Voici deux articles importants et intéressants à prendre en considération dans le cadre de l’implémentation d’infrastructures Citrix XenApp 4.x.
Sources :
http://hqextsrvsft01.citrix.com/article/CTX116391
http://hqextsrvsft01.citrix.com/article/CTX114669
List of Presentation Server 4.5 Service User Accounts and Default Permissions
Résumé
Cet article liste les différents comptes de services et permissions associées …
(en anglais. J’essaierai à l’occasion de traduire les noms de comptes et services en Français. Pour le moment voir les liens mentionnés ci-dessus …CTX116391 // CTX114669)
Background
The accounts detailed below may have associated impacts on Active Directory and local Group Policy objects, as well as permissions, and should not be modified. Because two of these accounts are granted power user rights, some customers may be tempted to modify or remove them. If either of the two new accounts described below are deleted or permissions are altered, Citrix Presentation Server may not function properly.
Service user accounts/permissions
Account Name | Permissions | Notes |
Local Service | Minimal | NT AUTHORITY\LocalService |
Network Service | Minimal, network resources | NT AUTHORITY\NetworkService |
Local System | Administrator | NT AUTHORITY\System |
ctx_cpsvcuser | Domain or local user | Acts as a power user |
Ctx_StreamingSvc | Domain or local user | Acts as a user |
Ctx_ConfigMgr | Domain or local user | Acts as a power user |
Ctx_CpuUser | Domain or local user | Acts as a user |
Note: The Ctx_CpuUser account and its related services do not appear unless multiple processors are configured/available during the Presentation Server installation process.
Service user account policy settings
Policies | Local Service | Network Service | ctx_cpsvcuser | Ctx_StreamingSvc | Ctx_ConfigMgr | Ctx_CpuUser |
Change the system time | X | |||||
Generate security audits | X | X | ||||
Increase quotas | X | X | ||||
Load and unload device drivers | X | |||||
Log on as a batch job | X | X | X | X | X | X |
Log on as a service | X | X | X | X | X | |
Replace a process level token | X | X | X | |||
Restore files and directories | X | |||||
Debug programs | X | |||||
Increase scheduling priority | X |
—————————————->
Citrix Presentation Server Services Overview
Summary
This document gives an overview of the system services that are installed with a complete Citrix Presentation Server 4.x installation.
Default Presentation Server 4.x System Services
Service Name | Executable | Logon Account / Startup Type | Description | Dependencies |
Citrix ActiveSync Service (with PSE450W2K3R01 and x64R01) | Ctxactivesync.exe | NT AUTHORITY\LocalServiceAutomatic | Supports ActiveSync in ICA sessions | Citrix Services ManagerHTTP |
Citrix ADF Installer Service (ADF Installer Service) | AgentSVC.exe | Local System AccountPresentation Server 4.0: AutomaticPresentation Server 4.5: Disabled | Used by Installation Manager in Enterprise and Platinum versions to install packages onto Presentation Servers | Remote Procedure CallWindows Management Instrumentation Driver Extensions |
Citrix Client Network (Client Network) | cdmsvc.exe | Local System AccountAutomatic | Handles the mapping of client drives and peripherals within ICA sessions | Client Drive Mapping (CDM)Windows Management Instrumentation Driver ExtensionsWorkstation |
Citrix CPU Utilization Mgmt/CPU Rebalancer (requires multiple CPUs) | ctxcpubal.exe | Local System AccountAutomatic | Enhances resource management across multiple CPUs | None |
Citrix CPU Utilization Mgmt/Resource Mgmt | ctxcpusched.exe | Local System AccountManual | Used in Enterprise and Platinum versions to manage resource consumption | Remote procedure call |
Citrix CPU Utilization Mgmt/User-Session Sync (4.0 only) | ctxcpuusync.exe | Local System AccountManual | Used in Enterprise version to synchronize user IDs of processes with their respective owner | None |
