by
Brian Madden
As you probably know by now, one of the key enhancements of Service Pack 2 for Windows XP is the added security. Unfortunately, this added security causes a default installation of Internet Explorer to classify web files with the "ICA" extension as unsafe. This means that when using Service Pack 2, users are not able click on a linked ICA file from a Citrix NFuse or MetaFrame Web Interface web site.
Prior to Service Pack 2, Windows XP users could browse to Citrix NFuse / Web Interface servers and click on links to launch remote MetaFrame applications. Clicking a link causes the web server to pass an ICA file down to the Windows XP client device where the locally installed ICA Client software receives it and seamlessly launches the application.
Once Service Pack 2 is installed, clicking an ICA file link pops up a dialog box warning that some files may harm your computer. The user is asked whether they want to Open, Save, or Cancel. Worse still is that choosing the "Open" option doesn't seem to work. The only workaround involves saving the file to your computer and then running it manually from there.
The security warning box is presented to the user regardless of the configured security zone of the server.
In all fairness, this security complexity is not limited to Citrix ICA files. (The web is filling with stories of people who can no longer run VBS files with SP2.) Also, workarounds are possible. However, it could provide quite a bit of cleanup work for Citrix administrators, especially when users connect from outside workstations that will automatically receive SP2 via Windows Update.
We don't yet know if this behavior is by design or simply an oversight of the classification of ICA files. (Certainly Microsoft shouldn't consider ICA files as dangerous as VBS files?)