Product Documentation

Local App Access

May 09, 2015

Local App Access seamlessly integrates users' locally installed Windows applications into a hosted desktop environment without changing from one computer to another. With Local App Access, you can:

  • Access applications installed locally on a physical laptop, PC, or other device directly from their virtual desktop.

    Provide a flexible application delivery solution. If users have local applications that you cannot virtualize or that IT does not maintain, those applications still behave as though they are installed on a virtual desktop.

  • Eliminate double-hop latency when applications are hosted separately from the virtual desktop by putting the shortcut to the published application on the user's Windows device.
  • Use applications such as:
    • Video conferencing software such as GoToMeeting.
    • Specialty or niche applications that are not yet virtualized.
    • Applications and peripherals that would otherwise transfer huge amounts of data from a user device to a server and back to the user device, such as DVD burners and TV tuners.

Perform the following procedures to set up Local App Access.

Local App Access requirements

Local App Access is supported on Desktop OS machine, Server OS machine, and Remote PC Access desktops.

To enable Local App Access, the hosting environment must include the following components:
  • XenDesktop 7.x and XenApp 7.5
  • StoreFront
  • Operating systems for hosted desktops:
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • Windows 7 (32-bit and 64-bit)
    • Windows 8 (32-bit and 64-bit)
    • Windows 8.1 (32-bit and 64-bit)
  • Operating systems for client:
    • Windows XP SP3 (32-bit)
    • Windows 7 (32-bit and 64-bit)
    • Windows 8 (32-bit and 64-bit)
    • Windows 8.1 (32-bit and 64-bit)
  • Web Browsers (only the following are supported):
    • Internet Explorer 8, 9, and 10
    • Mozilla Firefox 3.5 through 21.0.
    • Google Chrome 10
  • Citrix Receiver 4.0

Limitations

  • Local App Access is only designed for full-screen, virtual desktops spanning all monitors as follows:
    • User experience could be confusing if Local App Access is used with a virtual desktop that runs in windowed mode or does not cover all monitors.
    • For users with multi-monitors, if one monitor is maximized, it becomes the default desktop for all applications launched in that session, even if the subsequent applications typically launch on the other monitor.
    • The feature is designed for use with one VDA; there is no integration with multiple, concurrent VDAs.
  • Some applications have unexpected behavior, which could impact users:
    • Users might be confused with drive letters, such as local C: rather than virtual desktop C: drive.
    • Printers available in the virtual desktop are not available to local applications.
    • Applications that require elevated permissions cannot be launched as client-hosted applications.
    • No special handling for single-instance apps (such as Windows Media Player).
    • Local applications appear with the Windows theme of the local machine.
    • Full-screen applications are not supported. This includes applications that open to the full screen, such as PowerPoint slide shows, or photo viewers that cover the entire desktop.
    • Local App Access copies the properties of the local application, such as the shortcuts present on client's desktop and the Start menu on the VDA. However, it does not copy other properties, such as shortcut keys and read-only attributes.
    • Applications that do customize the manipulation of the order of overlapping windows can have unpredictable results. For example, some windows might be hidden.
    • Shortcuts are not supported, including My Computer, Recycle Bin, Control Panel, Network Drive shortcuts, and folder shortcuts.
    • The following file types and files are not supported: custom file types, files with no associated programs, zip files, and hidden files.
    • Taskbar grouping is not supported for mixed 32-bit and 64-bit client-hosted applications or VDA applications, such as grouping of 32-bit local applications with 64-bit VDA applications, and vice versa.
    • Applications cannot be launched using COM. For example, if you click an embedded Office document from within an Office application, the process launch cannot be detected, and the local application integration fails.
  • URL Redirection supports only explicit URLs (that is, those appearing in the browser's address bar or found using the in-browser navigation, depending on the specific browser).
  • The URL Redirection feature only works with desktop sessions and currently does not work with application sessions.
  • The local desktop folder in a VDA session does not allow users to create new files.

Provide access to local applications

To access local applications, you must enable the Local App Access feature, which is not enabled by default in the hosting and client environment.

Provide access to all local applications

Enable this feature by following the procedures in To enable Local App Access using policy settings and To enable Local App in Receiver.

After completing these procedures, the Local App Access feature is enabled and all the client's shortcuts appear in the desktop on the VDA.

Provide access to Published Applications

Use this procedure if you want to provide access to only Published Applications.

  1. On the machine running Studio, open the Registry Editor and browse to the following path: HKLM\Software\Wow6432Node\Citrix\DesktopStudio .
  2. Add the following registry entry (of type REG_DWORD): ClientHostedAppsEnabled and add a value of 1 to enable Local App Access. (Using 0 disables Local App Access).
  3. Restart the machine, and then restart Studio to implement the changes.
  4. Publish the Local App Access applications as described in To publish local applications in Studio.
  5. Enable Local App Access in Receiver as described in To enable Local App Access in Receiver.
  6. Set the Allow Local App access policy to Enabled as described in To enable Local App Access using policy settings.

