XenApp and XenDesktop

Local App Access and URL redirection

Introduction

Local App Access seamlessly integrates locally installed Windows applications into a hosted desktop environment without changing from one computer to another. With Local App Access, you can:

  • Access applications installed locally on a physical laptop, PC, or other device directly from the virtual desktop.
  • Provide a flexible application delivery solution. If users have local applications that you cannot virtualize or that IT does not maintain, those applications still behave as though they are installed on a virtual desktop.
  • Eliminate double-hop latency when applications are hosted separately from the virtual desktop, by putting a shortcut to the published application on the user’s Windows device.
  • Use applications such as:
    • Video conferencing software such as GoToMeeting.
    • Specialty or niche applications that are not yet virtualized.
    • Applications and peripherals that would otherwise transfer large amounts of data from a user device to a server and back to the user device, such as DVD burners and TV tuners.

In XenApp and XenDesktop, hosted desktop sessions use URL redirection to launch Local App Access applications. URL redirection makes the application available under more than one URL address. It launches a local browser (based on the browser’s URL blacklist) by selecting embedded links within a browser in a desktop session. If you navigate to a URL that is not present in the blacklist, the URL is opened in the desktop session again.

URL redirection works only for desktop sessions, not application sessions. The only redirection feature you can use for application sessions is host-to-client content redirection, which is a type of server FTA (File Type Association) redirection. This FTA redirects certain protocols to the client, such as http, https, rtsp, or mms. For example, if you only open embedded links with http, the links directly open with the client application. There is no URL blacklist or whitelist support.

When Local App Access is enabled, URLs that are displayed to users as links from locally-running applications, from user-hosted applications, or as shortcuts on the desktop are redirected in one of the following ways:

  • From the user’s computer to the hosted desktop
  • From the XenApp or XenDesktop server to the user’s computer
  • Rendered in the environment in which they are launched (not redirected)

To specify the redirection path of content from specific Web sites, configure the URL whitelist and URL blacklist on the Virtual Delivery Agent. Those lists contain multi-string registry keys that specify the URL redirection policy settings; for more information, see the Local App Access policy settings.

URLs can be rendered on the VDA with the following exceptions:

  • Geo/Locale information — Web sites that require locale information, such as msn.com or news.google.com (opens a country specific page based on the Geo). For example, if the VDA is provisioned from a data center in the UK and the client is connecting from India, the user expects to see in.msn.com but instead sees uk.msn.com.
  • Multimedia content — Web sites containing rich media content, when rendered on the client device, give the end users a native experience and also save bandwidth even in high latency networks. Although there is Flash redirection feature, this complements by redirecting sites with other media types such as Silverlight. This is in a very secure environment. That is, the URLs that are approved by the administrator are run on the client while the rest of the URLs are redirected to the VDA.

In addition to URL redirection, you can use FTA redirection. FTA launches local applications when a file is encountered in the session. If the local app is launched, the local app must have access to the file to open it. Therefore, you can only open files that reside on network shares or on client drives (using client drive mapping) using local applications. For example, when opening a PDF file, if a PDF reader is a local app, then the file opens using that PDF reader. Because the local app can access the file directly, there is no network transfer of the file through ICA to open the file.

Requirements, considerations, and limitations

Local App Access is supported on the valid operating systems for VDAs for Windows Server OS and VDAs for Windows Desktop OS, and requires Citrix Receiver for Windows version 4.1 (minimum). The following browsers are supported:

  • Internet Explorer 11. You can use Internet Explorer 8, 9, or 10, but Microsoft supports (and Citrix recommends using) version 11.
  • Firefox 3.5 through 21.0
  • Chrome 10

Review the following considerations and limitations when using Local App Access and URL redirection.

