Citrix Receiver unattended installation with PowerShell

Citrix Receiver unattended installation with PowerShell is a must in automated environments. Also, Citrix Receiver requires some additional configuration to make it run smoothly in your environment. This article explains and automates the most important ones.

Note: Citrix Receiver has been replaced by Citrix Workspace App. For detailed information how to install and configure Citrix Workspace App, see the article Citrix Workspace App unattended installation with PowerShell on this website.

Table of Contents

Introduction

The Citrix Receiver is a client component in a Citrix infrastructure that allows a user to launch Citrix XenApp and XenDesktop resources, such as published applications and desktops.

This article is based on Citrix Receiver 4.12 released in June 2018. This is the last version of Receiver. Receiver has been replaced by Citrix Workspace App.

Installing and configuring Citrix Receiver for Windows requires careful planning. You need to decide which components to enable, how to configure the default device access behavior, how to configure the Citrix Receiver group policies, whether of not to allow single sign-on and more.

For those of you who know my blog, Citrix Receiver is one of the components listed in my article Scripting the complete list of Citrix components with PowerShell, but I decided to create this stand-alone article to allow me to go into more detail.

I strongly suggest you to read the article Receiver / Workspace app 1808 written by Citrix CTP Carl Stalhood. This is the most detailed article on Receiver available.

Installing and configuring Citrix Receiver

Installing and configuring Citrix Receiver is not as straightforward as one might think. There are many details that can either make or break your deployment. Read and implement the sections below to ensure a smooth and successful deployment.

Summary

  • Target device:
    Receiver can be installed both on your virtual servers and desktops (alongside the VDA) as well as on the local client device. This all depends on your Citrix infrastructure and your access scenarios.
  • Installation file name:
    CitrixReceiver.exe (or, after renaming, CitrixReceiverWeb.exe)
  • Version (latest):
    4.12 (released in June 2018). This is the last version of Receiver. Receiver has been replaced by Citrix Workspace App.
  • Installation parameters (command-line switches):
    See the section Citrix Receiver command-line switches below.
  • Uninstallation parameters (command-line switches):
    The following two command line switches are required to uninstall Citrix Receiver:  /silent /uninstall. The /noreboot parameter is not needed during a silent installation according to the Citrix documentation.
  • Installation dependencies:
    No
  • Other dependencies:
    No
  • Reboot required:
    Yes (for certain components such as Single Sign-on, /includeSSON)
  • ADMX files:
    Yes (see the section on Group Policies in the conclusion of this article)
  • Ports and firewall:
    No (outbound communication only, e.g. port 80, 443, 1494, 2598)
  • Download location:
    Receiver 4.12 for Windows
  • Reference:
    Configure and install Citrix Receiver for Windows using Command Line parameters

Citrix Receiver installation file (CitrixReceiver.exe)

The latest version of Citrix Receiver can be downloaded here. The download contains one file: CitrixReceiver.exe. This file contains a number of MSI files; one MSI installer per component. This is the list of components for Receiver 4.12:

  • AuthManager.msi
  • CitrixHDXMediaStreamForFlash-ClientInstall.msi
  • DesktopViewer.msi
  • GenericUSB.msi
  • ICAWebWrapper.msi
  • RIInstaller.msi
  • SelfServicePlugin.msi
  • SSONWrapper.msi
  • Vd3dClient.msi
  • WebHelper.msi
Note:
Use the following command to extract the individual MSI files from the CitrixReceiver.exe installation file:

CitrixReceiver.exe /extract %directory%

For example:
C:\CitrixReceiver.exe /extract C:\Temp\ReceiverExtracted

Make sure to create the destination directory beforehand.

Reference: How to Manually Extract, Install, and Remove Individual .msi Files from Receiver.exe or ReceiverEnterprise.exe.

The version is not displayed in the file name, so the file name is the same for each version of Receiver. To see the version of the executable, you have to take a look at the Details tab in the file properties.

The version displayed in the details tab is always a little bit different than the commercial version displayed on the official Citrix download page.

Example:

Citrix Receiver unattended installation with PowerShell - Citrix Receiver executable version

Version 4.12 of Citrix Receiver has the product version 14.12.0 and file version 14.12.0.17061. You basically should ignore the first "1" in the product version to get to the commercial version.

