Published Applications

Last Modified: Oct 18, 2016 @ 5:09 pm


💡 = Recently Updated

Application Groups

Citrix Blog Post Introducing Application Groups in XenApp and XenDesktop 7.9  💡

XenApp 7.9 and newer has an Application Group feature. This feature lets you group published apps together so you can more easily apply properties to every app in the group. Today, you can do the following:

  • Control visibility of every app in the app group (Users page).
  • Publish every app on the same Delivery Groups.
  • Prevent or allow apps in different Application Groups from running in the same session.
  • With one published app icon, test users launch from test Delivery Group, while production users launch from production Delivery Group.

To create an Application Group:

  1. In Citrix Studio, right-click Applications, and click Create Application Group.
  2. In the Getting Started page, click Next.
  3. In the Delivery Groups page, select the delivery groups you want these apps published from.
  4. In the Users page, select the users that can see the apps in this app group.
  5. Note: there are three levels of authorization. An app is only visible to a user if the user is assigned to all of the following:
    • Delivery Group
    • Application Group
    • Individual Published Apps in the Application Group
  6. Click Next.
  7. In the Applications page, publish applications like normal, and then click Next.
  8. In the Summary page,  give the Application Group a name, and click Finish.
  9. In the Applications node in Studio, there’s a new Application Groups section.
  10. If you highlight your Application Group, on the right is the list of apps in the group. You can edit each of these published apps like normal.
  11. You can drag applications into an Application Group.

  12. However, this more of a copy than a move. To actually move the app exclusively into the Application Group, edit the individual app, and on the Groups page, remove all Delivery Groups (or other Application Groups). The app will instead inherit the Delivery Groups from the app group.
  13. If you edit the Application Group:
  14. The Settings page has an option for session sharing between Application Groups. Clearing this checkbox allows you to force applications in different Application Groups to run in different sessions.
  15. The Delivery Groups tab lets you set Delivery Group priority. If priority is identical, then sessions are load balanced. If priorities are different, then sessions are launched on Delivery Groups in priority order.

Limit Icon Visibility

For Published Applications, there are three levels of application authorization: Delivery Group, Application Groups, and Published App Limit Visibility. A published app icon is only visible if the user is added to all three levels.

  1. Delivery Group (Users page). If the user is not assigned to the Delivery Group, then the user won’t see any application or desktop icon published from that Delivery Group.
  2. Limit Visibility – You can use the published app’s Limit Visibility page to restrict an icon to a subset of Delivery Group users.
  3. In XenApp/XenDesktop 7.9 and newer, you can use Application Groups to restrict access to published icons.
  4. App Icons won’t appear unless users are added to all three of the above locations.

Published Desktops have separate authorization configuration:

  1. XenApp/XenDesktop 7.8 and newer have a Desktops page in Delivery Group properties where you can publish multiple desktops and restrict access to those individual published desktops.
  2. In XenApp/XenDesktop prior to version 7.8, if a desktop is published from the Delivery Group, by default, every user assigned to the Delivery Group can see the icon. You can use the PowerShell command Set-BrokerEntitlementPolicyRule to limit the desktop icon to a subset of the users assigned to the Delivery Group.
    1. Run asnp citrix.*
    2. Run Get-BrokerEntitlementPolicyRule to see the published desktops.
    3. Then run Set-BrokerEntitlementPolicyRule to set the IncludedUsers or ExcludedUsers filters.

Published Content

XenApp 7.11 adds Published Content where you can publish URLs that are opened in the user’s local browser. You can also publish UNC paths, which are opened with local Explorer or local application.

Currently there is no GUI to publish content. Instead, use PowerShell.

The New-BrokerApplication cmdlet requires you to specify a Delivery Group. This Delivery Group must have at least one registered machine in it. However, the published content does not actually launch from the Delivery Group since the URLs and/or UNCs open locally.

First run asnp citrix.*

Then run New-BrokerApplication -ApplicationType PublishedContent. Here is a sample PowerShell command:

New-BrokerApplication -Name "CitrixHomePage" -PublishedName "Citrix Home Page" -ApplicationType PublishedContent -CommandLineExecutable -DesktopGroup RDSH12R2

Instead of publishing to a Delivery Group, you can publish to an Application Group by using the -ApplicationGroup switch. The Application Group must have Delivery Group(s) assigned to it.

Once the Published Content is created, you can see it in Studio. You can also edit it from Studio, including Limit Visibility and Groups (to move it to an Application Group).

Published Content can be placed in Application Groups. You can then use the Application Group properties to restrict access to the shortcut.

