Remote PC Access
Remote PC Access allows an end user to log on remotely from virtually anywhere to the physical Windows PC in the office.
The Virtual Delivery Agent (VDA) is installed on the office PC. The VDA registers with the Cloud Connector or Delivery Controller and manages the HDX connection between the PC and the end user client devices. Remote PC Access supports a self-service model; after you set up the whitelist of machines that users are permitted to access, those users can join their office PCs themselves, without administrator intervention. The Citrix Workspace app running on their client device enables access to the applications and data on the office PC from the Remote PC Access desktop session.
A user can have multiple desktops, including more than one physical PC or a combination of physical PCs and virtual desktops.
For on-premises deployments: Remote PC Access is valid only for Citrix Virtual Desktops licenses. Sessions consume licenses in the same way as other Citrix Virtual Desktops sessions.
Active Directory considerations
Before configuring the Remote PC Access deployment Site, set up your Organizational Units (OUs) and security groups, and then create user accounts.
If you modify Active Directory after a machine has been added to a machine catalog, Remote PC Access does not reevaluate that assignment. You can manually reassign a machine to a different catalog, if needed.
If you move or delete OUs, those used for Remote PC Access can become out-of-date. VDAs might no longer be associated with the most appropriate (or any) machine catalog or Delivery Group.
Machine catalog and Delivery Group considerations
- A machine can be assigned to only one machine catalog and one Delivery Group at a time.
- You can put machines in one or more Remote PC Access machine catalogs.
- When choosing machine accounts for a catalog, select the lowest applicable OU to avoid potential conflicts with machines in another catalog. For example, in the case of bank/officers/tellers, select tellers.
- You can allocate all machines from one Remote PC Access machine catalog through one or more Delivery Groups. For example, if one group of users requires certain policy settings and another group requires different settings, assigning the users to different Delivery Groups enables you to filter the HDX policies according to each Delivery Group.
- If your IT infrastructure assigns responsibility for servicing users based on geographic location, department, or some other category, you can group machines and users accordingly to allow for delegated administration. Ensure that each administrator has permissions for both the relevant catalogs and the corresponding Delivery Groups.
- You can create a Remote PC Access deployment and then add traditional Virtual Desktop Infrastructure (VDI) desktops or applications later. You can also add Remote PC Access desktops to an existing VDI deployment.
- Consider whether to enable the Windows Remote Assistance checkbox when you install the VDA on the office PC. This option allows help desk teams using Director to view and interact with a user sessions using Windows Remote Assistance.
- Consider how you will deploy the VDA to each office PC. Citrix recommends using electronic software distribution such as Active Directory scripts and Microsoft System Center Configuration Manager. The installation media contains sample Active Directory scripts.
- Review the security considerations for Remote PC Access deployments.
- Secure Boot for Remote PC Access is currently supported on Windows 10.
- Each office PC must be domain-joined with a wired network connection.
- Connect the keyboard and mouse directly to the PC or laptop, not to the monitor or other components that can be turned off. If you must connect input devices to components such as monitors, they should not be turned off.
- If you are using smart cards, see Smart cards.
- Remote PC Access can be used on most laptop computers. To improve accessibility and deliver the best connection experience, configure the laptop power saving options to those of a desktop PC. For example:
- Disable the hibernate feature.
- Disable the sleep feature.
- Set the close lid action to Do Nothing.
- Set the “press the power button” action to Shut Down.
- Disable video card and network interface card energy-saving features.
- Disable battery saving technologies.
- The following are not supported for Remote PC Access devices:
- Docking and undocking the laptop.
- KVM switches or other components that can disconnect a session.
- Hybrid PCs, including All-in-One and NVIDIA Optimus laptops and PCs.
- Citrix supports Remote PC Access on Surface Pro devices with Windows 10. To improve accessibility and deliver the best connection experience, configure the Surface device in a similar way to a desktop or laptop computer. For example:
- Disable the hibernate or sleep feature
- Use wired network connectivity
- Always have the keyboard attached when initiating or reconnecting a session
- Disable battery saving technologies
- Install the Citrix Workspace app on each client device that remotely accesses the office PC.
- Multiple users with remote access to the same office PC see the same icon in Citrix Workspace app. When any user remotely logs on to the PC, that resource appears as unavailable to other users.