Citrix Receiver unattended installation with PowerShell - Citrix Receiver executable details

So why are different numbers used for the same version you may wonder? The exact reason is not known to me, but it most likely has something to with re-branding. You see, the first 4.x version of Receiver (which was not called Receiver at that time) was released in 1998. In June of 2013, version 4.x resurfaced. Don't believe me? Check out the official Citrix Receiver for Windows Quick Reference Version List listing all Receiver versions since September 1998. The list seems to miss some newer versions that came after version 4.9 though.

Another thing you should know about the installation file is that renaming it from CitrixReceiver.exe to CitrixReceiverWeb.exe changes the installation behavior. See the section Prevent the Add Account Window for more details.

Citrix Receiver command-line switches

There are various parameters you can parse. For a detailed overview of all parameters please refer to the article Configure and install Citrix Receiver for Windows using Command Line parameters. I strongly suggest to read the entire article before deploying Citrix Receiver.

You can also use the Citrix Receiver Commandline Helper Tool to help you to build the exact command line syntax.H:\#Private\#Dennisspan.com\Website\Images\Citrix Receiver unattended installation with PowerShell - Citrix Receiver Commandline Helper.jpg

It is difficult for me to tell you exactly which command line switches (= parameters) you should use. This all depends on your environment. However, you should be aware of the following:

  • Some parameters are required to work together with server-side components, such as enabling bidirectional content redirection.
  • Some parameters require local administrator rights, such as /includeSSON to enable single sign-on authentication.
  • In some cases a reboot may be required. For example, USB devices that are in suspended state when Citrix Receiver for Windows installs is not recognized by Citrix Receiver for Windows until after the user device is restarted (reference).

These are the parameters I use for most environments:

  • /silent
    All of my deployments are automated, including Citrix Receiver. I therefore need to use the /silent parameter.
  • /includeSSON
    This enables single sign-on (pass-through authentication) so a user does not need to enter authentication information for a second time after logging on to Windows.
  • /FORCE_LAA=1
    This enables Local App Access.
  • EnableCEIP=false
    Do not enable participation in the Citrix Customer Experience Improvement Program (CEIP). CEIP collects anonymous statistics and usage information and sends them to Citrix.
  • /AutoUpdateCheck = disabled
    I personally prefer to test new versions of Citrix Receiver before implementing them in production (so no automatic updates are allowed). You can also omit this parameter entirely and manage the auto-update behavior using Group Policy. See also the Auto-Update section in Carl Stalhood's article Receiver / Workspace app 1808.

The /noreboot parameter is not required for silent installations according to the Citrix documentation. If possible, I recommend rebooting the machine before using Citrix Receiver.

Citrix Receiver log files

The installation of Receiver generates multiple log files: one general log file ("Trolley Express") and one log file per MSI installation, for example:

  • TrolleyExpress-%Date%-%Time%.log
  • CtxInstall-CitrixHDXMediaStreamForFlash-ClientInstall-%Date%-%Time%.log
  • CtxInstall-DesktopViewer-%Date%-%Time%.log
  • CtxInstall-SelfServicePlugin-%Date%-%Time%.log

The total number of log files depends on the number of components you install. Each MSI log file represents one component; the more components you install, the more log files will be generated (up to a total of 10).

The installation log files generated by Citrix Receiver are always created in the TEMP folder. The location of the TEMP folder in most environments is one of the following:

  • C:\Users\%UserName%\AppData\Local\Temp
    This directory is for sure used in many environments. Each user has its own temporary directory.
  • C:\Users\%UserName%\AppData\Local\Temp\%SessionNumber%
    This is almost the same directory as the previous one. The difference is that each user has its own temporary directory per session. If allowed by the administrator, a user can have multiple sessions on one system.
  • C:\Windows\Temp
    This is the TEMP of the local SYSTEM account. Software deployment tools such as Microsoft SCCM use the SYSTEM account for installations on the local machine.
  • C:\Temp
    This directory may be used on a FAT client. On a multi-user system it is not typical to use one temp directory for multiple users.

