Product documentation
Citrix Workspace app for Windows
2409.10-Current Release 2402 LTSR 2203.1 LTSR 1912 LTSR
View PDF

Citrix Workspace app for Windows 2503 - Preview

April 2, 2025
Contributed by: 
S S

What’s new

Persistent session in Citrix Workspace app

With this release, if you enable the Persistent session feature, Citrix Workspace app automatically detects session termination and re-launches the application or desktop without any user intervention when the application or desktop session logs out or disconnects.

This feature ensures uninterrupted application or desktop availability, improving user experience and productivity.

For more information, see Persistent Session in Citrix Workspace app documentation.

Enhanced Desktop Viewer toolbar

Starting with the 2503 version, Citrix Workspace app for Windows provides an enhanced Desktop Viewer toolbar.

Enhanced Desktop Viewer

For more information, see the Enhanced Desktop Viewer toolbar documentation.

Enhancement to connection strength indicator on Desktop Viewer toolbar

Starting with version 2503, the Connection Strength Indicator on the Desktop Viewer toolbar is enhanced with new features to provide a better user experience.

For more information, see the Enhancement to connection strength indicator on Desktop Viewer toolbar documentation.

Multi-monitor layout selection

Starting with version 2503, the Multi-Monitor Selector (MMS) allows users to choose which displays to use in full-screen mode for desktop sessions only, not for seamless sessions. A new Multi-Monitor button has been added to the toolbar, which appears only when more than one screen is connected. This feature enhances the flexibility and usability of multi-monitor setups in desktop sessions, providing a more tailored and efficient user experience.

For more information, see Multi-monitor layout selection documentation.

Enhancements on Desktop Lock or Boot to VDI feature

From this release, the Citrix Workspace app Desktop Lock, also known as the direct boot to VDI feature, includes the following enhancements:

  • Integrated Installer: Desktop Lock is now part of the main Citrix Workspace app installer, simplifying deployment and distribution for admins. When you install Citrix Workspace app using:

    • Command line installation: You can enable Desktop Lock using command-line parameters during the installation.
    • UI: You can enable Desktop Lock using the Group Policy Object (GPO) policy after the installation.

    You need to reboot the machine after enabling the Desktop Lock feature.

  • De-coupled from SSON: Previously, you had to install the Citrix Workspace app for Windows with the /includeSSON flag to enable the Desktop Lock feature. Desktop Lock is now available without single sign-on (SSON). However, it is recommended to use it with SSON enabled for a seamless experience.

  • Enable feature through policy or command line: You can manage the feature enablement through GPOs. This enhancement provides granular controls to enable the feature at any point in time. The following policies can be managed in the Group Policy Editor:

    • AllowDesktopLockOnMachine: This policy is a machine-level policy that allows the ability to switch to Desktop Lock for any user on the machine. This requires a reboot of the machine.
    • EnableDesktopLockforAllStandardUsers: This policy is a machine-level policy that enables Desktop Lock for all standard users on the machine. Along with this policy, you need to enable the AllowDesktopLockOnMachine policy.
    • EnableDesktopLockforUser: This policy is a user group policy to enable or disable Desktop Lock for a specific user. Along with this policy, you need to enable the AllowDesktopLockOnMachine policy.

-. Post-installation configuration: Stores can be configured post-installation, extending Desktop Lock to existing stores configured through GPO.

  • Support for any identity provider (IDP): Desktop Lock now supports booting into VDI with any IdP that supports Citrix Workspace app.

For more information, see the Enhancements on Desktop Lock or Boot to VDI feature documentation.

Simplified SSON

Previously, to enable the single sign-on (SSON) feature, you had to install the Citrix Workspace app for Windows with the /includeSSON flag or select the Enable Single Sign-on checkbox during installation.

With this release, the system installs SSON by default in dormant mode. You can enable SSON post-installation using the Group Policy Object (GPO) policy. To enable, navigate to User Authentication > Local user name and password and select the Enable pass-through authentication checkbox.

Note:

You must reboot the system after updating the GPO policy for the setting to take effect.

Seamless integration of deviceTRUST with Citrix Workspace app

Starting with version 2503, Citrix Workspace app for Windows includes deviceTRUST, enhancing security through continuous device posture checks within the session. deviceTRUST is packaged with Citrix Workspace app for unified deployment, ensuring seamless integration and management.

For more information, see the Seamless integration of deviceTRUST with Citrix Workspace app for Windows.

Enhancement to auto-update

The auto-update of Citrix Workspace app is now enhanced with the following features:

  • Define timeframe for automatic update: Administrators can now schedule automatic updates for Citrix products at any preferred time on their Windows devices. During this specified time, software updates automatically or users receive notifications on available updates.
  • Manage automatic update version and rollout period: Administrators can schedule a convenient start date and rollout period for a specific version of Citrix Workspace app during which an automatic update is set to roll out to their end users. This capability allows them to determine the rollout dates, minimizing disruption to end users and improving the user experience.

You can enable these features using Group Policy Object (GPO) and Global App Configuration Service (GACS).

Benefits:

  • Custom rollout period: Admins can determine the rollout period for their organization, overriding the default period set by Citrix.
  • Scheduled updates: Admins can specify the hours or time frame during the day to check for and update Citrix Workspace app.
  • Flexible update days: Admins can choose a specific start date to specify when to download and begin installation updates.

