Configure default device access behavior of Citrix Receiver

With the introduction of Citrix Receiver 3.x client, administrators can configure the default behavior for device access when connecting to a Citrix Virtual Apps and Desktops environment. By default, the desktop viewer client device restrictions are based on the Internet region. This behavior can be changed by creating the Client Selective Trust feature registry keys under the HKey_Local_Machine hive in the registry and by modifying the required values. With the default value, one of the following dialog boxes appears when accessing local files, webcams, or microphones:

  • HDX File Access
  • HDX Microphone and Webcam


When setting Client Selective Trust on a Windows 7 machine launching applications using Google Chrome via Citrix Gateway Site, only published desktops launch. Currently Chrome is unable to find the ICA file URL when the Client Selective Trust is enabled. If you use Windows 10 machines and try to launch applications using Google Chrome via Citrix Gateway site, it might also fail. Go into Google Chrome Settings and change the Privacy/Content settings for Plugins to Run All Plugins to resolve this issue. However, this solution does not work for Windows 7 machines. Working scenarios:

  1. Disable Client Selective Trust
  2. Use IE instead with Client Selective Trust enabled

In the ADM template, there is the Create Client Service Trust Key value, which can automatically create all of the required registry keys. Import registry keys first and make changes to registry values. After that apply ADM files and perform changes for ADM files. If you have applied ADM files first and the registry changes, there could be a possibility of continued unresolved issues. Both steps are required and should be applied in the correct order: Step 1. Registry hive, Step 2. ADM file. This procedure is also applicable for Citrix Receiver 4.x.


Using Registry Editor incorrectly can cause serious problems that might require you to reinstall your operating system. Citrix cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. Be sure to back up the registry before you edit it.

To configure default device access behavior of Citrix Receiver, complete the following steps:

  1. Download the appropriate registry settings file and import it to a client device. The attachment contains the file for a 32-bit and a 64-bit operating system.

  2. Open one of the following registry keys on the computer:

    HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Client Selective Trust
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Citrix\ICA Client\Client Selective Trust.


    The key HKEY_CURRENT_USER\SOFTWARE\Citrix\ICA Client\Client Selective Trust has higher priority than HKLM\SOFTWARE\Citrix\ICA Client\Client Selective Trust. The first key is created every time a user changes the preferences of Citrix Receiver. Because this key has the priority, it needs to be deleted at every reboot.

  3. In the appropriate regions, change the default value of any of the following resources according to the list of Access values:

    Resource key Resource description
    FileSecurityPermission Client Drives
    MicrophoneAndWebcamSecurityPermission Microphones and Webcams
    ScannerAndDigitalCameraSecurityPermission USB and Other Devices
    Access values Description
    0 No Access
    1 Read Only Access
    2 Full Access
    3 Prompt User for Access
  4. Export the Client Selective Trust key to a new .reg file.
  5. Import the modified .reg file on each client device. This process can be automated by using a log-on script.

Included in the .zip folder the Group Policy ADM files specifically for x86 or x64 operating systems create the required registry keys on the client machine and add the ability to modify the values. If an Organizational Unit (OU) or group of computers contains multiple architectures, ensure to use a method such as Windows Management Instrumentation (WMI) filtering to apply the appropriate settings.

For clients supporting adml/admx format templates follow:

Additional resources

Configure default device access behavior of Citrix Receiver

In this article