Of course the TEMP directory in your environment may be different than the ones listed above. The environment variable %TEMP% will always contain the correct location of the TEMP directory.

Unfortunately, there is no installation (or uninstallation) parameter that allows the log files to be written to another directory besides TEMP. There is no command-line switch like /Logfile or /Log.

The only way to capture the log files in a directory other then TEMP is to copy them from the TEMP folder after the installation has finished.

In the complete installation script below, the script starts by deleting any existing Citrix Receiver log files from the TEMP directory (lines 692 to 701). By using the environment variable %TEMP% the script makes sure that the correct TEMP directory is used.
After the installation (or uninstallation), the script copies the newly created log files to the log directory declared in the variable $LogDir. The log directory ($LogDir) is a combination of the variables $BaseLogDir and $PackageName. You can change these variables in lines 669 and 670.

Configure default device access behavior (Client Selective Trust)

As per Citrix: "With the introduction of Receiver 3.x client, administrators can configure the default behavior for device access when connecting to a Citrix XenDesktop or XenApp environment. By default, the Desktop Viewer client device restrictions are based on the Internet region and this behavior can be changed by creating the Client Selective Trust feature registry keys under the HKEY_LOCAL_MACHINE hive in the registry and by modifying the required values."

For example, when you allow the user to access files on the local client device, you may see the following security warning:

Citrix Receiver unattended installation with PowerShell - Citrix Receiver Security Warning Files

The security popup can concern the following local resources:

  • Client Drives
  • Microphones and Webcams
  • USB and other Devices

The default behavior of Receiver is to prompt the user. As an administrator, you can define the access level by modifying the registry or by using the ADMX group policy template. There are four access levels:

  • 0 = No Access
  • 1 = Read Only Access
  • 2 = Full Access
  • 3 = Prompt User for Access

Please see the Citrix article How to Configure Default Device Access Behavior of Receiver, XenDesktop and XenApp for more information.

I decided to modify the default behavior using the registry. I downloaded the ZIP file from the aforementioned article and modified the file ReceiverCSTRegUpx86.reg. I set all relevant registry entries to 2 (= Full Access) except for the Restricted Sites region/zone (these values remain on 0 = No Access).

Note: yes, I used the file ReceiverCSTRegUpx86.reg even though I installed Receiver on a 64-bit operating system. On a 64-bit operating system, Receiver still installs itself in the folder C:\Program Files (x86) and all processes run in 32-bit.

Citrix Receiver unattended installation with PowerShell - Citrix Receiver 64-bit OS 32-bit processes

You can download a copy of this modified file here:

Citrix Receiver unattended installation with PowerShell - Windows Registry logo

CitrixReceiver Client Selective Trust x86 Dennisspan.com.zip

In the complete installation script below, the script imports the registry file in lines 752 to 756. Please make sure that you copy the actual file to the subdirectory Files. Also, in case you rename the registry file, please make sure to change the file name in the script as well (line 755).

Please be aware that pre-configuring the Client Selective Trust settings does NOT prevent a user from changing these settings! A user can configure his or her connection preferences in the Connection Center under Preferences.

Citrix Receiver unattended installation with PowerShell - Citrix Receiver Connection Center Preferences

Citrix Receiver unattended installation with PowerShell - Citrix Receiver Preferences can be changed by user

In case you want to prevent the user from changing the preferences, set the value (Default) in the following registry key to false:

HKLM\SOFTWARE\WOW6432Node\Citrix\ICA Client\Client Selective Trust\oidPredefinedSecurityPolicySettings\InstantiatedSecurityPolicyEditable

Like this:

Citrix Receiver unattended installation with PowerShell - Client Selective Trust prevent users from editing

As you can see in the screenshot below, after changing the (Default) value (REG_SZ) to false, the user is no longer able to change the preferences.

Citrix Receiver unattended installation with PowerShell - Citrix Receiver Preferences greyed out and cannot be changed by user

You do not even need to close the active session for this setting to work. You only have to close the Preferences window and open it again after changing the registry value. The change is active instantly.

The complete installation script below does NOT change the (Default) registry value. In case you would like to change it, please add the following code:

Place it somewhere between lines 750 and 760.

A big thanks to my colleague Wolfgang Thürr for bringing this to my attention.

