I have several customers with SBC environments which have pc’s of 2-4 years old, that run Windows XP. They asked me if they have to buy thin clients or if they can use their pc’s as thin clients. I have done several investigations of thin clients, but most thin clients are too thin or are too expensive. This means that the client does not have enough power to display Citrix HDX technology like you get on fat clients, or the thin clients cost more than a fat client. So why not turn your pc in a thin client? Most customers already have the computers and the infrastructure to manage them.
There are several steps you must take to configure the local computer:
- Configure a XenApp Services site. This makes the configuration of the client more dynamic. You don’t have to use static ICA files.
- Upgrade the Citrix online plug-in to the latest version. This is needed to support the latest HDX technology.
- Upgrade the local Flashplayer to the latest version. This is also needed for HDX Flash redirection.
- Replace to local Windows shell with a locked down shell.
The full online plug-in is needed when you want to use pass-through authentication. This means you logon to the local Windows computers with a domain account and logon with pass-through in the Citrix session. The web plug-in does not support pass-through. The full plug-in implicates that you must configure a XenApp services site.
For the shell replacement there are several solutions. Citrix offers a free solution with the DesktopApplianceLock. This tool replaces the local shell with the PNAgent.exe (HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=C:\Program Files\Citrix\ICA Client\PNAgent.exe). When the user logs on, the computer will contact the XenApp services site and will start the first desktop that is offered to the user. This is alphabetical determined. If you have two farms configured in the XenApp services site, a desktop is taken from the farmname with the first letter.
You can migrate computers to the new farm by rename the farmname display name in the XenApp Services site to another alphabetical order. This is a great and simple tool and sufficient for most situations. Pass-through authentication is supported and when you logoff from the Citrix session, you’re also logged off from the local Windows computer. The DesktopApplianceLock.msi is located on the XenDesktop cd. To remove the DesktopApplianceLock, you have to logon with the same account that installed the msi or manually replace the Shell regkey with Shell=Explorer.exe.
DesktopApplianceLock will only install on Windows XP. But you can make it work on Windows 7 by changing the LaunchCondition in the MSI with e.g. Orca.
There are some points to keep in mind when full locking down the local shell. If you lock down the local shell, you don’t have access to local settings for e.g. the display resolution or USB devices. You can use the RES Virtual Desktop Extender (VDX) for this (formerly RES Subscriber). With the RES VDX you can offer shortcuts to local applications within you published desktop. But this means you also have to use RES Workspace Manager in the published desktop, and unfortunately there are still customers who do not use RES products.
As an alternative, you can use the customizable shell replacement Shelaunch. In Shelaunch you can create multiple shortcuts in a simple menu, and configure an autolaunch shortcut. It looks very basic, there is nothing else on the desktop but only a few buttons, but it works. Shelaunch is not developed anymore, but you can still find it in Google Search.
You can also use pass-through authentication for the Start Desktop action by using the shortcut command = c:\program files\citrix\ica client\pnagent.exe with paramenter = /QLaunch “XAFarm1:Desktop” in which XAFarm1 is the display name of the farm name in the XenApp Services site and Desktop is the name of the published shortcut.