Product documentation
Citrix Workspace app for Windows
Current Release 2402 LTSR 2203.1 LTSR 1912 LTSR
View PDF

Citrix Workspace app Desktop Lock

November 12, 2024
Contributed by: 
C S S

Overview

The Citrix Workspace app Desktop Lock, also known as direct boot to VDI, simplifies access to virtual desktops. This feature allows admins to configure local desktops so that users can directly access their virtual desktops without access to local resources or applications on the endpoint device.

Direct boot to VDI or Desktop Lock is ideal where data protection, compliance, and simplicity are top priorities for organizations. This solution locks users out of the endpoint operating system, keeping your data secure and reducing risk. It is ideal for the kiosk mode and frontline use cases.

Key features

  • Direct Virtual Desktop access: Users land directly in their virtual desktop after logging into the local desktop.
  • Single sign-on (SSO) integration: When single sign-on is enabled, users experience a seamless login process without needing to enter credentials multiple times. This integration is supported only with domain-joined endpoints.
  • Non-domain-joined machine support: While primarily intended for domain-joined environments, Desktop Lock also supports user authentication on non-domain-joined machines. However, manual authentication is required in this scenario.
  • Flexibility: Desktop Lock supports both shared and dedicated local desktops, catering to various use cases like kiosks and frontline users.

Prerequisites

  • Domain-joined endpoints: For optimal functionality, domain-joined endpoints are recommended.
  • Citrix Workspace app prerequisites: All other system requirements are identical to that of the Citrix Workspace app. For more information, see the System requirements documentation.
  • Store configuration: Before installing Desktop Lock, you must ensure that the store is configured.
  • /includeSSON flag: Install the Citrix Workspace app for Windows with the /includeSSON flag.

Installation

  1. Install Citrix Workspace app: Install the Citrix Workspace app for Windows with the /includeSSON flag.

    Note:

    The /includeSSON flag must be used during installation. However, the Desktop Lock feature offers flexibility in authentication methods. Single sign-on is not required.

  2. Configure Store: Before installing Desktop Lock, configure the store. Use the ADM/ADMX file or command-line options to configure the store and single sign-on. For more information, see Install.

    Command line installation example:

     CitrixWorkspaceApp.exe /includeSSON STORE0="DesktopStore;https://my.storefront.server/Citrix/MyStore/discovery;on;Desktop Store"
 <!--NeedCopy-->

  3. Install Desktop Lock: Install the Citrix Workspace app Desktop Lock as an administrator using the CitrixWorkspaceDesktopLock.msi file, available on the Citrix Downloads page.

Silent Installation:

 ```
 msiexec /i CitrixWorkspaceDesktopLock.msi /qn
 <!--NeedCopy--> ```

Important considerations

  • Automatic desktop selection: When using Citrix Workspace app for Windows with Desktop Lock, a user is signed in to the first desktop that is alphabetically sorted with the name of all the desktops assigned to the user. Currently, there is no option to selectively choose which desktop the user must sign in.
  • Desktop-only support: This feature currently supports only desktops, not applications.
  • Installation: Starting from version 2405, the CitrixWorkspaceDesktopLock.msi file requires installation with elevated administrator privileges. Prior to version 2405, the administrator could install the Desktop Lock feature with elevated administrator privileges.
  • User profiles: A local user profile is created on the device upon login. Profile retention depends on your Profile Management settings.
  • Session disconnection: Disconnecting the Desktop Lock session logs the user out of the device.
  • Local device Task Manager: Access to the local device’s Task Manager is restricted.
  • Streamlined Desktop Viewer: The Desktop Viewer is optimized for Desktop Lock. It does not include Home, Restore, Maximize, and Display properties.

How Citrix Workspace app Desktop Lock works

Process overview

  1. Administrator Installation: An administrator installs the Citrix Workspace app Desktop Lock on the local device. For more information, see the Installation section.
  2. User Login: When a non-administrator user logs in, Desktop Lock automatically launches the virtual desktop session.
  3. Admin Login: Administrators have access to the local endpoint OS and resources, enabling them to troubleshoot.

Authentication

Citrix Workspace app Desktop Lock supports these authentication methods:

Shared devices

In a shared device scenario, multiple users can use the same local machine. Upon logging in with their designated authentication method to the local machine, users directly access the virtual desktop. Once signed out of the virtual desktop, the local device is immediately available for the next user. This setup is beneficial for organizations with shift workers or shared desktop environments.

Dedicated devices

In a dedicated device setup, a single user is assigned to the local machine. The virtual desktop opens directly upon login to the local machine using the assigned authentication credentials.

Additional supported features

  • HDX and Multimedia: All HDX and multimedia features are supported. For more information, see HDX and multimedia.
  • Local App Access: Local App Access is supported but requires careful configuration to prevent unauthorized access to the local desktop. For more information, see the Configure Local App Access and URL redirection section in the Citrix Virtual Apps and Desktops documentation.

Passing Windows shortcut keys to the remote session

Most Windows shortcut keys function within the remote session, except for Windows+L. Frequently used examples include:

  • Win+D: Minimize all open windows.
  • Alt+Tab: Switch between active windows.
  • Ctrl+Alt+Delete: Accessible via Ctrl+F1 or the Desktop Viewer toolbar.
  • Alt+Shift+Tab: Navigate backward through active windows.
  • Windows+Tab: Open the Task view.
  • Windows+Shift+Tab: Navigate backward through the Task view.
  • Windows+All Character Keys: Various shortcuts based on the specific character key.

Uninstalling Desktop Lock

From Control Panel

To remove Desktop Lock:

  1. Log on using a local administrator account.
  2. Use the Windows Add or remove programs feature to uninstall Citrix Workspace app Desktop Lock.

Using Command

An administrator can uninstall Desktop Lock using the following command in a managed device:

msiexec /x [path to the MSI]
<!--NeedCopy-->
Citrix Workspace app Desktop Lock
November 12, 2024
Contributed by: 
C S S
November 12, 2024
Contributed by: 
C S S

In this article

Site feedback | Your privacy choices footer linkYour Privacy Choices | Privacy and legal terms | Cookie preferences | Consent settings | docs.cloud.com
© 1999- Cloud Software Group, Inc. All rights reserved.