  • Local App Access is designed for full-screen, virtual desktops spanning all monitors:
    • The user experience can be confusing if Local App Access is used with a virtual desktop that runs in windowed mode or does not cover all monitors.
    • For multiple monitors, when one monitor is maximized it becomes the default desktop for all applications launched in that session, even if subsequent applications typically launch on another monitor.
    • The feature supports one VDA; there is no integration with multiple concurrent VDAs.
  • Some applications can behave unexpectedly, affecting users:
    • Users might be confused with drive letters, such as local C: rather than virtual desktop C: drive.
    • Available printers in the virtual desktop are not available to local applications.
    • Applications that require elevated permissions cannot be launched as client-hosted applications.
    • There is no special handling for single-instance applications (such as Windows Media Player).
    • Local applications appear with the Windows theme of the local machine.
    • Full-screen applications are not supported. This includes applications that open to full screen, such as PowerPoint slide shows or photo viewers that cover the entire desktop.
    • Local App Access copies the properties of the local application (such as the shortcuts on the client’s desktop and Start menu) on the VDA; however, it does not copy other properties such as shortcut keys and read-only attributes.
    • Applications that customize how overlapping window order is handled can have unpredictable results. For example, some windows might be hidden.
    • Shortcuts are not supported, including My Computer, Recycle Bin, Control Panel, Network Drive shortcuts, and folder shortcuts.
    • The following file types and files are not supported: custom file types, files with no associated programs, zip files, and hidden files.
    • Taskbar grouping is not supported for mixed 32-bit and 64-bit client-hosted or VDA applications, such as grouping 32-bit local applications with 64-bit VDA applications.
    • Applications cannot be launched using COM. For example, if you click an embedded Office document from within an Office application, the process launch cannot be detected, and the local application integration fails.
  • Double-hop scenarios, where a user is starting a virtual desktop from within another virtual desktop session, are not supported.
  • URL redirection supports only explicit URLs (that is, those appearing in the browser’s address bar or found using the in-browser navigation, depending on the browser).
  • URL redirection works only with desktop sessions, not with application sessions.
  • The local desktop folder in a VDA session does not allow users to create new files.
  • Multiple instances of a locally-running application behave according to the taskbar settings established for the virtual desktop. However, shortcuts to locally-running applications are not grouped with running instances of those applications. They are also not grouped with running instances of hosted applications or pinned shortcuts to hosted applications. Users can close only windows of locally-running applications from the Taskbar. Although users can pin local application windows to the desktop Taskbar and Start menu, the applications might not launch consistently when using these shortcuts.

Interaction with Windows

The Local App Access interaction with Windows includes the following behaviors.

  • Windows 8 and Windows Server 2012 shortcut behavior
    • Windows Store applications installed on the client are not enumerated as part of Local App Access shortcuts.
    • Image and video files are usually opened by default using Windows store applications. However, Local App Access enumerates the Windows store applications and opens shortcuts with desktop applications.
  • Local Programs
    • For Windows 7, the folder is available in the Start menu.
    • For Windows 8, Local Programs is available only when the user chooses All Apps as a category from the Start screen. Not all subfolders are displayed in Local Programs.
  • Windows 8 graphics features for applications
    • Desktop applications are restricted to the desktop area and are covered by the Start screen and Windows 8 style applications.
    • Local App Access applications do not behave like desktop applications in multi-monitor mode. In multi-monitor mode, the Start screen and the desktop display on different monitors.
  • Windows 8 and Local App Access URL Redirection
    • Because Windows 8 Internet Explorer has no add-ons enabled, use desktop Internet Explorer to enable URL redirection.
    • In Windows Server 2012, Internet Explorer disables add-ons by default. To implement URL Redirection, disable Internet Explorer enhanced configuration. Then reset the Internet Explorer options and restart to ensure that add-ons are enabled for standard users.

Configure Local App Access and URL redirection

To use Local App Access and URL redirection with Citrix Workspace app:

  • Install the Citrix Workspace app on the local client machine. You can enable both features during the Citrix Workspace app installation or you can enable Local App Access template using the Group Policy editor.
  • Set the Allow local app access policy setting to Enabled. You can also configure URL allow list and block list policy settings for URL redirection. For more information, see Local App Access policy settings.