To publish local applications in Studio

  1. In Studio, select the Delivery Groups node in the left pane, then the Applications tab in the main pane. Click Create Client-hosted application in the Actions pane. The Create Client-hosted application wizard appears.
  2. On the Delivery Groups page, select the Delivery Groups to access the local application.
    Note: Local App Access is only available for desktop Delivery Groups. It is not available for application Delivery Groups.
  3. On the Location page, enter the full executable path of the application as present on the user’s local machine in the Program Executable field.
    Note: Make sure that this path is correct. Otherwise, the application is not visible to users.
  4. On the Users page, add the users who access the local application being published.
    Note: Choose either individual users or a group from your Active Directory configuration.
  5. On the Shortcut page, select whether the shortcut to the local application on the virtual desktop is visible on the Start menu, the desktop, or both.
  6. On the Content redirection page, specify the File Type Association (FTA) of the application. By default, all the file types associated with the application can be used by selecting Get the file types from user’s computer at run time or file types can be provided explicitly by choosing Set the file types explicitly and then adding specific extensions.

    For example, by default, Microsoft Word associates the Word-related extensions (such as .doc, .docx, .rtf). Selecting Get the file types from user’s computer at run time specifies FTA as all extensions. However, if you want to limit the file types associated with the application (For example, only .doc), then select Set the files types explicitly to make those specifications

  7. On the Name page, accept the default values.
  8. On the Summary page, review the settings and click Finish.

To enable Local App Access in Receiver

Follow the procedures in Enable Local App Access on client machines running Receiver to complete the Local App Access feature configuration.

To enable Local App Access using policy settings

Use Local App Access policy for delivery groups by setting the policy to Enabled. With this setting, the VDA lets the client decide whether administrator-published apps and Local App Access shortcuts are enabled in the session.

When set to Disabled, both administrator-published apps and Local App Access shortcuts do not work for the VDA.

This policy applies to the entire machine as well as for the URL redirection policy. For more information, see Local App Access policy settings.

Configure the URL Redirection feature

You can optionally use policy settings instead of the Windows Registry to set up the URL Redirection feature by configuring the multi strings lists URL White List and URL Black List policies in Studio. For detailed URL redirection configuration procedures, see Use URL Redirection to launch local applications.

For more information about this using policies, see Local App Access policy settings.

To configure Local App Access behavior on Logoff and Disconnect

You can configure the expected behavior of local applications when a user logs off or disconnects from their virtual desktop.

  1. On the hosted desktop, open the Registry Editor and browse to the path: HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\Client Hosted Apps\Policies\Session State.
  2. Add the registry entry Terminate of type REG_DWORD, and set the value as follows:
    • 1 — Local applications continue to run when a user logs off or disconnects from the virtual desktop.
    • 3 — Local applications close when a user logs off or disconnects from the virtual desktop.
    Note: If the value is set to 1, the local applications are reintegrated from the disconnected session upon reconnect to the virtual desktop if they are still available in the local environment.

Feature interaction with Microsoft Windows versions

Local App Access and Microsoft Windows

Local App Access behaves differently with Microsoft Windows 8 and Windows Server 2012 when compared to Windows 7 and Windows Server 2008 R2. The Local App Access interaction with Windows includes the following behaviors.

  • Windows 8 and Windows Server 2012 short cut behavior
    • Windows store applications installed on the client are not enumerated as part of Local App Access shortcuts.
    • Image and video files are usually opened by default using Windows store applications. However, Local App Access enumerates the Windows store applications and opens shortcuts with desktop applications.
  • Local Programs
    • For Windows 7, the folder is available in the Start menu.
    • For Windows 8, Local Programs is available only when the user chooses All Apps as a category from the Start screen. Not all subfolders are displayed in Local Programs.
  • Windows 8 graphics features for applications
    • Desktop applications are restricted to the desktop area and are covered by the Start screen and Windows 8 style applications.
    • Local App Access applications do not behave like desktop applications in multi-monitor mode. In multi-monitor mode, the Start screen and the desktop display on different monitors.
  • Windows 8 and Local App Access URL Redirection
    • Windows 8 — Because Windows 8 Internet Explorer has no add-ons enabled, use desktop Internet Explorer to enable URL Redirection.
    • Windows Server 2012 — In Windows Server 2012, Internet Explorer disables add-ons by default due to enhanced security configuration. To implement URL Redirection:
      1. Disable Internet Explorer enhanced configuration.
      2. Reset Internet Explorer options and restart to ensure that add-ons are enabled for standard users.