For more information, see the Enhancement to auto-update documentation.

Enable auto-update for active users only

Starting with version 2503, the auto-update feature has been enhanced to trigger only for active users. This change aims to provide better control by ensuring that auto-update is available only for users with the Global App Configuration Service (GACS) or those actively using the application.

For more information, see the Enabled auto-update for active users only documentation.

Enhanced installation process for Citrix Workspace app with App Protection

Previously, when App Protection was enabled, the /cleanInstall switch was not supported, and the user had to manually uninstall and reboot the machine before retrying installation. Starting with version 2503, when App Protection is enabled and when running the /cleanInstall command, Citrix Workspace app automatically uninstalls, reboots the machine based on user selection, and reinstalls the app during the reboot.

For more information, see the Enhanced installation process for Citrix Workspace app with App Protection documentation.

Improved installation process for Citrix Workspace app

Citrix Workspace app installation is now more robust. In version 2503, the installer is improved to handle situations where other installations (like Windows Update) are in progress. Instead of failing, Citrix Workspace app now waits for the other installation to complete, ensuring a successful installation.

Auto-sync backend resource changes for Start menu and Desktop shortcuts

The auto-sync backend resource changes feature enhances the user experience by automatically synchronizing backend resource changes for the start menu and desktop shortcuts.

Key features:

  • Updating shortcuts with updated resource path:
    The shortcut automatically points to the new path when the resource path is updated in the backend, eliminating the need for manual refresh. This feature is enabled by default.

  • Option to show disabled shortcuts:
    The shortcut remains visible even when a resource is disabled in the backend. Previously, the shortcut was removed when a resource was disabled. This feature is useful for temporary maintenance, allowing users to retain the shortcut. This feature is disabled by default and can be enabled using the Show Disabled Shortcut setting in either the Global App Configuration Service (GACS) or the Group Policy Object template.

For more information, see the Auto-sync backend resource changes for Start menu and desktop shortcuts documentation.

Install Zoom and Webex plug-in managers during Citrix Workspace app installation

Citrix Workspace app version 2503 provides an option to install the Zoom and Webex plug-in managers during the installation. You can use either the UI or command-line for this installation.

For more information, see the Installed Zoom and Webex plug-in managers during Citrix Workspace app installation documentation.

Log collection support for non-admin users

This feature extends the Citrix Workspace app for Windows log collection capability to support non-admin users. Previously, log collection was partially supported for users for whom Citrix Workspace app was installed by an admin. With this enhancement, complete log collection is now possible for users for whom Citrix Workspace app is installed by an admin.

Enhanced security and compatibility with AppLocker

Citrix Workspace app for Windows is compatible with AppLocker, a security posture tool. This feature addresses security concerns and improves the user experience.

Version upgrade for Chromium Embedded Framework

The version of the Chromium Embedded Framework (CEF) used in the Browser Content Redirection (BCR) is upgraded to 132. This upgraded version includes fixes for known security vulnerabilities.

Improved audio performance in Microsoft Teams

Starting with the Citrix Workspace app for Windows version 2503, the audio subsystem used in the HDXRTCMediaEngine has been replaced with a newer system. As a result, Microsoft Teams now provides better audio performance, enhancing the overall user experience during calls and meetings. Along with this feature, the following issues related to Microsoft Teams optimization have been resolved:

  • The new plug-in device might not be available in the Microphone drop-down menu option.
  • Duplicate entries of devices might be present in the Microphone drop-down menu option.
  • Users might not hear from the new plug-in headset when the default output devices (Speakers/Headphones) on the client are disabled.
  • Unplugging the last connected device might make the system unresponsive.

Monitor third-party UC app optimization status using Citrix Director

You can now monitor details about third-party Unified Communications (UC) applications and their plug-ins using Citrix Director. This feature helps administrators monitor performance and troubleshoot issues, ensuring a consistently positive user experience.

Prerequisites

  • Virtual Delivery Agent (VDA) 2503

For more information, see the Director documentation.

Benefits

  • Enhanced visibility: A unified view of UC app optimization status in Director simplifies monitoring and troubleshooting across multiple vendors.
  • Improved user experience: Proactive issue identification and resolution ensure optimal collaboration experiences for end-users.
  • Streamlined IT operations: Centralized monitoring reduces complexity and empowers administrators to efficiently manage UC environments.

This feature enables active issue resolution and ensures a consistently positive user experience.

Citrix Enterprise Browser

This release includes Citrix Enterprise Browser version 134 based on Chromium version 133.1.1.16. For more information about the Citrix Enterprise Browser, see the Citrix Enterprise Browser documentation.

Hybrid launch support for GACS [Technical Preview]

Starting with version 2503, Citrix Workspace app for Windows supports Global App Configuration Service (GACS) in Hybrid mode for both Cloud stores and StoreFront, using the Protocol Handler. This includes support for a single hybrid store, applying GACS app configuration policies to hybrid launches. Administrators can configure GACS settings through stores added using the browser, streamlining management across different hosting environments.

If a user has a store added in both native and hybrid modes, native settings take precedence. In such cases, the hybrid store does not fetch any GACS policies. The hybrid store fetches app configuration policies only if the native settings are unavailable.

If an admin updates settings after they’ve been fetched, the new settings are not applied until six hours have passed. After six hours, when the user launches a Citrix Virtual Apps and Desktops application, the app fetches the updated settings and applies them.

