# Provide Access Through the WorkSpaces Applications Client
Your users can start WorkSpaces Applications streaming sessions by using the WorkSpaces Applications client application for a supported device or by using a web browser.
The WorkSpaces Applications client is a native application that is designed for users who require the following functionality during their WorkSpaces Applications streaming sessions:
+ Require support for more than two monitors or 4K resolution.
+ Use their USB devices with applications streamed through WorkSpaces Applications.
+ Use their local webcam for video conferencing within their streaming sessions and the browser in use doesn't support video or audio input.
+ Use keyboard shortcuts during their streaming sessions.
+ Require seamless access to local drives and folders during their streaming sessions.
+ Require the ability to redirect print jobs from their streaming application to a printer that is connected to their local computer.
+ Prefer to interact with remote streaming applications in much the same way as they interact with locally installed applications.
The following topics provide information to help you provide user access through the WorkSpaces Applications client. For information about how to provide user access to WorkSpaces Applications through a web browser, see [Provide Access Through a Web Browser](access-through-web-browser-admin.md).
**Topics**
+ [
# System Requirements and Feature Support (WorkSpaces Applications Client)
](client-system-requirements-feature-support.md)
+ [
# Install and Configure the WorkSpaces Applications Client
](install-configure-client.md)
# System Requirements and Feature Support (WorkSpaces Applications Client)
This topic provides information to help you understand the requirements for the WorkSpaces Applications client and supported features.
**Topics**
+ [
# System Requirements and Considerations
](client-system-requirements.md)
+ [
# Feature and Device Support
](client-feature-support.md)
# System Requirements and Considerations
The WorkSpaces Applications client requires the following:
+ Follow the principle of least privilege when launching the WorkSpaces Applications client. The client should only run with the level of privilege required to complete a task.
+ Client requirements
+ Windows client
+ Operating system — Windows 10 (32-bit or 64-bit), Windows 11 (64-bit)
+ Microsoft Visual C\$1\$1 2019 version 14.20.xx Redistributable or later. For more information, see the [Latest Microsoft Visual C\$1\$1 Redistributable Version](https://learn.microsoft.com/en-us/cpp/windows/latest-supported-vc-redist?view=msvc-170) in the Microsoft Support documentation.
+ RAM — 2 GB minimum
+ Hard drive space — 200 MB minimum
+ macOS client
+ Operating system — macOS 13 (Ventura), macOS 14 (Sonoma), macOS 15 (Sequoia)
+ Hard drive space — 200 MB minimum
+ Local administrator rights — Used if you want to install the WorkSpaces Applications USB driver for USB driver support.
**Note**
Local administrator rights are not supported for the macOS client.
+ An WorkSpaces Applications image that uses the latest WorkSpaces Applications agent or agent versions published on or after November 14, 2018. For information about WorkSpaces Applications agent versions, see [WorkSpaces Applications Agent Release Notes](agent-software-versions.md).
+ The client supports UDP as well as the default TCP-based streaming over NICE DCV. For more information about NICE DCV and UDP, see [Enabling the QUIC UDP transport protocol](https://docs.aws.amazon.com/dcv/latest/adminguide/enable-quic.html). If you want to enable UDP streaming for the client, make sure you meet the following requirements. If you don't meet the following requirements, the client will default back to TCP-based streaming.
+ Your Stack has been configured to prefer UDP in the **Streaming Setting Experience** section. For more information, see [Create an Amazon WorkSpaces Applications Fleet and Stack](set-up-stacks-fleets.md).
+ Your network allows UDP traffic on port 8433 for the AWS IP Ranges. For more information, see [AWS IP address ranges](https://docs.aws.amazon.com/general/latest/gr/aws-ip-ranges.html).
+ You are using the latest base image when creating your fleet. For more information, see [WorkSpaces Applications Base Image and Managed Image Update Release Notes](base-image-version-history.md).
+ Your end users are using the latest client. For more information, see [Supported clients](https://clients.amazonappstream.com/).
**Note**
We recommend an internet connection for WorkSpaces Applications client installation. In some cases, the client can't be installed on a computer that is not connected to the internet, or USB devices might not work with applications streamed from WorkSpaces Applications. For more information, see [Troubleshooting WorkSpaces Applications User Issues](troubleshooting-user-issues.md).
# Feature and Device Support
The WorkSpaces Applications client supports the following features and devices.
**Topics**
+ [
# Native Application Mode
](feature-support-native-application-mode.md)
+ [
# Automatic and On-Demand Diagnostic Log Uploads
](feature-support-diagnostic-log-upload.md)
+ [
# Peripheral Devices
](feature-support-peripheral-devices.md)
# Native Application Mode
**Note**
Native application mode is not available when streaming from Linux instances, streaming in Desktop mode, or when using the WorkSpaces Applications macOS client application.
Native application mode provides a familiar experience for your users during their WorkSpaces Applications streaming sessions. When your users connect to WorkSpaces Applications in this mode, they can work with their remote streaming applications in much the same way that they work with applications that are installed on their local computer. Each streaming application in native application mode opens in its own window, and application icons appear on the taskbar on your users' local PC.
If you want your users to connect to WorkSpaces Applications in classic mode only, you can configure the `NativeAppModeDisabled` registry value to disable native application mode. For more information, see [Choose Whether to Disable Native Application Mode](install-client-configure-settings.md#disable-native-application-mode-client).
For more information about native application mode and classic mode, and for guidance that you can provide to your users, see [WorkSpaces Applications Client Connection Modes](client-application-windows-connection-modes-user.md).
**Feature requirements**
To enable this feature for your users, you must use an image that uses a [version of the WorkSpaces Applications agent](agent-software-versions.md) released on or after February 19, 2020. In addition, version 1.1.129 or later of the WorkSpaces Applications client must be installed on your users' PCs. For more information about client versions, see [WorkSpaces Applications Windows Client Release Notes](client-release-versions.md).
If WorkSpaces Applications client version 1.1.129 or later is installed on your users' computer, but you are not using an image that uses an agent version released on or after February 19, 2020, the client falls back to classic mode even if native application mode is selected.
**Testing requirements**
Applications must be tested thoroughly in native application mode before production deployment. Testing in classic mode is not sufficient, because applications might have compatibility issues with native application mode. Key testing areas include the following:
+ Core application functionality
+ Network performance
+ Local device interactions
+ File handling operations
+ Print capabilities
+ Multi-monitor support
+ Audio/video features
We recommend starting with a pilot user group and documenting any application-specific limitations before full deployment. Application behavior and performance might vary between streaming modes. Comprehensive testing helps ensure optimal user experience and identifies any potential limitations before production rollout.
**Known Issues**
When users try to dock or undock tabs in one browser window into separate windows during a streaming session in native application mode, their remote streaming browser doesn't work the same way as a local browser. To perform this task during a streaming session in native application mode, users must press the Alt key until their browser tabs are docked into separate browser windows.
# Automatic and On-Demand Diagnostic Log Uploads
To help with troubleshooting issues that might occur when your users are using the WorkSpaces Applications client, you can enable automatic or on-demand diagnostic log uploads, or let your users do so themselves.
**Note**
Diagnostic logs do not contain sensitive information. You can disable automatic and on-demand diagnostic log uploads on user PCs that you manage, or allow your users to disable these features themselves.
**Automatic diagnostic log uploads **
When you install the client on PCs that you manage, you can configure the WorkSpaces Applications client to upload diagnostic logs automatically. That way, when a client issue occurs, the logs are sent to WorkSpaces Applications (AWS) without user interaction. For more information, see [Configure Additional WorkSpaces Applications Client Settings for Your Users](install-client-configure-settings.md#configure-client).
Or, you can let your users choose whether to enable automatic diagnostic log uploads when they install the WorkSpaces Applications client, or after client installation. For guidance that you can provide your users to help them perform this task, see [Setup for Windows](client-application-windows-installation-user.md).
**On-demand diagnostic log uploads **
If you require more control over logging, you can disable automatic logging and enable on-demand diagnostic log uploads. If you let your users upload diagnostic logs on demand, they can also choose whether to send minidumps (error reports) to WorkSpaces Applications (AWS) if an exception occurs or the client stops responding.
For guidance that you can provide your users to help them perform these tasks, see [Logging](client-application-windows-how-to-enable-diagnostic-logging-user.md).
# Peripheral Devices
The WorkSpaces Applications client provides the following support for peripheral devices such as monitors, webcams, mice, keyboards, and drawing tablets.
**Note**
With certain exceptions, USB redirection is required for the WorkSpaces Applications client to support USB devices. And in most cases, when USB redirection is required for a device, you must qualify the device before it can be used with WorkSpaces Applications streaming sessions. For more information, see [USB Redirection](feature-support-USB-devices-qualified.md#feature-support-USB-devices-USB-redirection).
**Topics**
+ [
# Multiple Monitors
](feature-support-multiple-monitors.md)
+ [
# Real-Time Audio-Video
](feature-support-real-time-av.md)
+ [
# USB Devices
](feature-support-USB-devices-qualified.md)
+ [
# Drawing Tablets
](feature-support-drawing-tablets.md)
+ [
# Keyboard Shortcuts
](feature-support-keyboard-shortcuts.md)
+ [
# Relative Mouse Offset
](feature-support-relative-mouse-offset.md)
# Multiple Monitors
WorkSpaces Applications supports the use of multiple monitors during streaming sessions, including monitors that have different resolutions. To help ensure an optimal streaming experience, we recommend that users who have monitors with different resolutions set the display scale for their monitors to 100 percent.
**Note**
For WorkSpaces Applications streaming sessions that use [native application mode](feature-support-native-application-mode.md), monitors with up to 4K resolution are supported. If higher-resolution monitors are used for streaming sessions, the WorkSpaces Applications client falls back to classic mode. In this scenario, the WorkSpaces Applications classic mode streaming view occupies 4K of the screen, and the remaining portion of the screen is black.
