Configure trusted server configuration
Use this policy to control how the client identifies the published application or desktop it is connecting to. The client will determine a trust level, called a ""trust region"" with a connection. The trust region will then determine how the client is configured for the connection.
When this policy is enabled, the client can be forced to perform region identification using the "Enforce trusted server configuration" option.
By default, region identification is based on the address of the server the client is connecting to. To be a member of the trusted region, the server must be a member of the Windows Trusted Sites zone. You can configure this using the "Windows Internet zone" setting.
Alternatively, for compatibility with non-Windows clients, the server address can be specifically trusted using the "Address" setting. This is a comma-separated list of servers supporting the use of wildcards, for example, cps*.citrix.com.
Troubleshooting:
In the default configuration, when trusted server configuration prevents the client from connecting, the following error message is displayed:
"
The server identified in the "xxx" must be added to the Windows Trusted Sites zone (as either http:// or https:// for SSL connections) for the connection to succeed.
Note that for SSL connections, the certificate common name must be trusted. For non-SSL connections all servers that are contacted must be individually trusted. This means that when using application browsing, both the XML service and the server this redirects to must be trusted.
Enforce trusted server configuration| Registry Hive | HKEY_CURRENT_USER |
| Registry Path | Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\ClientSelectiveTrust |
| Value Name | EnableClientSelectiveTrust |
| Value Type | REG_SZ |
| Default Value | true |
| True Value | true |
| False Value | * |
receiver.admx
- Citrix Components
- Citrix Receiver
- CEIP
- Client Engine
- Diagnostics
- DPI
- Fast Connect API Support
- HDX MediaStream Flash Redirection - Client
- Multi-Stream ICA
- Network routing
- Receiver Updates
- Remoting client devices
- SelfService
- Advance Preferences Options
- Allow/Prevent users to publish safe content
- Allow/Prevent users to publish unsafe content
- Allow users to Add/Remove Account
- Control when Citrix Receiver attempts to reconnect to existing sessions
- DisableConfigChecker
- Disable Settings
- Enable application PreLaunch
- Enable Default FTA
- Enable FTA
- EnableFTU
- Manage App shortcut
- Manage SelfServiceMode
- vPrefer
- StoreFront
- User authentication
- User experience
- Allow client connections
- Host to client redirection settings
- Citrix Receiver
- Citrix Components
- Citrix Receiver
- Remoting client devices
- Generic USB Remoting
- Remoting client devices
- Citrix Receiver
- Citrix Components
- Citrix Components
- Citrix Receiver
- Citrix Client Selective Trust x64
- Internet Region
- Intranet Region
- Restricted Sites Region
- Trusted Sites Region
- Create Client Selective Trust Keys
- Citrix Client Selective Trust x86
- Internet Region
- Intranet Region
- Restricted Sites Region
- Trusted Sites Region
- Create Client Selective Trust Keys
- Citrix Client Selective Trust x64
- Citrix Receiver
- HDX MediaStream Flash Redirection - Client
- Enable ICA File Signing
- Citrix Components
- Citrix Receiver
- Client Engine
- HDX MediaStream Flash Redirection - Client
- Multi-Stream ICA
- Network routing
- Remoting client devices
- User authentication
- User experience
- Allow client connections
- Citrix Receiver
- Citrix Components
- Citrix Receiver
- Remoting client devices
- Generic USB Remoting
- Remoting client devices
- Citrix Receiver
- HDX MediaStream Flash Redirection - Client