XenApp and XenDesktop

Local App Access and URL redirection


Local App Access seamlessly integrates locally installed Windows applications into a hosted desktop environment without changing from one computer to another. With Local App Access, you can:

  • Access applications installed locally on a physical laptop, PC, or other device directly from the virtual desktop.
  • Provide a flexible application delivery solution. If users have local applications that you cannot virtualize or that IT does not maintain, those applications still behave as though they are installed on a virtual desktop.
  • Eliminate double-hop latency when applications are hosted separately from the virtual desktop, by putting a shortcut to the published application on the user’s Windows device.
  • Use applications such as:
    • Video conferencing software such as GoToMeeting.
    • Specialty or niche applications that are not yet virtualized.
    • Applications and peripherals that would otherwise transfer large amounts of data from a user device to a server and back to the user device, such as DVD burners and TV tuners.

In XenApp and XenDesktop, hosted desktop sessions use URL redirection to launch Local App Access applications. URL redirection makes the application available under more than one URL address. It launches a local browser (based on the browser’s URL blacklist) by selecting embedded links within a browser in a desktop session. If you navigate to a URL that is not present in the blacklist, the URL is opened in the desktop session again.

URL redirection works only for desktop sessions, not application sessions. The only redirection feature you can use for application sessions is host-to-client content redirection, which is a type of server FTA (File Type Association) redirection. This FTA redirects certain protocols to the client, such as http, https, rtsp, or mms. For example, if you only open embedded links with http, the links directly open with the client application. There is no URL blacklist or whitelist support.

When Local App Access is enabled, URLs that are displayed to users as links from locally-running applications, from user-hosted applications, or as shortcuts on the desktop are redirected in one of the following ways:

  • From the user’s computer to the hosted desktop
  • From the XenApp or XenDesktop server to the user’s computer
  • Rendered in the environment in which they are launched (not redirected)

To specify the redirection path of content from specific Web sites, configure the URL whitelist and URL blacklist on the Virtual Delivery Agent. Those lists contain multi-string registry keys that specify the URL redirection policy settings; for more information, see the Local App Access policy settings.

URLs can be rendered on the VDA with the following exceptions:

  • Geo/Locale information — Web sites that require locale information, such as msn.com or news.google.com (opens a country specific page based on the Geo). For example, if the VDA is provisioned from a data center in the UK and the client is connecting from India, the user expects to see in.msn.com but instead sees uk.msn.com.
  • Multimedia content — Web sites containing rich media content, when rendered on the client device, give the end users a native experience and also save bandwidth even in high latency networks. Although there is Flash redirection feature, this complements by redirecting sites with other media types such as Silverlight. This is in a very secure environment. That is, the URLs that are approved by the administrator are run on the client while the rest of the URLs are redirected to the VDA.

In addition to URL redirection, you can use FTA redirection. FTA launches local applications when a file is encountered in the session. If the local app is launched, the local app must have access to the file to open it. Therefore, you can only open files that reside on network shares or on client drives (using client drive mapping) using local applications. For example, when opening a PDF file, if a PDF reader is a local app, then the file opens using that PDF reader. Because the local app can access the file directly, there is no network transfer of the file through ICA to open the file.

Requirements, considerations, and limitations

Local App Access is supported on the valid operating systems for VDAs for Windows Server OS and VDAs for Windows Desktop OS, and requires Citrix Receiver for Windows version 4.1 (minimum). The following browsers are supported:

  • Internet Explorer 11. You can use Internet Explorer 8, 9, or 10, but Microsoft supports (and Citrix recommends using) version 11.
  • Firefox 3.5 through 21.0
  • Chrome 10

Review the following considerations and limitations when using Local App Access and URL redirection.