## Multiple Monitors (up to 4K Resolution)
**Default behavior:** By default, all instance types support up to 4 monitors with a maximum display resolution of 4096x2160 pixels per monitor, except for instances with small or medium sizes.
**For all instance types with small and medium sizes:** While we do not recommend using 4K resolution on small and medium instances due to performance limitations, you can enable it by making the following changes in your images:
+ For Windows: Configure the following registry setting on image builder.
+ Using PowerShell:
```
Set-ItemProperty "HKLM:\SOFTWARE\Amazon\AppStream" -Name EnableNonGraphics4K -Value 1
```
+ Using registry edit (regedit):
+ Registry path: `HKLM:Software\Amazon\AppStream`
+ Registry value name: `EnableNonGraphics4K`
+ Registry value data: `1`
+ Registry value type: `DWord`
+ For Linux: Edit `/etc/euc/workspaces-applications.conf` and update the following `[display]` configuration:
```
EnableNonGraphics4K=1
```
+ Create a new image using this setting.
+ Use this new image with your fleets.
+ Your end users will see a max of 4K resolution on their display devices, depending upon the display resolution of their devices.
**Important**
High-resolution monitors (such as 4K displays) require significantly more GPU and encoding resources, with actual performance depending on display configuration (resolution and number of monitors) and the compute instance being used. If your users experience suboptimal performance on 4K monitors, either switch your fleets to more powerful instances or recommend your users to reduce their display resolution to improve responsiveness.
Ultrawide monitors with resolutions exceeding 4096 pixels in either dimension (e.g., 5120x2160) will display black bars on the sides, as the maximum supported resolution is limited to 4096 pixels per dimension.
**Disable 4K resolution for non-graphics instances**
If your users are facing performance issues with 4K monitor resolutions on instances without graphics hardware, you can follow the steps below to limit the resolution to 2K (2560x1440).
+ For Windows: Configure the following registry setting on image builder.
+ Using PowerShell:
```
Set-ItemProperty "HKLM:\SOFTWARE\Amazon\AppStream" -Name EnableNonGraphics4K -Value 0
```
+ Using registry edit (regedit):
+ Registry path: `HKLM:Software\Amazon\AppStream`
+ Registry value name: `EnableNonGraphics4K`
+ Registry value data: `0`
+ Registry value type: `DWord`
+ For Linux: Edit `/etc/euc/workspaces-applications.conf` and update the following `[display]` configuration:
```
EnableNonGraphics4K=0
```
+ Create a new image using this setting.
+ Use this new image with your fleets.
+ Your end users will see a max of 2K resolution on their display devices.
# Real-Time Audio-Video
WorkSpaces Applications supports real-time audio-video (AV) by redirecting local webcam video input to WorkSpaces Applications streaming sessions. This capability enables your users to use their local webcam for video and audio conferencing within an WorkSpaces Applications streaming session. With real-time AV and support for real-time audio, your users can collaborate by using familiar video and audio conferencing applications without having to leave their WorkSpaces Applications streaming session.
When a user starts a video conference from within an WorkSpaces Applications streaming session, WorkSpaces Applications compresses the webcam video and microphone audio input locally before transmitting this data over a secure channel to a streaming instance. During their streaming sessions, users can enable audio and video input by using the WorkSpaces Applications toolbar. If users have more than one webcam (for example, if they have a USB webcam that is connected to their local computer and a built-in webcam), they can also choose which webcam to use during their streaming session.
**Note**
For multi-session fleets, only in/out functionalities are accessible. Video in (webcam support) is not yet available for multi-session fleets.
To configure and test support for real-time AV, complete the following steps.
**Configure and test support for real-time AV**
1. Create a new image builder or connect to an existing image builder that meets the following requirements:
+ The image builder must run Windows Server 2016 or Windows Server 2019.
+ The image builder must use a version of the WorkSpaces Applications agent released on or after June 1, 2021.
+ For WorkSpaces Applications agents released on or after May 17, 2021, real-time AV is enabled by default. To create a streaming URL for testing, you can skip steps 3 through 6 and disconnect from the image builder. If you need to disable real-time AV, complete all of the steps, and disable webcam permissions in step 4.
+ The image builder must use a version of the WorkSpaces Applications agent released on or after June 24, 2021 to support video when connecting using web browser access. For more information about supported web browsers, see [Web Browser Access](web-browser-user.md).
For information about how to create an image builder, see [Launch an Image Builder to Install and Configure Streaming Applications](tutorial-image-builder-create.md).
1. Connect to the image builder that you want to use and sign in as Administrator. To connect to the image builder, do either of the following:
+ [Use the WorkSpaces Applications console](managing-image-builders-connect-console.md) (for web connections only)
+ [Create a streaming URL](managing-image-builders-connect-streaming-URL.md) (for web or WorkSpaces Applications client connections)
**Note**
If the image builder that you want to connect to is joined to an Active Directory domain and your organization requires smart card sign in, you must create a streaming URL and use the WorkSpaces Applications client for the connection. For information about smart card sign in, see [Smart Cards](feature-support-USB-devices-qualified.md#feature-support-USB-devices-qualified-smart-cards).
1. On the image builder, open Registry Editor. To do so, on the image builder desktop, in the search box on the taskbar, type **regedit**. Then, select the top result for **Registry Editor**.
1. Under **HKEY\$1LOCAL\$1MACHINE\$1SOFTWARE\$1Amazon\$1AppStream\$1**, create a new registry value that has the following type, name, and value data:
+ Registry value type: DWORD
+ Registry value name: WebcamPermission
+ Registry value data (Hexademical): 1 to enable or 0 to disable webcam permissions
1. After you create the registry value, switch to **Template User** or to a domain account that does not have administrator permissions on the image builder. To switch to **Template User**, in the toolbar on the top right of the session window, choose **Admin Commands**, **Switch User**, **Template User**.
1. Switch back to **Administrator**.
1. Disconnect from the image builder and create a streaming URL for the image builder. To do so:
1. Open the WorkSpaces Applications console at [https://console.aws.amazon.com/appstream2](https://console.aws.amazon.com/appstream2).
1. In the navigation pane, choose **Images**, then choose **Image Builder**.
1. Select the image builder from which you just disconnected, and choose **Actions**, **Create streaming URL**.
1. Choose **Copy Link** and save the link to a secure and accessible location. You will use the link in the next step to connect to the image builder.
1. Using the streaming URL that you just created, connect to the image builder by using the WorkSpaces Applications client or web browser access.
1. Test the real-time AV experience on the image builder by following the steps in [Video and Audio Conferencing](client-application-windows-how-to-use-local-webcam-user.md).
1. After you verify that real-time AV is working as expected, disconnect from your streaming session, reconnect to the image builder and follow the necessary steps in Image Assistant to finish creating your image. For information about how to create an image, see [Tutorial: Create a Custom WorkSpaces Applications Image by Using the WorkSpaces Applications Console](tutorial-image-builder.md).
After you finish configuring your image builder and creating an image that supports real-time AV, you can make this feature available to your users on WorkSpaces Applications fleets. Ensure that version 1.1.257 or later of the WorkSpaces Applications client is installed on your users' computers.
**Note**
To use real-time AV with the WorkSpaces Applications client, your WorkSpaces Applications base image and agent version should be June 1, 2021 or later. We recommend using the latest WorkSpaces Applications client. For guidance that you can provide to your users to help them use real-time AV, see [Video and Audio Conferencing](client-application-windows-how-to-use-local-webcam-user.md).
To use real-time AV with web browser access, your WorkSpaces Applications image must use a version of the WorkSpaces Applications agent released on or after June 24, 2021. For more information on supported web browsers, see [Web Browser Access](web-browser-user.md).
# USB Devices
The following sections provide information about WorkSpaces Applications support for USB devices.
**Topics**
+ [
## USB Redirection
](#feature-support-USB-devices-USB-redirection)
+ [
## Smart Cards
](#feature-support-USB-devices-qualified-smart-cards)
## USB Redirection
USB redirection is required for most local USB devices to be used during WorkSpaces Applications streaming sessions. When USB redirection is required, you must [qualify the device](qualify-usb-devices.md) before your users can use it during their WorkSpaces Applications streaming sessions. After you qualify the device, users must [share the device with WorkSpaces Applications](client-application-windows-how-to-share-usb-devices-user.md). With USB redirection, during WorkSpaces Applications streaming sessions, users' devices are not accessible for use with local applications.
In other cases, USB devices are already enabled for use with WorkSpaces Applications and no further configuration is required. For example, smart card redirection is already enabled by default when the WorkSpaces Applications client is installed. Because USB redirection isn't used when this feature is enabled, you don't need to qualify smart card readers, and users don't need to share these devices with WorkSpaces Applications to use them during streaming sessions.
**Note**
USB redirection is currently not supported for Linux-based fleet instances, or when using the WorkSpaces Applications macOS client application.
## Smart Cards
WorkSpaces Applications supports using a smart card for Windows sign in to Active Directory-joined streaming instances and in-session authentication for streaming applications. Because smart card redirection is enabled by default, users can use smart card readers that are connected to their local computer and their smart cards without USB redirection.