It does not appear to be possible to set the icon from Studio, but you can do it using PowerShell. See Citrix Blog Post @XDtipster – Changing Delivery Group Icons Revisited (XD7) for instructions to convert an icon to a base64 string, and import to XenApp using New-BrokerIcon -EnCodedIconData "Base64 String".  Then you can link the icon to the Published Content using Set-BrokerApplication "App Name" -IconUid.

In StoreFront 3.7, you can click the icon and URLs will open in a new browser tab.

Application Usage Limits

In XenApp/XenDesktop 7.7 or newer, if you edit an application’s Properties, on the Delivery page, you can restrict the number of concurrent instances of the application.

Keywords for StoreFront

In a published application’s Properties, on the Identification page, in the Description and keywords field, you can enter KEYWORDS to control how the app behaves when displayed by StoreFront.

  • Enter KEYWORDS:Mandatory or KEYWORDS:Auto to cause the application to automatically be subscribed or favorited in Citrix Receiver.
    • In StoreFront 3.0 and newer, the user can go to the Apps tab, click an App’s Details button, and mark the app as a Favorite. 
    • In the older StoreFront interface, users subscribe to applications by clicking the plus icon to add the application to the middle of the screen. 
    • Mandatory means the app can’t be removed from Favorites or unsubscribed.
    • Auto means the app is automatically favorited or subscribed, and can be un-favorited or unsubscribed by the user.
  • Enter KEYWORDS:Featured to make the application show up in the Featured list.
  • You can separate multiple keywords with a space. KEYWORDS:Mandatory Featured.
  • See the StoreFront 3.7 Keywords documentation at Citrix Docs for more information.

Users will have a better experience with StoreFront if applications are published into folders. The folder name is specified in the Delivery page in the Category field. Note: Add shortcut to user’s desktop works in newer versions of Receiver assuming the app is marked as a Favorite.

Secure Browser

Citrix has a deployment guide for publishing a browser from XenApp. Here’s an overview of the configuration:

  • Install Chrome on an RDSH VDA.
  • In Studio, publish IE and/or Chrome in Kiosk Mode to anonymous users.
    • Create a different published app for each website.
  • In StoreFront, create a Store for Unauthenticated Users.
  • In StoreFront, enable Receiver for HTML5.
  • In StoreFront, enable web links so you can link to the published browser from a different website.

When a user launches the published browser, the HTML5 client opens the published app in a local browser tab. The published browser runs in kiosk mode so that the published browser’s user interface is hidden. It looks like the website is running on the local browser but actually it’s running from a published browser.

There’s a special XenApp Secure Browser Edition that is only licensed for publishing browsers from RDSH. See the press release Citrix Radically Simplifies the Secure Delivery of Browser-based Apps.


App-V Client Hotfix

The latest App-V 5.1 hotfix is September 2016 servicing release for Microsoft Desktop Optimization Pack. Note: Windows 10 1607 and Windows 2016 get App-V updates through Windows Update.  💡

The latest App-V 5.0 hotfix is Hotfix Package 3 for Microsoft Application Virtualization 5.0 SP3.

There is a special version of App-V client for RDS. The normal App-V client in MDOP won’t work. Get the RDS version from the Microsoft Volume Licensing website.

App-V and Logon Times


XenApp 7.8 and newer App-V

XenApp 7.8 no longer requires App-V management infrastructure and can instead pull the App-V packages directly from an SMB share as detailed at App-V at Citrix Docs.

XenApp 7.11 adds an Isolation Groups tab.

Once App-V packages are added to Citrix Studio, you can publish an app and select App-V from the drop-down.

The App-V apps show up as AppLibrary App-V and support the same options as other published applications.

There appears to be some limitations to the package share method as detailed by Joe Robinson at

Joe Robinson provided a script to force the App-V client to sync before launching the user’s App-V application.

Launch App Inside App-V Bubble

From Citrix Blog Post Process Launching in an App-V V5 Virtual Environment:

  • On any executable, add the /appvve:<PackageID>_<VersionID> of the package in which one would like the executable to run
  • If the App-V process is already running then use the /appvpid:<ProcessId> to inject into a running App-V virtual environment
  • If you want something more permanent, you can set the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppV\Client\RunVirtual\<YourApplicationName> with a default REG_SZ key that has the executable name in it.

Also see Microsoft Knowledgebase article How to launch processes inside the App-V 5.0 virtualized environment.



Change Published Desktop Icon

Citrix Blog Post Changing Delivery Group Icons Revisited (XD7) has instructions on how to use PowerShell to import a Base-64 icon and then link it to the published desktop.

StoreFront 3.0 and newer overrides custom desktop icons. Run the following PowerShell command (from to restore custom desktop icons:

& 'C:\Program Files\Citrix\Receiver StoreFront\Scripts\ImportModules.ps1'

Disable-DSStoreSubstituteDesktopImage -SiteId 1 -VirtualPath /Citrix/Store

Other Published App Tips

CTX209199 Published 64 bit Aps Can’t Be Started With %ProgramFiles% in Command Line If It’s Not the first Application to Start: You can try the following methods to address this issue:  💡

  1. Use the absolute path to publish the application.
    2. Use %ProgramW6432% for 64-bit applications instead of %ProgramFiles%.


