ICA policy settings
Note:
This page provides you descriptions and supported configuration values for ICA policy settings. For more information on working with policies, see Work with policies section.
Adaptive transport
This setting allows or prevents data transport over EDT as primary and fallback to TCP.
By default, adaptive transport is enabled (Preferred), and EDT is used when possible, with fallback to TCP. If it’s been disabled and you want to enable it, follow this procedure.
- In Studio, enable the policy setting, HDX adaptive transport. We also recommend that you do not enable this feature as a universal policy for all objects in the Site.
- To enable the policy setting, set the value to Preferred, then click OK.
Preferred. Adaptive transport over EDT is used when possible, with fallback to TCP.
Diagnostic mode. EDT is forced on and fallback to TCP is disabled. We recommend this setting only for troubleshooting.
Off. TCP is forced on, and EDT is disabled.
For more information, see Adaptive transport.
Drag and drop setting
This setting allows or prevents the dragging of files between the client and virtual applications or desktops. By default, the drag and drop policy is disabled. To enable this policy, do the following:
- In Citrix Studio, enable the policy setting, Drag and drop.
- Set the value to Enabled and then click OK.
Application launch wait timeout
This setting specifies the wait timeout value in milliseconds for a session to wait for the first application to start. If the start of the application exceeds this time period, the session ends.
You can choose the default time (10,000 milliseconds) or specify a number in milliseconds.
Client clipboard redirection
This setting allows or prevents the clipboard on the user device being mapped to the clipboard on the server.
By default, clipboard redirection is allowed.
To prevent cut-and-paste data transfer between a session and the local clipboard, select Prohibit. Users can still cut and paste data between applications running in sessions.
After allowing this setting, configure the maximum allowed bandwidth the clipboard can consume in a client connection. Use the Clipboard redirection bandwidth limit or the Clipboard redirection bandwidth limit percent settings.
Client clipboard write allowed formats
When the Restrict client clipboard write setting is Enabled, host clipboard data cannot be shared with the client endpoint. You can use this setting to allow specific data formats to be shared with the client endpoint clipboard. To use this setting, enable it and add the specific formats to be allowed.
The following clipboard formats are system defined:
- CF_TEXT
- CF_BITMAP
- CF_METAFILEPICT
- CF_SYLK
- CF_DIF
- CF_TIFF
- CF_OEMTEXT
- CF_DIB
- CF_PALETTE
- CF_PENDATA
- CF_RIFF
- CF_WAVE
- CF_UNICODETEXT
- CF_ENHMETAFILE
- CF_HDROP
- CF_LOCALE
- CF_DIBV5
- CF_OWNERDISPLAY
- CF_DSPTEXT
- CF_DSPBITMAP
- CF_DSPMETAFILEPICT
- CF_DISPENHMETAFILE
- CF_HTML
The following custom formats are predefined in XenApp and XenDesktop and Citrix Virtual Apps and Desktops:
- CFX_RICHTEXT
- CFX_OfficeDrawingShape
- CFX_BIFF8
- CFX_FILE
HTML format is disabled by default. To enable this feature:
- Verify that Client clipboard redirection is set to Allowed.
- Verify that Restrict client clipboard write is set to Enabled.
- Add an entry for CF_HTML (and any other formats that you want supported) in Client clipboard write allowed formats.
You can add more custom formats. The custom format name must match the formats to be registered with the system. Format names are case-sensitive.
This setting does not apply if the Client clipboard redirection policy is set to Prohibited or the Restrict client clipboard write policy is set to Disabled.
Note:
Enabling HTML format clipboard copy support (CF_HTML) copies any scripts from the source of the copied content to the destination. Check that you trust the source before proceeding to copy. If you do copy content containing scripts, they are live only if you save the destination file as an HTML file and run it.
Limit clipboard client to session transfer size
This setting specifies the maximum size of clipboard data that a user can transfer from a client endpoint to a virtual session during a single cut-and-paste operation.
To limit clipboard transfer size, enable the Limit clipboard client to session transfer size setting. Then, in the Size Limit field, enter a value in kilobytes to define the size of data transfer between the local clipboard and a session.
By default, this setting is disabled and there’s no limit on client to session transfers.
Limit clipboard session to client transfer size
This setting specifies the maximum size of clipboard data that a user can transfer from a virtual session to a client endpoint during a single cut-and-paste operation.
To limit clipboard transfer size, enable the Limit clipboard session to client transfer size setting. Then, in the Size Limit field, enter a value in kilobytes to define the size of data transfer between a session and the local clipboard.
By default, this setting is disabled and there’s no limit on session to client transfers.
Restrict client clipboard write
If this setting is Enabled, host clipboard data cannot be shared with the client endpoint. You can allow specific formats by enabling the Client clipboard write allowed formats setting.