Taskbar and shortcuts

Multiple instances of a locally-running application behave according to the taskbar settings established for the virtual desktop. However, some shortcuts have the following limitations:
  • Shortcuts to locally-running applications are not grouped with running instances of those applications. They are also not grouped with running instances of hosted applications or pinned shortcuts to hosted applications.
  • Users can only close windows of locally-running applications from the Taskbar. Although users can pin local application windows to the desktop Taskbar and Start menu, the applications might not launch consistently when using these shortcuts.

Enable Local App Access on client machines running Receiver

To use Local App Access feature with Citrix Receiver, you must:

  • Install Receiver on the local client machine.
  • Follow these procedures to complete the Local App Access feature configuration:
    • To enable Local App Access during installation
    • To enable the Local App Access template using the Group Policy editor
  • Set the Allow local app access policy setting to Enabled as described in To enable Local App Access in Studio.

To enable Local App Access during installation

  1. Using the Windows command prompt, change to the directory that contains Citrix Receiver obtained from the Citrix.com download page.
  2. Run the Citrix Receiver command to install Citrix Receiver with the Allow_CLIENTHOSTEDAPPSURL flag set as shown in the following examples:

    CitrixReceiver.exe /ALLOW_CLIENTHOSTEDAPPSURL=1

    CitrixReceiverWeb.exe /ALLOW_CLIENTHOSTEDAPPSURL=1

    This enables Local App Access along with URL Redirection and also registers the add-ons required for URL redirection.

To enable the Local App Access template using the Group Policy editor

  1. In the Start menu, open Local Group Policy Editor using gpedit.msc command in the Run field or search for Edit group policy.
  2. Add the icaclient.adm template located in Receiver Configuration folder (Usually located in C:\Program Files (x86)\Citrix\Online Plugin\Configuration) to the Local Group Policy Editor by selecting Computer Configuration.
  3. Right-click Administrative Templates and choose Add/Remove Templates > Add.
  4. Once the icaclient.adm template is successfully added, expand Administrative Templates > Classic Administrative Templates (ADM) > Citrix Components > Citrix Receiver > User experience.
    Note: The icaclient.adm template is also available on the User Configuration once it is added to the Computer Configuration.
  5. Choose Local App Access settings.
  6. Select Enabled and then choose Allow URL Redirection to use the URL redirection feature. For URL redirection, separately register browser add-ons using the command line.

To enable Local App Access in Studio

When you enable the Local App Access setting, the VDA lets the client decide whether administrator-published or Local App Access shortcuts are enabled in the session. This policy (as well as for the URL redirection policy) applies to the entire machine. For more information, see Local App Access policy settings.

  1. In Studio, select Policy > Edit Policy.
  2. Select Allow local app access > Select.
  3. Select Allowed > OK.
  4. Click Next and then click Finished.

Use URL Redirection to launch local applications

In XenApp and XenDesktop, hosted desktop sessions use URL redirection to launch Local Access applications. URL redirection makes the application available under more than one URL address. It launches a local browser (based on your browser's URL blacklist) by clicking embedded links within a browser in a desktop session. If you navigate to a URL that is not present in the blacklist, the URL is opened in the desktop session again.

In addition to URL redirection, you can also use File Type Association (FTA) redirection. FTA launches local applications when a file is encountered in the session. If the local app is launched, it must have access to the file to open it. Therefore, you can only open files that reside on network shares or on client drives (using CDM) using local apps.

For example, when opening the file \\client\C:\users\<username>\desktop\hugefile.pdf, if a PDF reader is a local app, then the file opens using that PDF reader. Because the local app can access the file directly, there is no network transfer of the file through ICA to open this file.

Note: These features only work for desktop sessions and do not work for application sessions. The only redirection feature you can use for application sessions is Host-to-client content redirection, which is a type of Server FTA. This FTA redirects certain protocols to the client, such as http, https, rtsp, or mms. For example, if you only open embedded links with http, the links directly open with the client application. There is no URL blacklist or whitelist support.

URL redirection and Local App Access

When Local App Access is enabled for virtual desktops, URLs that are displayed to users as links from locally-running applications, from user-hosted applications, or as shortcuts on the desktop are redirected in one of the following ways:
  • From the user's computer to the hosted desktop
  • From the XenApp or XenDesktop server to the user's computer
  • Rendered in the environment in which they are launched (not redirected)

URL Redirection provides URL matching functionality and based on a predefined list, the URL is selectively launched on the endpoint or the VDA browser. Use URL redirection for end users with a virtual desktop as their primary work spaces.