CTX132057 Google Chrome Becomes Unresponsive when Started as Published Application: add the parameters --allow-no-sandbox-job --disable-gpu in the published app command line.

CTX205876 Non-published Google Chrome browser on XenApp server, called and launched from any published app, is seen in black/grey screen: The command line parameter has to be added to registry shell open command for the Chrome browser:

  1. In Regedit, navigate to HKEY_CLASSES_ROOT\http\shell\open\command
  2. Edit the Default value as follows:
    "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --allow-no-sandbox-job --disable-gpu -- "%1"

Disable Application and Hide It

  1. In Studio, you can disable a published application by right-clicking it, and clicking Disable.
  2. In older versions of XenApp/XenDesktop, when you disable the application, it leaves the application visible but it is grayed out thus preventing users from launching it. In 7.8, the disabled app is automatically hidden (no longer shown in the apps list).
  3. If desired, you can hide or unhide the disabled application icon by running a PowerShell command:
    asnp citrix.*
    Set-BrokerApplication MyApp -Visibile $false

  4. When you re-enable the application, Visibility is automatically set back to true.

Local App Access

Some applications are not suitable for centralization and instead should run on endpoint devices. These applications include: phone software, applications needing peripherals, etc. Citrix Local App Access lets you access these endpoint-installed applications from inside a published desktop. This is sometimes called Reverse Seamless.

Local App Access has three modes of functionality:

  • User-managed local applications. Any shortcuts in the endpoint’s local Start Menu and local Desktop are made available from inside the published desktop.
  • Administrator-managed local applications. Use Studio to publish a local application, which is created as a shortcut inside the published desktop. When the shortcut is launched, it is actually running from the endpoint device (reverse seamless) instead of the centralized desktop. If you enable administrator-managed local applications then user-managed local applications are disabled.
  • URL Redirection. Administrators define some URLs that should be opened in a local endpoint browser instead of a VDA browser and then display the local browser inside the published desktop (reverse seamless).

Local App Access requires Platinum Licensing.

Do the following to configure Local App Access:

  1. In a Citrix Policy that applies to the VDAs, enable the Allow local app access policy setting.
  2. The URL redirection black list setting lets you define a list of URLs that should be opened on the endpoint’s browser instead of the VDA browser.
  3. On the Endpoints, install Receiver using the ALLOW_CLIENTHOSTEDAPPSURL=1 switch. Feel to add /includeSSON too. Run the installer from an elevated (Administrator) command prompt. This switch automatically enables both Local App Access and URL Redirection. Note: the URL Redirection code does not install on VDAs so URL Redirection might not work if your endpoint has VDA software for Remote PC.
  4. After installation of Receiver, launch Internet Explorer. You should see a prompt to enable the Citrix URL-Redirection Helper add-on.
  5. You can also go to Tools > Manage Add-ons to verify the Browser Helper Object.
  6. By default, Local App Access redirects the endpoint’s Start Menu and Desktop. You can control which folders are redirected by editing the endpoint’s registry at HKCU\Software\Citrix\ICA Client\CHS. Create the Multi-String Values named ProgramsFolders and Desktop Folders and point them to folders containing shortcuts that you want to make available from inside the published desktop. Andrew Morgan has a GUI tool for editing these registry values.

  7. When you connect to a published desktop, by default, there will be a Local Programs folder in the Start Menu containing shortcuts to programs on the endpoint’s Start Menu. These are user-managed shortcuts.
  8. On the VDA Desktop there will be a Local Desktop folder containing shortcuts from the endpoint’s desktop. These are user-managed shortcuts.
  9. The Local Desktop and Local Programs folders on the VDA can be renamed by editing the VDA’s registry at HKCU\Software\Citrix\Local Access Apps. Andrew Morgan has a GUI tool to modify these registry values.

  10. To enable administrator-managed local applications, login to a machine that has Citrix Studio installed and edit the registry. Go to HKLM\Software\Wow6432Node\Citrix\DesktopStudio and create the DWORD value named ClientHostedAppsEnabled and set it to 1.