For example: “If a user initially launches a session from the first store, the app fetches GACS policies for that store and applies its settings. Later, if the user switches to another store and launches a session, the app fetches and applies GACS policies for the newly used store.” At any given time, the most recently used store in a hybrid environment determines the settings being applied.

You can provide feedback for this technical preview by using the Google form.

Note:

Technical previews are available for customers to test in their non-production or limited production environments, and to give customers an opportunity to share feedback. Citrix does not accept support cases for feature previews but welcomes feedback for improving them. Citrix might or might not act on feedback based on its severity, criticality, and importance. It is advised that Beta builds aren’t deployed in production environments.

Browser Profile Sharing [Technical Preview]

Browser Content Redirection (BCR) now offers a streamlined user experience with the new Profile Sharing feature, enabling VDA-side authentication and cookie sharing. This enhancement eliminates repeated Single Sign-On (SSO) logins, boosting productivity by maintaining authentication and cookie persistence across BCR sessions, even after the BCR window is closed. This seamless experience further enhances security by ensuring authentication originates from the VDA, not the client.

The Browser Profile Sharing feature is supported with Google authentication and Okta.

Example

  • Previous experience:
    Previously, opening an authenticated page within BCR required users to re-enter their credentials each time, breaking SSO persistence. SSO was only maintained while the BCR window remained open. Closing and reopening the window forced users to repeat the login process.

  • New experience:
    With Profile Sharing, users are no longer prompted for credentials. SSO is seamlessly preserved from the VDA browser, providing an improved and uninterrupted experience.

Note:

The feature is not limited to specific providers. Hence, it can be used with other providers as well (for example, Microsoft authentication, PingID). However, current validation is done for the providers specified in the preceding sentence.

Requirements for Technical Preview

  • Citrix Virtual Apps and Desktops 2503
  • Citrix Workspace App 2503
  • Browser Redirection Extension 7.0

The extension is published in Beta:
Browser Redirection Extension

You can provide feedback for this technical preview by using the Google form.

Note:

Technical previews are available for customers to test in their non-production or limited production environments, and to give customers an opportunity to share feedback. Citrix does not accept support cases for feature previews but welcomes feedback for improving them. Citrix might or might not act on feedback based on its severity, criticality, and importance. It is advised that Beta builds aren’t deployed in production environments.

For more information, see the Citrix Virtual Apps and Desktops documentation.

Enable noise suppression [Technical Preview]

Starting with the 2503 version, Citrix Workspace app now offers improved audio redirection with enhanced noise suppression. This feature reduces background noise, ensuring clearer and more accurate speech, improving the overall communication experience.

Note:

This feature is disabled by default.

To enable this feature, do the following:

  1. Navigate to the Preferences > Connections section. The Noise Suppression screen appears.

    Noise suppression

  2. Select one of the following levels:
    • None: This level is the default setting and doesn’t use or affect resource consumption.
    • Low: Noise reduction is minimal and uses the least resource consumption.
    • High: Noise reduction is applied at maximum intensity with the best performance and uses higher resource consumption than the Low setting.
  3. Click OK. The selected configuration is applied.

Note:

Changes apply only to the current session and reset once the session ends.

You can provide feedback for this technical preview by using the Google form.

Note:

Technical previews are available for customers to test in their non-production or limited production environments, and to give customers an opportunity to share feedback. Citrix does not accept support cases for feature previews but welcomes feedback for improving them. Citrix might or might not act on feedback based on its severity, criticality, and importance. It is advised that Beta builds aren’t deployed in production environments.

Screen recording for specific applications [Technical Preview]

Citrix Workspace app supports session recording for Secure Private Access scenarios, including Web and SaaS applications accessed through Citrix Enterprise Browser.

You can configure recording policies for Citrix Enterprise Browser. These policies can target specific applications, users, or groups.

When an end user launches an application through Citrix Enterprise Browser, and a matching recording policy applies, the user activities are recorded as a video stream. The video stream is then transferred to the Session Recording server for persistent storage. You can provide and manage the storage locations.

For more information, see Session Recording documentation.

You can provide feedback for this technical preview by using the Google form.

Note:

Technical previews are available for customers to test in their non-production or limited production environments, and to give customers an opportunity to share feedback. Citrix does not accept support cases for feature previews but welcomes feedback for improving them. Citrix might or might not act on feedback based on its severity, criticality, and importance. It is advised that Beta builds aren’t deployed in production environments.

Fixed issues

  • When installing Citrix Workspace app using the command line, you might notice that the MsTeamsPluginCitrix.dll is missing from the ICAClient folder. As a workaround, avoid using the /cleaninstall command when using the /installMSTeamsPlugin switch. [CVADHELP-27244]

  • The installation of the Microsoft Teams VDI plug-in fails when Citrix Workspace app is installed using Intune or Microsoft System Center Configuration Manager (SCCM). [CVADHELP-27244]

  • When opening a published app or desktop using EPIC Slingshot with ICA file signing enabled, you might receive the following security warning message: “An unsafe connection to another computer was blocked.” [CVADHELP-27575]

  • After updating Citrix Workspace, users might be able to launch an application multiple times through selfservice even with the “limit to one instance per user” setting enabled. To enable the fix, set the following registry key on the endpoint:

    HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Citrix\Dazzle

    Name: StopSpinnerPostLaunchComplete

    Type: String

    Value: True

    [CVADHELP-26487]