Prevent the Add Account window from launching

In the Add Account window, as per Citrix "users can [...] set up a Citrix Receiver account by entering email address or a server URL. Citrix Receiver determines the NetScaler Gateway, StoreFront server, or AppController virtual appliance associated with the email address and then prompts the user to log on for enumeration."

The Add Account wizard can be triggered in tree ways:

  • At the end of the installation by clicking the Add Account button
  • At logon time
  • By double clicking the Receiver icon in the system tray

By default, at the end of the installation, the Add Account button is shown.

Citrix Receiver unattended installation with PowerShell - Last installation window with Add Account button

In order to prevent this button from appearing you can do one of two things:

  1. Rename the installation file CitrixReceiver.exe to CitrixReceiverWeb.exe (this name has to be exact including camel-case letters).
  2. Create the registry item EnableX1FTU in the registry key HKLM\SOFTWARE\Wow6432Node\Policies\Citrix with a DWORD value of 0 before running the installation.

The result is that the Add Account button is not shown.

Citrix Receiver unattended installation with PowerShell - Last installation window without Add Account button

In the complete installation script below, the registry item EnableX1FTU is created before installation, although strictly speaking it is not really necessary since the PowerShell script triggers a silent installation (so no GUI is shown anyway).

By default, the Add Account window is also triggered at user logon. Citrix Receiver unattended installation with PowerShell - Add Account window with tick box

To prevent this window from appearing, there are three options:

  1. Add the registry item HideAddAccountOnRestart (DWORD) with a value of 1 to the registry key HKCU\Software\Citrix\Receiver. The tick box "Do not show this window automatically at logon" creates the same registry entry. Please be aware that this is a current user setting. I therefore recommend to use a Group Policy Preference (the article Configuring the time zone and code page with Group Policy demonstrates how to configure Group Policy Preferences).
  2. Set the value of the registry item AllowAddStore (REG_SZ) to N in the registry key HKLM\SOFTWARE\WOW6432Node\Citrix\Dazzle. You can also control this setting using a Group Policy.
  3. Rename the installation file CitrixReceiver.exe to CitrixReceiverWeb.exe (this name has to be exact including camel-case letters).

The complete installation script does not prevent the Add Account window from appearing at user logon. In case you want to prevent this from happening and you do not want to configure a Group Policy Preference, simply rename the CitrixReceiver.exe to CitrixReceiverWeb.exe as stated above.

Note: renaming the CitrixReceiver.exe to CitrixReceiverWeb.exe means that e-mail based account discovery is no longer supported (reference: Deploy Citrix Receiver for Windows from Receiver for Web).  Also, see the official Citrix article How to Suppress the Add Account Window in Citrix Receiver for Windows for more information.

Remove Citrix Receiver shortcuts

During installation, Citrix Receiver creates a shortcut in the public (= All Users) Programs folder in the Start Menu:

C:\ProgramData\Start Menu\Programs\Citrix Receiver.lnk

In the complete installation script below, this shortcut is removed (line 789 to 792).

Note:
In the past, Receiver created a shortcut in the public (= All Users) Programs\Startup folder in the Start Menu. This is no longer the case, but the installation script does check for this value and removes it in case it exists.
Citrix Receiver automatically starts at logon time by running the command "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup (HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run -> ConnectionCenter).

Prevent Windows 10 Game Bar popup (Win+G)

As per Citrix: "When launching published apps or desktops from a Windows 10 OS a [...] popup windows briefly appears prompting to press Win + G for the game bar or for the search bar."

Citrix Receiver unattended installation with PowerShell - Citrix Receiver Game Bar Win+G

As described in the article, you can disable the game bar with the following registry entry:

  • Key: HKLM\SOFTWARE\Policies\Microsoft\Windows\GameDVR
  • Item: AllowGameDVR
  • Value: 00000000
  • Type: DWORD

The complete installation script below sets this registry value (line 768).

Modify the Network Provider order

When you install the Receiver Single Sign-on feature (/includeSSON), an entry is created in the network provider order.