  11. When you open Studio and go to Delivery Groups > Applications, there is a new link to Create or Add Local App Access Application.
  12. In the Getting Started with Local Access Applications page, click Next.
  13. In the Groups page, select the Delivery Group or Application Group whose published desktop will receive the shortcut and click Next.
  14. In the Location page, enter the path to the executable. This is the path on the endpoint. Also enter a Working Directory. You can get this information from the properties of the shortcut on the endpoint device. Click Next.
  15. In the Identification page, enter a name for the shortcut and click Next.
  16. In the Delivery page, these options work as expected. Click Next.
  17. In the Summary page, click Finish.
  18. When you login to the desktop, you’ll see the administrator-managed application. If any administrator-managed Client Hosted Applications are delivered to the user then the default Local Programs and Local Desktop folders no longer appear.
  19. To enable URL Redirection, login to the VDA and run "C:\Program Files (x86)\Citrix\System32\VDARedirector.exe" /regall. This registers the browser helpers.

  20. In Internet Explorer, if you go to Tools > Manage Add-ons, you’ll see the Citrix VDA-URL-Redirection Helper add-on.
  21. From inside the published desktop, if you go to a website on the blacklist, the VDA browser will close and a local browser will open in Reverse Seamless mode. If you then go to a website that is not on the blacklist the local browser will close and the VDA browser will open again.

Andrew Morgan Citrix reverse seamless application deep dive presentation contains details on the inner workings of Local App Access. The same webpage also contains the GUI configuration tools mentioned above.

Citrix TV – Local App Access in XenDesktop 7

Anonymous Apps

XenApp 7.6 and newer supports publishing apps to anonymous users. Edit the Delivery Group and on the Users page check the box next to Give access to unauthenticated (anonymous) users.

Anonymous Users are managed differently than regular Domain Users. See VDA Anon instructions for adding anon accounts, configuring session timeouts, and configuring local group policy.

Anonymous published apps should show up for all authenticated users. However, you can also create a StoreFront store that does not require any authentication.

Export/Import Published Applications

Dominik Britz Export And Import Citrix XenDesktop Published Apps – two PowerShell scripts, one to export all published apps to json files and one to import apps with the information of the exported json files. Get the scripts from the Blog Post.

Related Topics

Email this to someonePrint this pageTweet about this on TwitterShare on LinkedInShare on FacebookPin on PinterestShare on RedditShare on StumbleUpon

103 thoughts on “Published Applications”

  1. Is there any way to hide the LocalApps desktop and start menu folders entirely? I want the user ONLY to see my published local app, not any of the other apps available on their PC….

    I have everything working, except still get the bloody folder on the desktop.

    1. If you publish a local app from Studio, the automatic local apps should be ignored. Are you saying that’s not the case?

  2. hi Carl,

    Currently experiencing app-v launch issues when using Mandatory profiles in non-persistent RDS workers. I have created some app-v packages and published them but they won’t launch (just give error starting application), I see the cache has the package on the XenApp server and in %localappdata% i can find the app-v app and the icons appear on the desktop for the applications. Do you have any experience or any articles on using app-v packages with XenApp when using Mandatory profiles?

    When not using mandatory profiles and using roaming profiles the app-v packages will launch fine.


  3. Hi Carl,

    first of all, i’d like to thank you for your great work here and at the ctx forum.
    Helped me a lot in the last years.

    Now to my Problem:

    We have got a little Problem with starting a second Published app quickly after the first one.
    When a user launches the first Citrix Application, it fails to quickly launch a second one if its on the same Server / Deployment Group. The User receives the Message “The App cannot be started. Please contact your helpdesk”.
    When he waits round about 30 seconds after the first start, the second start has no problem and the program comes up. (You have to wait again if you want to start a third Program).

    The User are already working over a published Desktop.

    We got 2 Messages in the Event Viewer of the Storefront:

    … The Citrix XML-Service gives back der Error: ‘no-available-workstation’ back ..

    … there is no availabe Ressource for the User ‘Domain\User’ found. This Massage was given by the Citrix XML-Service.

    Any Solutions here? Timeouts or Something?

    Thanks and greetings,

  4. Hi Carl

    Great documentation..!!!

    I am unable to edit Delivery group properties though I am added as delivery group admin. Please can you suggest any possibilities?

      1. We have created a role with Delivery group Admin access specifically. But unable to modify DG properties being in that role. Full admin has all rights to administer the console.

        1. You use the built-in role? Or did you create a role? If you created a role, what permissions did you assign?

          When you added the administrator, what scope did you use? Is the Delivery Group in the scope?

          It’s working for me with the built-in DG Admin role.

  5. Hello Carl
    You can make “local app access” with integrated file type association?
    In my environment XenApp 7.6, Excel is not installed, Excel and need to be moved from my endpoint was the virtual XenApp session.
    But I have not found a way that when run an Excel file .xls or .xslx in the virtual session is automatically opened with Excel integrated as “local app access”

      1. The file is in my documents VDA OS Server.
        Excel is displayed as an icon published on the desktop VDA OS Server
        But when I go to run the file .xslx appears:
        How do you want to open this type of file? and not load with published Excel “local App Access”

  6. Very insightful,
    If you have XA farms, 6.5 and 7.6 can you hide visibility to apps from one farm (6.5) for some users using the same URL with combined STAs?