**Topics**
+ [
### Windows Sign In and In-Session Authentication
](#feature-support-USB-devices-qualified-smart-cards-windows-signin-in-session-auth)
+ [
### Smart Card Redirection
](#feature-support-USB-devices-qualified-smart-cards-support)
### Windows Sign In and In-Session Authentication
WorkSpaces Applications supports the use of Active Directory domain passwords or smart cards such as [Common Access Card (CAC)](https://www.cac.mil/Common-Access-Card) and [Personal Identity Verification (PIV)](https://piv.idmanagement.gov/) smart cards for Windows sign in to WorkSpaces Applications streaming instances (fleets and image builders). Your users can use smart card readers connected to their local computer and their smart cards to sign in to an WorkSpaces Applications streaming instance that is joined to a Microsoft Active Directory domain. They can also use their local smart card readers and smart cards to sign in to applications within their streaming session.
To ensure that your users can use their smart cards for Windows sign in to Active Directory-joined streaming instances and for in-session authentication for streaming applications, you must:
+ Use an image that meets the following requirements:
+ The image must be created from a base image published by AWS on or after December 28, 2020. For more information, see [WorkSpaces Applications Base Image and Managed Image Update Release Notes](base-image-version-history.md).
+ The image must use a version of the WorkSpaces Applications agent released on or after January 4, 2021. For more information, see [WorkSpaces Applications Agent Release Notes](agent-software-versions.md).
+ Enable **Smart card sign in for Active Directory** on the WorkSpaces Applications stack that your users access for streaming sessions, as described in this section.
**Note**
This setting controls only the authentication method that can be used for Windows sign in to an WorkSpaces Applications streaming instance (fleet or image builder). It doesn't control the authentication method that can be used for in-session authentication, after a user signs in to a streaming instance.
+ Ensure that your users have WorkSpaces Applications client version 1.1.257 or later installed. For more information, see [WorkSpaces Applications Windows Client Release Notes](client-release-versions.md).
By default, password sign in for Active Directory is enabled on WorkSpaces Applications stacks. You can enable smart card sign in for Active Directory by performing the following steps in the WorkSpaces Applications console.
**To enable smart card sign in for Active Directory by using the WorkSpaces Applications console**
1. Open the WorkSpaces Applications console at [https://console.aws.amazon.com/appstream2/home](https://console.aws.amazon.com/appstream2/home).
1. In the left navigation pane, choose **Stacks**.
1. Choose the stack for which you want to enable smart card authentication for Active Directory.
1. Choose the **User Settings** tab, and then expand the **Clipboard, file transfer, print to local device, and authentication permissions** section.
1. For **Smart card sign in for Active Directory**, choose **Enabled**.
You can also enable **Password sign in for Active Directory**, if it's not already enabled. At least one authentication method must be enabled.
1. Choose **Update**.
Alternatively, you can enable smart card sign in for Active Directory by using the WorkSpaces Applications API, an AWS SDK, or the AWS Command Line Interface (AWS CLI).
### Smart Card Redirection
When the WorkSpaces Applications client is installed, smart card redirection is enabled by default. When this feature is enabled, users can use smart card readers that are connected to their local computer and their smart cards during WorkSpaces Applications streaming sessions without USB redirection. During WorkSpaces Applications streaming sessions, users' smart card readers and smart cards remain accessible for use with local applications. The WorkSpaces Applications client redirects the smart card API calls from users’ streaming applications to their local smart card.
**Note**
Smart card redirection is currently not supported for Linux-based fleet instances or multi-session fleet instances, or when using the WorkSpaces Applications macOS client application.
**Note**
If your smart card requires middleware software to operate, the middleware software must be installed on both the user’s device, and the WorkSpaces Applications streaming instance.
You can disable smart card redirection during client installation on managed devices. For more information, see [Choose Whether to Disable Smart Card Redirection](install-client-configure-settings.md#disable-local-smart-card-support-client). If you disable smart card redirection, your users can't use their smart card reader and smart card during an WorkSpaces Applications streaming session without USB redirection. In this case, you must [qualify the device](qualify-usb-devices.md). After you qualify the device, users must [share the device with WorkSpaces Applications](client-application-windows-how-to-share-usb-devices-user.md). When smart card redirection is disabled, during users' WorkSpaces Applications streaming sessions, their smart card reader and smart card are not accessible for use with local applications.
# Drawing Tablets
Drawing tablets, also known as pen tablets, are computer input devices that let users draw with a stylus (pen). With WorkSpaces Applications, your users can connect a drawing tablet, such as a Wacom drawing tablet, to their local computer and use the tablet with their streaming applications.
**Note**
Drawing tablets are not supported when using the WorkSpaces Applications macOS client application.
Following are requirements and considerations for enabling your users to use drawing tablets with their streaming applications.
+ To enable your users to use this feature, you must configure your WorkSpaces Applications fleet to use an image that runs Windows Server 2019.
+ To use this feature, users must access WorkSpaces Applications by using the WorkSpaces Applications client, or through the Google Chrome or Mozilla Firefox browsers only.
+ Streaming applications must support Windows Ink technology. For more information, see [Pen interactions and Windows Ink in Windows apps](https://docs.microsoft.com/en-us/windows/uwp/design/input/pen-and-stylus-interactions).
+ Some applications, such GIMP, must detect drawing tablets on the streaming instance to support pressure sensitivity. If this is the case, your users must use the WorkSpaces Applications client to access WorkSpaces Applications and stream these applications. In addition, you must qualify your users' drawing tablets, and users must share their drawing tablets with WorkSpaces Applications every time they start a new streaming session. For more information, see [Qualify USB Devices for Use with Streaming Applications](qualify-usb-devices.md).
+ This feature is not supported on Chromebooks.
To get started with using drawing tablets during application streaming sessions, users connect their drawing tablet to their local computer with USB, share the device with WorkSpaces Applications if required for pressure sensitivity detection, and then use the WorkSpaces Applications client or a [supported web browser](drawing-tablet-support-web-access-admin.md) to start an WorkSpaces Applications streaming session.
# Keyboard Shortcuts
For the Windows client, most operating system keyboard shortcuts are supported. Supported keyboard shortcuts include Alt \$1 Tab, Clipboard shortcuts (Ctrl \$1 X, Ctrl \$1 C, Ctrl\$1 V), Esc, and Alt \$1 F4.
For the macOS client, supported keyboard shortcuts include Clipboard shortcuts (Command \$1 X, Command \$1 C, Command \$1 V, Command \$1 A, Command-Z).
# Relative Mouse Offset
By default, during users' streaming sessions, WorkSpaces Applications transmits information about mouse movements to the streaming instance by using absolute coordinates and rendering the mouse movements locally. For graphics-intensive applications, such as computer-aided design (CAD)/computer-aided manufacturing (CAM) software or video games, mouse performance improves when relative mouse mode is enabled. Relative mouse mode uses relative coordinates, which represent how far the mouse moved since the last frame, rather than the absolute x-y coordinate values within a window or screen. When relative mouse mode is enabled, WorkSpaces Applications renders the mouse movements remotely.
Users can enable this feature during their WorkSpaces Applications streaming sessions by doing either of the following:
+ Pressing Ctrl\$1Shift\$1F8 on the Windows client application or Ctrl\$1Shift\$1Fn\$1F8 on the macOS client application
+ Choosing **Relative Mouse Position [Ctrl\$1Shift\$1F8]** from the **Settings **menu on the WorkSpaces Applications toolbar in the top left area of their streaming session window. This method works when they use classic mode or **Desktop View**.
# Install and Configure the WorkSpaces Applications Client
You can have your users install the WorkSpaces Applications client themselves, or you can install the WorkSpaces Applications client for them by running PowerShell scripts remotely.
You must qualify the USB devices that you want to enable your users to use with their streaming session. If their USB device is not qualified, it won't be detected by WorkSpaces Applications and can't be shared with the session.
The following topics describe how to install and configure the WorkSpaces Applications client.
**Topics**
+ [
# Have Your Users Install the WorkSpaces Applications Client Themselves
](user-install-client.md)
+ [
# Tutorial: Install the Amazon WorkSpaces Applications Client And Customize the Client Experience for Your Users
](install-client-configure-settings.md)
+ [
# Update the WorkSpaces Applications Enterprise Deployment Tool, Client, and USB Driver Manually
](update-enterprise-deployment-tool-client-usb-driver-manually.md)
+ [
# Qualify USB Devices for Use with Streaming Applications
](qualify-usb-devices.md)
+ [
# Configure a Connection Method for Your WorkSpaces Applications Client Users
](use-client-start-streaming-session.md)
+ [
# Enable Users to Share a USB Device with an WorkSpaces Applications Streaming Session
](share-usb-devices-with-session.md)
+ [
# Redirect a Streaming Session from the Web Browser to the WorkSpaces Applications Client
](redirect-streaming-session-from-web-to-client.md)
+ [
# Enable File System Redirection for Your WorkSpaces Applications Users
](enable-file-system-redirection.md)
+ [
# Enable Local Printer Redirection for Your WorkSpaces Applications Users
](enable-local-printer-redirection.md)
# Have Your Users Install the WorkSpaces Applications Client Themselves
For step-by-step guidance that you can provide your users to help them install the WorkSpaces Applications client, see [Setup for Windows](client-application-windows-installation-user.md) or [Setup and installation for macOS](client-application-mac-installation-user.md).
**Important**
For the Windows client, if your organization has deployed antivirus software that prevents users from running .exe files, you must add an exception to allow your users to run the WorkSpaces Applications client installation .exe program. Otherwise, when users try to install the client, either nothing happens, or they receive an error after they start the installation program.
After users install the client, if you plan to let your users use USB devices during their WorkSpaces Applications streaming sessions, the following requirements must be met:
+ You must qualify the USB devices that can be used with WorkSpaces Applications. For more information, see [Qualify USB Devices for Use with Streaming Applications](qualify-usb-devices.md).
+ After their devices are qualified, your users must share the devices with WorkSpaces Applications every time they start a new streaming session. For guidance that you can provide your users to them complete this task, see [USB Devices](client-application-windows-how-to-share-usb-devices-user.md).
