Product Documentation

User Configuration Settings for Hot Desktop

May 11, 2015

You can control the Hot Desktop user experience through the following user configuration settings.

Caution: Some procedures require you to edit the registry. Using Registry Editor incorrectly can cause serious problems that might require you to reinstall your operating system. Citrix cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. Always back up a copy of your system registry before continuing.

Session settings script path

Locate Hot Desktop settings in a user configuration:

  • When you create a new user configuration, these settings are available from the Advanced Settings of the Configure Plug-in Interaction dialog box.
  • When you modify an existing user configuration, these settings are available from the Hot Desktop panel of the Edit User Configuration dialog box.

    For setting details, see the HotDesktop topic under Single Sign-on Settings Reference > User Configurations.

To configure the session settings script path

  1. In the Hot Desktop page of the Edit User Configuration dialog box, in the Session settings script path text field, type the location of the session.xml file. The location can be a network shared folder. For example, if you place your session.xml file on a network share such as \\Citrix\MPM\Share\, type that path here.
  2. Restart the Hot Desktop workstation after you save the user configuration and install the session.xml file.

Interaction with Automatic Key Recovery

If your Single Sign-on environment combines the automatic key recovery feature with Hot Desktop, password changes performed by the administrator are not communicated to the plug-in software of affected users with active Hot Desktop sessions. If those users lock and then attempt to unlock their active sessions, they might be prompted unexpectedly to provide their previous passwords. Users should close the previous password dialog box, then terminate and restart the Hot Desktop session by logging off to continue using the plug-in software.

Hot Desktop Screen Saver

To make it easier for users to identify which workstations are running Hot Desktop, a custom screen saver is included in a Hot Desktop installation. The screen saver does not launch until the workstation is idle for 10 minutes.

Note: A locked session is considered active. The screen saver does not launch until 10 minutes of idle time passes and after all users are logged off from the workstation.

To install Hot Desktop

Hot Desktop can be installed on with a new or existing installation of Single Sign-on Plug-in.

  1. Log on to the user device as a local administrator.
  2. From the Control Panel, select Add or Remove Programs.
  3. Select Single Sign-on Plug-in and click Change.
  4. Select Modify and click Next.
  5. Select Hot Desktop and click Next.
  6. Click Yes to the confirmation message to disable Terminal Services and Remote Desktop.
  7. Specify the location of the central store and click Next.
  8. Specify the service server address and click Next.
  9. Type the user credentials for the Hot Desktop shared account and click Next. Specify the domain name to which the workstation belongs using the domain’s NetBIOS name, not the fully qualified domain name (FQDN).
  10. Click Install. Access the installation media so that the install process can find Single Sign-on Plug-in .msi file

After you finish the installation, restart the user device.

To uninstall Hot Desktop

If you need to remove the Hot Desktop feature from a workstation, you might also need to perform these procedures after uninstalling the Hot Desktop feature:

  • Restore Terminal Services after Uninstalling Hot Desktop
  • Enable Multiple Sessions after Uninstalling Hot Desktop
  1. To log on to the shared workstation or client device to perform administrator tasks, hold down the SHIFT key during the Windows startup process.

    This prevents the Hot Desktop shared account from logging on and starting the Hot Desktop environment. For more information about bypassing the Windows autologon process, visit the Microsoft Web site.

    Log on as the administrator.

  2. Open the Control Panel and select Add or Remove Programs.
  3. Select Single Sign-on Plug-in.
  4. Click Change to remove the Hot Desktop feature only.
  5. On the Application Maintenance page, select Modify.
  6. On the Feature Selection page, select Hot Desktop and make the feature unavailable.
  7. Follow the prompts to select your central store type and to confirm the plug-in software changes.
  8. Restart the workstation.
Hot Desktop is not removed completely until the workstation is restarted.
Important: When uninstalling software that may have disrupted the GINA chain, it is important to uninstall the software in the reverse order in which it was installed on the client device. Failure to uninstall in the reverse order in which GINA-altering software was installed can leave the computer in an invalid state. Do not edit the registry.

To enable terminal services after you uninstall Hot Desktop

The Hot Desktop installation process disables Terminal Services. Perform the following steps to enable Terminal Services.