    Our options are place icons from the farms in different folders or provide separate URLs.

    1. Are you asking if you can only show icons from an entire farm if the icon is in a specific group? In that case, there’s StoreFront User Mapping (StoreFront 3.5 > Store > Manage Delivery Controllers, on bottom is User Mapping.

  7. Hi Carl, I’m trying to setup a Citrix Studio install to run as a published app from a non-delivery controller server. I’m running into an issue where it asks for the delivery controller address every time. Do you know if there is a config file I can add an entry to or a reg key I can set to have the MMC snap-in pick up the delivery controller fqdn? Thanks in advance!

  8. I’ve recently setup a new XenDesktop 7.8 Environment testing with our 2008 R2 image
    We are not using storefront but using Juniper client to talk directly to the DDC’s.
    When testing out published applications they are launching correctly, however when you launch a subsequent application all published apps disconnect (and I see the session go disconnected in studio) and then when then the new app launches and the previously opened apps also pop up on screen.

    Obviously I don’t think this is expected behavior but not sure if anyone else has seen something like that or is it most likely the juniper. Don’t want to waste time setting up storefront if its something else.

  9. Hi Carl,

    do you know if it’s possible to publish an application on a network share like this:
    PATH: \\share\folder\appl.exe
    DIR: \\share\folder\


    1. I think there have been issues in some versions of XenApp. The easiest way is to create a .cmd file that launches the program using the start command and then publish the .cmd file.

  10. Hi Carl I have XenApp7.7 Platinum. Cant seems to be able to set up the local App redirection. I can see the local App in controller and I set up the Citrix policy applied to my desktop delivery group and on local PC I installed receiver with the =1. When I login to desktop I cant see me local shortcuts. Did I miss anything?

    1. You can only do one or the other. If you publish Local Apps, then automatic visibility of local apps won’t work. You have to stop publishing local apps to cause the local apps to automatically display.

      1. I want to set only two local applications that’s why I need to publish them. But when I do it doesn’t work ;o( I had set this up on demo while ago was fine there but I might missed something this time.

      2. Hi Carl I had to set up only one application hence the Local app publishing in studio. I opened case with Citrix now as I just wonder if having two controllers or changing the gateway slightly might have disable this function. I had set this up just now on different domain with one controller and default gateway setting and all working fine there.

        1. I found why this doesn’t work for my client. On demo I disabled Desktop Viewer Tool bar in my config file on SF and my Local App redirection stop working. Seems that the black menu need to be set to true for it to work..

          1. That’s the default so I don’t think I mentioned that. Maybe I should?

            The docs also say full screen is required but it seems to work in a window too.

  11. Hi Carl,
    thanks for the great information.
    One question:
    To get back custom desktop icons, we need to run the command

    Disable-DSStoreSubstituteDesktopImage -SiteId 1 -VirtualPath /Citrix/Store

    Is there also an “enable…” command to switch this back to the default settings?

    Thanks for your help,
    best regards,

    1. Did you try it? I see Enable-DSStoreSubstituteDesktopImage as an available cmdlet.

      You can run Get-Command *DSStoreSubstituteDesktopImage* to see the available commands.

  12. Carl that fixed it, I forgot I had the ICA only box checked. Along with that: I assume that because I need 2 delivery groups to pull this off, I will also need a set of servers in each delivery group, one group for inside access and one for gateway access, because I can’t publish apps by servers like xenapp 6.5? Thanks for your help, I will look for you at Synergy.

  13. Carl thanks for answering my question on April 1 about limiting access to a published app from Netscaler gateway. My issue now is, when I check the box for Connections through Netscaler Gateway, the icon does not show at all, and when I check the box for All connections not through Netscaler Gateway, the icon shows when logged into the gateway, and a login without the gateway. There is also a Storefront button on the left that I left at default, does this need to coincide with the check boxes, and point to the Storefront server connected to the gateway? Thanks.

  14. Carl, What is the option add shortcut to user desktop inside of the delivery group option for? From everything I read and done, we had to use the PutShortcutsOnDesktop = true. ? Will this check do this as well for only certain apps? like the web interface days?

  15. Hi Carl,
    I have a problem in my Storefront 3.x xenapp 7.6 (and 6.5) shared environment.
    I am trying to disable session sharing with no luck. I need the user(s) to be able to launch the same app (receiver 4.4) and connect to different sessions. Is this possible?

      1. When I try to run the set-broker command on storefront, the command is not found. Using get-command after importing Citrix modules does not show the command either. Am I missing something?