Features managed through the registry
Editing the registry incorrectly can cause serious problems that may require you to reinstall your operating system. Citrix cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. Be sure to back up the registry before you edit it.
Sleep mode (minimum version 7.16)
To allow a RemotePC Access machine to go in to a sleep state, add this registry setting on the VDA, and then restart the machine. After the restart, the operating system power saving settings is respected. The machine goes in to sleep mode after the preconfigured idle timer passes. After the machine wakes up, it reregisters with the Delivery Controller.
- Name: DisableRemotePCSleepPreventer
- Type: DWORD
- Data: 1
By default, a remote user’s session is automatically disconnected when a local user initiates a session on that machine (by pressing CTRL+ATL+DEL). To prevent this automatic action, add the following registry entry on the office PC, and then restart the machine.
To further customize the behavior of this feature under HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\PortICA\RemotePC
- 1 = The remote user always wins if he does not respond to the messaging UI in the specified timeout period.
- 2 = The local user always wins. If this setting is not specified, the remote user will always win by default.
- The number of seconds the user has before the type of mode to enforce is determined. If this setting is not specified, the default value is 30 seconds. The minimum value should be 30 seconds. Restart the machine to apply these changes.
When a user wants to forcibly get the console access: The local user can press Ctrl+Alt+Del twice in a gap of 10 seconds to get local control over a remote session and force a disconnect event.
After the registry change and machine restart, if a local user presses Ctrl+Alt+Del to log on to that PC while it is in use by a remote user, the remote user receives a prompt asking whether to allow or deny the local user’s connection. Allowing the connection will disconnect the remote user’s session.
Wake on LAN
Wake on LAN is not supported with Remote PC Access in Citrix Cloud.
Remote PC Access supports Wake on LAN, which gives users the ability to turn on physical PCs remotely. This feature enables users to keep their office PCs turned off when not in use, saving energy costs. It also enables remote access when a machine has been turned off inadvertently, such as during weather events.
The Remote PC Access Wake on LAN feature is supported on:
- PCs that have the Wake on LAN option enabled in the BIOS. This support includes wake-up proxy and raw magic packets, and is available when using Microsoft System Cemter Configuration Manager (ConfigMgr) 2012, ConfigMgr 2012 R2, and ConfigMgr 2016.
- PCs that support Intel Active Management Technology (AMT). On AMT-capable machines, the Wake on LAN feature also supports the Force-Shutdown and Force-Restart actions in Studio and Director. Additionally, a Restart action is available in StoreFront and Citrix Workspace app. AMT support is available only when using ConfigMgr 2012 or 2012 R2, not ConfigMgr 2016.
Configure ConfigMgr to use the Wake on LAN feature. Then, when you create a Remote PC Access deployment through Studio (or when you add another power management connection to be used for Remote PC Access), enable the power management feature and specify ConfigMgr access information.
Configuration Manager and Remote PC Access Wake on LAN
To configure the Remote PC Access Wake on LAN feature, complete the following before installing a VDA on the office PCs.
- Configure ConfigMgr 2012, 2012 R2, or 2016 within the organization. Then deploy the ConfigMgr client to all Remote PC Access machines, allowing time for the scheduled SCCM inventory cycle to run (or force one manually, if required). The access credentials you specify in Studio to configure the connection to ConfigMgr must include collections in the scope and the Remote Tools Operator role.
- For Intel Active Management Technology (AMT) support:
- The minimum supported version on the PC must be AMT 3.2.1.
- Provision the PC for AMT use with certificates and associated provisioning processes.
- Remember: Only ConfigMgr 2012 and 2012 R2 can be used, not ConfigMgr 2016.
- For ConfigMgr Wake Proxy and/or magic packet support:
- Configure Wake on LAN in each PC’s BIOS settings.
- For Wake Proxy support, enable the option in ConfigMgr. For each subnet in the organization that contains PCs that will use the Remote PC Access Wake on LAN feature, ensure that three or more machines can serve as sentinel machines.
- For magic packet support, configure network routers and firewalls to allow magic packets to be sent, using either a subnet-directed broadcast or unicast.
After you install the VDA on office PCs, enable or disable power management when you create the connection and the machine catalog.