By default, this setting is Disabled.
Restrict session clipboard write
When this setting is Enabled, client clipboard data cannot be shared within the user session. You can allow specific formats by enabling the Session clipboard write allowed formats setting.
By default, this setting is Disabled.
Session clipboard write allowed formats
When the Restrict session clipboard write setting is Enabled, client clipboard data cannot be shared with session applications. You can use this setting to allow specific data formats to be shared with the session clipboard.
The following clipboard formats are system defined:
- CF_TEXT
- CF_BITMAP
- CF_METAFILEPICT
- CF_SYLK
- CF_DIF
- CF_TIFF
- CF_OEMTEXT
- CF_DIB
- CF_PALETTE
- CF_PENDATA
- CF_RIFF
- CF_WAVE
- CF_UNICODETEXT
- CF_ENHMETAFILE
- CF_HDROP
- CF_LOCALE
- CF_DIBV5
- CF_OWNERDISPLAY
- CF_DSPTEXT
- CF_DSPBITMAP
- CF_DSPMETAFILEPICT
- CF_DISPENHMETAFILE
- CF_HTML
The following custom formats are predefined in XenApp and XenDesktop and Citrix Virtual Apps and Desktops:
- CFX_RICHTEXT
- CFX_OfficeDrawingShape
- CFX_BIFF8
HTML format is disabled by default. To enable this feature:
- Verify that Client clipboard redirection is set to Allowed.
- Verify that Restrict session clipboard write is set to Enabled.
- Add an entry for CF_HTML (and any other formats that you want supported) in Session clipboard write allowed formats.
You can add more custom formats. The custom format name must match the formats to be registered with the system. Format names are case-sensitive.
This setting does not apply if the Client clipboard redirection policy is set to Prohibited or the Restrict session clipboard write policy is set to Disabled.
Note:
Enabling HTML format clipboard copy support (CF_HTML) copies any scripts from the source of the copied content to the destination. Check that you trust the source before proceeding to copy. If you do copy content containing scripts, they are live only if you save the destination file as an HTML file and run it.
Desktop starts
This setting allows or prevents connections to a session on that VDA using an ICA connection by non-administrative users in a VDA Direct Access Users group.
By default, non-administrative users can’t connect to these sessions.
This setting doesn’t affect non-administrative users in a VDA Direct Access Users group who are using an RDP connection. These users can connect to the VDA when this setting is enabled or disabled. This setting doesn’t affect non-administrative users who aren’t in a VDA Direct Access Users group. These users can’t connect to the VDA when this setting is enabled or disabled.
FIDO2 redirection
This setting enables or disables FIDO2 redirection. FIDO2 redirection lets users take advantage of the local endpoint FIDO2 components in a virtual machine. Users can authenticate virtual session through FIDO2 security keys or integrated biometrics on devices that have TPM 2.0 and Windows Hello.
When this setting is Allowed, users can do FIDO2 authentication by using the local endpoint capabilities. By default, this setting is Allowed.
FIDO2 redirection can also be enabled or disabled on client endpoints by configuring the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Citrix\ICA Client\
Name: FIDO2
Type: REG_DWORD
Value: 1
Set the value to 0 to disable the feature and 1 to enable it. By default, the feature is enabled.
Caution:
Editing the registry incorrectly can cause serious problems that might require you to reinstall your operating system. Citrix cannot guarantee that problems resulting from the incorrect use of the Registry Editor can be solved. Use the Registry Editor at your own risk. Be sure to back up the registry before you edit it.
ICA listener connection timeout
This setting specifies the maximum wait time for a connection using the ICA protocol to be completed.
By default, the maximum wait time is 120,000 milliseconds, or two minutes.
ICA listener port number
This setting specifies the TCP/IP port number used by the ICA protocol on the server.
By default, the port number is set to 1494.
Valid port numbers must be in the range of 0-65535 and must not conflict with other well-known port numbers. If you change the port number, restart the server for the new value to take effect. If you change the port number on the server, you must also change it on every Citrix Workspace app or plug-in that connects to the server.
Keyboard and Input Method Editor (IME)
This setting enables or disables the following:
- Dynamic keyboard layout synchronization
- Input Method Editor (IME)
- Unicode keyboard layout mapping
- Hides or shows the keyboard layout switch notification dialog message
- In Studio, select Keyboard and IME.
-
Select Client keyboard layout synchronization and IME improvement to control the dynamic keyboard layout synchronization and generic client Input Method Editor (IME) features in the VDA. You can configure:
Disabled - dynamic keyboard layout synchronization and generic client Input Method Editor (IME).
Support dynamic client keyboard layout synchronization - enables dynamic keyboard layout synchronization.
Support dynamic client keyboard layout synchronization and IME improvement - enables both dynamic keyboard layout synchronization and generic client Input Method Editor (IME).
