Product Documentation

Planning Your Printing Configuration

May 07, 2015

Choosing the most appropriate printing configuration options for your needs and environment can simplify administration. Without performing any printing configurations, users can print in most environments. However, users might not get the printing experience they expect and default printing configurations might not be appropriate for your environment.

Your printing configuration depends upon:

  • Your business needs and your existing printing infrastructure. Design your printing configuration around the needs of your organization. Your existing printing implementation (user’s ability to add printers, which users have access to what printers, and so on) might be a useful guide when defining your XenApp printing configuration.
  • If your organization has security policies that reserve printers for certain users (for example, printers for Human Resources or payroll).
  • If users need to print while away from their primary work location; for example, workers who move between workstations or travel on business.

When designing your printing configuration, try to give users the same experience in a session as they have when they print when working on their local client devices.

Default Printing Behavior

Updated: 2015-05-08

By default, if you do not configure any policy rules, XenApp printing behavior is as follows:

  • All printers configured on the client device are created automatically at the beginning of each session. This behavior is equivalent to configuring the Citrix policy setting Auto-create client printers with the Auto-create all client printers option.
  • XenApp routes all print jobs queued to printers locally attached to client devices as client print jobs (that is, over the ICA channel and through the client device).
  • XenApp routes all print jobs queued to network printers directly from the server hosting the published application. If XenApp cannot route the jobs over the network, it will route them through the client device as a redirected client print job. This behavior is equivalent to disabling the Citrix policy setting Direct connection to print servers.
  • XenApp retains all properties and settings users configure for printers they provision themselves in sessions. XenApp stores printing properties on the client device. If the client device does not support this operation, XenApp stores printing properties in the user profile for that user. This behavior is equivalent to configuring the Citrix policy setting Printer properties retention with the Held in profile only if not saved on client option.
  • XenApp uses the Windows version of the printer driver if it is available on the server hosting the application. If the printer driver is not available, the XenApp server attempts to install the driver from the Windows operating system. If the driver is not available in Windows, it uses one of the Citrix Universal printer drivers. This behavior is equivalent to enabling the Citrix policy setting Automatic installation of in-box printer drivers and configuring the Universal printing setting with the Use universal printing only if requested driver is unavailable.
Note: If you are unsure about what the shipping defaults are for printing, display them by creating a new policy and setting all printing policy rules to Enabled. The option that appears is the default.

Printing Policy Configuration

When users access printers from published applications, you can configure XenApp policies to specify:
  • How printers are provisioned (or added to sessions)
  • How print jobs are routed
  • How printer drivers are managed

You can have different printing configurations for different client devices or users or any other objects on which policies are filtered. You must understand the ramifications of setting the options in printing policies, so review the information in the printing topics carefully before configuring them. See Configuring and Maintaining XenApp Printing for configuration details.

Printing Security

Client printing can, potentially, let a user from one session use another user’s printer in a different session. Unlike network printer connections, client printers auto-created in a XenApp session are local printers managed by the local print provider and Citrix spooler extensions. The local print provider maintains a single shared namespace for all local printers on a server. This means that a user’s client printers may be visible and potentially accessible to users from other sessions on the server.

By default, the XenApp printer naming convention helps combat this problem by avoiding the potential for printers and ports to be shared between sessions. Printers connected through a pass-through server use the session ID to identify the printer uniquely, keeping the remainder of the name the same. This allows the user to identify both the printer and client it is connected to, without identifying which pass-through server through which it might have connected.

In addition, to increase client printing security, access to the client printers is restricted to:

  • The account that the print manager service runs in (default: Ctx_cpsvcuser)
  • Processes running in the SYSTEM account such as the spooler
  • Processes running in the user’s session

Windows security blocks access to the printer from all other processes on the system. Furthermore, requests for services directed to the print manager must originate from a process in the correct session. This prevents bypassing the spooler and communicating directly with CpSvc.exe.

As an administrator, if you need to adjust security settings of a printer in another session, you can do so through Windows Explorer.

Note: If you want to control access to printers in other sessions, add the AdminsCanManageClientPrinters bit flag to default print flags in the system registry of your server. For more information, see the Citrix Knowledge Center article Advanced Printing Configuration in XenApp 6.x and XenDesktop 5.x.

Purchasing Printing Hardware

Before purchasing printers for your organization, Citrix recommends finding out if the printer models that you are considering were tested for multiuser environments, such as Windows Remote Desktop Services environments and Citrix XenApp.

When purchasing a printer, make sure that it is PCL or PS compatible. Also, make sure the printer is not a host-based printer. Host-based printers use the processor on the host computer to generate print jobs; they are often labeled as “GDI,” “HOST only,” or “LIDL.” Because these printers require software on the client device to generate the print job, they are difficult to run in a XenApp environment.

Whether printers work in a XenApp environment is determined by the printer manufacturer, not by Citrix. To determine if a printer model supports XenApp, contact the manufacturer or see the Citrix Ready product guide at