- If you enable power management in the catalog, specify connection details: the ConfigMgr address and access credentials, plus a name.
- If you do not enable power management, you can add a power management (Configuration Manager) connection later and then edit a Remote PC Access machine catalog to enable power management and specify the new power management connection.
You can edit a power management connection to configure advanced settings. You can enable:
- Wake-up proxy delivered by ConfigMgr.
- Wake on LAN (magic) packets. If you enable Wake on LAN packets, you can select a Wake on LAN transmission method: subnet-directed broadcasts or Unicast.
The PC uses AMT power commands (if they are supported), plus any of the enabled advanced settings. If the PC does not use AMT power commands, it uses the advanced settings.
Citrix Cloud deployments: configuration sequence and considerations
On-premises deployments: configuration sequence and considerations
Before you create the Remote PC Access Site:
If you will use the Remote PC Access power management feature (also known as Remote PC Access Wake on LAN), complete the configuration tasks on the PCs and on Microsoft System Center Configuration Manager (ConfigMgr) before creating the Remote PC Access deployment in Studio.
In the Stduio Site creation wizard:
- Select the Remote PC Access Site type.
- On the Power Management page, you can enable or disable power management for the machines in the default Remote PC Access machine catalog. If you enable power management, specify ConfigMgr connection information.
- Complete the information on the Users and Machine Accounts pages.
Creating a Remote PC Access Site creates a default machine catalog named “Remote PC Access Machines” and a default Delivery Group named “Remote PC Access Desktops.”
If you create another machine catalog for use with Remote PC Access:
- On the Operating System page, select Remote PC Access and choose a power management connection. You can also choose not to use power management. If there are no configured power management connections, you can add one after you finish the machine catalog creation wizard (connection type = Microsoft Configuration Manager Wake on LAN). Then, edit the catalog, specifying that new connection.
- On the Machine Accounts page, select from the machine accounts or Organizational Units (OUs) displayed, or add machine accounts and OUs.
Install the VDA on the office PCs used for local and remote access. Typically, you deploy the VDA automatically using your package management software; however, for proof-of-concept or small deployments, you can install the VDA manually on each office PC. There are several ways you can install a desktop VDA for a Remote PC Access deployment.
If you use the full-product or VDAWorkstationSetup.exe installer:
- Graphic interface: Select Remote PC Access on the Environment page of the wizard. The components on the Additional Components page are not selected by default. They are not required for Remote PC Access operation.
- Command-line interface: specify the /remotepc option. This option prevents the installation of additional components. Alternatively, you can use the /exclude option to exclude each of these components. For details, see the command-line option descriptions
If you use the VDAWorkstationCoreSetup.exe installer: Neither Citrix Workspace app nor any additional components can be installed with this installer.
After the VDA is installed, the next domain user that logs on to a console session (locally or through RDP) on the office PC is automatically assigned to the Remote PC Access desktop. If additional domain users log on to a console session, they are also added to the desktop user list, subject to any restrictions you have configured.
To use RDP connections outside of your Citrix Virtual Apps and Desktops environment, you must add users or groups to the Direct Access Users group.
Instruct users to download and install Citrix Workspace app onto each client device they will use to access the office PC remotely. Citrix Workspace app is available from https://www.citrix.com or the application distribution systems for supported mobile devices.
Diagnostic information about Remote PC Access is written to the Windows Application Event log. Informational messages are not throttled. Error messages are throttled by discarding duplicate messages.
- 3300 (informational): Machine added to catalog
- 3301 (informational): Machine added to delivery group
- 3302 (informational): Machine assigned to user
- 3303 (error): Exception
If power management for Remote PC Access is enabled, subnet-directed broadcasts might fail to start machines that are located on a different subnet from the Controller. If you need power management across subnets using subnet-directed broadcasts, and AMT support is not available, try the Wake-up proxy or Unicast method (ensure those settings are enabled in the advanced properties for the power management connection).
Remote PC Access
In this article
- Active Directory considerations
- Machine catalog and Delivery Group considerations
- Deployment considerations
- Features managed through the registry
- Wake on LAN
- Citrix Cloud deployments: configuration sequence and considerations
- On-premises deployments: configuration sequence and considerations