ICA Clients and Program Neighborhood

ICA Clients and Program Neighborhood

After the installation of Citrix MetaFrame, the core functionalities of a terminal server, in principle, behave the same as before. The main difference, however, lies in the support of ICA clients. Besides RDP clients, ICA clients handle the input and output of remote user interactions. The spectrum of supported client platforms is much larger for ICA than for RDP.

The basic functionalities of all ICA clients for the different platforms are the same, although naturally there are platform-dependent differences. Also, the configuration of the different clients cannot be identical because of the differences between the target platforms. All ICA clients allow the configuration of certain basic parameters, such as network settings, bitmap caching, supported color depth, window size, user authentication, and initially started applications. In addition, some clients allow the integration of audio, encryption, and remote software updates.

Available ICA Clients

The ICA client is the component used to display the graphical output of MetaFrame sessions, accept user input, and communicate with MetaFrame servers over the ICA protocol. At the time this book was written, ICA clients were available in the following versions:

  • 32-bit Windows ICA client 7.0 for Windows Server 2003, Windows XP, Windows XP Embedded, Windows 2000, Windows NT, and Windows 95/98/ME. The ICA client for 32-bit Windows is used independently of the start up method of a user session or of a published application—either from the Program Neighborhood, from the Program Neighborhood Agent, from Microsoft Internet Explorer, or from Netscape Navigator. The ICA client contains all standard features including automatic printer recognition, universal printer drivers, and remapping of all clipboard standard formats. Compared with its predecessors, this version offers user-defined window shapes (such as rounded corners on applications in seamless mode), a Program Neighborhood Agent administration tool, automatic client reconnection improvements, dynamic client name support, and support for certificate revocation list checking.

  • 16-bit Windows ICA client 6.3 for Windows 3.1 (in Enhanced Mode) and Windows 3.11. The ICA client for 16-bit Windows does not support the seamless mode for applications, universal printer drivers, or the Program Neighborhood.

  • Windows CE for Windows-based Terminals ICA client 6.3 for Windows CE. This ICA client does not support the seamless mode for applications and universal printer drivers and does support a reduced version of Program Neighborhood.

  • DOS ICA client 4.21 for 32-bit DOS and ICA client 4.0 for 16-bit DOS. These ICA clients support only basic functionalities to access desktops and published applications. The 32-bit version contains an integrated DOS extender, which reduces the amount of conventional memory used.

  • Java ICA client 7.0 for all platforms with an installed Java Virtual Machine (JVM). Java Development Kit (JDK) 1.0 and 1.1 are supported. The ICA client for Java includes almost all standard features except for universal printer driver support, and RTF and graphics exchange via clipboard.

  • OS/2 ICA client 6.012 for OS/2. This ICA client does not support the seamless mode for applications and universal printer drivers and does support only a reduced version of Program Neighborhood.

  • UNIX ICA client 6.3 for Sun Solaris (SPARC), HP-UX, IBM AIX, Silicon Graphics IRIX, and Linux. The ICA clients for these platforms include almost all standard features except for universal printer driver support and Program Neighborhood.

  • Macintosh ICA client 6.3 for Mac OS X. The ICA client for Macintosh does not support the seamless mode for applications, universal printer drivers, or the Program Neighborhood.

  • Pocket PC, Symbian, and EPOC The ICA clients for these platforms do not support the seamless mode for applications, universal printer drivers, or even the reduced version of Program Neighborhood (except for Pocket PC).

The Program Neighborhood Concept

The ICA client, which is used under 32-bit Windows, can be integrated into a more general ICA environment. This environment makes all necessary interaction elements available for users who want to work on a client platform and want to start an ICA user session. Citrix calls the associated concept Program Neighborhood, a name that reminds one of the well-known term Network Neighborhood. The ICA client is not visible onscreen initially in the Program Neighborhood environment; it is only a user interface that includes the icons for published desktops and published applications. Only if an ICA user session is started by clicking one of these icons does the associated ICA client open.

The core component of the 32-bit Windows ICA client is represented by the Wfica.exe executable file. The ICA client is completed by accompanying DLLs providing optional functionalities and a set of .ini files with configuration parameters. Only the additional components provide the complete set of functionalities—in the maximum version this is the full Program Neighborhood. There are, however, additional variants of the ICA client environment, which serve different purposes.

  • Full ICA Win32 Program Neighborhood client With the help of this client environment, a user logs on to a MetaFrame server farm only once. Afterward, the user can see all desktop icons and published application icons for which he or she has the appropriate permissions. To support this functionality, the client takes advantage of a dedicated program that includes a number of options to control the organization and combination of the desktop and application icons.

