• Conversant Group: On average SMBs lose $141,000 per ransomware incident. We keep the bad guys away.

    How do I get a modified webica.ini pushed out for ICA Clients 10.1 and higher?

    November 3, 2008


    The webica.ini file is used by the Citrix Windows client software for the purpose of providing more reliable security and user-configurable client drive file security.

    Depending on the version of the client software used, Citrix policies applied to a user or from the Citrix Connection Center systray icon, the user will see:

    Citrix Client File Security Dialog
    Citrix Client File Security Dialog

    Users can configure file access types to one of the following File Security settings:

    • No Access
    • Read Access
    • Full Access

    Also, users can configure whether or not a file security pop-up window appears when they access the same server again with the following options:

    • Always ask me
    • Never ask me again for this server
    • Never ask me again

    The Default answers are No Access and Always ask me.

    Webica.ini file configuration:

    The types of access you can set based on the settings in the INI file are described below.

    • 405 is Full Access.
    • 404 is Read Access.
    • 403 is No Access.
    • -1 means no security setting is configured.

    For example, type the following in the Webica.ini file if you do not want to show any ICA File Security pop-up windows to users, but your servers need full access to client computers.


    Citrix changed how this file is updated for end-users starting with version 10.1 and later of their Windows clients.  There are now only two ways to make changes to this file for end-users:

    manually edit the file on every computer


    create a login script or use a batch file to push out the file to all users

    In my lab environment, I have:

    APPDATA  = c:\documents and settings\username\application data

    APPDATA = c:\users\username\AppData\Roaming
    LOCALAPPDATA = c:\users\username\AppData\Local

    You would append \ICAClient to the end and then copy your modified webica.ini file there.

    For XP you could use something like:

    copy \\server\share\icaclient\webica.ini “%APPDATA%\ICAClient” /y

    For Vista you could use something like:

    copy \\server\share\icaclient\webica.ini “%APPDATA%\ICAClient” /y
    copy \\server\share\icaclient\webica.ini “%LOCALAPPDATA%\ICAClient” /y

    The quotes are required because of the spaces in the folder path when the environment variable is expanded.

    This was tested in my lab using XenApp 5 on Server 2003 and version 11.000 clients.

    , , , , ,

    Conversant Group: On average SMBs lose $141,000 per ransomware incident. We keep the bad guys away.

    About Carl Webster

    Webster is a Sr. Solutions Architect for Choice Solutions, LLC and specializes in Citrix, Active Directory and Technical Documentation. Webster has been working with Citrix products for many years starting with Multi-User OS/2 in 1990.

    View all posts by Carl Webster

    No comments yet.

    Leave a Reply