          1. I was running on SF 3.01 with studio installed. I tried on DC same issue.
            Both Get-BrokerAppEntitlementPolicyRule and Set-BrokerAppEntitlementPolicyRule not recognized

            Here’s output from powershell.
            PS C:\> cd “C:\Program Files\Citrix\Receiver StoreFront\Scripts”
            PS C:\Program Files\Citrix\Receiver StoreFront\Scripts> .\ImportModules.ps1
            Adding snapins
            Importing modules > all modules loaded
            PS C:\Program Files\Citrix\Receiver StoreFront\Scripts> Set-BrokerAppEntitlementPolicyRule Rel15 -SessionReconnection SameEndpointOnly
            Set-BrokerAppEntitlementPolicyRule : The term ‘Set-BrokerAppEntitlementPolicyRule’ is not recognized as the name of a
            cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify
            that the path is correct and try again.
            At line:1 char:1
            + Set-BrokerAppEntitlementPolicyRule Rel15 -SessionReconnection SameEndpointO …
            + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
            + CategoryInfo : ObjectNotFound: (Set-BrokerAppEntitlementPolicyRule:String) [], CommandNotFoundException
            + FullyQualifiedErrorId : CommandNotFoundException

          2. Those cmdlets come from Studio, not StoreFront. Run Asnp Citrix.* And then you’ll see them.

  16. Hi Carl, why the delivery option is not available for APP-V applications in XA 7.8 but for locally installed apps?

  17. Carl, in Xenapp 6.5 AppCenter you can control access to an application from Access Gateway, by checking the box, Allow connections made through Access Gateway Advanced Edition, and by a similar box called Allow all other connections. We use this to control access to applications from the outside. I don’t see a way to do that with Xenapp 7, did I overlook it? Thanks.

    1. Yes, but only at the Delivery Group level. Edit the Delivery Group and there’s an Access Control page.

  18. Hi Carl

    I have a strange one
    XenDesktop/XenApp 7.7
    Single Delivery Group containing a Single 2008 R2 Server with VDA 7.7.
    PVS 7.7 streamed Image (this issue is replicated with multiple identical servers in the DG also)
    User A Assigned to DG
    User A Assigned to 2 individual applications

    I have two applications assigned to the delivery group. I can only launch one of them at a time. Weirdly, if i Launch App A, i get my application, i then launch App B, and nothing happens. Client doesn’t see the second application launch in the receiver connection centre, however the Broker (via powershell and the GUI) will see both Apps as active. If I launch App B first, i cant launch App A.

    Director will see two applications launched under the 1 server, however if you select the session list that contains both apps, you will only see one actually running. Eventually App 2 will die off

    No errors on the Broker, Client, Server – everything clean.

    This works perfectly fine in XA 6.5, just when i move to 7.7, it breaks and i am a little lost

    This also seems to work perfectly fine on a delivery group in 7.7 that has non streamed Servers in the mix. I can launch as many apps as i like and everything will work as expected.

    Are there any gotchas around the VDA Installation and PVS that i might be missing?



    1. Do the two apps normally run side-by-side?

      Same problem on VDA 7.8? That VDA has bug fixes. Otherwise you might have to call Support.

      1. Hey Carl,

        Thanks for taking the time to reply

        I just cracked it – turns out there appears to be issues if you add the app via studio manually and your app runs from say “C:\Program Files\LocationA”, Studio Auto changes this to variable based…%ProgramFiles%\LocationA.

        In my case
        App 1 = “C:\Program Files\LocationA”
        App 2 = “C:\Program Files\LocationB”

        Studio Changes this to %ProgramFiles%\LocationA or B respectively and my apps wouldn’t run side by side. Change it back to the physical path and delete the variable, and things start working perfectly 🙂

        I changed both the App path, and the working directory so not 100% sure which value sorted it


  19. Hi,
    In Xenapp 7.6 How do you publish individual server as publish desktop for the NOC team to verify / test the individual server are working correctly.



    1. It’s not possible. I would have to be in it’s own Delivery Group. You could remove the machine from the prod delivery group and add it to a different delivery group.

  20. Hi Carl
    I want to know if it is possible after logging off from citrix receiver the webpage (whether after time out or or a manyual logoff) if the apps can stay open. right now when a user logs off, all the apps close? thanks

    1. In StoreFront, adjust the Workspace Control settings. The process varies depending on the version of StoreFront.

  21. I have installed XA 7.6 and trying to configure the APP-V with it. My App-V server is working fine and I was able to deliver applications using the App-V Client.
    The issue which I am facing is how can I get the Citrix Studio to recognize the applications coming from App-V.

    I have added the App-V server on the studio and even installed the VDA Agent on one of the server which has application delivered by app-v. Could you please let me know how I need to configure it?

