Remote PC Access
Aug 10, 2016
Remote PC Access allows an end user to log on remotely from virtually anywhere to the physical Windows PC in the office. The Virtual Delivery Agent (VDA) is installed on the office PC; it registers with the Delivery Controller and manages the HDX connection between the PC and the end user client devices. Remote PC Access supports a self-service model; after you set up the whitelist of machines that users are permitted to access, those users can join their office PCs to a Site themselves, without administrator intervention. The Citrix Receiver running on their client device enables access to the applications and data on the office PC from the Remote PC Access desktop session.
A user can have multiple desktops, including more than one physical PC or a combination of physical PCs and virtual desktops.
Note: Sleep mode & Hibernation mode for Remote PC is not supported. Remote PC Access is valid only for XenDesktop licenses; sessions consume licenses in the same way as other XenDesktop sessions.
Active Directory considerations:
- Before configuring the remote PC deployment site, set up your Organizational Units (OUs) and security groups and then create user accounts. Use these accounts to specify users for the Delivery Groups you will use to provide Remote PC Access.
- If you modify Active Directory after a machine has been added to a machine catalog, Remote PC Access does not reevaluate that assignment. You can manually reassign a machine to a different catalog, if needed.
- If you move or delete OUs, those used for Remote PC Access can become out of date. VDAs might no longer be associated with the most appropriate (or any) machine catalog or Delivery Group.
Machine catalog and Delivery Group considerations:
- A machine can be assigned to only one machine catalog and one Delivery Group at a time.
- You can put machines in one or more Remote PC Access machine catalogs.
- When choosing Machine Accounts for a machine catalog, select the lowest applicable OU to avoid potential conflicts with machines in another catalog. For example, in the case of Bank/officers/tellers, select tellers.
- You can allocate all machines from one remote PC machine catalog through one or more Delivery Groups. For example, if one group of users requires certain policy settings and another group requires different settings, assigning the users to different Delivery Groups enables you to filter the HDX policies according to each Delivery Group.
- If your IT infrastructure assigns responsibility for servicing users based on geographic location, department, or some other category, you can group machines and users accordingly to allow for delegated administration. Ensure that each administrator has permissions for both the relevant machine catalogs and the corresponding Delivery Groups.
- For users with office PCs running Windows XP, create a separate machine catalog and Delivery Group for those systems. When choosing machine accounts for that catalog in Studio, select the checkbox indicating that some machines are running Windows XP.
You can create a Remote PC Access deployment and then add traditional Virtual Desktop Infrastructure (VDI) desktops or applications later. You can also add Remote PC Access desktops to an existing VDI deployment.
Consider whether to enable the Windows Remote Assistance feature when you install the VDA on the office PC. This option allows help desk teams using Director to view and interact with a user sessions using Windows Remote Assistance.
Consider how you will deploy the VDA to each office PC. Citrix recommends using electronic software distribution such as Active Directory scripts and Microsoft System Center Configuration Manager. The installation media contains sample Active Directory scripts.
Secure Boot functionality is currently unsupported. Disable Secure Boot if intending to deploy the workstation VDA.
Each office PC must be domain-joined with a wired network connection.
Windows 7 Aero is supported on the office PC, but not required.
Connect the keyboard and mouse directly to the PC or laptop, not to the monitor or other components that can be turned off. (If you must connect input devices to components such as monitors, they should not be turned off. )
If you are using smart cards, see Smart cards.
Remote PC Access can be used on most laptop computers. To improve accessibility and deliver the best connection experience, configure the laptop power saving options to those of a desktop PC. For example:
- Disable the Hibernate feature.
- Disable the Sleep feature.
- Set the close lid action to Do Nothing.
- Set the press the power button action to Shut Down.
- Disable video card energy saving features.
- Disable network interface card energy saving features.
- Disable battery saving technologies.
The following are not supported for Remote PC Access devices:
- Docking and undocking the laptop.
- KVM switches or other components that can disconnect a session.
- Hybrid PCs (including All-in-One and NVIDIA Optimus laptops and PCs) and Surface Pro/Books.
Install Citrix Receiver on each client device that remotely accesses the office PC.
Multiple users with remote access to the same office PC see the same icon in Receiver. When any user remotely logs on to the PC, that resource appears as unavailable to other users.
By default, a remote user’s session is automatically disconnected when a local user initiates a session on that machine (by pressing CTRL+ATL+DEL). To prevent this automatic action, add the following registry entry on the office PC, and then restart the machine.
Caution: Editing the registry incorrectly can cause serious problems that may require you to reinstall your operating system. Citrix cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. Be sure to back up the registry before you edit it.
To further customize the behavior of this feature under HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\PortICA\RemotePC
• RpcaMode (dword)
• RpcaTimeout (dword)
1 - Means that the remote user will always win if he does not respond to the Messaging UI in the specified timeout period.
2 - Means that the Local user will always win. If this setting is not specified, the Remote user will always win by default.
The number of seconds given to the user before we automatically decide which type of mode to enforce. If this setting is not specified, the default value is :30 seconds. The minimum value here should be :30 seconds. The User needs to restart the machine for these changes to take place.
When user wants to forcibly get the console access: The local user can hit Ctr+Alt+Del twice in a gap of :10 seconds to get local control over a remote session and force a disconnect event.
The following XenDesktop features are not supported for Remote PC Access deployments:
- Creating master images and virtual machines
- Delivering hosted applications
- Personal vDisks
- Client folder redirection
Wake on LAN
Remote PC Access supports Wake on LAN, which gives users the ability to turn on physical PCs remotely. This feature enables users to keep their office PCs turned off when not in use, saving energy costs. It also enables remote access when a machine has been turned off inadvertently, such as during weather events.
With XenDesktop 7.6 Feature Pack 3, Citrix released an experimental Wake on LAN SDK. This enables you or a third-party Wake on LAN solution to create a connector without the requirement of System Center 2012 R2. For more information, see Knowledge Center article CTX202272.
The Remote PC Access Wake on LAN feature is supported on both of the following:
- PCs that support Intel Active Management Technology (AMT)
- PCs that have the Wake on LAN option enabled in the BIOS
You must configure Microsoft System Center Configuration Manager (ConfigMgr) 2012 to use the Wake on LAN feature. ConfigMgr provides access to invoke AMT power commands for the PC, plus Wake-up proxy and magic-packet support. Then, when you use Studio to create a Remote PC Access deployment (or when you add another power management connection to be used for Remote PC Access), you enable power management and specify ConfigMgr access information.
- Using AMT power operations is preferred for security and reliability; however, support is also provided for two non-AMT methods: ConfigMgr Wake-up proxy and raw magic packets.
- On AMT-capable machines only, the Wake on LAN feature also supports the Force-Shutdown and Force-Restart actions in Studio and Director. Additionally, a Restart action is available in StoreFront and Receiver.
For more information, see Configuration Manager and Remote PC Access Wake on LAN and Provide users with Remote PC Access.