# Tutorial: Install the Amazon WorkSpaces Applications Client And Customize the Client Experience for Your Users
The following sections describe how to install the WorkSpaces Applications client and customize the client experience for your users. If you plan to download and install the client for your users, first download the Enterprise Deployment Tool. You can then run PowerShell scripts to install the WorkSpaces Applications client and configure client settings remotely.
**Note**
Using the Enterprise Deployment Tool with the WorkSpaces Applications macOS client is not supported.
**Topics**
+ [
## Download the Enterprise Deployment Tool
](#install-client-use-remote-deployment-tool)
+ [
## Install the WorkSpaces Applications Client and USB Driver
](#run-powershell-script-install-client-usb-driver-silently)
+ [
## Accessing WorkSpaces Applications with the WorkSpaces Applications Client
](#access-appstream-with-client)
+ [
## Set the StartURL Registry Value for WorkSpaces Applications Client Users
](#set-start-url-registry-value)
+ [
## Set the TrustedDomains Registry Value to Enable Other Domains for the WorkSpaces Applications Client
](#set-trusted-domains-registry-value)
+ [
## Create the AS2TrustedDomains DNS TXT Record to Enable Your Domain for the WorkSpaces Applications Client Without Registry Changes
](#create-AS2TrustedDomains-DNS-TXT-record-client)
+ [
## Disable DNS TXT Record Lookup for Trusted Domains
](#disable-DNS-TXT-record-lookup-client)
+ [
## Choose Whether to Disable Automatic Client Updates
](#disable-automatic-updates-client)
+ [
## Choose Whether to Disable On-Demand Diagnostic Log Uploads
](#disable-on-demand-diagnostic-log-uploads)
+ [
## Choose Whether to Disable Native Application Mode
](#disable-native-application-mode-client)
+ [
## Choose Whether to Disable Local Printer Redirection
](#disable-local-printer-redirection-client)
+ [
## Choose Whether to Disable Smart Card Redirection
](#disable-local-smart-card-support-client)
+ [
## Configure Additional WorkSpaces Applications Client Settings for Your Users
](#configure-client)
+ [
## Using Group Policy to Customize WorkSpaces Applications Client Experience
](#configure-client-with-adm-template-group-policy)
## Download the Enterprise Deployment Tool
The Enterprise Deployment Tool includes the WorkSpaces Applications client installation files and a Group Policy administrative template.
1. To download the Enterprise Deployment Tool, on the bottom right of the [WorkSpaces Applications supported clients](https://clients.amazonappstream.com) page, select the **Enterprise Deployment Tool** link. This link opens a .zip file that contains the required files for the latest version of the tool.
1. To extract the required files, navigate to the location where you downloaded the tool, right-click the **AmazonAppStreamClient\$1EnterpriseSetup\$1** folder, and choose **Extract All**. The folder contains two installation programs and a Group Policy administrative template:
+ WorkSpaces Applications client installer (AmazonAppStreamClientSetup\$1.msi) — Installs the WorkSpaces Applications client.
+ WorkSpaces Applications USB driver installer (AmazonAppStreamUsbDriverSetup\$1.exe) — Installs the WorkSpaces Applications USB driver that is required to use USB devices with applications streamed through WorkSpaces Applications.
+ WorkSpaces Applications client Group Policy administrative template (as2\$1client\$1config.adm) — Lets you configure the WorkSpaces Applications client through Group Policy.
## Install the WorkSpaces Applications Client and USB Driver
After you download the WorkSpaces Applications client installation files, run the following PowerShell script on users' computers to install the WorkSpaces Applications client installation file, AppStreamClient.exe, and the USB driver silently.
**Note**
To run this script, you must be logged in to the applicable computer with Administrator permissions. You can also run the script remotely under the System account on startup.
```
Start-Process msiexec.exe -Wait -ArgumentList '/i AmazonAppStreamClientSetup_.msi /quiet'
Start-Process AmazonAppStreamUsbDriverSetup_.exe -Wait -ArgumentList '/quiet'
```
After you install the Enterprise Deployment Tool on a user's computer, the WorkSpaces Applications client is installed as follows:
1. The WorkSpaces Applications client installation file is copied to the following path on the user's computer: C:\$1Program Files (x86)\$1Amazon WorkSpaces Applications Client Installer\$1AppStreamClient.exe.
1. The first time the user logs on to their computer after the Enterprise Deployment Tool is installed, the WorkSpaces Applications client is installed.
**Note**
If the Enterprise Deployment Tool detects that the WorkSpaces Applications Client folder, **AppStreamClient**, already exists in **%localappdata%**, the tool does not install the client.
If a user uninstalls the WorkSpaces Applications client, the client isn’t installed again until you update the WorkSpaces Applications Enterprise Deployment Tool.
## Accessing WorkSpaces Applications with the WorkSpaces Applications Client
By default, when users launch the WorkSpaces Applications client, they can connect only to URLs that include the WorkSpaces Applications domain or domains that include a DNS TXT record that enables the connection. You can let client users access domains other than the WorkSpaces Applications domain by doing any of the following:
+ Set the `StartURL` registry value to specify a custom URL that users can access, such as the URL for your organization's login portal.
+ Set the `TrustedDomains` registry value to specify trusted domains that users can access.
+ Create the `AS2TrustedDomains` DNS TXT record to specify trusted domains that users can access. This method lets you avoid registry changes.
**Note**
The WorkSpaces Applications client and DNS TXT record configuration do not prevent users from using other connection methods to access the domains or URLs that you specify. For example, users can access specified domains or URLs by using a web browser, if they have network access to the domains or URLs.
## Set the StartURL Registry Value for WorkSpaces Applications Client Users
You can use the `StartUrl` registry value to set a custom URL that is populated in the WorkSpaces Applications client when a user launches the client. You can create this HKLM registry key while installing the client so that your users don’t need to specify a URL when they launch the client.
After the WorkSpaces Applications client is installed, you can run the following PowerShell script to create this registry key, or you can use the administrative template that is included in the WorkSpaces Applications client Enterprise Deployment Tool to configure the client through Group Policy.
Replace the `StartUrl` value with a URL for your identity provider (IdP). The URL must use a certificate that is trusted by the device. This means that the certificate that is used by the `StartUrl` webpage must contain a Subject Alternative Name (SAN) that includes the URL's domain name. For example, if your `StartUrl` is set to https://appstream.example.com, the SSL certificate must have a SAN that includes appstream.example.com.
**Note**
To run this script, you must be logged in to the applicable computer with Administrator permissions. You can also run the script remotely under the System account on startup.
```
$registryPath="HKLM:\Software\Amazon\AppStream Client"
New-Item -Path "HKLM:\Software\Amazon" -Name "AppStream Client" -Force
New-ItemProperty -Path $registryPath -Name "StartUrl" -Value "https://www.example.com" -PropertyType String -Force | Out-Null
```
## Set the TrustedDomains Registry Value to Enable Other Domains for the WorkSpaces Applications Client
You can configure the WorkSpaces Applications client to connect to URLs in trusted domains that you specify. For example, you might want to let users connect to any URL in your organizational domain or to any URL in one or more of your IdP domains. When you specify the URL, use the following format: \$1.*example*-*idp*.*com*.
You can specify a list of trusted domains in a comma-separated format. Add this list as a registry value to the WorkSpaces Applications `TrustedDomains` HKLM registry key. We recommend that you create this registry key and specify the list of trusted domains when you install the WorkSpaces Applications client or, if you are using Microsoft Active Directory, through Group Policy. That way, your users can connect to a URL in any trusted domain immediately after the client is installed.
After the WorkSpaces Applications client is installed, you can run the following PowerShell script to create this registry key. Or, you can use the administrative template that is included in the WorkSpaces Applications client Enterprise Deployment Tool to configure the client through Group Policy.
Replace the `TrustedDomains` value with a comma-separated list for one or more of your organizational or IdP domains. The certificate used by the trusted domain webpage must contain a SAN that includes the URL's domain. For example, if your trusted domain includes \$1.example.com, and users specify https://appstream.example.com, the SSL certificate must have a SAN that includes appstream.example.com.
**Note**
To run this script, you must be logged in to the applicable computer with Administrator permissions. You can also run the script remotely under the System account on startup.
```
$registryPath="HKLM:\Software\Amazon\AppStream Client"
New-Item -Path "HKLM:\Software\Amazon" -Name "AppStream Client" -Force
New-ItemProperty -Path $registryPath -Name "TrustedDomains" -Value "*.example1.com, *.example2.com, aws.amazon.com" -PropertyType String -Force | Out-Null
```
The following are requirements and considerations for formatting trusted domain names.
+ The following characters are supported: a-z, 0-9, -, \$1
+ DNS treats the \$1 character either as a wildcard or as an asterisk character (ASCII 42), depending on where it appears in the domain name. Following are restrictions when using \$1 as a wildcard in the name of a DNS record:
+ The \$1 must replace the leftmost label in a domain name. For example, \$1.example.com or \$1.prod.example.com. If you include \$1 in any other position, such as prod.\$1.example.com, DNS treats it as an asterisk character (ASCII 42), not as a wildcard.
+ The \$1 must replace the entire label. For example, you can't specify \$1prod.example.com or prod\$1.example.com.
+ The \$1 applies to the subdomain level that includes the \$1, and to all the subdomains of that subdomain. For example, if an entry is named \$1.example.com, the WorkSpaces Applications client allows zenith.example.com, acme.zenith.example.com, and pinnacle.acme.zenith.example.com.
## Create the AS2TrustedDomains DNS TXT Record to Enable Your Domain for the WorkSpaces Applications Client Without Registry Changes
You can enable users to connect to any URL in your organizational domain (for example, \$1.example.com) or to any URL in your IdP domains (for example, \$1.example-idp.com) by creating a DNS TXT record in that domain. When you create the DNS TXT record, the `StartURL` or `TrustedDomains` registry values are not required to allow a user to connect to a URL.