  22. Hi Carl,

    I have a question about Applications in XA7.7….
    In 6.x, Apps were enumerated via XML brokers…etc. How is this done in 7.7?

    Do you know of any in-depth doc that discusses how Applications are delivered to users in XA 7.7?
    (I don’t mean how to setup the delivery group…etc to deliver/publish an App. I am looking for the backend logical flow and components that do what XML brokers used to do in 6.x).


    1. In 7.x, the Controllers are the XML Brokers.

      VDAs register with Controllers to inform them that the VDA is available for connections.

      StoreFront authenticates the user and retrieves the users group. StoreFront sends this info to Controller and Controller sends back a list of icons. StoreFront creates a web page from the icons.

      When user launches app, StoreFront sends XML query to Controller to ask for an available VDA. Controller sends back the IP address of the VDA.

  23. Is it possible to enable session sharing in XD between published app (using app-v) and desktop mode?

    1. To integrate app-v on XD so all app runs as like a native app in full desktop mode.
    2. To publish all apps through SF.
    3. Enable smooth roaming experience. (To launch individual apps directly from SF and the same need to be reconnected within the XD desktop session as a local instance)

    When it comes to app-v and XD desktop integration below are the options i evaluated.

    1. Enable app-v client to sync at every logon (few sec delay in enumerating start menu but good that we have options to enable progress bar for sync)

    2. Publish all globally and limit the icon visibility using ABE shares. (No wait time but end users can still launch the app if they know the actual path)

    3. Publish through Receiver so it can auto reconnect and bring all apps within desktop or to use Keywords to prefer local instance. But this will not enable session sharing instead will result in duplicate sessions for above scenario.

    Any other thoughts?


    1. Keywords:prefer should launch in the same desktop session. If launching in a new session then your keywords:prefer is not working.

      7.8 is supposed to have some App-V enhancements. Not sure if published app-v apps are displayed inside a published desktop and launched in the desktop session.

      Most reliable option is to publish App-V globally and hide icons users shouldn’t see (e.g. NTFS permissions). However, now you have to maintain both published apps and an icon hiding method (e.g. Group Policy Preferences).

  24. Hi,

    Is it possible to let some specified users forced login on one citrix server, so i can do testing for applications only on that server ?


    1. Only if it’s in its own Delivery Group.

      This is a frequent request. Please call Citrix Support and ask them to bring back this feature.

  25. I have eleven XenApp 7.6 servers, all in the same delivery group, all running the same PVS image. There is one application published on all these servers – One icon that opens on any of the eleven servers. I would like to also publish this application individually on each server. So, there would be eleven icons, each corresponding to one specific server. Is this possible, since I only have all the servers in one delivery group?

    1. That’s not possible in a single Delivery Group today. I suggest calling Citrix Support and tell them to bring back this feature (enhancement request).

  26. Had a question regarding assigning users a specific published application in XenApp 6.5. I’m much more familiar with XD so just wondering how XA works in comparison. I know in XD when you assign a user explicit rights to a desktop, it takes precedence over them being assigned a different desktop via AD security groups they are a member of.

    How does XenApp handle a similar situation, where a user is granted access to a specific published application (server desktop), and they are also in a security group thats got access to a different published application (server desktop)??

    1. In either case, the user sees all icons the user is granted access to. I’m not sure what you mean by “precedence”.

      XenDesktop has two levels of authorization: first at the Delivery Group and again in the published app’s Limit Visibility page.

      XenApp 6.5 only has a single level of authorization; simply grant the user access to the published app/desktop and the user can see it.

  27. Hello Carl

    We are seeing a behavior in our Xendesktop 7.6 where our support applications (multiple application per tuser) get pinned on one box. This result on the box getting oversubscribe for resource.

    We are looking for a way we can force to load these multiple support apps for a single user; to run on multiple servers on a LBG or a workaround that will give us similar behavior.


      1. Disable session sharing is not a supported feature in XD76; we opened a call with Citrix and after waiting for 3 mos got an answer.

        XD76 by default will load balance users (due to session sharing) not apps among servers in a MC; the only way we can ensure that a user that launches same apps have these apps on different servers; is to create 2 DG against a MC and spread servers on this DG’s.
        Then assign same users and app on these DG’s when a user launches APPa on DG1 and launches same app APPb from DG2.

        Applications will be then be spread out on separate servers.

  28. Hi Carl,

    Is it possible to do anything with with Published Desktop icons like you can with apps, like moving them in to sub folders under the + icon?

    1. There is a TreatAsApp KEYWORD you can add to the Delivery Group Description. Not sure if you can specify a category. If not in GUI then check PowerShell.

      The XenApp Tech Preview had some enhancements for published desktops. Not sure if this was one of them.

