Use this policy to enable and restrict the remote application or desktop's access to the client file systems.
When enabled, the client will completely deny client drive mapping (CDM) virtual channel access to the client's file system if the check box "Enable client drive mapping" is not selected. This stops the DLL implementing the client drive mapping virtual channel (vdcdmn.dll) from loading on client start up. At this point, you can delete the DLL from the client package.
If CDM is enabled, further options are available to restrict the type of access available to the server. If the "Read-only client drives" check box is selected, the CDM virtual channel only permits read access to client drives.
Access to Windows drives can be disabled by entering the relevant drive letter in the "Do not map drives" box. This is a concatenation of all drives that should not be mapped when connecting to a published application or desktop, for example "ABFK" disables the drives A, B, F and K.
Troubleshooting:
These policies override selections made by users in the File Security dialog boxes of the Desktop Viewer. For information on how to prevent users from changing selections in the Client Connection Center, see the Citrix Knowledge Center.
Registry Hive | HKEY_CURRENT_USER |
Registry Path | Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Drives |
Value Name | CDMAllowed |
Value Type | REG_SZ |
Default Value | true,false |
True Value | true,false |
False Value | false |
Registry Hive | HKEY_CURRENT_USER |
Registry Path | Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Drives |
Value Name | CDMReadOnly |
Value Type | REG_SZ |
Default Value | false,true |
True Value | true |
False Value | false,true |