My first blog posting I want to start with a great piece of software called “Citrix Desktop Lock”. Im sure one or two heard about the plugin. What is Citrix Desktop Lock? Citrix Desktop Lock will convert your Windows FatClient/ThinClient into a Kiosk Appliance. After the user has entered his domain credentials he won’t see anything from the installed Windows OS and will automatically launch his assigned Published Desktop. When you login with a local admin account you will regain full control of the OS. Sounds lovely? It is 🙂
How is it done?
Citrix Desktop Lock is changing the default shell when a user is logging in.
Windows OS Default
After installing Desktop Lock:
“Shell”=”C:\Program Files\Citrix\ICA Client\SelfServicePlugin\selfservice.exe”
- Windows 10, Windows 8.1, Windows 8, Windows 7 (including Embedded Edition), Windows 7 Thin PC
- Connects to StoreFront through native protocols only
- Domain-joined end points
- User devices must be connected to a local area network (LAN) or wide area network (WAN).
- 3Dpro, Flash, USB, HDX Insight, Microsoft Lync 2013 plug-in, and local app access
- Domain, two-factor, or smart card authentication only
- Flash redirection is disabled on Windows 8 and later versions. Flash redirection is enabled on Windows 7
Step 1 – Preparation
Before you are going to install the Citrix Desktop Lock on a workstation you first need to install Citrix Receiver with the Single-Sign-On Parameter.
In addition you need a configured StoreFront account on the machine, otherwise the installation of Desktop Lock will fail. Im doing this with Microsoft Group Policy.
To make the autolaunch of the Published Desktop possible you need to configure Pass-Trough Authentication. Check CTX133982
Step 2 – Installation
Download the current release of Citrix Desktop Lock.
msiexec /i CitrixReceiverDesktopLock.msi /qn
Important: You always need the proper Citrix Receiver/Desktop Lock Version
Step 3 – Test
Logon with a domain user and it should auto launch your published desktop.
Important – Good to Know
After you lock (Windows + L) the workstation the Published Desktop always will receive a logoff command.
Result: The user wants to unlock his computer and it took at least 15 seconds to access the desktop again (logon process). You can remain the ICA Session with setting a registry key on the client. It depends on your needs 😎