  29. Good afternoon!


    Congratulations on the excellent blog, is a shaking in a database.

    I seek your aid when public Apps gives the following error message: Cannot start app “app name”. What are the possible reasons for this error?

    I’m waiting your reply.

    Thank you

    1. The event viewer on the Controller usually tells you the reason. Not registered. Not enough machines. Published app file path not found. Licensing issues. Etc.

  30. Carl, can you verify this is accurate: “If there are multiple Delivery Groups with identical priorities then connections will be load balanced across them.”

    This is not the behavior we are seeing, connections all go to the first delivery group and there is no apparent load balancing.

      1. I know no one knows for sure, but has Citrix given any indication of the release time frame for 7.7 (i.e. 1Q 2016)? I know the TP has been out for a while. Thanks.

  31. Does this work with Windows 8.1 and Server 2008 R2 or Windows 8.1 and Server 2012? I have it working with a client on Windows 7 and shared desktop on server 2008 R2. Only the local desktop folder works if i connect from a windows 8 laptop.

    1. Local App Access? I just tried Windows 10 to Windows 10 and it seems to work. It creates the shortcuts on both Desktop and Start Menu.

  32. Thank you for your blog. I’m a new Citrix admin and this has answered every question I’ve had without going through the process of pulling teeth from the Citrix support reps

  33. When I made Local App Access available to users, when they logged in, the screen stayed “Black”. In order to let them access their desktops I had to revert and restart many times the computers…

    Is there something I could forget?

  34. Thanks Carl. We recently upgraded from 5.0 to 7.6. We had several IE shortcuts that redirected to the users local desktop using the locally installed browser. The old “Content” type of deployment. Is there a new way to do this with only XenApp? We are not deploying XenDesktop VDA’s.

  35. I have aquestion. Currently I have a XenApp 6.5 farm with some siloed servers which publish GIS apps. Users get a published desktop from the normal farm servers and from an icon on the desktop which runs a ICA file get there GIS apps from the siloed servers. This set up is required so that the resource hungery GIS apps do not affect the normal published desktops.
    As XenApp 7 dosn’t support ICA files how can you achive the same end result?

  36. Hi Carl,

    As usual great information. One question:

    if limit the desktop icon is used to hide the icon , would appliance site still automatically launch the desktop without user intervention in IE kiosk mode even if applications are published to that same user but visible ?


    1. I suspect that if the desktop icon is not visible to the user then there’s nothing to auto-launch. Otherwise you’ll have to try it in a lab.

      1. Hi Carl,
        Is there a way to prevent the icons published on xenapp 6 with “KEYWORDS: Auto” via storefront are hidden when disabled?
        If I disable application, this automatically hide from users and there is a problem.

      2. Thank’s Carl.
        do you think there is an alternative way to see the icons on the desktop automatically to users with storefront and xenapp 6? (without “KEYWORDS:Auto”)

  37. Hi Carl,

    Great article.

    I have a question regarding Delivery Groups relating to my new XA 7.6 deployment. I have 5x VDAs within a Delivery Group where 2x VDAs host the same ‘standard’ applications but also host specialised applications due to licensing constraints.

    When a user connects to a VDA hosting only ‘standard’ applications, then attempts to access a ‘specialised’ application hosted on other 2x VDAs, there is no activity and no connection is attempted. Is this by design as all VDAs should host the identical applications? therefore, I should remove the 2x VDAs hosting the specialised applications into a separate Delivery Group?

    Thanks in Advance.

    1. In 7.x, it is assumed that all members of a Delivery Group are identical. If they are not identical then they should be in separate delivery groups.

  38. Hi Carl,

    Excellent article, it has helped me tremendously! Much appreciated.

    I have 5 VDAs in a delivery group and 2 of the VDAs (in my case, server 1 and server 2) have a ‘specialised’ applications installed due to licensing constraints (i.e. MS Visio 2013). So not all of the 5 VDAs have identical applications installed.

    My issue is that when a user connects to a standard published application on server 3 then attempts to connect to the specialised application on server 1. The connection is unsuccessful. Is this by design ? If so, I’m assuming I need to remove the 2 VDAs from the existing delivery group and move them to a new delivery group? Can you please confirm ?

    Thanks in Advance.

  39. Hi carl, I have setup an Lab environment with xenapp 7.6 with evaluation license. i can publish the app. but when user try to open the application from the app dashboard. i am getting constent Event viewer error : The Desktop Window Manager has exited with code (0xd00002fe) ID: 9009.

    App server dont have Remote Desktop License server.

    Its Server 2012 r2.

    I really need your help mate.


    1. When creating the Delivery Group, select the Desktop or Desktop and Applications type. If you’ve already created the Delivery Group then you can go to its properties and change it to one of the Desktop types.

Leave a Reply