Enable Local App Access and URL redirection

To enable Local App Access for all local applications, follow these steps:

  1. Start Citrix Studio.
    • For on-premises deployments, open Citrix Studio from the Start menu.
    • For Cloud service deployments, go to Citrix Cloud > Virtual Apps and Desktops service > Manage tab.
  2. In the Studio navigation pane, click Policies.
  3. In the Actions pane, click Create Policy.
  4. In the Create Policy window, type “Allow Local App Access” in the search box and then click Select.
  5. In the Edit Setting window, select Allowed. By default, the Allow local app access policy is prohibited. When this setting is allowed, the VDA allows the end-user to decide whether published applications and Local App Access shortcuts are enabled in the session. (When this setting is prohibited, both published applications and Local App Access shortcuts do not work for the VDA.) This policy setting applies to the entire machine and the URL redirection policy.
  6. In the Create Policy window, type “URL redirection white list” in the search box and then click Select. The URL redirection allow list specifies URLs to open in the default browser of the remote session.
  7. In the Edit Setting window, click Add to add the URLs and then click OK.
  8. In the Create Policy window, type “URL redirection black list” in the search box and then click Select. The URL redirection block list specifies URLs that are redirected to the default browser running on the endpoint.
  9. In the Edit Setting window, click Add to add the URLs and then click OK.
  10. On the Settings page, click Next.
  11. On the Users and Machines page, assign the policy to the applicable Delivery Groups and then click Next.
  12. On the Summary page, review the settings and then click Finish.

To enable URL redirection for all local applications during Citrix Workspace app installation, follow these steps:

  1. Enable URL redirection when you install the Citrix Workspace app for all users on a machine. Doing so also registers the browser add-ons required for URL redirection.
  2. From the command prompt, run the appropriate command to install the Citrix Workspace app using one of the following options:
    • For CitrixReceiver.exe, use /ALLOW_CLIENTHOSTEDAPPSURL=1.
    • For CitrixReceiverWeb.exe, use /ALLOW_CLIENTHOSTEDAPPSURL=1.

Enable the Local App Access template using the Group Policy editor

Note:

  • Before you enable the Local App Access template using the Group Policy editor, add the receiver.admx/adml template files to the local GPO. For more information, see Configuring the Group Policy Object administrative template.
  • Citrix Workspace app for Windows template files are available in the local GPO in Administrative Templates > Citrix Components > Citrix Workspace folder only when you add the CitrixBase.admx/CitrixBase.adml to the %systemroot%\policyDefinitions folder.

To enable the Local App Access template using the Group Policy editor, follow these steps:

  1. Run gpedit.msc.
  2. Go to Computer Configuration > Administrative Templates > Classic Administrative Templates (ADM) > Citrix Components > Citrix Workspace > User Experience.
  3. Click Local App Access settings.
  4. Select Enabled and then select Allow URL Redirection. For URL redirection, register browser add-ons using the command line described in the Register browser add-ons section further down in this article.

Provide access only to published applications

You can provide access to published applications using one of the following two ways:

Use the Registry Editor.

  1. On the server where Citrix Studio is installed, run regedit.exe.
  2. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Citrix\DesktopStudio.
  3. Add the REG_DWORD entry ClientHostedAppsEnabled and a value of 1. (A 0 value disables Local App Access.)

Use the PowerShell SDK.

  1. Open PowerShell on the machine where the Delivery Controller is running.
  2. Enter the following command: set-configsitemetadata -name "studio_clientHostedAppsEnabled" -value "true".

To have access to Add Local App Access Application in a Cloud service deployment, use the Citrix Virtual Apps and Desktops Remote PowerShell SDK. For more information, see Citrix Virtual Apps and Desktops Remote PowerShell SDK.

  1. Download the installer:

    https://download.apps.cloud.com/CitrixPoshSdk.exe

  2. Run these commands:

    1. asnp citrix.*
    2. Get-XdAuthentication
  3. Enter the following command: set-configsitemetadata -name “studio_clientHostedAppsEnabled” -value “true”.

After you complete the applicable preceding steps, follow these steps to continue.