What is the network provider order?
Using network providers, Windows can support many different types of network protocols without having to know the network-specific details of each network (reference). By default, Windows ships with the following three network providers in the following order:

  • Microsoft Remote Desktop Session Host Server Network Provider (RDPNP)
  • Microsoft Windows Network (LanmanWorkstation)
  • Web Client Network (webclient)

In the registry, the list and order of the Microsoft and third-party network providers can be found here: HKLM\System\CurrentControlSet\Control\NetworkProvider.

The network provider settings can also be viewed/managed using the GUI:
Start -> Network Connections -> Change Adapter options -> Advanced (menu) -> Advanced Settings

Citrix Receiver unattended installation with PowerShell - Windows Network Providers

Citrix adds the entry PnSson (= Citrix Single Sign-on). Citrix recommends that this entry is listed as number four, after the three default Windows network providers (see the info box above).

With Windows 10 version 1709, two things are important to know:

  1. There is a known bug with the network provider
  2. The network provider order is handled differently compared to older operating systems

Let's start with the bug. As described by Citrix in the article Windows 10 Fall Creators Update (v1709) – Citrix Known Issues, the network provider has a bug (which should be fixed in Windows 10 version 1803). The bug is that no third-party network provider, including Citrix's PnSson value, is populated under the newly introduced registry key ProviderOrder under HKLM\System\CurrentControlSet\Control\NetworkProvider. This bug causes the error "failed to get network providers" when you try to display the network provider order graphically.

Citrix Receiver unattended installation with PowerShell - Failed to get network providers

Please be aware that the actual functionality of the network provider still works.

In the past, the order of the network provider was determined by the order of the entries in the registry item ProviderOrder under HKLM\System\CurrentControlSet\Control\NetworkProvider\Order. With Windows 10, this is no longer the case. The order is now determined by the decimal value of the network provider (HKLM\System\CurrentControlSet\Control\NetworkProvider\ProviderOrder). The item with the highest number is executed first and the item with the highest number last.

Citrix Receiver unattended installation with PowerShell - Windows Network Providers order

In the article Windows 10 Fall Creators Update (v1709) – Citrix Known Issues, Citrix recommends to create the missing item using the decimal DWORD value of 4000. I recommend to use a different number, for example 3001 or 3500. The reason for this is simple; you may have another third-party product that already occupies the number 4000. This is for example the case when you install a product such as Lotus Notes including the Notes Single logon service. The main goal is that the PnSson value is listed as the fourth item, after the three default Microsoft ones. The third Microsoft entry has the value of 3000, so the value PnSson needs to have a higher value (at least 3001 or higher).

In the complete installation script below, the missing network provider registry item is created in lines 772 to 777. The PnSson item is either created or modified.

Performance optimizations

There seem to be a couple of registry values that may improve the performance of Receiver. I did not add these to the complete installation script. In case you experience slow enumerations of (start menu) icons, please test the following registry values:

See the example in the previous section how to add these vales to the complete installation script.

Complete installation script

I packed the complete Citrix Receiver installation in my installation template. The script below contains the installation and all configurations for Citrix Receiver as described in the previous sections, including detailed logging and error handling. In order to use this script, please follow these steps:

  • Create an installation directory on the local computer or on a file share (UNC path). For example: C:\Temp\Citrix\Receiver.
  • Create a subdirectory called Files.
  • Download and copy the Receiver CitrixReceiver.exe to the folder Files in the installation directory.
  • Download and copy the registry file (*.reg) containing the Client Selective Trust registry keys and values to the folder Files in the installation directory.
  • Copy the complete PowerShell script below to a new PS1 file (e.g. Install_CitrixReceiver.ps1) and add this file to the root of the installation directory (not in the subdirectory Files).
  • Optional: modify the location of the log directory in lines 669 and 670.
  • Execute the PowerShell script as follows:
    powershell.exe -executionpolicy bypass -file C:\Temp\Citrix\Receiver\Install_CitrixReceiver.ps1

To uninstall Receiver, execute the script as follows:

powershell.exe -executionpolicy bypass -file C:\Temp\Citrix\Receiver\Install_CitrixReceiver.ps1 Uninstall

The uninstallation removes any custom configuration the installation may have set as well as the following two registry keys:

  • HKLM\Software\Policies\Citrix\ICA Client
  • HKLM\Software\Wow6432Node\Policies\Citrix\ICA Client

Removing these two registry keys is recommended by Citrix (see the section Uninstalling Citrix Receiver for Windows in the article Install and Uninstall Citrix Receiver for Windows manually).