You can specify a list of trusted subdomains in a comma-separated format, prefixed with `AS2TrustedDomains=`. Then, create a DNS TXT record for the appropriate domain. The `AS2TrustedDomains` DNS TXT record can only enable the same domain, or subdomains, of the domain in which the DNS TXT record is created. You cannot use the DNS TXT record to enable other domains.
For more information about setting up the DNS record, see [Enable your organizational domain for the AppStream 2.0 client with a Route 53 DNS TXT record](https://aws.amazon.com/blogs/desktop-and-application-streaming/enable-your-organizational-domain-for-the-appstream-2-0-client-with-a-route-53-dns-txt-record/) and [Creating an AS2TrustedDomains DNS TXT record to redirect the AppStream 2.0 native client to a third-party identity provider](https://aws.amazon.com/blogs/desktop-and-application-streaming/creating-an-as2trusteddomains-dns-txt-record-to-redirect-the-appstream-2-0-native-client-to-a-third-party-identity-provider/).
**Note**
When you create DNS TXT records, any users can stream from enabled domains that are not included in the `StartURL` or `TrustedDomains` registry values. The WorkSpaces Applications client and DNS TXT record configuration do not prevent users from using other connection methods to access the domains or URLs that you specify. For example, users can access specified domains or URLs by using a web browser, if they have network access to the domains or URLs.
### DNS TXT Record Configuration Example
The following is an example of a DNS TXT record configuration. With the configuration for this example, users can launch the WorkSpaces Applications client and connect to appstream.example.com or appstream-dev.example.com. However, they cannot connect to example.com.
+ `Domains to enable` — appstream.example.com, appstream-dev.example.com
+ `DNS TXT record location` — example.com
+ `DNS TXT record value` — AS2TrustedDomains=appstream.example.com,appstream-dev.example.com
### Requirements and Considerations
Keep in mind the following requirements and considerations for creating a DNS TXT record:
+ You must create the TXT record at the second-level domain. For example, if your domain is prod.appstream.example.com, you must create the DNS TXT record at example.com.
+ The TXT record value must start with `AS2TrustedDomains=`
+ The following characters are supported: a-z, 0-9, -, \$1
+ DNS treats the \$1 character either as a wildcard or as an asterisk character (ASCII 42), depending on where it appears in the domain name. Following are restrictions when using \$1 as a wildcard in the name of a DNS record:
+ The \$1 must replace the leftmost label in a domain name. For example, \$1.example.com or \$1.prod.example.com. If you include \$1 in any other position, such as prod.\$1.example.com, DNS treats it as an asterisk character (ASCII 42), not as a wildcard.
+ The \$1 must replace the entire label. For example, you can't specify \$1prod.example.com or prod\$1.example.com.
+ The \$1 applies to the subdomain level that includes the \$1, and to all the subdomains of that subdomain. For example, if an entry is named \$1.example.com, the WorkSpaces Applications client allows connections to the following domains: zenith.example.com, acme.zenith.example.com, and pinnacle.acme.zenith.example.com.
## Disable DNS TXT Record Lookup for Trusted Domains
By default, when users launch the WorkSpaces Applications and specify a URL that is not an WorkSpaces Applications domain, the client performs a DNS TXT record lookup. The lookup is performed on the second-level domain of the URL so that the client can determine whether the domain is included in the `AS2TrustedDomains` list. This behavior lets users connect to domains that are not specified in the `StartURL` or `TrustedDomains` registry keys, or WorkSpaces Applications domains.
You can disable this behavior by setting the value for the `DnsTxtRecordQueryDisabled` registry key to `true`. You can create this registry key when you install the WorkSpaces Applications client. That way, the client connects only to URLs that are specified by the `StartURL` or `TrustedDomains` registry keys.
After the WorkSpaces Applications client is installed, you can run the following PowerShell script to create this registry key. Or, you can use the administrative template that is included in the WorkSpaces Applications client Enterprise Deployment Tool to configure the client through Group Policy.
**Note**
To run this script, you must be logged in to the applicable computer with Administrator permissions. You can also run the script remotely under the System account on startup.
```
$registryPath="HKLM:\Software\Amazon\AppStream Client"
New-Item -Path "HKLM:\Software\Amazon" -Name "AppStream Client" -Force
New-ItemProperty -Path $registryPath -Name "DnsTxtRecordQueryDisabled" -Value "true" -PropertyType String -Force | Out-Null
```
## Choose Whether to Disable Automatic Client Updates
By default, when a new version of the WorkSpaces Applications client is available, the client updates automatically to the latest version. You can disable automatic updates by setting the value for the `AutoUpdateDisabled` registry key to `true`. You can create this registry key when you install the WorkSpaces Applications client. That way, the client is not updated automatically whenever a new version is available.
After the WorkSpaces Applications client is installed, you can run the following PowerShell script to create this registry key. Or, you can use the administrative template that is included in the WorkSpaces Applications client Enterprise Deployment Tool to configure the client through Group Policy.
**Note**
To run this script, you must be logged in to the applicable computer with Administrator permissions. You can also run the script remotely under the System account on startup.
```
$registryPath="HKLM:\Software\Amazon\AppStream Client"
New-Item -Path "HKLM:\Software\Amazon" -Name "AppStream Client" -Force
New-ItemProperty -Path $registryPath -Name "AutoUpdateDisabled" -Value "True" -PropertyType String -Force | Out-Null
```
## Choose Whether to Disable On-Demand Diagnostic Log Uploads
By default, the WorkSpaces Applications client allows users to upload diagnostic logs and minidumps on demand to WorkSpaces Applications (AWS). In addition, if an exception occurs or the WorkSpaces Applications client stops responding, users are prompted to choose whether they want to upload the minidump and associated logs. For more information about on-demand diagnostic logging, see [Automatic and On-Demand Diagnostic Log Uploads](feature-support-diagnostic-log-upload.md).
You can disable these behaviors by setting the value for the `UserUploadOfClientLogsAllowed` registry key to `false`. You can create this HKLM registry key when you install the WorkSpaces Applications client.
After the WorkSpaces Applications client is installed, you can run the following PowerShell script to create this registry key. Or, you can use the administrative template that is included in the WorkSpaces Applications client Enterprise Deployment Tool to configure the client through Group Policy.
**Note**
To run this script, you must be logged in to the applicable computer with Administrator permissions. You can also run the script remotely under the System account on startup.
```
$registryPath="HKLM:\Software\Amazon\AppStream Client"
New-Item -Path "HKLM:\Software\Amazon" -Name "AppStream Client" -Force
New-ItemProperty -Path $registryPath -Name "UserUploadOfClientLogsAllowed" -Value "false" -PropertyType String -Force | Out-Null
```
## Choose Whether to Disable Native Application Mode
By default, the WorkSpaces Applications client can run in either classic mode or native application mode. You can disable native application mode by setting the value for the `NativeAppModeDisabled` registry key to `true`. You can create this HKLM registry key when you install the WorkSpaces Applications client. If the value is set to `true`, the client runs in classic mode only. For information about native application mode, see [Native Application Mode](feature-support-native-application-mode.md).
After the WorkSpaces Applications client is installed, you can run the following PowerShell script to create this registry key. Or, you can use the administrative template that is included in the WorkSpaces Applications client Enterprise Deployment Tool to configure the client through Group Policy.
**Note**
To run this script, you must be logged in to the applicable computer with Administrator permissions. You can also run the script remotely under the System account on startup.
```
$registryPath="HKLM:\Software\Amazon\AppStream Client"
New-Item -Path "HKLM:\Software\Amazon" -Name "AppStream Client" -Force
New-ItemProperty -Path $registryPath -Name "NativeAppModeDisabled" -Value "True" -PropertyType String -Force | Out-Null
```
## Choose Whether to Disable Local Printer Redirection
By default, the WorkSpaces Applications client enables users to redirect print jobs from their streaming applications to a printer that is connected to their local computer. You can disable local printer redirection by setting the value for the `PrinterRedirectionDisabled` registry key to `true`. You can create this HKLM registry key when you install the WorkSpaces Applications client. If the value is set to `true`, the client does not redirect print jobs from users’ streaming applications to a printer that is connected to their local computer.
After you install the WorkSpaces Applications client, you can run the following PowerShell script to create this registry key. Or, you can use the administrative template that is included in the WorkSpaces Applications client Enterprise Deployment Tool to configure the client through Group Policy.
**Note**
To run this script, you must be logged in to the applicable computer with Administrator permissions. You can also run the script remotely under the System account on startup.
```
$registryPath="HKLM:\Software\Amazon\AppStream Client"
New-Item -Path "HKLM:\Software\Amazon" -Name "AppStream Client" -Force
New-ItemProperty -Path $registryPath -Name "PrinterRedirectionDisabled" -Value "True" -PropertyType String -Force | Out-Null
```
## Choose Whether to Disable Smart Card Redirection
By default, smart card redirection is enabled for the WorkSpaces Applications client. When this feature is enabled, users can use smart card readers that are connected to their local computers and their smart cards during WorkSpaces Applications streaming sessions without USB redirection. During WorkSpaces Applications streaming sessions, users' smart card readers and smart cards remain accessible for use with local applications. The client redirects the smart card API calls from users’ streaming applications to their local smart card. You can disable smart card redirection by setting the value for the `SmartCardRedirectionDisabled` registry key to `true`. You can create this HKLM registry key when you install the WorkSpaces Applications client.