  • You might lose keyboard focus after locking and then unlocking the client machine. [CVADHELP-26816]

  • Audio playback of an .mp4 video stream redirected through BCR might not work as expected. [CVADHELP-26911]

  • With WebHelper and ICA file signing enabled, when you open a second application, you might get the following error message:
    “An unsafe connection to another computer was blocked. The Security Certificate for this computer could not be verified. The ICA file could not be opened and read.”
    [CVADHELP-27477]

  • You might fail to retrieve Global Apps Configuration Service (GACS) settings when GACS is configured with only the Citrix Gateway URL. [CVADHELP-27503]

  • When enhanced SSO authentication for a store in Citrix Workspace app is enabled, you might notice login failures for apps from the store that use explicit user names and passwords. [CVADHELP-27547]

  • After upgrading Citrix Workspace app, you might face issues opening apps on legacy XenApp servers like XA6.5. This problem occurs only when using a custom ICA file that attempts to enumerate the least loaded server using HTTPBrowserAddress. [CVADHELP-26752]

  • When standard users log on to a desktop lock installed machine, they might be shown the local desktop instead of connecting to the published VDA. This issue occurs when an administrator logs on to the desktop lock installed machine first, followed by standard users. [CVADHELP-26367]

  • You might fail to open resources after upgrading to the latest version of Citrix Workspace app, receiving the following error message:
    “Unable to launch resources - The Citrix Workspace received a corrupt ICA file. The key (Wfclient) has no associated value.”
    This issue occurs only when the Citrix Workspace app is installed on a machine set to the Thai region. [CVADHELP-26791]

  • You might notice that when using the latest 2402 CU1 or later Citrix Workspace app installer, older versions of Citrix Workspace app such as 2203 and 1912 cannot be uninstalled using the /uninstall command. [CVADHELP-26796]

  • Store enumeration might take an additional 30 seconds when the analytics service (analyticssrv) is not running. [CVADHELP-27219]

  • After upgrading the Citrix Workspace app to a newer version, an application might fail to open properly due to Single Sign-On (SSO) and login issues. This problem occurs in environments configured to use Citrix Federated Authentication Service (FAS). You can disable the legacy SSON to session based on the store URL by setting the following registry key on the endpoint:

    HKLM/Software/Wow6432Node/Citrix/ICAClient/SSON

    Name:SSONDisabledURLList

    Type: multistring

    Value: True

    [CVADHELP-27375]

  • When a third-party agent is installed, the device might stop responding with a Blue Screen of Death (BSOD) error during the Citrix Workspace app upgrade. [CVADHELP-26108]

  • When you attempt to select a date from a standard date picker within a published app, you might intermittently notice that the main seamless application window disappears. [CVADHELP-26928]

  • The client’s geolocation might not be redirected to the VDI for TSVDA, potentially impacting certain applications and security functionalities. [CVADHELP-26825]

  • ICA file signing validation might not work with native ICA launches. [CVADHELP-26397]

  • After upgrading Citrix Workspace app to version 2402, Citrix Workspace app installed within published desktops (double hop) fails to launch automatically. [CVADHELP-26890]

  • USB devices become unresponsive if you deploy an OS image that is captured using HP Imaging solutions while App Protection is active. This issue occurs on Citrix Workspace app 2311 or later. [APPP-3799]

  • You might encounter an issue where characters typed after taking screen control appear garbled during a Microsoft Teams call. This issue occurs when one user, using Optimized Teams within a Virtual Desktop with Anti-Keylogging enabled, shares their screen and grants control to a second user who then types text. This problem does not occur if Anti-Keylogging is disabled. [APPP-3994]

Known issues

  • When you enable the Enable desktop lock on machine and Enable desktop lock policies, the Desktop Lock feature might be applied to all users. Also, visual artifacts might appear on the virtual desktop where the Desktop Lock feature is enabled. [RFWIN-38071]

  • When using a virtual desktop session, the Ctrl+Alt+Break keyboard shortcut does not function as expected. This shortcut toggles between windowed and full-screen modes and accesses the Desktop Viewer toolbar menu options. As an enhancement, you can press the Alt key to view available shortcut keys and then use a specific shortcut to select a toolbar item. [RFWIN-31815]

  • When Local App Access is enabled, the desktop session launches in full screen, and the Desktop Viewer toolbar might disappear. [HDX-82426]

  • The Desktop Viewer toolbar might cause the session to lose focus and remain behind other application windows. As a workaround, click the session window to bring it to the foreground. [HDX-85277]

  • The Desktop Viewer window might incorrectly overlap the primary monitor’s taskbar when dragged downward. As a workaround, minimize the desktop and then restore it. [HDX-83634]

  • You might notice visual artifacts when transitioning the Desktop Viewer toolbar between vertical and horizontal edges during a VDA session. [HDX-83654]

  • The Start button in the Shortcuts drop-down menu of the Desktop Viewer toolbar might not function as expected. This issue occurs only when you are using a Citrix Workspace app session in windowed mode. [HDX-82299]

  • When using the multiple Virtual Desktops feature in Windows and opening an ICA session on one desktop, the new Desktop Viewer toolbar might appear and remain functional across all virtual desktops. [HDX-83063]

Detailed documentation

Persistent Session in Citrix Workspace app

With this release, if you enable the Persistent session feature, Citrix Workspace app automatically detects session termination and re-launches the application or desktop without any user intervention when the application or desktop session logs out or disconnects.

