Configure domain pass-through authentication

To enable domain pass-through using the graphical user interface:

1. Locate the Citrix Receiver for Windows installation file (CitrixReceiver.exe).
2. Double click CitrixReceiver.exe to launch the installer.
3. In the Enable Single Sign-on installation wizard, select the Enable single sign-on checkbox to install Citrix Receiver for Windows with the SSON feature enabled. The image below illustrates how to enable single sign-on:
   

Configure domain pass-through authentication with Kerberos

Citrix Receiver for Windows supports Kerberos for domain pass-through authentication for deployments that use smart cards. Kerberos is one of the authentication methods included in Integrated Windows Authentication (IWA).

When users install Citrix Receiver for Windows, include the following command-line option: /includeSSON. This option installs the single sign-on component on the domain-joined computer, enabling Citrix Receiver for Windows to authenticate to StoreFront using IWA (Kerberos). The single sign-on component stores the smart card PIN, which is then used by the HDX engine when it remotes the smart card hardware and credentials to XenDesktop. A related option, ENABLE_SSON, is enabled by default and should remain enabled.

To apply the settings, restart Citrix Receiver for Windows on the user device. After that, users also need to configure StoreFront:

1. In the default.ica file located on the StoreFront server, set DisableCtrlAltDel to false.
2. When you configure the authentication service on the StoreFront server, select the Domain pass-through check box. That setting enables Integrated Windows Authentication. You do not need to select the Smart card check box unless you also have non domain joined clients connecting to Storefront with smart cards.

Configure smart card authentication

a. To enable single sign-on for smart card authentication

To configure Citrix Receiver for Windows, include the following command-line option when users install it: ENABLE_SSON=Yes. Single sign-on is another term for pass-through authentication. Enabling this setting prevents Citrix Receiver for Windows from displaying a second prompt for a PIN.

b. To enable user devices for smart card use

1. Import the certificate authority root certificate into the device’s keystore.
2. Install your vendor’s cryptographic middleware.
3. Install and configure Citrix Receiver for Windows.

​c. To change how certificates are selected

Change how certificates are selected by using either of the following methods:

1. On the Citrix Receiver for Windows command line, specify the option AM_CERTIFICATESELECTIONMODE={ Prompt | SmartCardDefault | LatestExpiry }.
2. Add the following key value to the registry key HKCU or HKLMSoftware[Wow6432Node]CitrixAuthManager: CertificateSelectionMode={ Prompt | SmartCardDefault | LatestExpiry }.

d. To use CSP PIN prompts

Change how PIN entry is handled by using either of the following methods:

1. On the Citrix Receiver for Windows command line, specify the option AM_SMARTCARDPINENTRY=CSP.
2. Add the following key value to the registry key HKLMSoftware[Wow6432Node]CitrixAuthManager: SmartCardPINEntry=CSP.

Enabling certificate revocation list checking

When certificate revocation list (CRL) checking is enabled, Citrix Receiver checks whether or not the server’s certificate is revoked. By forcing Citrix Receiver to check this, users can improve the cryptographic authentication of the server and the overall security of the TLS connection between a user device and a server.

Advanced Preferences

Users can right click on the receiver icon on the toolbar and select Advanced Preferences to view an advanced preferences list like the picture below.

1. The Citrix Connection Center displays all connections established from Citrix Receiver. The Connections window displays a list of active sessions. Each server entry in the list represents a session. For each seamless session, below each server entry, a list of the hosted resources you are running on that server appears. The Connection Center offers various options to view statistics and control sessions and applications.
   
2. Resetting receiver will delete all apps, desktops, accounts and configurations, and will return receiver to default settings. It will also close all active sessions. This feature will only be used to serious problems.
3. When users click Settings Options in the advanced Preferences menu, users then will have 2 tabs. Users can choose the application display settings and reconnect options in this two tabs.
   
4. If users delete the passwords, users are asked for the password the next time they log in.
5. Data collection is designed to ask users whether they agree to send anonymous data and usage statistics to Citrix, which help Citrix to provide better products.
6. Starting with Release 4.5 of Citrix Receiver for Windows, Configuration Checker helps users to run a test to ensure Single sign-on is configured properly. The test runs on different checkpoints of the Single sign-on configuration and displays the configuration results.
   

When users log in to the Citrix Receiver for Windows, users can launch a published desktop session. From the Desktop Viewer toolbar, users can select Preference to configure some preferences.

1. When click File access, users can choose the way that they want to use to access files on the computer. It contains 4 ways: read and write, read only ,no access and ask me each time.
   
2. When comes to the connection part, users can choose how devices, including microphone, webcam, digital camera and scanner, will connect to the virtual session.  Also, there is a Relative Mouse setting providing an option to interpret the mouse position in a relative rather than an absolute manner. This capability is required for applications that demand relative mouse input rather than absolute.
   
3. The display part provides a choice about the way the virtual desktops display. We recommend our users to use the Best Resolution since this kind of resolution will fit the screen perfectly automatically.
   
4. The flash part provides a choice about whether user want to optimize the content of flash player. If users optimize content, the playback quality will be improved but the security will be reduced. If not, just basic playback quality will provided but with high security.