If the value is set to `true`, your users can't use their smart card readers and smart cards during an WorkSpaces Applications streaming session without USB redirection. In this case, users can't sign in to their streaming applications by using a smart card that is connected to their local computer unless you [qualify the device](qualify-usb-devices.md). After you qualify the device, users must [share the device with WorkSpaces Applications](client-application-windows-how-to-share-usb-devices-user.md). When smart card redirection is disabled, during users' WorkSpaces Applications streaming sessions, their smart card readers and smart cards are not accessible for use with local applications.
After you install the WorkSpaces Applications client, you can run the following PowerShell script to create this registry key. Or, you can use the administrative template that is included in the WorkSpaces Applications client Enterprise Deployment Tool to configure the client through Group Policy.
**Note**
To run this script, you must be logged in to the applicable computer with Administrator permissions. You can also run the script remotely under the System account on startup.
```
$registryPath="HKLM:\Software\Amazon\AppStream Client"
New-Item -Path "HKLM:\Software\Amazon" -Name "AppStream Client" -Force
New-ItemProperty -Path $registryPath -Name "SmartCardRedirectionDisabled" -Value "True" -PropertyType String -Force | Out-Null
```
## Configure Additional WorkSpaces Applications Client Settings for Your Users
The WorkSpaces Applications client uses registry keys to configure the following additional client settings:
+ WorkSpaces Applications client End-User License Agreement (EULA) acceptance
+ WorkSpaces Applications client EULA version accepted
+ Automatic diagnostic log uploads for the WorkSpaces Applications client
+ Automatic updates for the USB driver that is used to pass USB drivers to WorkSpaces Applications
+ Enabling hardware rendering in the WorkSpaces Applications client
+ Setting custom folder paths for file system redirection in the WorkSpaces Applications client
+ Opening URL for your identity provider (IdP) in system default browser
+ Adding an indicator to provide real-time visual feedback on streaming data loss
The following table summarizes the registry values for additional client settings that you can use to customize the WorkSpaces Applications client experience for your users.
**Note**
These values are case sensitive.
| Value | Registry path | Type | Description | Data |
| --- | --- | --- | --- | --- |
| EULAAccepted | HKCU\$1Software\$1Amazon\$1Appstream Client | String | Set this value to true to accept the WorkSpaces Applications client EULA on behalf of your users. | true/false |
| AcceptedEULAVersion | HKCU\$1Software\$1Amazon\$1Appstream Client | String | The version of EULA that is accepted. If the current version of the WorkSpaces Applications client EULA is different from the version of the EULA that is accepted, users are prompted to accept the current version of the EULA. | 1.0 |
| DiagnosticInfoCollectionAllowed | HKCU\$1Software\$1Amazon\$1Appstream Client | String | Set this value to true to enable WorkSpaces Applications to automatically send diagnostic logs from the WorkSpaces Applications client to WorkSpaces Applications (AWS). | true/false |
| USBDriverOptIn | HKCU\$1Software\$1Amazon\$1Appstream Client | String | Set this value to true to enable WorkSpaces Applications to automatically update the USB driver that is used to pass USB drivers to WorkSpaces Applications. | true/false |
| HardwareRenderingEnabled | HKCU\$1Software\$1Amazon\$1Appstream Client | String | Set this value to true to enable hardware rendering in the WorkSpaces Applications client. | true/false |
| FileRedirectionCustomDefaultFolders | HKCU\$1Software\$1Amazon\$1Appstream Client | String | Set this value to include at least one folder path for file system redirection. Separate multiple folder paths by using '\$1'. By default, the following folder paths are specified: %USERPROFILE%\$1Desktop\$1%USERPROFILE%\$1Documents\$1%USERPROFILE%\$1Downloads | Valid folder path |
| OpenIdpUrlInSystemBrowser | HKCU\$1Software\$1Amazon\$1Appstream Client | String | Set this value to true to enable the WorkSpaces Applications client to open the IdP URL in a system default browser. This feature is supported on client version 1.1.1360 and later. | true/false |
| DataLossIndicator | HKLM\$1Software\$1Amazon\$1Appstream Client | String | Set this value to SHOW\$1ON\$1LOSSY to include a red warning indicator when there is streaming data loss. Set this value to SHOW\$1ON\$1LOSSLESS to include a green healthy indicator when there is no streaming data loss. | DISABLED/SHOW\$1ON\$1LOSSY/SHOW\$1ON\$1LOSSLESS |
After the WorkSpaces Applications client is installed, you can run the following PowerShell script to create these registry keys. If you don’t want to create all of the registry keys, modify the script as needed to create only the registry keys that you want. Or, you can use the administrative template that is provided in the WorkSpaces Applications client Enterprise Deployment Tool to configure the client through Group Policy.
**Note**
You must set the following entries for each user.
```
$registryPath="HKCU:\Software\Amazon\AppStream Client"
New-Item -Path "HKCU:\Software\Amazon" -Name "AppStream Client" -Force
New-ItemProperty -Path $registryPath -Name "EULAAccepted" -Value "true" -PropertyType String -Force | Out-Null
New-ItemProperty -Path $registryPath -Name "AcceptedEULAVersion" -Value "1.0" -PropertyType String -Force | Out-Null
New-ItemProperty -Path $registryPath -Name "DiagnosticInfoCollectionAllowed" -Value "true" -PropertyType String -Force | Out-Null
New-ItemProperty -Path $registryPath -Name "USBDriverOptIn" -Value "true" -PropertyType String -Force | Out-Null
New-ItemProperty -Path $registryPath -Name "HardwareRenderingEnabled" -Value "true" -PropertyType String -Force | Out-Null
New-ItemProperty -Path $registryPath -Name "FileRedirectionCustomDefaultFolders" -Value "%USERPROFILE%\Desktop|%USERPROFILE%\Documents|%USERPROFILE%\Downloads" -PropertyType String -Force | Out-Null
New-ItemProperty -Path $registryPath -Name "OpenIdpUrlInSystemBrowser" -Value "true" -PropertyType String -Force | Out-Null
```
To set the `DataLossIndicator` registry value, run the following PowerShell script. This value is stored in the HKLM registry path and requires Administrator permissions.
**Note**
To run this script, you must be logged in to the applicable computer with Administrator permissions. You can also run the script remotely under the System account on startup.
```
$registryPath="HKLM:\Software\Amazon\AppStream Client"
New-Item -Path "HKLM:\Software\Amazon" -Name "AppStream Client" -Force
New-ItemProperty -Path $registryPath -Name "DataLossIndicator" -Value "SHOW_ON_LOSSY" -PropertyType String -Force | Out-Null
```
## Using Group Policy to Customize WorkSpaces Applications Client Experience
You can use the administrative template that is provided in the WorkSpaces Applications client Enterprise Deployment Tool to configure the client through Group Policy. To learn how to load administrative templates into the Group Policy Management Console, see [Recommendations for managing Group Policy administrative template (.adm) files](https://support.microsoft.com/en-us/help/816662/recommendations-for-managing-group-policy-administrative-template-adm) in the Microsoft Support documentation.
# Update the WorkSpaces Applications Enterprise Deployment Tool, Client, and USB Driver Manually
By default, the WorkSpaces Applications client and USB driver are updated automatically when a new client version is released. However, if you used the Enterprise Deployment Tool to install the WorkSpaces Applications client for your users and you disabled automatic updates, you must update the WorkSpaces Applications Enterprise Deployment Tool, client, and USB driver manually. To do so, perform the following steps to run the required PowerShell commands on users’ computers.
**Note**
To run these commands, you must either be logged in to the applicable computer as Administrator, or you can run the script remotely under the SYSTEM account on startup.
Using the Enterprise Deployment Tool to the manage the WorkSpaces Applications macOS client is not supported.
1. Uninstall the WorkSpaces Applications Enterprise Deployment Tool silently:
```
Start-Process msiexec.exe -Wait -ArgumentList '/x AmazonAppStreamClientSetup_.msi /quiet'
```
1. Uninstall the WorkSpaces Applications USB driver silently:
```
Start-Process -Wait AmazonAppStreamUsbDriverSetup_.exe -ArgumentList '/uninstall /quiet /norestart'
```
1. Uninstall the WorkSpaces Applications client silently:
```
Start-Process "$env:LocalAppData\AppStreamClient\Update.exe" -ArgumentList '--uninstall'
```
**Note**
This process also removes the registry keys that are used to configure the WorkSpaces Applications client. After you reinstall the WorkSpaces Applications client, you must recreate these keys.
1. Clean the application installation directory:
```
Remove-Item -Path $env:LocalAppData\AppStreamClient -Recurse -Confirm:$false –Force
```
1. Restart the computer:
```
Restart-computer
```
1. Install the latest version of the WorkSpaces Applications Enterprise Deployment Tool silently:
```
Start-Process msiexec.exe -Wait -ArgumentList '/i AmazonAppStreamClientSetup_.msi /quiet'
```
1. Install the latest version of the WorkSpaces Applications USB driver silently:
```
Start-Process AmazonAppStreamUsbDriverSetup_.exe -Wait -ArgumentList '/quiet'
```
# Qualify USB Devices for Use with Streaming Applications
There are two methods for specifying which USB devices your users can redirect into their WorkSpaces Applications streaming instances:
**Note**
USB redirection is currently only supported on Windows WorkSpaces Applications streaming instances. It is not supported on the macOS client.
+ You can create the USB device filter strings within the configuration file saved on an image. This method can only be used with Always-On and On-Demand fleets.
+ You can specify USB device filter strings when you create the fleet, either with the AWS Management Console or with the `CreateFleet` API. For detailed information about these strings, see the section below. This method can only be used with Elastic fleets.
You can create a file on your WorkSpaces Applications image that specifies which USB devices a user can make available for their streaming applications. To qualify your users' USB devices so that the devices can be used with streaming applications, perform these steps.
