XenApp 6.5

Citrix policy gone after editing


Citrix policies are gone after editing.


Restore \\Domain\SYSVOL\domain\Policies\{UniqueID}\User\Citrix\GroupPolicy\Policies.gpf


VDA Redirector melding Citrix IE


I noticed in some environments that after installing XA650W2K8R2X64025 and HDXFlash200WX64001 for XenApp 6.5 The users are getting an popup in Internet Explorer about the VDAredirector.exe opening outside IE protected mode:

Citrix FTA, URL VDA Redirector - Security Warning

This program will open outside of Protected mode. Internet Explorer’s Protected mode helps protect your computer. If you do not trust this website, do not open this program.

Name: Citrix FTA, URL VDA Redirector Publisher: Citrix Systems, INC


After selecting “Do not show me the warning for this program again” and clicking on “Allow” i searched the registry and found the following key :

[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BFFC40A2-FFE2-4E6F-B179-3641561D4FCD}] “AppName”=”VDARedirector.exe” “AppPath”=”C:\\Program Files (x86)\\Citrix\\system32″ “Policy”=dword:00000003

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C1359F1-E04E-4231-9E7E-955DE92A17E1}] “AppName”=”redirector.exe” “AppPath”=”C:\\Program Files (x86)\\Citrix\\ICA Client” “Policy”=dword:00000003

Import these settings using Group Policy or using a Workspace management solution like RES or AppSense.



Enable WinRM for Windows Remote Shell


When you need to perform a remote CDF trace or would like to use the HDX monitor for remote monitoring you need to enable the Windows Remote Shell.


  1. Logon into the Windows console.
  2. Optional (For Windows Vista serve as remote server): Start the service “Windows Remote Management ” and set it for auto start after reboot.
  3. Write the command prompt : “WinRM quickconfig” and press on the “Enter” button.
  4. The following output should appear:

    WinRM is not set up to allow remote access to this machine for management. The following changes must be made:

    Set the WinRM service type to delayed auto start. Start the WinRM service. Create a WinRM listener on HTTP://* to accept WS-Man requests to any IP on this machine.

    Make these changes [y/n]? y

  5. After pressing the “y” button, the following output should appear:

    WinRM has been updated for remote management.

    WinRM service type changed successfully. WinRM service started. Created a WinRM listener on HTTP://* to accept WS-Man requests to any IP on this machine.



Internet Explorer settings Security tab are greyed out


When logging in as a new user my Internet Explorer Security Settings are greyed out, when I perform a reset everything is working perfect. I don’t use any GPO’s the change settings.


1) Login as user with the problem.

2) Reset the internet Explorer setting in the Advanced tab.

3) Export the registry settings of the following key:
     HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\

4) Load the ntuser.dat from the default user as “Default” using Load Hive in Regedit.

5) Edit the Exported .reg file and use find and replace
        Replace: HKEY_Users\Default

6) Import the changed settings.

7) Unload the hive for Default.

Now when a new user logs in the Internet Eplorer settings are correct.