This feature ensures uninterrupted application or desktop availability, improving user experience and productivity.

Administrators can enable this feature through a Group Policy Object (GPO) policy. The policy allows admins to configure a specific application or desktop as a persistent resource and define the number of retries if there is a resource launch failure:

  • Default retries: 5
  • Retry range: 0–10

Enabling persistent session feature using GPO:

  1. Open the Citrix Workspace app Group Policy Object administrative template by running gpedit.msc and navigate to the Computer Configuration node.
  2. Go to Administrative Templates > Citrix Components > Citrix Workspace.

  3. Select the Persistent ICA policy.

    Persistent ICA

  4. Enter the published resource name in the Configured AppName field.
  5. Enter the Max Launch Retries from the drop-down list.
  6. Select the Enabled checkbox.
  7. Click OK and then click Apply.
  8. Restart Citrix Workspace app for the changes to take effect.

Note:

When the Persistent ICA policy is enabled, the Citrix Workspace reconnect to existing sessions must be disabled. You can disable it using the Control when Citrix Workspace attempts to reconnect to existing sessions GPO policy.

Disable persistent ICA

Enhancements on Desktop Lock or Boot to VDI feature

From this release, the Citrix Workspace app Desktop Lock, also known as the direct boot to VDI feature, includes the following enhancements:

  • Integrated installer: Desktop Lock is now part of the main Citrix Workspace app installer, simplifying deployment and distribution for admins. When you install Citrix Workspace app using:

    • Command line installation: You can enable Desktop Lock using command-line parameters during the installation.
    • UI: You can enable Desktop Lock using the Group Policy Object (GPO) policy after the installation.

    You need to reboot the machine after enabling the Desktop Lock feature.

  • De-coupled from SSON: Previously, you had to install the Citrix Workspace app for Windows with the /includeSSON flag to enable the Desktop Lock feature. Desktop Lock is now available without single sign-on (SSON). However, it is recommended to use it with SSON enabled for a seamless experience.

  • Enable feature through policy or command line: You can manage the feature enablement through GPOs or command line. This enhancement provides granular controls to enable the feature at any point in time. The following policies can be managed in the Group Policy Editor:

    • AllowDesktopLockOnMachine: This policy is a machine-level policy that allows the ability to switch to Desktop Lock for any user on the machine. This policy requires a reboot of the machine.
    • EnableDesktopLockforAllStandardUsers: This policy is a machine-level policy that enables Desktop Lock for all standard users on the machine. Along with this policy, you need to enable the AllowDesktopLockOnMachine policy.
    • EnableDesktopLockforUser: This policy is a user group policy to enable or disable Desktop Lock for a specific user. Along with this policy, you need to enable the AllowDesktopLockOnMachine policy.

  • Post-installation configuration: Stores can be configured post-installation, extending Desktop Lock to existing stores configured through GPO.

  • Support for Any Identity Provider (IDP): Desktop Lock now supports booting into VDI with any IdP that supports Citrix Workspace app.

Benefits:

  • Easier installation and configuration: Simplifies the deployment process for admins.
  • Reduced login times: Provides a faster login experience for users.
  • Seamless boot into VDI: Enhances the overall user experience with a smooth transition into the VDI environment.
  • Flexible management: Allows admins to manage and configure Desktop Lock at any point in time through policies.

These enhancements make the Desktop Lock feature more flexible and easier to manage, providing a better experience for both admins and users.

Configuring Desktop Lock

You can manage the Desktop Lock feature enablement through Group Policy Object (GPO)s or command line.

Enable Desktop Lock feature using GPO

You can enable or disable the Desktop Lock feature using Group Policy Object (GPO) for all standard users and specific sets of users. These specific sets of users might include admins as well.

Configuring Desktop Lock for all standard users:

Perform the following steps to enable the feature using GPO:

  1. Open the Citrix Workspace app Group Policy Object administrative template by running gpedit.msc and navigate to the Computer Configuration (local machine) node.

  2. Go to Administrative Templates > Citrix Components > Citrix Workspace > User Experience.

    Enable desktop lock for all

  3. Select the Allow desktop lock on machine policy.
  4. Select the Enabled checkbox.
  5. Select the Enable desktop lock for all standard users policy.
  6. Select the Enabled checkbox.
  7. Click OK and then click Apply.
  8. Reboot the machine.

Configuring Desktop Lock for specific users:

Perform the following steps to enable the feature using GPO:

  1. Open the Citrix Workspace app Group Policy Object administrative template by running gpedit.msc and navigate to the Computer Configuration (local machine) node.
  2. Go to Administrative Templates > Citrix Components > Citrix Workspace > User Experience.
  3. Select the Allow desktop lock on machine policy.
  4. Select the Enabled checkbox.
  5. Open the Citrix Workspace app Group Policy Object administrative template by running gpedit.msc and navigate to the User Configuration node.
  6. Go to Administrative Templates > Citrix Components > Citrix Workspace > User Experience.

  7. Select the Enable desktop lock policy.

    Enable desktop lock for specific

  8. Select the Enabled checkbox.
  9. Click OK and then click Apply.
  10. Reboot the machine.

Note: The User Configuration > Enable desktop lock policy takes precedence over the Computer Configuration> Enable desktop lock for all standard users policy in case of the Desktop Lock feature.