- Select Enable Unicode keyboard layout mapping to enable or disable Unicode keyboard mapping.
- Select Hide keyboard layout switch pop-up message box to control whether or not a message appears, indicating that the keyboard layout is synchronizing when the user changes the client keyboard layout. If you prevent the message from appearing, the users must wait for a few moments before typing to avoid incorrect character input.
Default settings:
-
Client keyboard layout synchronization and IME improvement
- Disabled in Windows Server 2016 and Windows Server 2019.
- Support dynamic client keyboard layout synchronization and IME improvement in Windows Server 2012 and Windows 2010.
- Disable Unicode keyboard layout mapping
- Show keyboard layout switch pop-up message box
This policy replaces the registry settings that are listed in the Description section of the policy settings.
Logoff checker startup delay
This setting specifies the duration to delay the logoff checker startup. Use this policy to set the time (in seconds) that a client session waits before disconnecting the session.
This setting also increases the time that it takes for a user to log off from the server.
Loss tolerant mode
Important:
The feature requires a minimum of Citrix Workspace app 2002 for Windows. This version of the VDA supports it when it becomes available.
Loss-tolerant mode is not supported on Citrix Gateway or Citrix Gateway Service. This mode is available only with direct connections.
This setting enables or disables loss-tolerant mode.
By default, loss-tolerant mode is Allowed.
When allowed, the mode is entered when the packet loss and latency are above a threshold. You can set the thresholds using the loss-tolerant thresholds policy.
For more information, see Loss tolerant mode.
Loss-tolerant thresholds
When the loss tolerant mode is available, this setting specifies the network metrics thresholds at which the session switches to loss-tolerant mode.
The default thresholds are:
- Packet loss: 5%
- Latency: 300 ms (RTT)
For more information, see Loss tolerant mode.
Rendezvous protocol
This setting changes how HDX sessions are proxied when using the Citrix Gateway Service. When enabled, HDX traffic no longer flows through the Citrix Cloud Connector. Instead, the VDA establishes an outbound connection directly to the Citrix Gateway Service (enhancing Cloud Connector scalability).
Important:
A feature toggle in Citrix Cloud and an HDX policy setting controls this feature. The Citrix Cloud feature toggle is enabled by default while the HDX setting is disabled by default. The HDX setting affects only HDX sessions established through the Citrix Gateway Service. This setting does not affect sessions established directly between client and VDA or through an on-premises Citrix Gateway.
For information, see Rendezvous protocol.
Rendezvous proxy configuration
This setting allows you to configure an explicit proxy for use with the Rendezvous protocol. If using a transparent proxy, this setting does not need to be enabled.
By default, this setting is disabled.
When disabled, the VDA doesn’t route outbound traffic through any non-transparent proxies when trying to establish a Rendezvous connection with the Gateway Service.
When enabled, the VDA attempts to establish a Rendezvous connection with the Gateway Service through the proxy defined in this setting.
The VDA supports using HTTP and SOCKS5 proxies for Rendezvous connections. To configure the VDA to use a proxy for the Rendezvous connection, you must enable this setting. Also, specify either the address of the proxy or the path to the PAC file. For example:
- Proxy address:
http://<URL or IP>:<port>
orsocks5://<URL or IP>:<port>
-
PAC file:
http://<URL or IP>/<path>/<filename>.pac
VDA version 2103 is the minimum supported version for proxy configuration with a PAC file. For more information on the PAC file schema for SOCKS5 proxies, see Proxy configuration.
Note:
Only SOCKS5 proxies support data transport through EDT. For an HTTP proxy, use TCP as the transport protocol for ICA.
For more information, see Rendezvous protocol.
Starting of non-published programs during client connection
This setting specifies whether to allow starting initial applications through RDP on the server.
By default, starting initial applications through RDP on the server isn’t allowed.
Tablet mode toggle policy settings
Tablet mode toggle optimizes the look and behavior of Store apps, Win32 apps, and the Windows shell on the VDA. It does so by automatically toggling the virtual desktop to Tablet mode when connecting from small form factor devices like phones and tablets, or any touch-enabled device.
If this policy is disabled, the VDA is in the mode the user sets it to and maintains the same mode throughout, regardless of the type of client.
In this article
- Adaptive transport
- Drag and drop setting
- Application launch wait timeout
- Client clipboard redirection
- Desktop starts
- FIDO2 redirection
- ICA listener connection timeout
- ICA listener port number
- Keyboard and Input Method Editor (IME)
- Logoff checker startup delay
- Loss tolerant mode
- Loss-tolerant thresholds
- Rendezvous protocol
- Rendezvous proxy configuration
- Starting of non-published programs during client connection
- Tablet mode toggle policy settings