**Note**
For security reasons, only qualify USB devices from approved trusted sources. Qualifying all generic devices or classes of devices might allow unapproved devices to be used with your streaming applications.
1. If you haven't already done so, install the WorkSpaces Applications client. For information, see [Install and Configure the WorkSpaces Applications Client](install-configure-client.md).
1. Connect the USB device that you want to qualify to your computer.
1. Navigate to **C:\$1Users\$1\$1AppData\$1Local\$1AppStreamClient**, and double-click **dcvusblist.exe**.
1. In the **DCV - USB devices** dialog box, the list of USB devices that are connected to your local computer displays. The **Filter** column displays the filter string for every USB device. Right-click the list entry for a USB device that you want to enable, and choose **Copy filter string**.
1. On your desktop, choose the Windows **Start** button, and search for Notepad. Double-click **Notepad** to open a new file, copy the filter string to the file, and save it. Later, you'll use the filter string to qualify the USB device.
1. Launch a new image builder. For more information, see [Launch an Image Builder to Install and Configure Streaming Applications](tutorial-image-builder-create.md).
1. After your image builder is in the **Running** state, perform the following steps to create a streaming URL and connect to the image builder by using the WorkSpaces Applications client.
1. With your image builder selected in the list, choose **Actions**, **Create streaming URL**.
1. In the **Create streaming URL** dialog box, choose **Copy link**, and copy and paste the web address into a separate file for later use. You'll use this URL to reconnect to the image builder in step 12.
1. Choose **Launch in Client**.
1. If the **Launch Application** dialog box opens and prompts you to choose the application to use when opening the link, choose **Amazon AppStream**, **Open link**. To prevent this dialog box from displaying the next time you perform this step to connect to an image builder, select the **Remember my choice for amazonappstream links** check box.
1. If the WorkSpaces Applications client displays links to the AWS Customer Agreement, AWS Service Terms, and the AWS Privacy Notice, and third-party notices, review this information, and then choose **Finish**.
1. If the client sign-in page is displayed, the web address field is prepopulated with the streaming URL. Choose **Connect**.
1. If prompted, log in to the image builder as Administrator.
1. After you are connected to the image builder, if your USB device requires you to install drivers before you use it, download and install the drivers on the image builder. For example, if you use the Connexion 3D mouse, you must download and install the required Connexion drivers on the image builder.
1. On your image builder desktop, choose the Windows **Start** button, and search for Notepad. Right-click **Notepad**, and choose **Run as Administrator**.
1. Choose **File**, **Open**, and open the following file: `C:\ProgramData\Amazon\Photon\DCV\usb_device_allowlist.txt`. You can also allow an entire category of devices or all devices from a specific manufacturer by using wildcard expressions in the `usb_device_allowlist.txt` file.
1. Copy the filter string from your local computer to the image builder. The filter string for a specific USB device is a comma-separated string of the following fields: **Name**, **Base Class**, **SubClass**, **Protocol**, **ID Vendor**, **ID Product**, **Support Autoshare**, and **Skip Reset**. For detailed information about these strings, see [Working with USB Device Filter Strings](USB-device-filter-strings.md).
1. Disconnect from your image builder, restart it, and reconnect to it by using the WorkSpaces Applications client. To do so, open the WorkSpaces Applications client and paste the streaming URL that you created in step 7 into the client sign-in web address field, and choose **Connect**.
1. On the image builder, test your USB device to confirm that it works as expected.
1. Before your users can use the USB device in an WorkSpaces Applications session, they must first share the device with their session. For guidance that you can provide your users to help them perform this task, see [USB Devices](client-application-windows-how-to-share-usb-devices-user.md).
1. If the USB device works with the image builder as expected, create an image. For more information, see [Tutorial: Create a Custom WorkSpaces Applications Image by Using the WorkSpaces Applications Console](tutorial-image-builder.md).
1. After you finish creating the image, update your WorkSpaces Applications fleet to use the new image.
# Working with USB Device Filter Strings
This section describes the filter strings that are available for qualifying USB devices for WorkSpaces Applications streaming sessions. It also provides guidance for working with these strings. The following filter strings are available:
+ `Name` — By default, the value for this filter string is the name of the device, but you can specify your own value.
+ `Base Class,SubClass,Protocol` — The USB class code for the device. For more information, see [Defined Class Codes](https://www.usb.org/defined-class-codes).
+ `ID Vendor (VID)` — A unique identifier that is assigned by the USB organization to the manufacturer of the USB device.
+ `ID Product (PID)` — A unique identifier that assigned by the manufacturer to the USB device.
+ `Support Autoshare` — Lets the WorkSpaces Applications client automatically share the device when a streaming session starts. Set this value to `1` to allow automatic device sharing. Set this value to `0` to not allow automatic device sharing.
+ `Skip Reset` — By default, when a USB device is shared by WorkSpaces Applications with a streaming session, the device is reset to ensure that it functions correctly. However, some USB devices don’t function correctly during the streaming session if they are reset. To prevent this problem from occurring, set the value for this filter string to `1` to instruct the WorkSpaces Applications client not to reset the device while it is shared with a streaming session. To ensure that the device is reset while it is shared with a streaming session, set this value to `0`. When you set a value for `Skip Reset`, make sure that you set the value for `Support Autoshare` to `0` or `1`.
The filter string that is copied from the local computer is specific to a USB device. In some cases, you might want to allow an entire class of devices instead of allowing every possible USB device. For example, you might want to allow your users to use any kind of Wacom design tablets or use any USB mass storage device. In such scenarios, you can provide wildcard characters for specific filter string fields. If you don’t know the VID and PID for your USB devices, you can search for this information in the [USB ID database](https://www.the-sz.com/products/usbid/index.php).
The following examples show how to configure filter strings for USB device sharing during streaming sessions:
+ Allow all mass storage devices automatically on starting a streaming session — "Mass storage, 8, \$1, \$1, \$1, \$1,1,0"
+ Allow all Wacom devices automatically on starting a streaming session — "Wacom tablets, 3, \$1, \$1, 1386, \$1,1,0"
+ Allow all devices that provide an audio interface — "Audio, 1, \$1, \$1, \$1, \$1,1,0"
+ Allow device X, but don't reset it while the device is shared. Don’t share the device automatically on starting a streaming session — "X, Y, \$1, \$1, 1386, \$1,0,1"
# Configure a Connection Method for Your WorkSpaces Applications Client Users
After you install the WorkSpaces Applications client on your users' local computers, they can use the WorkSpaces Applications client to connect to a streaming session. Depending on your organizational requirements, you can provide client users with access to WorkSpaces Applications by doing one of the following: Setting up identity federation using SAML 2.0, using an WorkSpaces Applications user pool, or creating a streaming URL.
**Topics**
+ [
# SAML 2.0
](use-client-start-streaming-session-SAML.md)
+ [
# WorkSpaces Applications User Pool
](use-client-start-streaming-session-user-pool.md)
+ [
# Streaming URL
](use-client-start-streaming-session-streaming-URL.md)
+ [
# Next Steps
](use-client-start-streaming-session-next-steps.md)
# SAML 2.0
If you use external identity providers to federate your users to an WorkSpaces Applications stack, you must create a registry value to configure the WorkSpaces Applications client with a prepopulated URL whenever the client is launched. The URL must use a certificate that is trusted by the device. The certificate must contain a Subject Alternative Name (SAN) that includes the URL's domain name.
For more information, see:
+ [Setting Up SAML](external-identity-providers-setting-up-saml.md)
+ [Set the StartURL Registry Value for WorkSpaces Applications Client Users](install-client-configure-settings.md#set-start-url-registry-value)
# WorkSpaces Applications User Pool
When you create a new user in the WorkSpaces Applications user pool, or assign a user pool user to an WorkSpaces Applications stack, WorkSpaces Applications sends email to users on your behalf. Users enter the URL that was provided to them in the welcome email, enter their credentials, and then choose **Connect**.
For more information, see [Amazon WorkSpaces Applications User Pools](user-pool.md).
# Streaming URL
To create a streaming URL, use one of the following methods:
+ WorkSpaces Applications console
+ The [CreateStreamingURL](https://docs.aws.amazon.com/appstream2/latest/APIReference/API_CreateStreamingURL.html) API action
+ The [create-streaming-url](https://docs.aws.amazon.com/cli/latest/reference/appstream/create-streaming-url.html) AWS CLI command
To create a streaming URL by using the WorkSpaces Applications console, complete the steps in the following procedure.
**To create a streaming URL by using the WorkSpaces Applications console**
1. Open the WorkSpaces Applications console at [https://console.aws.amazon.com/appstream2/home](https://console.aws.amazon.com/appstream2/home).
1. In the navigation pane, choose **Fleets**.
1. In the list of fleets, choose the fleet that is associated with the stack for which you want to create a streaming URL. Verify that the status of the fleet is **Running**.
1. In the navigation pane, choose **Stacks**. Choose the stack, and then choose **Actions**, **Create streaming URL**.
1. In **User id**, enter the user ID.
1. For **URL Expiration**, choose an expiration time, which determines how long the generated URL is valid. This URL is valid for a maximum of seven days.
1. Choose **Get URL**.
1. Copy the URL, save it to an accessible location, and then provide it to your users.
In the WorkSpaces Applications client sign-in page, users enter the streaming URL that you created as the web address, and then choose **Connect**.
# Next Steps
After you configure a client connection method, you can provide your users with the following step-by-step guidance to help them connect to WorkSpaces Applications and start a streaming session: [Connect to WorkSpaces Applications on Windows Client](client-application-windows-start-streaming-session-user.md) or [Connect to WorkSpaces Applications on macOS client](client-application-mac-start-streaming-session-user.md).
