Citrix Virtual Apps and Desktops

Scenarios and use case examples

Properly configuring clipboard redirection policies is key to balancing user productivity and corporate security. The optimal configuration depends on the specific use cases.

The following are some common use case examples:

Standard knowledge worker

For most users like knowledge workers and the typical office users, the goal is seamless copy-paste of text and simple images between local and remote applications. In this scenario, the default policy configuration is often sufficient.

Configuration:

  • Client clipboard redirection: Allowed (Default)

Sensitive data use cases

Consider a healthcare or financial institution where users need to paste information into a secure session (e.g., patient data into an EHR) but must be prevented from copying sensitive data out to their local device. This can help prevent accidental data exfiltration via the clipboard:

Configuration:

  • Client clipboard redirection: Allowed
  • Restrict client clipboard write: Enabled (Blocks copy from session to client)
  • For added security, enable Restrict session clipboard write and use Session clipboard write allowed formats to only permit plain text (CF_TEXT).

Alternatively, customers can use the new Cross session clipboard functionality (PREVIEW) to allow clipboard session-to-session while preventing session-to-client redirection.

Developers and IT Administrators

These users often require the ability to copy files, such as scripts, log files, or installers, between their local machine and the VDA. This requires a more permissive configuration.

Configuration:

  • Client clipboard redirection: Allowed
  • To enable file copy from session to client, ensure Restrict client clipboard write is Disabled, or if enabled, add the CFX_FILE format to the Client clipboard write allowed formats list.
  • To enable file copy from client to session, ensure Restrict session clipboard write is Disabled, or if enabled, add CFX_FILE to the Session clipboard write allowed formats list.

Configure these policies to target the relevant groups containing the developer or IT Admins instead of individually adding users to the policy.

Scenarios and use case examples