List of XenApp 6.5 Service User Accounts and Default Permissions

XenApp Service Account Privileges

Updated: 2011-06-24

These tables provide information about the services installed by default with XenApp, their accounts, associated permissions, and privileges.

XenApp Services Overview

This table lists the display name for the service, which is the name that appears in the Services panel. When the display name and the service name differ, the table provides service name in (parentheses). The Dependencies column lists the system components, such as Windows services, Citrix services, or drivers, on which the service depends. The Dependencies column also includes subdependencies that might not appear on the Dependencies tab for the service.

Licensing services, which are not listed here, might also appear if the license server is installed on the same server as XenApp.

Display Name (Service Name)

Executable

Logon Account / Startup Type

Description

Dependencies

Citrix 64-bit Virtual Memory Optimization

ctxsfosvc64.exe

Local System/ Manual

Dynamically optimizes 64-bit applications running on a XenApp server.

None

Citrix Client Network (CdmService)

cdmsvc.exe

Local System/ Automatic

Maps client drives and peripherals for access in sessions.

Client Drive Mapping (CDM), Windows Management Instrumentation Driver Extensions, Workstation

Citrix CPU Utilization Mgmt/CPU Rebalancer (CTXCPUBal)

ctxcpubal.exe

.ctx_cpuuser/Manual

Enhances resource management across multiple CPUs. Installed only on servers that have multiple CPUs.

None

Citrix CPU Utilization Mgmt/Resource Mgmt (ctxcpuSched)

ctxcpusched.exe

Local System/ Manual

Manages resource consumption to enforce entitlement policies.

Remote Procedure Call (RPC)

Citrix Diagnostic Facility COM Server (CdfSvc)

CdfSvc.exe

NT AUTHORITY Network Service/Automatic

Manages and controls diagnostic trace sessions, which diagnose problems on a XenApp server.

Remote Procedure Call (RPC)

Citrix Encryption Service

encsvc.exe

NT AUTHORITY Local Service/ Automatic

Enables secure communication with RC5 128-bit encryption between Citrix Receiver and XenApp.

Windows Management Instrumentation Driver Extensions

Citrix End User Experience Monitoring (Citrix EUEM)

SemsService.exe

Local Service/ Manual

Collects and collates end-user experience measurements.

Citrix SMC Support Driver

Citrix Health Monitoring and Recovery (CitrixHealthMon)

HCAService.exe

NT AUTHORITY Local Service/ Automatic

Provides health monitoring and recovery services in the event problems occur.

Citrix Independent Management Architecture service

Citrix Independent Management Architecture (IMAService)

ImaSrv.exe

NT AUTHORITY NetworkService/ Automatic

Provides management services in the XenApp farm.

Citrix Services Manager service, IPsec Policy Agent, Remote Procedure Call (RPC), TCP/IP Protocol Driver, Server, Windows Management Instrumentation Driver Extensions, Workstation

Citrix MFCOM Service (MFCom)

mfcom.exe

NT AUTHORITY NetworkService/ Automatic

Provides COM services that allow remote connections from the management tools.

Remote Procedure Call (RPC), Citrix Independent Management Architecture service, Citrix Services Manager service

Citrix Print Manager Service (cpsvc)

CpSvc.exe

Local Service/Automatic

Manages the creation of printers and driver usage within XenApp sessions. Supports the Citrix Universal Printing features.

Print Spooler, Remote Procedure Call (RPC)

< p>Citrix Secure Gateway Proxy (CtxSecGwy)

CtxSGSvc.exe

NT AUTHORITY Network Service/ Automatic

Proxy to the Citrix Secure Gateway server.

None

Citrix Services Manager (IMAAdvanceSrv)

IMAAdvanceSrv.exe

Local System /Automatic

Provides XenApp with an interface to the operating system. Other services use this services for elevated operations.

None

Citrix Streaming Service (RadeSvc)

RadeSvc.exe

.Ctx_StreamingSvc /Automatic

Manages the Citrix Offline Plug-in when streaming applications.

Remote Procedure Call (RPC)

Citrix Virtual Memory Optimization

CTXSFOSvc.exe

Local System /Manual

Dynamically optimizes applications running on a XenApp server to free up server memory.

None

Citrix WMI Service (CitrixWMIservice)

ctxwmisvc.exe

NT AUTHORITY Local Service/Manual

Provides the Citrix WMI classes for information and management purposes.

Citrix Independent Management Architecture service , Citrix Services Manager service, IPsec Policy Agent, Remote Procedure Call (RPC), TCP/IP Protocol Driver, Server, Windows Management Instrumentation Driver Extensions, Workstation

Citrix XML Service (CtxHttp)

ctxxmlss.exe

Network Service /Automatic

Services XML data requests sent by XenApp components

None

Citrix XTE Server (CitrixXTEServer)

XTE.exe

NT AUTHORITY NetworkService /Manual

Services network requests for session reliability and SSL from XenApp components.

None

Caution: Citrix does not recommend altering account permissions and privileges. If you delete the accounts or alter their permissions incorrectly, XenApp might not function correctly.

Permissions for Service User Accounts

This table lists the permissions associated with accounts XenApp services use.

Account Name

Permissions

Notes

Local Service

Limited

NT AUTHORITYLocalService

Network Service

Limited, network resources

NT AUTHORITYNetworkService

Local System

Administrator

NT AUTHORITYSystem

Ctx_StreamingSvc

Domain or local user

Acts as a User

Ctx_ConfigMgr

Domain or local user

Acts as a Power User

Ctx_CpuUser

Domain or local user

Acts as a User

Privileges for Service User Accounts

If your organization requires that service accounts run as domain accounts and not as local accounts, you can create domain accounts to replace the Ctx_ConfigMgr and Ctx_CpuUser accounts before installing XenApp. Ensure the new account has the same privileges as the default account.

Privileges

Local Service

Network Service

Ctx_ConfigMgr

Ctx_CpuUser

Change the system time

x

x

   

Generate security audits

x

x

   

Increase quotas

x

x

   

Log on as a batch job

x

x

x

x

Log on as a service

x

x

x

x

Replace a process level token

x

x

   

Debug programs

     

x

Increase scheduling priority

     

x

Citrix does not support changing the account for the Citrix Streaming Service (Ctx_StreamingSvc), which has the privileges: log on as a batch job, log on as a service, backup files and directories, restore files and directories, deny log on locally, deny remote log on, and take ownership of files or other objects.

 

Source: XenApp Service Account Privileges

Leave a Reply

Your email address will not be published. Required fields are marked *