Product Documentation

Configure anonymous sessions

May 22, 2017

Use the information in this article to configure an anonymous session. No special settings are required when installing the Linux VDA to use this feature.    


When configuring anonymous sessions, consider that session prelaunch is not supported. This functionality is also not supported on Citrix Receiver for Android.

Create an unauthenticated Store

You must create an unauthenticated Store using StoreFront to support an anonymous session on the Linux VDA. Follow the instructions for creating an unauthenticated Store based on the version of StoreFront:

Enable unauthenticated users in a Delivery Group

After creating an unauthenticated Store, enable unauthenticated users in a Delivery Group to support an anonymous session. To enable unauthenticated users in a Delivery Group, follow the directions based on the version of XenDesktop:


Unauthenticated users are supported beginning with XenApp and XenDesktop 7.6.

Set the anonymous session idle time

An anonymous session has a default idle time-out of 10 minutes. This value is configured through the registry setting AnonymousUserIdleTime. Use the ctxreg tool to change this value. For example, to set this registry setting to 5 minutes:

Command Copy

sudo /opt/Citrix/VDA/bin/ctxreg update -k  "HKLM\System\CurrentControlSet\Control\Citrix"  -v AnonymousUserIdleTime  -d 0x00000005

Set the maximum number of anonymous users

To set the maximum number of anonymous users, use the registry key MaxAnonymousUserNumber. This setting limits the number of anonymous sessions running on a single Linux VDA simultaneously. Use the ctxreg tool to configure this registry setting. For example, to set the value to 32:

Command Copy

sudo /opt/Citrix/VDA/bin/ctxreg update -k  "HKLM\System\CurrentControlSet\Control\Citrix"  -v MaxAnonymousUserNumber  -d  0x00000020


It is essential that you limit the number of anonymous sessions. Too many sessions being launched simultaneously can create problems on the VDA, including running out of available memory.


Consider the following when configuring anonymous sessions:

  • Failed to log on to an anonymous session.

Verify that the registry was updated to include the following (set to 0):

Command Copy

sudo /opt/Citrix/VDA/bin/ctxreg read –k "HKLM\System\CurrentControlSet\Control\Citrix" –v MaxAnonymousUserNumber

Verify that the ncsd service is running and configured to enable passwd cache:

Command Copy

ps  uax | grep nscd

cat /etc/nscd.conf | grep 'passwd' | grep 'enable-cache'

Set the passwd cache variable to no if it is enabled, then restart the ncsd service. You might need to reinstall the Linux VDA after changing this configuration.

  • The lock screen button is displayed in an anonymous session with KDE

The lock screen button and menu are disabled by default in an anonymous session. However, they can still be displayed in KDE.  In KDE, to disable the lock screen button and menu for a particular user, you need to add the following lines to the configuration file $Home/.kde/share/config/kdeglobals. For example:

[KDE Action Restrictions]

However, if the KDE Action Restrictions parameter is configured as immutable in a global wide kdeglobals file such as /usr/share/kde-settings/kde-profile/default/share/config/kdeglobals, the user configuration has no effect.

To resolve this issue, try to modify the system-wide kdeglobals file to remove the [$i] tag at the [KDE Action Restrictions] section or directly use the system-wide configuration to disable the lock screen button and menu. For details about the KDE configuration, see the KDE System Administration/Kiosk/Keys page.