XenApp Service Account Privileges
Updated: 2011-06-24
These tables provide information about the services installed by default with XenApp, their accounts, associated permissions, and privileges.
This table lists the display name for the service, which is the name that appears in the Services panel. When the display name and the service name differ, the table provides service name in (parentheses). The Dependencies column in the table lists the system components, such as Windows services, Citrix services, or drivers, on which the service depends. The Dependencies column also includes subdependencies that might not appear on the Dependencies tab for the service.
Licensing services, which are not listed here, might also appear if the license server is installed on the same server as XenApp.
|
Executable |
Logon Account / Startup Type |
Description |
Dependencies |
|
|
Citrix 64-bit Virtual Memory Optimization |
ctxsfosvc64.exe |
Local System/ Manual |
Dynamically optimizes 64-bit applications running on a XenApp server. |
None |
|
Citrix Client Network (CdmService) |
cdmsvc.exe |
Local System/ Automatic |
Maps client drives and peripherals for access in sessions. |
Client Drive Mapping (CDM), Windows Management Instrumentation Driver Extensions, Workstation |
|
Citrix CPU Utilization Mgmt/CPU Rebalancer (CTXCPUBal) |
ctxcpubal.exe |
.ctx_cpuuser/Manual |
Enhances resource management across multiple CPUs. Installed only on servers that have multiple CPUs. |
None |
|
Citrix CPU Utilization Mgmt/Resource Mgmt (ctxcpuSched) |
ctxcpusched.exe |
Local System/ Manual |
Manages resource consumption to enforce entitlement policies. |
Remote Procedure Call (RPC) |
|
Citrix Diagnostic Facility COM Server (CdfSvc) |
CdfSvc.exe |
NT AUTHORITY Network Service/Automatic |
Manages and controls diagnostic trace sessions, which diagnose problems on a XenApp server. |
Remote Procedure Call (RPC) |
|
Citrix Encryption Service |
encsvc.exe |
NT AUTHORITY Local Service/ Automatic |
Enables secure communication with RC5 128-bit encryption between Citrix plug-ins and XenApp. |
Windows Management Instrumentation Driver Extensions |
|
Citrix End User Experience Monitoring (Citrix EUEM) |
SemsService.exe |
Local Service/ Manual |
Collects and collates end-user experience measurements. |
Citrix SMC Support Driver |
|
Citrix Health Monitoring and Recovery (CitrixHealthMon) |
HCAService.exe |
NT AUTHORITY Local Service/ Automatic |
Provides health monitoring and recovery services in the event problems occur. |
Citrix Independent Management Architecture service |
|
Citrix Independent Management Architecture (IMAService) |
ImaSrv.exe |
NT AUTHORITY NetworkService/ Automatic |
Provides management services in the XenApp farm. |
Citrix Services Manager service, IPsec Policy Agent, Remote Procedure Call (RPC)m TCP/IP Protocol Driver, Server, Windows Management Instrumentation Driver Extensions, Workstation |
|
Citrix MFCOM Service (MFCom) |
mfcom.exe |
NT AUTHORITY NetworkService/ Automatic |
Provides COM services that allow remote connections from the management tools. |
Remote Procedure Call (RPC), Citrix Independent Management Architecture service, Citrix Services Manager service |
|
Citrix Print Manager Service (cpsvc) |
CpSvc.exe |
Local Service/Automatic |
Manages the creation of printers and driver usage within XenApp sessions. Supports the Citrix Universal Printing features. |
Print Spooler, Remote Procedure Call (RPC) |
|
Citrix Secure Gateway Proxy (CtxSecGwy) |
CtxSGSvc.exe |
NT AUTHORITY Network Service/ Automatic |
Proxy to the Citrix Secure Gateway server. |
None |
|
Citrix Services Manager (IMAAdvanceSrv) |
IMAAdvanceSrv.exe |
Local System /Automatic |
Provides XenApp with an interface to the operating system. Other services use this services for elevated operations. |
None |
|
Citrix Streaming Service (RadeSvc) |
RadeSvc.exe |
.Ctx_StreamingSvc /Automatic |
Manages the Citrix offline plug-in when streaming applications. |
Remote Procedure Call (RPC) |
|
Citrix Virtual Memory Optimization |
CTXSFOSvc.exe |
Local System /Manual |
Dynamically optimizes applications running on a XenApp server to free up server memory. |
None |
|
Citrix WMI Service (CitrixWMIservice) |
ctxwmisvc.exe |
NT AUTHORITY Local Service/Manual |
Provides the Citrix WMI classes for information and management purposes. |
Citrix Independent Management Architecture service , Citrix Services Manager service, IPsec Policy Agent, Remote Procedure Call (RPC), TCP/IP Protocol Driver, Server, Windows Management Instrumentation Driver Extensions, Workstation |
|
Citrix XML Service (CtxHttp) |
ctxxmlss.exe |
Network Service /Automatic |
Services XML data requests sent by XenApp components |
None |
|
Citrix XTE Server (CitrixXTEServer) |
XTE.exe |
NT AUTHORITY NetworkService /Manual |
Services network requests for session reliability and SSL from XenApp components. |
None |
Caution: Citrix does not recommend altering account permissions and privileges. If you delete the accounts or alter their permissions incorrectly, XenApp might not function correctly.
Permissions for Service User Accounts
This table lists the permissions associated with accounts XenApp services use.
|
Permissions |
Notes |
|
|
Local Service |
Limited |
NT AUTHORITYLocalService |
|
Network Service |
Limited, network resources |
NT AUTHORITYNetworkService |
|
Local System |
Administrator |
NT AUTHORITYSystem |
|
Ctx_StreamingSvc |
Domain or local user |
Acts as a User |
|
Ctx_ConfigMgr |
Domain or local user |
Acts as a Power User |
|
Ctx_CpuUser |
Domain or local user |
Acts as a User |
Privileges for Service User Accounts
If your organization requires that service accounts run as domain accounts and not as local accounts, you can create domain accounts to replace the Ctx_ConfigMgr and Ctx_CpuUser accounts before installing XenApp. Ensure the new account has the same privileges as the default account.
|
Local Service |
Network Service |
Ctx_ConfigMgr |
Ctx_CpuUser |
|
|
Change the system time |
x |
x |
||
|
Generate security audits |
x |
x |
||
|
Increase quotas |
x |
x |
||
|
Log on as a batch job |
x |
x |
x |
x |
|
Log on as a service |
x |
x |
x |
x |
|
Replace a process level token |
x |
x |
||
|
Debug programs |
x |
|||
|
Increase scheduling priority |
x |
Citrix does not support changing the account for the Citrix Streaming Service (Ctx_StreamingSvc), which has the privileges: log on as a batch job, log on as a service, backup files and directories, restore files and directories, deny log on locally, deny remote log on, and take ownership of files or other objects.