Enable Desktop Lock feature using command line parameters:

You can enable the Desktop Lock feature for all standard users on the machine using the following command line parameter:

CitrixWorkspaceApp.exe AllowDesktopLockOnMachine EnableDesktopLockForAllStandardUsers

Note:

  • By default the Desktop Lock feature is disabled. On enabling, if you want to disable the Desktop Lock feature, you can use the Allow desktop lock on machine GPO policy.

  • It is not possible to enable the desktop lock feature for a specific user using the command line.

  • After the Desktop Lock feature configuration, you can configure the store. Use the ADM/ADMX file or command‑line options to configure the store. For more information on installation using Group policy, see the Group Policy documentation.

Command line installation example:

CitrixWorkspaceApp.exe STORE0="DesktopStore;https:// my.storefront.server/Citrix/MyStore/discovery;on;Desktop Store "

Seamless integration of deviceTRUST with Citrix Workspace app for Windows

Starting with version 2503, Citrix Workspace app for Windows includes deviceTRUST, enhancing security through continuous device posture checks within the session. deviceTRUST is packaged with Citrix Workspace app for unified deployment, ensuring seamless integration and management. For more information, see deviceTRUST.

Installation

  • Citrix Workspace app for Windows always installs or updates deviceTRUST using the packaged version included in the Citrix Workspace app for Windows installer.
  • If the deviceTRUST installation fails, you get the 50024 or 50025 error codes, and there is no impact on the installation of Citrix Workspace app for Windows.
  • To skip the installation of deviceTRUST, use the InstallDeviceTrust=N command from the command line. You can use InstallDeviceTrust=Y to install deviceTRUST in case of an upgrade.

Uninstallation

  • During uninstallation, Citrix Workspace app removes deviceTRUST only if it installed it.

Auto-update scenarios

  • For existing auto-update customers, Citrix Workspace app installs deviceTRUST.
  • If the end user has skipped the installation of deviceTRUST in a supported version of Citrix Workspace app, the next cycle of auto-update will also skip the installation of deviceTRUST.

Enhancement to auto-update

The auto-update of Citrix Workspace app is now enhanced with the following features:

  • Define timeframe for automatic update: Administrators can now schedule automatic updates for Citrix products at any preferred time on their Windows devices. During this specified time, software updates automatically or users receive notifications on available updates.
  • Manage automatic update version and rollout period for Citrix Workspace app: Administrators can schedule a convenient start date and rollout period for a specific version of Citrix Workspace app during which an automatic update is set to roll out to their end users. This capability allows them to determine the rollout dates, minimizing disruption to end users, and improving the user experience.

You can enable these features using Group Policy Object (GPO) and Global App Configuration Service (GACS).

Benefits:

  • Custom rollout period: Admins can determine the rollout period for their organization, overriding the default period set by Citrix.
  • Scheduled updates: Admins can specify the hours or time frame during the day to check for and update Citrix Workspace app.
  • Flexible update days: Admins can choose a specific start date to specify when to download and begin installation updates.

Define timeframe for automatic update

You can define a timeframe for automatic update using Group Policy Object (GPO) and Global App Configuration Service (GACS).

Using GPO:

Copy the ADMX and ADML files. For more information, see Group Policy.

Perform the following steps to enable the feature using GPO:

  1. Open the Citrix Workspace app Group Policy Object administrative template by running gpedit.msc and navigate to the Computer Configuration node.
  2. Go to Administrative Templates > Citrix Components > Citrix Workspace > Citrix Workspace Updates.

  3. Select the Automatic update timeframe policy.

    Automatic update timeframe

  4. Enter the Start time from which Citrix Workspace app can begin to check for updates. The time format is 24 hours in HH:MM format. For example: 17:30.
  5. Enter the End time after which Citrix Workspace app must not do any check for updates. The time format is 24 hours in HH:MM format. For example: 18:30.
  6. Enter the Defer count: The number of times Citrix Workspace app can defer updates within a specified time. When a user runs out of the allocated defer count, the automatic update occurs at any available time.
  7. Select the Enabled checkbox.
  8. Click OK and then click Apply.

Using GACS:

To enable this feature, do the following:

  1. Navigate to Workspace Configuration > App Configuration in Citrix Cloud.
  2. Select the required store URL from the list.
  3. Navigate to Configure > Updates and Plug-ins, and click the Automatic update timeframe setting.

  4. Select Windows operating system, and click Edit to define the time window within which an automatic update occurs.

    Windows OS

  5. In the Update between field, add the start time and end time between which you prefer to run the automatic update.

    Note:

    The difference between start and end time must be at least 1 hour and must be on the same day.

  6. In the Defer day count field, mention the number of times users can postpone the automatic update. When a user runs out of the allocated defer count, the automatic update occurs during any available time.

For more information, see the Automatic update timeframe in the GACS documentation.

Manage automatic update version and rollout period for Citrix Workspace app

You can manage automatic update version and rollout period for Citrix Workspace app using Group Policy Object (GPO) and Global App Configuration Service (GACS).

Using GPO:

Copy the ADMX and ADML files. For more information, see Group Policy.

Perform the following steps to enable the feature using GPO:

  1. Open the Citrix Workspace app Group Policy Object administrative template by running gpedit.msc and navigate to the Computer Configuration node.
  2. Go to Administrative Templates > Citrix Components > Citrix Workspace > Citrix Workspace Updates.