  • Program Neighborhood Agent This client environment does not allow any modification by the user, but it contains all the functionalities of the full Program Neighborhood. All default settings come from an administrator exclusively. The references to all assigned desktops and published applications are placed in the Start menu hierarchy or on the client desktop.

  • Web client This client environment contains only the “raw” ICA client, which can be used from a predefined Web page from within a portal. All functionalities for the graphical presentation of desktop icons or published application icons are missing. The use of the Web client will be described in more detail in Chapter 13.

But why did Citrix introduce such a complicated client concept? The answer can be derived from the two most important tasks an ICA client environment performs: First, this Citrix client has to locate and to aggregate all application resources on the MetaFrame servers that are available to the logged on user. Second, the client has to establish a remote user session using the ICA protocol. This results in significantly extended requirements concerning the Program Neighborhood when compared to a standard ICA client, which accesses only the desktops of predefined servers. The Program Neighborhood focuses particularly on the user-specific graphical presentation of available desktops and published applications. This is the reason why the user interface of the Program Neighborhood primarily concentrates on the localization and aggregation requirements. Thus, the organization of the connection options is highlighted in the Program Neighborhood while the pure ICA connections have a lower relevance.

Configuration Files

All configuration settings of the Program Neighborhood presented in the following discussion are stored in .ini files, not the registry. This is the case for both global and user-specific settings. The following list gives a rough overview of the configuration files and their location in the system folder hierarchy.

The following configuration files are stored in the user profile of each individual user:

  • Appsrv.ini Located in the %UserProfile%\Application Data\ICAClient folder: This file contains all settings of the user-defined ICA connections.

  • Pn.ini Located in the %UserProfile%\Application Data\ICAClient folder: This file stores the application sets of the server farms. However, this file does not exist if the Web client or the Program Neighborhood Agent is used.

  • Wfclient.ini Located in the %UserProfile%\Application Data\ICAClient folder: This file contains the General page settings accessed from Tools\ICA Settings menu item in the full Program Neighborhood client. Additionally, this file allows the modification of the settings for the color depth, the window size, and the remapping of the client COM interfaces.

  • Uistate.ini Located in the %UserProfile%\Application Data\ICAClient folder: This file stores information concerning the window parameters of ICA session. Whenever an ICA session is finished, the data in this file is modified.

The following configuration files are stored on the client platform:

  • Module.ini Located in the %ProgramFiles%\Citrix\ICA-Client folder: This file contains all information concerning the required client modules and drivers that must be loaded to comply with the predefined functionalities of the Program Neighborhood and the ICA client.

  • Wfcname.ini Located in the %SystemDrive% folder: This file contains the ICA client name. This information is also stored in the registry key HKLM\Software\Citrix\ICA Client\ClientName. Version 7 of the ICA clients neither creates this file nor writes this client name to the registry key if the option to support dynamic client names was selected.

  • Webica.ini Located in the %Windir% folder: This file controls the access to local drives.

These .ini files make it easy to create predefined settings before the Program Neighborhood is installed on a client platform. The Appsrv.ini, Module.ini, and Pn.ini configuration files are specifically well-suited for this purpose. The sources for these configuration files are included in the ICA client installation packages and have the file extension .src. During installation, the .src files are used to create the .ini files.

The Full Program Neighborhood Client

A full Program Neighborhood client allows the configuration and the launch of both user-defined ICA connections and published applications that were installed on individual MetaFrame servers or server farms. The use of seamless application windows can also be initiated over this client. The full Program Neighborhood client can also display all enterprise-wide published applications to the users authorized accordingly and arrange the application icons into groups. One more feature of this client is the option to place remote application icons on the client desktop and to create references to remote applications in the client Start menu.


Over time, probably all client platforms supported by Citrix will be able to take advantage of the concept of the Program Neighborhood as far as technically possible. Nevertheless, older ICA clients will also be able to cooperate with modern MetaFrame servers because most older ICA clients include the core functionalities to access published applications.

Now, which concrete functionalities are provided by the Program Neighborhood? It allows displaying the icons of application sets, which are made available for users or user groups over different MetaFrame server farms. In addition, users can manually create custom ICA connections to individual published applications or to the desktops of selected servers within the full Program Neighborhood.