Conclusion

Installing and configuring Citrix Receiver can get quite complicated and requires a bit of planning. Also, please be aware of the following:

  • There are more settings that can be directly configured during the installation of Citrix Receiver. Most of these configurations concern the Windows registry. Please see the section Registry Values in Carl Stalhood's article Receiver / Workspace app 1808 for more information. In case you want to add additional configurations to the complete installation script, I recommend copying and reusing existing lines of code. Please be aware that many settings can nowadays be managed using Group Policy.
  • Citrix Receiver comes with a large collection of Group Policies settings. Please see the section Receiver Group Policy ADMX Template in Carl Stalhood's article Receiver / Workspace app 1808 for more information. The actual ADMX files can be downloaded on the Citrix website (in the section Downloads for admins), but they are also included in the installation directory of Receiver (C:\Program Files (x86)\Citrix\ICA Client\Configuration).
  • Pass-through authentication (or single sign-on) requires many different settings to be correctly configured, such as Trusted Sites, Trust XML Requests on the Delivery Controller, installing the Single Sign-On component in Receiver and more. Please see the section Pass-through Authentication in Carl Stalhood's article Receiver / Workspace app 1808 for a complete overview of what needs to be configured. Citrix Receiver version 4.5 and higher comes with a build-in tool for checking the SSON configuration (see the Citrix article SSON Configuration Checker for Citrix Receiver for Windows).
  • The latest version of Receiver is also included in the installation sources of the Virtual Delivery Agent. On a Citrix worker, there are two possible strategies you can follow:
    1. You install Receiver as a stand-alone installation (as described in this article) and you install the Virtual Delivery Agent excluding Receiver. This is accomplished by using the command line /components VDA as described in the section Citrix Virtual Delivery Agent in my article Scripting the complete list of Citrix components with PowerShell.
    2. You install the version of Receiver included in the Virtual Delivery Agent installation sources (in this case you do not use the /components parameter).
  • When using Skype for Business in your environment, you may want to install the HDX RealTime Media Engine on your client device together with Citrix Receiver. Citrix Receiver is a prerequisite for the Media Engine; without Receiver, Media Engine cannot be installed. To automate the installation of the HDX RealTime Media Engine, please see the section HDX RealTime Media Engine for Windows in my article Scripting the complete list of Citrix components with PowerShell. Also, for extensive information on Skype for Business, Citrix and the HDX RealTime Optimization Pack, please see the section Skype for Business in Carl Stalhood's article Receiver / Workspace app 1808. I also highly recommend you to read the article Skype for Business with XenApp & XenDesktop written by Citrix CTP George Spiers.

If you want to go one step further and create an SCCM package as well, please follow the step-by-step explanation in the article Deep dive creating SCCM packages for Citrix.

I hope the information in this article was of some help to you. Happy scripting!

Share this post:
Dennis Span on EmailDennis Span on LinkedinDennis Span on Twitter
Dennis Span
Dennis Span
Dennis Span works as a Senior Citrix Architect for a large insurance company in Vienna, Austria. He holds multiple certifications such as CCE-V, CCIA and CCEA. In 2017, Dennis became a Citrix Technology Advocate (CTA). Besides his interest in virtualization technologies and blogging, he loves spending time with his family as well as snowboarding, playing basketball and rowing. He is fluent in Dutch, English, German and Slovak and speaks some Spanish.

10 thoughts on “Citrix Receiver unattended installation with PowerShell

  1. What a master piece Dennis ! I've rarely seen a such comprehensive article on the subject, you rock !

    Yvan

  2. Pingback: EUC Weekly Digest – May 12 ,2018 – Carl Stalhood

  3. Pingback: Detailed Change Log – Carl Stalhood

  4. Pingback: Receiver for Windows 4.12 – Carl Stalhood

  5. Pingback: Citrix Application Probe Agent unattended installation - Dennis Span

Leave a Reply

Your email address will not be published.

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.