To specify the redirection path of content from specific Web sites, configure the URL Whitelist and URL Blacklist on the Delivery Agent. These lists consist of multi-string registry keys that specify the policy for URL redirection as described in Local App Access policy settings.

Although all the URLs can be rendered on the VDA itself, there are some exceptions:

  • Geo/Locale information — Web sites that require locale information, such as msn.com or news.google.com (opens a country specific page based on the Geo). For example, if the VDA is provisioned from a data center in the UK and the client is connecting from India, the user expects to see in.msn.com but instead sees uk.msn.com.
  • Multimedia content — Web sites containing rich media content, when rendered on the client device, give the end users a native experience and also save bandwidth even in high latency networks. Although there is Flash redirection feature, this complements by redirecting sites with other media types such as Silverlight. This is in a very secure environment. That is, the URLs that are approved by the administrator are run on the client while the rest of the URLs are redirected to the VDA.

To enable URL redirection during Receiver installation

By default, URL redirection is disabled on user devices when you install Receiver. You can enable it on the command line during installation. To do so, you must:

  • Have Administrator rights
  • As Administrator, install Receiver for All Users on a machine
    Note: When you install as Administrator, the installation location is C:\Program Files\Citrix\ICA Client. Check the installation location to make sure all users can access Receiver.
  • For deployments using the Receiver Standard package, enter:
    CitrixReceiver.exe ALLOW_CLIENTHOSTEDAPPSURL=1

This installs and registers the necessary browser add-ons, and also enables necessary client lockdown settings for enabling LAA, including the URL redirection feature.

To register browser add-ons on devices running Receiver

The URL redirection feature uses add-ons for Internet Explorer, Google Chrome, and Mozilla Firefox browsers. This feature is installed with Receiver 4.0, and you can also register add-ons using the following commands:
  • Internet Explorer
    <Client_Installation_Folder>\redirector.exe /regIE
  • Firefox
    <Client_Installation_Folder>\redirector.exe /regFF
  • Chrome
    <Client_Installation_Folder>\redirector.exe /regChrome
  • All browsers
    <Client_Installation_Folder>\redirector.exe /regAll

For example, to register IE add-ons on Receiver, enter:

C:\Program Files\Citrix\ICA Client\redirector.exe/regIE
To unregister add-ons
  • Internet Explorer
    <Client_Installation_Folder>\redirector.exe /unregIE
  • Firefox
    <Client_Installation_Folder>\redirector.exe /unregFF
  • Chrome
    <Client_Installation_Folder>\redirector.exe /unregChrome
  • All browsers
    <Client_Installation_Folder>\redirector.exe /unregAll

To register browser add-ons on hosted desktops

Register Add-ons on hosted desktops using the following commands.
  • Internet Explorer
    <VDA_Installation_Folder>\VDARedirector.exe /regIE
  • Firefox
    <VDA_Installation_Folder>\VDARedirector.exe  /regFF
  • Chrome
    <VDA_Installation_Folder>\VDARedirector.exe /regChrome
  • All browsers
    <VDA_Installation_Folder>\VDARedirector.exe /regAll

Examples

Register IE add-ons on Desktop OS VDA (Windows 7 or Windows 8):

C:\Program Files\Citrix\ICAService\VDARedirector.exe /regIE

Register IE add-ons on a Server OS VDA (Windows Server 2008 R2 or Windows Server 2012):

 C:\Program Files (x86)\Citrix\System32\VDARedirector.exe/regIE
To unregister Add-ons on hosted desktops
  • Internet Explorer
    <VDA_Installation_Folder>\VDARedirector.exe /unregIE
  • Firefox
    <VDA_Installation_Folder>\VDARedirector.exe  /unregFF
  • Chrome
    <VDA_Installation_Folder>\VDARedirector.exe /unregChrome
  • All browsers
    <VDA_Installation_Folder>\VDARedirector.exe /unregAll

URL interception across browsers

Description Configuration

By default, Internet Explorer redirects the URL entered. If the URL is not in the blacklist but is redirected to another URL by browser or website, the final URL is not redirected even if it is present in the blacklist.

For URL redirection to work correctly, enable the add-on when prompted by the browser. If the add-ons using internet options or the add-ons in the prompt are disabled, URL redirection does not work correctly.

Firefox add-ons always redirect the URLs.

When an add-on is installed by a user or with an installer, Firefox prompts you to allow/stop the add-on installation in new tab page. You must allow the add-on for the feature to work.

Chrome add-on always redirects the final URL that is navigated and not entered URLs.

The extensions have been installed externally. If you disable the extension, the URL redirection feature does not work in Chrome. If the URL redirection is required in Incognito mode, allow the extension to run in InCongnito mode by selecting this option.