From a technical perspective, Program Neighborhood clients have to contact the zone data collector of the desired server farms to receive the associated user- specific information about published applications. For this purpose, the Program Neighborhood client addresses any of the MetaFrame servers within the farm. This MetaFrame server redirects the communication request to the responsible data zone collector, which holds all information about published applications and authorization structures. The answer to the client request contains the list of all applications, including the associated icons and the user permissions. The data flow of the feedback is directed through the same network nodes as the initial request.

If a user initiates the start of a published application, the zone data collector must be contacted again. After all, it is possible that the selected application will not be started on the same MetaFrame server that was involved in the initial communication. This can occur if the selected application is not published on this server (but on any other MetaFrame server within the farm) or if the load-balancing algorithm selects another server. Only the zone data collector decides which server within the farm answers the published application connection request. When all this preparation work is done, the real ICA connection can be established to the target server and the user session is started. The user session can be either a complete desktop or a published application in seamless mode.


After the Citrix MetaFrame XP Presentation Server is installed and the ICA Client Distribution Wizard is executed, the ICA client software package will be located in the %SystemRoot%\System32\Clients\ica server folder. The required source files can be found on the MetaFrame XP Component CD. As an alternative, the installation packages can also be made available on a network share.

Basically, three different formats of installation packages are available for the Program Neighborhood client: an executable installation file (Ica32.exe), a CAB file (Ica32.cab), and a Microsoft Installer package (Ica32.msi). There is no functional difference between the packages; they are, however, suitable for different installation procedures. The size of the installation packages lies within the range of 3 MB.

A wizard controls the installation of a 32-bit Windows Program Neighborhood client, and it is accomplished quite quickly. The only dialog box, which requires substantial input, is related to the assignment of an unambiguous client name and the decision on whether local user information is used to open user sessions automatically (pass-through authentication).

As described in the section “Going Through the Installation” earlier in this chapter, during the installation of a MetaFrame server it is possible to select whether the Program Neighborhood client is installed with the pass-through authentication option activated. But does it make any sense to install the ICA client environment on a MetaFrame server? The answer is quite simple: There are situations where a MetaFrame server should behave like a Program Neighborhood client.

Even if this statement seems a contradiction in terms, the explanation is easy to understand. In a load-balancing group of MetaFrame servers, some applications might affect the individual servers in a negative way. This can occur with 16-bit applications or very resource-intensive 32-bit applications. To make matters even worse, the MetaFrame server memory management might hit a limit if a large number of different applications are executed at the same time on the same server. It can also be a basic requirement for some environments that only remote applications may be used on a MetaFrame server, but not its complete desktop.

In these cases, administrators have the opportunity to install the critical applications or to give access to a critical desktop on a separate multi-user server. The applications or the desktop can then be published via the Citrix ICA protocol; thus, they can be made available for other computers with an installed ICA client. The standard MetaFrame server in such a scenario simply provides desktops for the clients. Besides server-local applications icons, these desktops used within an ICA user session might also contain published applications icons from other MetaFrame servers.

The published applications run physically on the MetaFrame server on which they are installed. They export only the application’s graphical user interface to another desktop. This can be either a client desktop or another MetaFrame server, which provides the desktop for a client. This multilayer concept permits a very effective distribution of processor load over several platforms.

Click To expand
Figure 9-9: The concept is to integrate published applications into different desktops. These published applications can, of course, be used by multiple independent MetaFrame servers.

This concept of “ICA-in-ICA” makes it necessary that logon information from MetaFrame servers with the desktops are passed through to the MetaFrame server with the separated published applications. For this reason, the pass-through functionality can also be installed on MetaFrame servers and not only on client platforms.

Create Custom ICA Connections

After standard installation, the full Program Neighborhood client provides the mechanism of creating ICA connections. Afterward, a double-click with the mouse is sufficient to initiate the connection to a server and start a user session.

Click To expand
Figure 9-10: The main window of the Program Neighborhood client, which is almost empty after the initial installation.

The configuration of a new user session is done with the help of a wizard. Its sequence of dialog boxes begins with the selection of the connection type that is to be used for the new ICA connection. The options available are the local area network (LAN), a wide-area network (WAN), standard dial-up networking (PPP/RAS), or ICA dial-in.

The next dialog box permits the input to a freely selectable description for the new ICA connection. In addition, it allows the selection of network protocols for the exchange of control data, which are needed before the selected desktop or published application can be started. The options include TCP/IP + HTTP, SSL/TLS + HTTPS, TCP/IP, IPX, SPX, and NetBIOS. The last three entries of the list, however, are not relevant for Citrix MetaFrame XP Presentation Server on Windows Server 2003 because these protocols are not supported there any more. However, the Program Neighborhood client must also be able to cooperate with previous versions of the MetaFrame product line. As the last point of the second dialog box, the MetaFrame server or the published application can be selected. If it is necessary to provide the name of the MetaFrame server, this can either be its host name or its network address.