  1. Log on to the workstation as an administrator.
  2. Click Start > Run and type regedit.
  3. Change the value of the registry key to 1 as follows: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server]TSEnabled=dword:00000001

To enable multiple sessions

During a Hot Desktop installation, the installer resets this registry key value to zero. Perform the following procedure to enable multiple sessions.

  1. Log on to the workstation as an administrator.
  2. Click Start > Run and type regedit.
  3. Change the value of the registry key to 1 as follows: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Current Version\Winlogon] AllowMultipleSessions =dword:00000001

To view Hot Desktop profiles

In a Hot Desktop environment, the shell (explorer.exe) runs as the Hot Desktop shared account. Consequently, the shell does not have the access rights to navigate to the Hot Desktop User profile folder.

  1. In the process.xml file, under <shellexecute_processes> section, include Internet Explorer (iexplore.exe) so that it runs as the Hot Desktop User.
  2. Log on as the Hot Desktop User and launch Internet Explorer.
  3. To view the profiles, in the address bar, type the full path to the Hot Desktop User profile directory. For example: C:\Documents and Settings\All Users\Application Data\Citrix\MetaFrame Password Manager

To disable AutoAdminLogon Support

Some third-party authenticators might not work if the AutoAdminLogon feature is enabled. Some third-party applications disable or remove the AutoAdminLogon value during installation. If this is the case, you must disable Hot Desktop AutoAdminLogon.

  1. Restart the shared workstation or user device while holding down the SHIFT key during the Windows start process. This prevents the Hot Desktop shared account from logging on and starting the Hot Desktop environment. For more information about bypassing the Windows autologon process, visit the Microsoft Web site.
  2. Log on as an administrator.
  3. Edit the registry and set the following values under HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\MetaFrame Password Manager\HotDesktop
    Value Name Type Value
    AutoAdminLogon REG_SZ 0 to disable
  4. After the value is set, restart the workstation and log on manually using the shared account. The Hot Desktop logon page appears, allowing users to use the third-party authenticator.

To change the Hot Desktop shared account password

It might become necessary to change the Hot Desktop shared account password. You first entered the account credentials during the plug-in installation. To change the password, perform the following procedure.

  1. Log on to a workstation where Hot Desktop is installed.
    Important: Do not use an administrator account or the Hot Desktop shared account credentials for Step 1.
  2. Press the CTRL+ALT+DELETE key combination. The Windows Security dialog box appears.
  3. Click Change Password.
  4. Type or select the following:
    • Hot Desktop shared account user name
    • Domain name or local computer name
    • Old password
    • New password
  5. Click OK.
  6. From the Windows Security dialog box, click Shutdown, then Restart to restart the computer.

To shut down a Hot Desktop workstation

Because only administrators are allowed to shut down Hot Desktop workstations, the Shut Down option is not available from the Start menu of a Hot Desktop workstation.

To shut down a Hot Desktop workstation for administrative use, press CTRL+ALT+DEL. When the Windows Security dialog box appears, click Shut Down.

Interacting with Other Citrix Products

Single Sign-on supports the use of Citrix plug-ins with Hot Desktop. Use these general guidelines to consider if you plan to use Hot Desktop with these plug-ins and Web Interface:

  • Edit the process.xml file to ensure Citrix Receiver and Citrix Offline Plug-in are transient processes (in case the plug-in is set to be launched by Windows startup program and is running after the first Hot Desktop session starts).
  • If you are using the Security Service Provider Interface, you must run the plug-in as the Hot Desktop User. You may also run the plug-in as the Hot Desktop User if you are concerned about security; the ICA files are stored in the profile.
    • Edit the <shellexecute_processes> section of the process.xml file to ensure Citrix Receiver and Citrix Offline Plug-in run as the Hot Desktop User when launched from the Windows shell
    • Edit the session.xml file to specify a start script or executable to launch Citrix Receiver and Citrix Offline Plug-in when the first Hot Desktop session starts

Citrix Receiver

You can configure Citrix Receiver to use the Security Service Provider Interface. Security Service Provider Interface allows Receiver to authenticate to the XenApp server using the Hot Desktop User credentials. You must ensure that XenApp trusts the Windows security authority used to authenticate the Hot Desktop User. For more information about configuring the Security Service Provider Interface for Receiver, see the topics for XenApp Administration.

Web Interface

The Hot Desktop plug-in can submit credentials through the Web Interface to a XenApp server. For more information, see Web Interface topics about configuration.