  • Local App Access is designed for full-screen, virtual desktops spanning all monitors:
    • The user experience can be confusing if Local App Access is used with a virtual desktop that runs in windowed mode or does not cover all monitors.
    • For multiple monitors, when one monitor is maximized it becomes the default desktop for all applications launched in that session, even if subsequent applications typically launch on another monitor.
    • The feature supports one VDA; there is no integration with multiple concurrent VDAs.
  • Some applications can behave unexpectedly, affecting users:
    • Users might be confused with drive letters, such as local C: rather than virtual desktop C: drive.
    • Available printers in the virtual desktop are not available to local applications.
    • Applications that require elevated permissions cannot be launched as client-hosted applications.
    • There is no special handling for single-instance applications (such as Windows Media Player).
    • Local applications appear with the Windows theme of the local machine.
    • Full-screen applications are not supported. This includes applications that open to full screen, such as PowerPoint slide shows or photo viewers that cover the entire desktop.
    • Local App Access copies the properties of the local application (such as the shortcuts on the client’s desktop and Start menu) on the VDA; however, it does not copy other properties such as shortcut keys and read-only attributes.
    • Applications that customize how overlapping window order is handled can have unpredictable results. For example, some windows might be hidden.
    • Shortcuts are not supported, including My Computer, Recycle Bin, Control Panel, Network Drive shortcuts, and folder shortcuts.
    • The following file types and files are not supported: custom file types, files with no associated programs, zip files, and hidden files.
    • Taskbar grouping is not supported for mixed 32-bit and 64-bit client-hosted or VDA applications, such as grouping 32-bit local applications with 64-bit VDA applications.
    • Applications cannot be launched using COM. For example, if you click an embedded Office document from within an Office application, the process launch cannot be detected, and the local application integration fails.
  • Double-hop scenarios, where a user is starting a virtual desktop from within another virtual desktop session, are not supported.
  • URL redirection supports only explicit URLs (that is, those appearing in the browser’s address bar or found using the in-browser navigation, depending on the browser).
  • URL redirection works only with desktop sessions, not with application sessions.
  • The local desktop folder in a VDA session does not allow users to create new files.
  • Multiple instances of a locally-running application behave according to the taskbar settings established for the virtual desktop. However, shortcuts to locally-running applications are not grouped with running instances of those applications. They are also not grouped with running instances of hosted applications or pinned shortcuts to hosted applications. Users can close only windows of locally-running applications from the Taskbar. Although users can pin local application windows to the desktop Taskbar and Start menu, the applications might not launch consistently when using these shortcuts.

Interaction with Windows

The Local App Access interaction with Windows includes the following behaviors.

  • Windows 8 and Windows Server 2012 shortcut behavior
    • Windows Store applications installed on the client are not enumerated as part of Local App Access shortcuts.
    • Image and video files are usually opened by default using Windows store applications. However, Local App Access enumerates the Windows store applications and opens shortcuts with desktop applications.
  • Local Programs
    • For Windows 7, the folder is available in the Start menu.
    • For Windows 8, Local Programs is available only when the user chooses All Apps as a category from the Start screen. Not all subfolders are displayed in Local Programs.
  • Windows 8 graphics features for applications
    • Desktop applications are restricted to the desktop area and are covered by the Start screen and Windows 8 style applications.
    • Local App Access applications do not behave like desktop applications in multi-monitor mode. In multi-monitor mode, the Start screen and the desktop display on different monitors.
  • Windows 8 and Local App Access URL Redirection
    • Because Windows 8 Internet Explorer has no add-ons enabled, use desktop Internet Explorer to enable URL redirection.
    • In Windows Server 2012, Internet Explorer disables add-ons by default. To implement URL Redirection, disable Internet Explorer enhanced configuration. Then reset the Internet Explorer options and restart to ensure that add-ons are enabled for standard users.

Configure Local App Access and URL redirection

To use Local App Access and URL redirection with Citrix Receiver:

  • Install Citrix Receiver on the local client machine. You can enable both features during Citrix Receiver installation or you can enable Local App Access template using the Group Policy editor.
  • Set the Allow local app access policy setting to Enabled. You can also configure URL whitelist and blacklist policy settings for URL redirection. For more information, see the Local App Access policy settings.

Enable Local App Access and URL redirection during Citrix Receiver installation

To enable Local App Access and URL redirection for all local applications:

  1. Set the Allow local app access policy setting to Enabled. When this setting is enabled, the VDA allows the client to decide whether administrator-published applications and Local App Access shortcuts are enabled in the session. (When this setting is disabled, both administrator-published applications and Local App Access shortcuts do not work for the VDA.) This policy setting applies to the entire machine, as well as the URL redirection policy.

  2. Enable Local App Access and URL redirection when you install Citrix Receiver for all users on a machine. This action also registers the browser add-ons required for URL redirection. From the command prompt, run the appropriate command to install the Receiver with the following option:


    CitrixReceiverWeb.exe /ALLOW_CLIENTHOSTEDAPPSURL=1

Enable the Local App Access template using the Group Policy editor

  1. Run gpedit.msc.
  2. Select Computer Configuration. Right-click Administrative Templates and select Add/Remote Templates > Add.
  3. Add the icaclient.adm template located in the Citrix Receiver Configuration folder (usually in c:\Program Files (x86)\Citrix\Online Plugin\Configuration). (After the icaclient.adm template is added to Computer Configuration, it is also available in User Configuration.)
  4. Expand Administrative Templates > Classic Administrative Templates (ADM) > Citrix Components > Citrix Receiver > User Experience.
  5. Select Local App Access settings.
  6. Select Enabled and then select Allow URL Redirection. For URL redirection, register browser add-ons using the command line, as described below.

