Alerts     Sign In
Rate this Article:
You must be signed in to rate again
 Article Feedback Print View
Alternate Languages: N/A

Limitations of Non-administrative Installations of the Secure Access Client

Document ID: CTX114532   /   Created On: Oct 16, 2007   /   Updated On: Dec 5, 2007
Average Rating: not yet rated

Summary

This article describes the limitations of the Citrix Secure Access Client if it is installed for an account that does not belong to the local Administrators group.

Background

The Secure Access Client can be installed by clicking Connect on the Citrix Access Gateway portal page, or by launching the Secure Access Client installation program CitrixSAClient.exe.

Installation using accounts belonging to the local Administrators group

When the Secure Access Client is installed using an account that belongs to the local Administrators group, three core components are installed:

• The graphical user interface.

• The Virtual Private Network (VPN) client (Net6vpn.exe). This is a user space module that maintains the client’s SSL tunnels to the Access Gateway, sending data back and forth.

• The Network Driver Interface Specification (NDIS) kernel driver (net6im5x.sys). This NDIS intermediate driver inspects all packets leaving the stack.

The NDIS kernel driver intercepts all packets and determines if the packet should be sent to the VPN network, and spawns new connections with the VPN client when needed. The VPN client then creates and maintains the SSL connections with the Access Gateway.

Refer to the following screen shot:

Installation using accounts not belonging to the local Administrators group

When the Secure Access Client is installed using an account that does not belong to the local Administrators group, the NDIS kernel driver (net6im5x.sys) is not installed.

Traffic is intercepted at the Winsock Transmission Control Protocol layer. This puts some constraints on functionality, because not all applications use Winsock Application Program Interfaces (APIs) to open network connections.

Refer to the following screen shot:

More Information

After the Secure Access Client is installed using an account that does not belong to the local Administrators group, the client converts to a full client and installs the NDIS kernel driver when it is run by an account that belongs to the local Administrators group.

The NDIS kernel driver will not be installed even if local administrator-like permissions are assigned to the user account. The user account must belong to the local Administrators group to install the NDIS kernel driver; this behavior is by design.


This document applies to:

Search
Knowledge Center
Advanced Search
XenApp
XenApp Plugins (Clients)
XenServer
XenDesktop
NetScaler Application Delivery
Access Gateway
EdgeSight
Provisioning Server
WANScaler
Password Manager
>> View All Products
Does it work with Citrix? Verify it - introducing the new Citrix Ready Community Verified
©1999-2008 Citrix Systems, Inc. All rights reserved.