  3. Select the Workspace app version policy.

    version

  4. Enter the required version in the Workspace App Version text field. The example format is 24.10.1.5.
    Or,
    Select the Upgrade To Latest Version checkbox. If you select this checkbox, the most recent version of Citrix Workspace app is installed, and the version added in the Workspace App Version text field is ignored.
  5. Define the start date on which Citrix Workspace app can begin pushing the updates in the Preferred Start Date field. The format is YYYY-MM-DD. For example: 2024-11-27.
  6. Enter the number of days up to which the automatic update rolls out in the Preferred Delivery Period field. The automatic update process completes within the specified delivery period.
  7. Select the Enabled checkbox.
  8. Click OK and then click Apply.

Using GACS:

  1. Navigate to Workspace Configuration > App Configuration in Citrix Cloud.
  2. Select the required store URL from the list.
  3. Navigate to Configure > Updates and Plug-ins, and click the Citrix Workspace app version setting.

  4. Select the operating system, and click Edit to configure the setting. The Manage Setting for Windows screen appears.

    Manage setting for upgrade to latest

    Manage setting for upgrade to specific

  5. Select one of the following from the Choose how you want to update section:

    • Update to latest version: Select this option to automatically update to the latest version when it becomes available and use a default update schedule.
    • Update to specific version: Select this option to manually update to a specific version with granular control over the update schedule.

  6. If you have selected Update to latest version, do the following:

    1. Select the Update type from the drop-down list.
    2. Verify the App version and update schedules.

    Or,

    If you have selected Update to specific version, do the following:

    1. Select the Update type from the drop-down list.
    2. Select the Version from the drop-down list.
    3. In the Roll out start date field, define the start date at which you prefer to start the automatic update of your Citrix Workspace app. Once you set a date, the app doesn’t get updated even if a newer version of the app is available.
    4. In the Delivery period field, enter the number of days up to which the automatic update rolls out. The automatic update process completes within the specified delivery period.

    The Update Schedule displays the rollout finish date based on the date given in the Roll out start date field and Delivery period field.

  7. Click Save draft.

    Note:

    Automatic updates occur only after the user signs in to Citrix Workspace app.

For more information, see Citrix Workspace app version in the GACS documentation.

Enable auto-update for active users only

Starting with version 2503, the auto-update feature has been enhanced to trigger only for active users. This change aims to provide better control by ensuring that auto-update is available only for users with the Global App Configuration Service (GACS) or those actively using the application.

A user is considered active if any of the following criteria is met:

  • Managed users using Group Policy Object (GPO) template with Citrix Workspace app version control setting enabled.
  • GACS users with Citrix Workspace app version control setting enabled.
  • The user has signed in to the current version of Citrix Workspace app.
  • The user has opened at least a single Citrix Workspace app session for the current version of Citrix Workspace app. This is applicable in the case of accessing Citrix Workspace app using a browser.

If none of these conditions are met, the user is considered inactive, and the auto-update feature is not available.

When a user transitions from inactive to active status, the application triggers the auto-update feature, if applicable, ensuring the application is up-to-date.

Enhanced installation process for Citrix Workspace app with App Protection

Previously, when App Protection was enabled, the /cleanInstall switch was not supported, and the user had to manually uninstall and reboot the machine before retrying installation. Starting with the 2503 version, when App Protection is enabled and the /CleanInstall command is run, Citrix Workspace app automatically uninstalls, reboots the machine based on user selection, and reinstalls the app during the reboot. The following message appears during the process:

Installation successful

  • If the user clicks Reboot, Citrix Workspace app reinstalls during the reboot.
  • If the user clicks Cancel, Citrix Workspace app will be installed upon the next reboot. As a result, Citrix Workspace app is not available when searching for the app in the system.

Note:

  • For silent installations, Citrix Workspace app is available only after the next user-initiated reboot.
  • If the user retries the installation before reboot, the following prompt appears to reboot the system:

Installation fail

Auto-sync backend resource changes for Start menu and desktop shortcuts

The auto-sync backend resource changes feature enhances the user experience by automatically synchronizing backend resource changes for start menu and desktop shortcuts.

Key features include:

  • Updating shortcuts with updated resource path:
    The shortcut automatically points to the new path when the resource path is updated in the backend, eliminating the need for manual refresh. This feature is enabled by default.

  • Option to show disabled shortcuts:
    The shortcut remains visible even when a resource is disabled in the backend. Previously, the shortcut was removed when a resource was disabled. This feature is useful for temporary maintenance, allowing users to retain the shortcut. This feature is disabled by default and can be enabled using the Show Disabled Shortcut setting in either the Global App Configuration Service (GACS) or the Group Policy Object template.

Using GACS

To enable the retention of disabled shortcuts through the GACS Admin UI, do the following:

  1. Sign in to citrix.cloud.com with your credentials.

    Note:

    Refer to the Sign Up for Citrix Cloud article for step-by-step instructions to create a Citrix Cloud account.

  2. Upon authentication, click the menu button in the top left corner and select Workspace Configuration. The Workspace Configuration screen appears.
  3. Click App Configuration > Citrix Workspace app.
  4. Select the Windows checkbox.

  5. Update the settings under App Experience > Show Disabled Shortcuts.

    Update show disabled shortcuts

For more information, see the Global App Configuration Service documentation.