Citrix Diagnostic Facility COM Server (Diagnostic Facility COM Server) | CdfSvc.exe | NT AUTHORITY\NetworkServiceAutomatic | Manages Diagnostic Facility tracing when used to diagnose problems with the Citrix Server | Remote procedure call |
Citrix Encryption Service (Encryption Service) | encsvc.exe | NT AUTHORITY\LOCAL SERVICEAutomatic | Handles encryption between the client device and the Citrix Server | Windows Management Instrumentation Driver Extensions |
Citrix Health Monitoring and Recovery (4.5 only) | HCAService.exe | NT AUTHORITY\LocalServiceAutomatic | Provides health monitoring and recovery services in the event problems occur | None |
Citrix Independent Management Architecture(Independent Management Architecture) | ImaSrv.exe | NT AUTHORITY\NetworkServiceAutomatic | Provides management services within the Citrix farm | Citrix Services ManagerIPSEC ServicesIPSEC driverRemote procedure callTCP/IP Protocol DriverServer
Windows Management Instrumentation Driver Extensions Workstation |
Citrix License Management Console(License server only) | tomcat.exe | NT AUTHORITY\LocalServiceAutomatic | Provides the web-based interface for licensing administration | None |
Citrix Licensing WMI (License server only) | Citrix_GTLicensingProv.exe | NT AUTHORITY\LocalServiceAutomatic | Provides information and notification regarding licensing events on the license server | Remote procedure call |
Citrix MFCOM Service (MetaFrame COM Server) | mfcom.exe | Presentation Server 4.0:Local System AccountPresentation Server 4.5: NT Authority\NetworkServiceAutomatic | Provides COM services which allow remote connections of the management consoles | Remote procedure callWindows Management Instrumentation Driver Extensions |
Citrix Print Manager Service | CpSvc.exe | Presentation Server 4.0: .\Ctx_SmaUserPresentation Server 4.5: .\ctx_cpsvcuserAutomatic | Handles the creation of printers and driver usage within Citrix sessions | Print SpoolerRemote Procedure Call |
Citrix Resource Manager Mail (Resource Manager Mail) | MailService.exe | Presentation Server 4.0: Local System AccountPresentation Server 4.5: nt authority\localserviceManual | Used in Enterprise and Platinum versions to send email alerts when thresholds in the server farm have been exceeded | None |
Citrix Services Manager (4.5 only) | IMAAdvanceSrv.exe | Local System AccountAutomatic | Allows the components of Presentation Server to interface with the operating system | None |
Citrix SMA Service | SmaService.exe | Presentation Server 4.0: .\Ctx_SmaUserPresentation Server 4.5: NT AUTHORITY\LocalServiceAutomatic | Monitors the event log and Citrix WMI to raise alerts in the Access Suite Console (4.0) or Access Management Console (4.5) | Independent Management ArchitectureCitrix Services ManagerIPSEC ServicesIPSEC driverRemote procedure callTCP/IP Protocol Driver
Server Windows Management Instrumentation Driver Extensions Workstation |
Citrix Streaming Service (4.5 only) | RadeSvc.exe | .\Ctx_StreamingSvcAutomatic | Used in Enterprise and Platinum versions to manage the Citrix Streaming Client when streaming applications | Remote procedure call |
Citrix Virtual Memory Optimization | CTXSFOSvc.exe | Local System AccountManual | Used in Enterprise and Platinum versions to rebase .dlls in order to free up server memory | None |
Citrix WMI Service | ctxwmisvc.exe | Presentation Server 4.0: Local System AccountPresentation Server 4.5: NT AUTHORITY\LocalServiceManual | Used to provide the Citrix WMI classes for information and management purposes | Independent Management ArchitectureCitrix Services ManagerIPSEC ServicesIPSEC driverRemote procedure callTCP/IP Protocol Driver
Server Windows Management Instrumentation Driver Extensions Workstation |
Citrix XTE Server | XTE.exe | Presentation Server 4.0: Local System AccountPresentation Server 4.5: NT AUTHORITY\NetworkServiceManual | Handles SSL Relay and Session Reliability functionality | None |
CitrixLicensing(License server only) | lmgrd.exe | NT AUTHORITY\LocalServiceAutomatic | Handles allocation of licenses on the license server | NetworkProvider |