Provide access to only published applications

To provide access to only published applications:

  1. On the server where the Delivery Controller is installed, run regedit.exe.
    1. Navigate to HKLM\Software\Wow6432Node\Citrix\DesktopStudio.
    2. Add the REG_DWORD entry ClientHostedAppsEnabled with a value of 1. (A 0 value disables Local App Access.)
  2. Restart the Delivery Controller server and then restart Studio.
  3. Publish Local App Access applications.
    1. Select Delivery Groups in the Studio navigation pane and then select the Applications tab.
    2. Select Create Local Access Application in the Actions pane.
    3. Select the desktop Delivery Group.
    4. Enter the full executable path of the application on the user’s local machine.
    5. Indicate if the shortcut to the local application on the virtual desktop will be visible on the Start menu, the desktop, or both.
    6. Accept the default values on the Name page and then review the settings.
  4. Enable Local App Access and URL redirection when you install Citrix Receiver for all users on a machine. This action also registers the browser add-ons required for URL redirection. From the command prompt, run the command to install Citrix Receiver with the following option: CitrixReceiver.exe /ALLOW_CLIENTHOSTEDAPPSURL=1 CitrixReceiverWeb.exe /ALLOW_CLIENTHOSTEDAPPSURL=1
  5. Set the Allow local app access policy setting to Enabled. When this setting is enabled, the VDA allows the client to decide whether administrator-published applications and Local App Access shortcuts are enabled in the session. (When this setting is disabled, both administrator-published applications and Local App Access shortcuts do not work for the VDA.)

Register browser add-ons


The browser add-ons required for URL redirection are registered automatically when you install Citrix Receiver from the command line with the /ALLOW_CLIENTHOSTEDAPPSURL=1 option.

You can use the following commands to register and unregister one or all add-ons:

  • To register add-ons on a client device: <client-installation-folder>\redirector.exe /reg<browser>
  • To unregister add-ons on a client device: <client-installation-folder>\redirector.exe /unreg<browser>
  • To register add-ons on a VDA: <VDAinstallation-folder>\VDARedirector.exe /reg<browser>
  • To unregister add-ons on a VDA: <VDAinstallation-folder>\VDARedirector.exe /unreg<browser>

where <browser> is IE, FF, Chrome, or All.

For example, the following command registers Internet Explorer add-ons on a device running Citrix Receiver.

C:\Program Files\Citrix\ICA Client\redirector.exe/regIE

The following command registers all add-ons on a Windows Server OS VDA.

C:\Program Files (x86)\Citrix\System32\VDARedirector.exe /regAll

URL interception across browsers

  • By default, Internet Explorer redirects the URL entered. If the URL is not in the blacklist but is redirected to another URL by the browser or website, the final URL is not redirected, even if it is on the blacklist.

    For URL redirection to work correctly, enable the add-on when prompted by the browser. If the add-ons that are using Internet options or the add-ons in the prompt are disabled, URL redirection does not work correctly.

  • The Firefox add-ons always redirect the URLs.

    When an add-on is installed, Firefox prompts to allow/prevent installing the add-on on a new tab page. You must allow the add-on for the feature to work.

  • The Chrome add-on always redirects the final URL that is navigated, and not the entered URLs.

    The extensions have been installed externally. If you disable the extension, the URL redirection feature does not work in Chrome. If the URL redirection is required in Incognito mode, allow the extension to run in that mode in the browser settings.

Configure local application behavior on logoff and disconnect

  1. On the hosted desktop, run regedit.msc.
  2. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\Client Hosted Apps\Policies\Session State. For a 64-bit system, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Citrix\Client Hosted Apps\Policies\Session State.
  3. Add the REG_DWORD entry Terminate with one of the values:
    • 1 - Local applications continue to run when a user logs off or disconnects from the virtual desktop. Upon reconnection, local applications are reintegrated if they are available in the virtual desktop.
    • 3 - Local applications close when a user logs off or disconnects from the virtual desktop.