# Enable Users to Share a USB Device with an WorkSpaces Applications Streaming Session
Before users share their USB devices with an WorkSpaces Applications session, the USB devices must be qualified. Otherwise, when users start a streaming session, their USB device is not detected by WorkSpaces Applications and cannot be shared with the session. For more information, see [Qualify USB Devices for Use with Streaming Applications](qualify-usb-devices.md).
**Note**
Sharing a USB device with an WorkSpaces Applications streaming session is not supported on the macOS client.
# Redirect a Streaming Session from the Web Browser to the WorkSpaces Applications Client
You can configure WorkSpaces Applications to redirect a streaming session from a web browser to the WorkSpaces Applications client. That way, when your users sign in to WorkSpaces Applications and start a streaming session in their web browser, their session is redirected to the WorkSpaces Applications client. To do so, perform these steps.
1. Use the WorkSpaces Applications `CreateStreamingURL` API action to generate a streaming URL.
1. Add the following prefix for the custom WorkSpaces Applications client handler to the streaming URL: **amazonappstream:**
Together, the prefix and streaming URL are formatted as follows:
**amazonappstream:***base64encoded(streamingURL)*
**Note**
When encoding the URL, make sure that the encoding is in UTF-8.
Powershell sample to encode: `[Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes("Streaming/IdpURL"))`
1. When users are redirected to the streaming URL, their browser detects that the link must be opened by the WorkSpaces Applications client.
1. Users are prompted to choose whether they want to start the streaming session by using the WorkSpaces Applications client.
1. After the prompt, either of the following occurs:
+ If the WorkSpaces Applications client is installed, the user can choose to continue the streaming session by using the WorkSpaces Applications client.
+ If the WorkSpaces Applications client is not installed, the browser behavior varies as follows:
+ Chrome — No message is displayed.
+ Firefox — A message states that the user needs a new app to open Amazon AppStream.
+ Microsoft Edge — No message is displayed.
+ Internet Explorer — A message notifies the user that the WorkSpaces Applications client is not installed.
In this case, users can select the **Download AppStream Client** link to download the client. After they download the client, they can install it, and refresh their browser to start the streaming session by using the client.
## Create a Windows desktop shortcut using the default browser
To create a Windows desktop shortcut using the default browser to launch the client, use the following sample Powershell script.
```
$StringToEncode = 'your URL string'
$encodedUrl = [Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($StringToEncode))
$shortcutContent = "
[{000214A0-0000-0000-C000-000000000046}]
Prop3=19,0
[InternetShortcut]
IDList=
URL=amazonappstream:$encodedUrl
IconIndex=0
HotKey=0
IconFile=$env:USERPROFILE\AppData\Local\AppStreamClient\appstreamclient.exe
"
Set-Content -Path "$env:USERPROFILE\Desktop\AppStream 2.0 Client Launcher.url" -Value $shortcutContent
```
# Enable File System Redirection for Your WorkSpaces Applications Users
WorkSpaces Applications file system redirection lets users who have the WorkSpaces Applications client installed access files on their local computer from within their streaming session. When you enable file system redirection, you can specify the list of local drives and folders that your users can choose to access. When users sign in to WorkSpaces Applications and start a streaming session, they can choose the drive or folder that they want to access from the list. Then they can share the drive or folder with WorkSpaces Applications. The drive or folder remains available for them to access during their streaming sessions. Users can stop sharing their local drives or folders at any time.
**Note**
File system redirection is currently not supported for Linux-based fleet instances, or when using the macOS client.
**Topics**
+ [
# Prerequisites for File System Redirection
](file-system-redirection-prerequisites.md)
+ [
# How to Enable File System Redirection
](how-to-enable-file-system-redirection.md)
+ [
# Make Default Drives and Folders Available for Your Users to Share
](prepopulate-drives-folders-system-redirection.md)
+ [
# Provide Your WorkSpaces Applications Users with Guidance for Working with File System Redirection
](end-user-guidance-file-system-redirection.md)
# Prerequisites for File System Redirection
To enable WorkSpaces Applications file redirection:
+ You must use an image that uses a version of the WorkSpaces Applications agent released on or after August 8, 2019. For more information, see [WorkSpaces Applications Agent Release Notes](agent-software-versions.md).
+ Your users must have WorkSpaces Applications client version 1.0.480 or later installed. For more information, see [WorkSpaces Applications Windows Client Release Notes](client-release-versions.md).
+ File upload and download must be enabled on the stack that your users access for streaming sessions. See the following procedure.
# How to Enable File System Redirection
Perform the following steps to enable both file upload and download on the stack that your users access for streaming sessions.
1. Open the WorkSpaces Applications console at [https://console.aws.amazon.com/appstream2/home](https://console.aws.amazon.com/appstream2/home).
1. In the left navigation pane, choose **Stacks**.
1. Choose the stack for which you want to enable file system redirection.
1. Choose the **User Settings** tab, and then expand the **Clipboard, file transfer, and local print permissions** section.
1. For **File transfer**, verify that **Upload and download** is selected. If not, choose **Edit**, and then choose **Upload and download**.
1. Choose **Update**.
# Make Default Drives and Folders Available for Your Users to Share
By default, when you enable file direction for users of a stack, the following drives and folders are made available for those users to share in their streaming session:
+ Drives:
+ All local hard disks (physical drives, such as the C Drive and D Drive)
+ All virtual drives (network and virtual drives such as mapped drive letters, Google Drive, and OneDrive)
+ All local USB drives
+ Folders:
+ %USERPROFILE%\$1Desktop
+ %USERPROFILE%\$1Documents
+ %USERPROFILE%\$1Downloads
These drive and folder paths prepopulate the **Share your local drives and folders** dialog box. This dialog box is displayed when users sign in to WorkSpaces Applications, start a streaming session, and choose **Settings**, **Local Resources**, and **Local Drives and Folders**.
You can change or define your own default drive and folder paths by editing the registry. You can also use the administrative template file that is provided in the WorkSpaces Applications client Enterprise Deployment Tool. This template lets you configure the client by using Group Policy. For more information, see [Install and Configure the WorkSpaces Applications Client](install-configure-client.md).
When users access their shared local drives and folders during a streaming session, the corresponding paths appear with backslashes replaced by underscores. They are also suffixed with the name of the local computer and a drive letter. For example, for a user with the user name janedoe and a computer name of ExampleCorp-123456, the default Desktop, Documents, and Downloads folder paths appear as follows:
C\$1Users\$1janedoe\$1Desktop (\$1\$1ExampleCorp-123456) (F:)
C\$1Users\$1janedoe\$1Documents (\$1\$1ExampleCorp-123456) (G:)
C\$1Users\$1janedoe\$1Downloads (\$1\$1ExampleCorp-123456) (H:)
# Provide Your WorkSpaces Applications Users with Guidance for Working with File System Redirection
To help your users understand how to work with file redirection during their streaming sessions, you can provide them with the information in [Local File Access](client-application-windows-file-system-redirection.md).
# Enable Local Printer Redirection for Your WorkSpaces Applications Users
With local printer redirection, your WorkSpaces Applications users can redirect print jobs from their streaming application to a printer that is connected to their local computer, including any network printers that the users have mapped. You don't need a printer driver installed on the WorkSpaces Applications streaming instance to enable users to print documents during their streaming sessions.
**Note**
Enabling local printer redirection is currently not supported for Linux-based stacks.
**Topics**
+ [
# Prerequisites for Local Printer Redirection
](local-printer-redirection-prerequisites.md)
+ [
# How to Enable Local Printer Redirection
](how-to-enable-disable-local-printer-redirection.md)
+ [
# How to Disable Local Printer Redirection
](disable-local-printer-redirection.md)
# Prerequisites for Local Printer Redirection
To ensure that your users can use local printer redirection, you must:
+ Use an image that uses a version of the WorkSpaces Applications agent released on or after July 30, 2020. For more information, see [WorkSpaces Applications Agent Release Notes](agent-software-versions.md).
+ Ensure that your users have WorkSpaces Applications client version 1.1.179 or later installed. For more information, see [WorkSpaces Applications Windows Client Release Notes](client-release-versions.md).
+ Ensure printer redirection is enabled on the stack that your users access for streaming sessions.
# How to Enable Local Printer Redirection
By default, local printer redirection is enabled when the WorkSpaces Applications client is installed. However, if local printer redirection is not enabled on the stack that your users access for streaming sessions, you can enable it in the WorkSpaces Applications console by performing the following steps.
**To enable local printer redirection by using the WorkSpaces Applications console**
1. Open the WorkSpaces Applications console at [https://console.aws.amazon.com/appstream2/home](https://console.aws.amazon.com/appstream2/home).
1. In the left navigation pane, choose **Stacks**.
1. Choose the stack for which you want to enable local printer redirection.
1. Choose the **User Settings** tab, and then expand the **Clipboard, file transfer, print to local device, and authentication permissions** section.
1. For **Print to local device**, verify that **Enabled** is selected. If not, choose **Edit**, and then choose **Enabled**.
1. Choose **Update**.
Alternatively, you can enable local printer redirection by using the WorkSpaces Applications API, an AWS SDK, or the AWS Command Line Interface (AWS CLI).
# How to Disable Local Printer Redirection
To disable local printer redirection follow these steps.
**To disable local printer redirection**
You can disable local printer redirection in any of the following ways:
+ During client installation on managed devices. For more information, see [Choose Whether to Disable Local Printer Redirection](install-client-configure-settings.md#disable-local-printer-redirection-client).
+ By using the WorkSpaces Applications console to disable this option on an WorkSpaces Applications stack.
+ By using the WorkSpaces Applications API, an AWS SDK, or the AWS Command Line Interface (AWS CLI) to disable this option on an WorkSpaces Applications stack.