If the TCP/IP + HTTP protocol suite is selected for the control data, the Program Neighborhood client with standard settings tries to resolve the name ica into an IP address. If no server with this predefined name exists in the network concerned, an alternative configuration for the global or the individual settings should be accomplished. This will be described later in this chapter when the configuration of global Program Neighborhood settings is introduced.

Click To expand
Figure 9-11: Creation of a new connection to the desktop of a server.

In the preceding dialog box, the encryption level can be selected, which allows a secure connection of the client to the MetaFrame server. Afterward, it is possible to provide user name, associated password, and, if required, the domain name. If the text fields are not filled in, a logon screen asking for user credentials appears during the initial connection phase. As an alternative, the local user information can be used for the logon when the pass-through functionality is activated. After the user credentials have been requested, the number of window colors and the window size are parameters queried by the wizard. The default values are 256 colors and 640 x 480 pixels, but these can also be increased.

The next dialog box, shown in Figure 9-12, is of central importance. If a filename is entered in the text field Application, it indicates which application is to be executed as soon as the user is successfully logged on to the MetaFrame server. To work properly, the drive letter and the complete path of the program must be entered completely, followed by the necessary command-line parameters. The field must be left free if the entire Windows desktop is to be launched instead of the individual program. The Working Directory text field allows the optional specification of a working directory, which can be used in relation to the individual application configured in the Application text field.

Click To expand
Figure 9-12: Option to enter the file name of an application, if the configuration of a complete remote desktop is not required.

The configuration of an application in the dialog box in Figure 9-12 is completely independent of the concept of a published application. This configuration lets the desktop disappear behind the application in full screen mode within the user session. This behavior was already described in Chapter 2 when the environment tab in the RDP properties of the Terminal Services Configuration system tool was introduced.

After the steps described here, the new ICA connection is configured. If the associated icon is selected later, it provides all information needed to start the ICA client window and to establish the associated user session.

But these quite complex options needed for the manual configuration mechanism of ICA connections are actually one of the weaknesses of the full Program Neighborhood client. Many users just cannot handle the variety of the options, or they are tempted to play around with the environment in an unproductive manner. Therefore, the connection settings should be preconfigured by using the Appsrv.ini and Pn.ini configuration files or their installation source files Appsrv.src and pn.src.

Application Groups

The main window of the Citrix Program Neighborhood client allows you to move upward in the hierarchy if you click the Up button. As a result, two new symbols appear. The first symbol has the title Find New Application Set, and the other has the title Custom ICA Connection. If the second symbol is selected, the view jumps back to the configuration wizard icon, allowing the manual configuration of ICA connections, as described earlier.

But what are the application sets that you can find with the help of the first symbol? An application set contains a preconfigured group of applications, which an administrator can make available specifically to only certain users or user groups. Only the published application of a server farm may be organized in such a set of application icons. (See also Chapter 10.)

Click To expand
Figure 9-13: On the left side of the full Citrix Program Neighborhood main window is the symbol to find a new application set.

An administrator can define an application set with the help of the Management Console for MetaFrame XP. Within a subnet, this application set is added automatically to the Program Neighborhood structure. MetaFrame XP Presentation Server automatically populates a user’s Program Neighborhood with the application set information if it is set to interoperability mode. If the application sets are not located inside the desired subnet, a user might have to configure the connection to the application set by manually selecting the server location. The server location configuration contains the definition, specifying which server (network address) can be reached by using which network protocols.


Application icons and application references can be displayed within the graphical user interface of the Program Neighborhood client, or they can be placed on the client desktop and in the client Start menu. This is done by using the File\Create Desktop Shortcut menu item of the Citrix Program Neighborhood client. Exactly the same action can be accomplished automatically through the administrator’s default settings applied by the Program Neighborhood Agent.

For the application sets, the same arguments are valid as for the custom ICA connections described earlier: The manual configuration of these options is also complex for most users and should therefore be predefined before the installation of the Program Neighborhood clients. Controlled modifications of the configuration files in the user profile can be accomplished by logon scripts, a method that helps to reduce the time spent doing manual configuration.