  1. Open Citrix Studio from the Start menu.
  2. In the Studio navigation pane, click Applications.
  3. In the upper middle pane, right-click the blank area and select Add Local App Access Application from the context menu. You can also click Add Local App Access Application in the Actions pane. To display the Add Local App Access Application option in the Actions pane, click Refresh.
  4. Publish Local App Access application.

    • The Local Application Access wizard launches with an Introduction page, which you can remove from future launches of the wizard.

    • The wizard guides you through the Groups, Location, Identification, Delivery, and Summary pages described below. When you are finished with each page, click Next until you reach the Summary page.

    • On the Groups page, select one or more Delivery Groups where the new applications will be added, and then click Next.

    • On the Location page, type the full executable path of the application on the user’s local machine, and type the path to the folder where the application is located. Citrix recommends that you use the system environment variable path; for example, %ProgramFiles(x86)%\Internet Explorer\iexplore.exe.

    • On the Identification page, accept the default values or type the information that you want and then click Next.

    • On the Delivery page, configure how this application is delivered to users and then click Next. You can specify the icon for the selected application. You can also specify whether the shortcut to the local application on the virtual desktop is visible on the Start menu, the desktop, or both.

    • On the Summary page, review the settings and then click Finish to exit the Local Application Access wizard.

Register browser add-ons

Note:

The browser add-ons required for URL redirection are registered automatically when you install the Citrix Workspace app from the command line using the /ALLOW_CLIENTHOSTEDAPPSURL=1 option.

You can use the following commands to register and unregister one or all add-ons:

  • To register add-ons on a client device: <client-installation-folder>\redirector.exe /reg<browser>
  • To unregister add-ons on a client device: <client-installation-folder>\redirector.exe /unreg<browser>
  • To register add-ons on a VDA: <VDAinstallation-folder>\VDARedirector.exe /reg<browser>
  • To unregister add-ons on a VDA: <VDAinstallation-folder>\VDARedirector.exe /unreg<browser>

Where <browser> is Internet Explorer, Firefox, Chrome, or All.

For example, the following command registers Internet Explorer add-ons on a device running the Citrix Workspace app.

C:\Program Files\Citrix\ICA Client\redirector.exe/regIE

The following command registers all add-ons on a Windows Multi-session OS VDA.

C:\Program Files (x86)\Citrix\System32\VDARedirector.exe /regAll

URL interception across browsers

  • By default, Internet Explorer redirects the specified URL. If the URL is not in the blacklist but the browser or website redirects it to another URL, the final URL is not redirected. It is not redirected even if it is on the block list.

For URL redirection to work correctly, enable the add-on when prompted by the browser. If the add-ons that are using Internet options or the add-ons in the prompt are disabled, URL redirection does not work correctly.

  • The Firefox add-ons always redirect the URLs.

When an add-on is installed, Firefox prompts to allow or prevent installing the add-on on a new tab page. Allow the add-on for the feature to work.

  • The Chrome add-on always redirects the final URL that is navigated, and not the entered URLs.

The extensions have been installed externally. When you disable the extension, the URL redirection feature does not work in Chrome. If the URL redirection is required in Incognito mode, allow the extension to run in that mode in the browser settings.

Configure local application behavior on logoff and disconnect

Note:

If you do not follow these steps to configure the settings, by default, local applications continue to run when a user logs off or disconnects from the virtual desktop. After reconnection, local applications are reintegrated if they are available on the virtual desktop.

  1. On the hosted desktop, run regedit.msc.
  2. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\Client Hosted Apps\Policies\Session State.

    For a 64-bit system, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Citrix\Client Hosted Apps\Policies\Session State.

  3. Add the REG_DWORD entry Terminate and one of the values:
    • 1 - Local applications continue to run when a user logs off or disconnects from the virtual desktop. Upon reconnection, local applications are reintegrated if they are available in the virtual desktop.
    • 3 - Local applications close when a user logs off or disconnects from the virtual desktop.
Local App Access and URL redirection