Product Documentation

XenApp Service Account Privileges

Aug 24, 2017

These tables provide information about the services installed by default with XenApp, their accounts, associated permissions, and privileges.

XenApp Services Overview

This table lists the display name for the service, which is the name that appears in the Services panel. When the display name and the service name differ, the table provides service name in (parentheses). The Dependencies column in the table lists the system components, such as Windows services, Citrix services, or drivers, on which the service depends. The Dependencies column also includes subdependencies that might not appear on the Dependencies tab for the service.

Licensing services, which are not listed here, might also appear if the license server is installed on the same server as XenApp.

Display Name (Service Name) Executable Logon Account / Startup Type Description Dependencies
Citrix 64-bit Virtual Memory Optimization ctxsfosvc64.exe Local System/ Manual Dynamically optimizes 64-bit applications running on a XenApp server. None
Citrix Client Network (CdmService) cdmsvc.exe Local System/ Automatic Maps client drives and peripherals for access in sessions. Client Drive Mapping (CDM), Windows Management Instrumentation Driver Extensions, Workstation
Citrix CPU Utilization Mgmt/CPU Rebalancer (CTXCPUBal) ctxcpubal.exe .\ctx_cpuuser/Manual Enhances resource management across multiple CPUs. Installed only on servers that have multiple CPUs. None
Citrix CPU Utilization Mgmt/Resource Mgmt (ctxcpuSched) ctxcpusched.exe Local System/ Manual Manages resource consumption to enforce entitlement policies. Remote Procedure Call (RPC)
Citrix Diagnostic Facility COM Server (CdfSvc) CdfSvc.exe NT AUTHORITY\ Network Service/Automatic Manages and controls diagnostic trace sessions, which diagnose problems on a XenApp server. Remote Procedure Call (RPC)
Citrix Encryption Service encsvc.exe NT AUTHORITY\ Local Service/ Automatic Enables secure communication with RC5 128-bit encryption between Citrix plug-ins and XenApp. Windows Management Instrumentation Driver Extensions
Citrix End User Experience Monitoring (Citrix EUEM) SemsService.exe Local Service/ Manual Collects and collates end-user experience measurements. Citrix SMC Support Driver
Citrix Health Monitoring and Recovery (CitrixHealthMon) HCAService.exe NT AUTHORITY\ Local Service/ Automatic Provides health monitoring and recovery services in the event problems occur. Citrix Independent Management Architecture service
Citrix Independent Management Architecture (IMAService) ImaSrv.exe NT AUTHORITY\ NetworkService/ Automatic Provides management services in the XenApp farm. Citrix Services Manager service, IPsec Policy Agent, Remote Procedure Call (RPC)m TCP/IP Protocol Driver, Server, Windows Management Instrumentation Driver Extensions, Workstation
Citrix MFCOM Service (MFCom) mfcom.exe NT AUTHORITY\ NetworkService/ Automatic Provides COM services that allow remote connections from the management tools. Remote Procedure Call (RPC), Citrix Independent Management Architecture service, Citrix Services Manager service
Citrix Print Manager Service (cpsvc) CpSvc.exe Local Service/Automatic Manages the creation of printers and driver usage within XenApp sessions. Supports the Citrix Universal Printing features. Print Spooler, Remote Procedure Call (RPC)
Citrix Secure Gateway Proxy (CtxSecGwy) CtxSGSvc.exe NT AUTHORITY\ Network Service/ Automatic Proxy to the Citrix Secure Gateway server. None
Citrix Services Manager (IMAAdvanceSrv) IMAAdvanceSrv.exe Local System /Automatic Provides XenApp with an interface to the operating system. Other services use this services for elevated operations. None
Citrix Streaming Service (RadeSvc) RadeSvc.exe .\Ctx_StreamingSvc /Automatic Manages the Citrix offline plug-in when streaming applications. Remote Procedure Call (RPC)
Citrix Virtual Memory Optimization CTXSFOSvc.exe Local System /Manual Dynamically optimizes applications running on a XenApp server to free up server memory. None
Citrix WMI Service (CitrixWMIservice) ctxwmisvc.exe NT AUTHORITY\ Local Service/Manual Provides the Citrix WMI classes for information and management purposes. Citrix Independent Management Architecture service , Citrix Services Manager service, IPsec Policy Agent, Remote Procedure Call (RPC), TCP/IP Protocol Driver, Server, Windows Management Instrumentation Driver Extensions, Workstation
Citrix XML Service (CtxHttp) ctxxmlss.exe Network Service /Automatic Services XML data requests sent by XenApp components None
Citrix XTE Server (CitrixXTEServer) XTE.exe NT AUTHORITY\ NetworkService /Manual Services network requests for session reliability and SSL from XenApp components. None
 

Important

Citrix does not recommend altering account permissions and privileges. If you delete the accounts or alter their permissions incorrectly, XenApp might not function correctly.

An exception is the ctx_cpuuser account that is used by the Citrix CPU utilization management feature. If you do not need to use this feature, you can disable or delete this account.

Permissions for Service User Accounts

This table lists the permissions associated with accounts XenApp services use.

Account Name Permissions Notes
Local Service Limited NT AUTHORITY\LocalService
Network Service Limited, network resources NT AUTHORITY\NetworkService
Local System Administrator NT AUTHORITY\System
Ctx_StreamingSvc Domain or local user Acts as a User
Ctx_ConfigMgr Domain or local user Acts as a Power User
Ctx_CpuUser Domain or local user Acts as a User

Privileges for Service User Accounts

If your organization requires that service accounts run as domain accounts and not as local accounts, you can create domain accounts to replace the Ctx_ConfigMgr and Ctx_CpuUser accounts before installing XenApp. Ensure the new account has the same privileges as the default account.
Privileges Local Service Network Service Ctx_ConfigMgr Ctx_CpuUser
Change the system time x x    
Generate security audits x x    
Increase quotas x x    
Log on as a batch job x x x x
Log on as a service x x x x
Replace a process level token x x    
Debug programs       x
Increase scheduling priority       x

Citrix does not support changing the account for the Citrix Streaming Service (Ctx_StreamingSvc), which has the privileges: log on as a batch job, log on as a service, backup files and directories, restore files and directories, deny log on locally, deny remote log on, and take ownership of files or other objects.