Install & Configure Citrix Desktop Lock

Reading Time: 2 minutes

My first blog posting I want to start with a great piece of software called “Citrix Desktop Lock”. Im sure one or two heard about the plugin. What is Citrix Desktop Lock? Citrix Desktop Lock will convert your Windows FatClient/ThinClient into a Kiosk Appliance. After the user has entered his domain credentials he won’t see anything from the installed Windows OS and will automatically launch his assigned Published Desktop. When you login with a local admin account you will regain full control of the OS. Sounds lovely? It is 🙂


How is it done?

Citrix Desktop Lock is changing the default shell when a user is logging in.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

Windows OS Default



After installing Desktop Lock:

“Shell”=”C:\Program Files\Citrix\ICA Client\SelfServicePlugin\selfservice.exe”



  • Windows 10, Windows 8.1, Windows 8, Windows 7 (including Embedded Edition), Windows 7 Thin PC
  • Connects to StoreFront through native protocols only
  • Domain-joined end points
  • User devices must be connected to a local area network (LAN) or wide area network (WAN).


  • 3Dpro, Flash, USB, HDX Insight, Microsoft Lync 2013 plug-in, and local app access
  • Domain, two-factor, or smart card authentication only
  • Flash redirection is disabled on Windows 8 and later versions. Flash redirection is enabled on Windows 7

 Step 1 – Preparation

Before you are going to install the Citrix Desktop Lock on a workstation you first need to install Citrix Receiver with the Single-Sign-On Parameter.

CitrixReceiver.exe  /includeSSON

In addition you need a configured StoreFront account on the machine, otherwise the installation of Desktop Lock will fail. Im doing this with Microsoft Group Policy.


CitrixReceiver.exe /includeSSON
STORE0=”DesktopStore;https://my.storefront.server/Citrix/MyStore/discovery;on;Desktop Store”

To make the autolaunch of the Published Desktop possible you need to configure Pass-Trough Authentication. Check CTX133982

Step 2 – Installation

Download the current release of Citrix Desktop Lock.


msiexec /i CitrixReceiverDesktopLock.msi /qn

Important: You always need the proper Citrix Receiver/Desktop Lock Version

 Step 3 – Test

Logon with a domain user and it should auto launch your published desktop.

Important – Good to Know

After you lock (Windows + L) the workstation the Published Desktop always will receive a logoff command.

Result: The user wants to unlock his computer and it took at least 15 seconds to access the desktop again (logon process). You can remain the ICA Session with setting a registry key on the client. It depends on your needs 😎

32-bit Windows
Name: LiveInDesktopDisconnectonLock
Type: REG_SZ
Value: False

64-bit Windows
Name: LiveInDesktopDisconnectonLock
Type: REG_SZ
Value: False






    1. Hello Roland I didn’t test Citrix Desktop Lock for a long time. As far as I know it’s not working when the user has assigned multiple desktops. This is only working in a kiosk mode setup with a single desktop.

Leave a Reply

Your email address will not be published. Required fields are marked *