Using Group Policy Editor

To customize the options on the Desktop Viewer toolbar, do the following:

  1. Open the Citrix Workspace app GPO administrative template by running gpedit.msc.

  2. Under the Computer Configuration node, go to Administrative Templates > Citrix Workspace > Self Service and select Show Disabled Shortcut.

    Show disabled shortcuts

  3. Select the Enabled checkbox.
  4. Click OK.

Install Zoom and Webex plug-in managers during Citrix Workspace app installation

You can now install the Zoom and Webex plug-in managers during the installation of Citrix Workspace app using one of the following options:

Using UI

  1. On the Add-on(s) page, select the following checkboxes, and then click Install:

    • Install Zoom VDI Plugin
    • Install Cisco WebEx VDI Plugin
  2. Agree to the user agreement that appears.

  3. Proceed with the installation of Citrix Workspace app.

    Installation screen

Using the command line

Run the following command:

```
CitrixWorkspaceApp.exe ADDONS=ZoomVDIPlugin,WebexVDIPlugin
<!--NeedCopy--> ```

Enhanced Desktop Viewer toolbar

Starting with the 2503 version, Citrix Workspace app for Windows provides an enhanced Desktop Viewer toolbar.

Enhanced Desktop Viewer

The enhanced Desktop Viewer toolbar provides the following options:

  • Show or hide toolbar: Click this button to show or hide the Desktop Viewer toolbar.
  • Switch desktop: Click this button to see the available open desktops. You can switch to another desktop by clicking the desktop that you want to access. The opened desktop shows in the front.
  • Ctrl+Alt+Del: Click this button to bring up the task manager on your virtual desktop.

  • Shortcuts: Click this button to see the available shortcuts. The following are the available shortcuts:

    • Start menu: Click to access the start menu on the virtual desktop.
    • Switch app: Click this button to see the available open apps. You can switch to another app by clicking the app that you want to access.
    • Devices: Click this button to access the devices you have connected.
    • Preferences: Click this button to access the options in the Preferences section and edit your preferences.
    • Connection: Click this button to analyze the connection strength with real-time stats of your connection.
    • Multi-monitor: Click this button to navigate to the different options of extending your session across multiple monitors.
  • Minimize: Click this button to minimize the virtual session.
  • Fullscreen or Restore: Click the Fullscreen button to expand the desktop session to full screen. Click the Restore button to restore the full screen session to the previous window mode.
  • Disconnect / Sign out: Click this button to sign out or to disconnect from a virtual session.

You can drag the toolbar across the screen and snap it to any edge of the screen. It supports both vertical and horizontal layouts.

Limitation

If you are using Windows Server OS 2019, the new Desktop Viewer toolbar is disabled due to an issue with installing WindowsAppSDK version 1.6.5. For more information, see the Microsoft documentation. As a result, the legacy Desktop Viewer is enabled by default. Admins or users can enable the sideloading policy and install the WindowsAppSDK. After that, enable the new Desktop Viewer toolbar through the registry by setting the REG_DWORD entry called WindowsAppSdkInstalled to 1 at HKEY_LOCAL_MACHINE\Software\Citrix\XenDesktop\DesktopViewer.

Enhancement to connection strength indicator on Desktop Viewer toolbar

Starting with version 2503, the Connection Strength Indicator on the Desktop Viewer toolbar is enhanced with the following features:

  • Enhanced user experience: Provides a more intuitive and user-friendly interface.
  • New stats including Wi-Fi strength: Displays real-time Wi-Fi strength for better connectivity insights.
  • Additional details about your device: Includes information such as CPU, memory, and disk utilization.
  • Proactive notifications with options to snooze: Alerts users when connection strength drops, with the ability to snooze notifications.
  • Recommendations to resolve issues: Offers actionable suggestions to improve connection strength when it drops below good.
  • Historic view of the connection strength: Displays a 15-minute history of connection strength for better troubleshooting and analysis.

Multi-monitor layout selection

Starting with version 2503, the Multi-Monitor Selector (MMS) allows users to choose which displays to use in full-screen mode for desktop sessions only, not for seamless sessions. A new Multi-Monitor button has been added to the toolbar, which appears only when more than one screen is connected. This feature enhances the flexibility and usability of multi-monitor setups in desktop sessions, providing a more tailored and efficient user experience.

Multi-montior layout

Multi-monitor menu options

The toolbar button includes three drop-down menu options for desktop sessions in full-screen mode:

  • Extend to All Displays: The session switches to full-screen mode on all connected screens.

  • Custom Layout: This option opens a custom monitor selector displaying the layout of the Windows system. Users can click the rectangles in the selector to choose which screens to use and then click Apply. The session then uses the selected screens in full-screen mode.

    Multi-montior layout

  • Fullscreen: The session switches to full-screen mode on whichever monitor the session is currently active on. For example:

    • If your session is active on one monitor, it will be full screen on that monitor.
    • If your session is active on two monitors, it will be full screen on those two monitors.

    Multi-montior layout

When a new monitor is plugged in, a notification appears for the user to make a selection. Users can check Remember my preference to mute this notification.

Citrix Workspace app for Windows 2503 - Preview
April 2, 2025
Contributed by: 
S S

In this article

Site feedback | Your privacy choices footer linkYour Privacy Choices | Privacy and legal terms | Cookie preferences | Consent settings | docs.cloud.com
© 1999-2025 Cloud Software Group, Inc. All rights reserved.