Run these commands:

    1. asnp citrix.*
    2. Get-XdAuthentication
  3. Enter the following command: set-configsitemetadata -name “studio_clientHostedAppsEnabled” -value “true”.

After you complete the applicable preceding steps, follow these steps to continue.

  1. Open Citrix Studio from the Start menu.
  2. In the Studio navigation pane, click Applications.
  3. In the upper middle pane, right-click the blank area and select Add Local App Access Application from the context menu. You can also click Add Local App Access Application in the Actions pane. To display the Add Local App Access Application option in the Actions pane, click Refresh.
  4. Publish Local App Access application.

    • The Local Application Access wizard launches with an Introduction page, which you can remove from future launches of the wizard.

    • The wizard guides you through the Groups, Location, Identification, Delivery, and Summary pages described below. When you are finished with each page, click Next until you reach the Summary page.

    • On the Groups page, select one or more Delivery Groups where the new applications will be added, and then click Next.

    • On the Location page, type the full executable path of the application on the user’s local machine, and type the path to the folder where the application is located. Citrix recommends that you use the system environment variable path; for example, %ProgramFiles(x86)%\Internet Explorer\iexplore.exe.

    • On the Identification page, accept the default values or type the information that you want and then click Next.

    • On the Delivery page, configure how this application is delivered to users and then click Next. You can specify the icon for the selected application. You can also specify whether the shortcut to the local application on the virtual desktop is visible on the Start menu, the desktop, or both.

    • On the Summary page, review the settings and then click Finish to exit the Local Application Access wizard.

Register browser add-ons


The browser add-ons required for URL redirection are registered automatically when you install the Citrix Workspace app from the command line using the /ALLOW_CLIENTHOSTEDAPPSURL=1 option.

You can use the following commands to register and unregister one or all add-ons:

  • To register add-ons on a client device: <client-installation-folder>\redirector.exe /reg<browser>
  • To unregister add-ons on a client device: <client-installation-folder>\redirector.exe /unreg<browser>
  • To register add-ons on a VDA: <VDAinstallation-folder>\VDARedirector.exe /reg<browser>
  • To unregister add-ons on a VDA: <VDAinstallation-folder>\VDARedirector.exe /unreg<browser>

Where <browser> is Internet Explorer, Firefox, Chrome, or All.

For example, the following command registers Internet Explorer add-ons on a device running the Citrix Workspace app.

C:\Program Files\Citrix\ICA Client\redirector.exe/regIE

The following command registers all add-ons on a Windows Multi-session OS VDA.

C:\Program Files (x86)\Citrix\HDX\bin\VDARedirector.exe /regAll

URL interception across browsers

  • By default, Internet Explorer redirects the specified URL. If the URL is not in the block list but the browser or website redirects it to another URL, the final URL is not redirected. It is not redirected even if it is on the block list.

For URL redirection to work correctly, enable the add-on when prompted by the browser. If the add-ons that are using Internet options or the add-ons in the prompt are disabled, URL redirection does not work correctly.

  • The Firefox add-ons always redirect the URLs.

When an add-on is installed, Firefox prompts to allow or prevent installing the add-on on a new tab page. Allow the add-on for the feature to work.

  • The Chrome add-on always redirects the final URL that is navigated, and not the entered URLs.

The extensions have been installed externally. When you disable the extension, the URL redirection feature does not work in Chrome. If the URL redirection is required in Incognito mode, allow the extension to run in that mode in the browser settings.

Configure local application behavior on logoff and disconnect


If you do not follow these steps to configure the settings, by default, local applications continue to run when a user logs off or disconnects from the virtual desktop. After reconnection, local applications are reintegrated if they are available on the virtual desktop.

To configure local application behavior on logoff and disconnect, see Local application behavior on logoff and disconnect in the list of features managed through the registry.

Local App Access and URL redirection