Changing Individual Properties

If necessary, the properties of each application set and the user-defined ICA connections may be modified by a user. To change these properties, a right mouse button click to the selected ICA connection icon will open the context menu. Another method is to select the menu group File in the Program Neighborhood client main window. Both context menu and main menu provide access to the Properties for custom ICA connections, which are exposed through a dialog box with four tabs.

Figure 9-14: Changing the properties of a custom ICA connection.

The individual tabs for custom ICA connections contain the following options for changes in the configuration settings:

  • Connection Connection type (LAN, WAN, PPP/RAS, or ICA dial-in), name of the server or of the published application, and configuration of the server location. The latter includes the selection of the network protocol for the exchange of control data and the option to add available MetaFrame servers for the associated communication. Different changes in the configuration settings used for the integration of firewalls can be initiated from this tab as well. (See also the next section in this chapter.)

  • Options Data compression, caching of bitmaps, buffering of mouse movements and keystrokes, sound enabling, data encryption, screen latency reduction, window colors, and window size (including the seamless window option).

  • Logon Information Selection among pass-through authentication, smart card integration, and logon using conventional user-specific credentials (user name, password, and domain).

  • Application Application initially started after the connection was established, including path, working directory, and associated icon.

The following three tabs are for changes in the application set settings:

  • Connection Connection type (LAN, WAN, PPP/RAS, or ICA dial-in) and server location, including network protocol for the exchange of control data, server group, and address list.

  • Default Options Data compression, caching of bitmaps, buffering of mouse movements and keystrokes, desktop integration for the application set, sound enabling, data encryption, screen latency reduction, window colors, and window size (including the seamless window option).

  • Logon Information Selection among pass-through authentication, smart card integration, and logon using conventional user-specific credentials (user name, password, and domain).

Configuration of Global Settings

Besides the individual settings of application group and custom ICA connections, global default settings for the Program Neighborhood can also be configured. The configuration of the predefined global settings is done by selecting the File\Custom Connection Settings menu item.

The Connection tab in the custom connection setting dialog box defines the global default server location.

  • Network Protocol The Network Protocol dropdown field instructs the Program Neighborhood as to which protocol to use to exchange control information concerning location of and connection to the MetaFrame server. The selected protocol must be installed and must be supported by the MetaFrame server concerned.

  • Server Group The Server Group and Address List text fields are used to create lists of primary and backup servers designated for connecting to application sets. A maximum of one primary group and two backup groups can be defined, which a client might contact during the attempt to establish a connection. Each of the groups can contain up to five servers. Backup server groups provide business recovery for the client device if it cannot contact any server in the primary group.

  • Firewall A button with the label Firewall leads to an additional dialog box, which allows the configuration of an alternative address outside firewall or the use of the Web browser proxy settings. In addition, this dialog box contains the options to activate the use of SOCKS, of HTTPS, or of the Citrix Secure Gateway.

The Standard Options tab allows the configuration of the global settings concerning audio, encryption level, window colors, and window size.

Figure 9-15: Global default settings for the configuration of custom ICA connections.

Both individual applications and application groups within the Program Neighborhood offer the option of selecting one or more server addresses explicitly. This is used if the connection initialization to a MetaFrame server is done via routers or gateways. If problems occur during the establishment of connections, troubleshoot by experimenting with these options.

Additional global settings for the Program Neighborhood client are made by using the Tools\ICA Settings... menu item, which again leads to a dialog box with a number of tabs. The first tab is named General and provides access to the following fields:

  • Client Name The Client Name field allows the change of the client name. The MetaFrame server uses the client name to uniquely identify resources, such as printers and disk drives, associated with a dedicated client computer. The client name must be unique for each computer running the Program Neighborhood client. Starting with version 7, the Program Neighborhood client optionally supports the activation of dynamic client name creation. If this feature is enabled, the ICA client name is changed automatically whenever the client device name is changed.

  • Keyboard Layout Allows specifying the keyboard layout of the client computer. The MetaFrame server uses the keyboard layout information to configure the ICA user session according to the keyboard present at the client. The default value (User Profile) uses the keyboard layout specified in the user profile.

  • Keyboard Type Allows specifying the keyboard type of the client computer. The MetaFrame server uses the keyboard type information to configure the user session for the appropriate keyboard type.

Additional check boxes allow the selection if a dialog box is displayed before making dial-in connections, if a terminal window is displayed when making dial-in connections, if automatic client updates are allowed, if pass-through authentication is available, and if local credentials can be used to log on.

The second tab of the ICA settings dialog box is named Bitmap Cache. It is used to configure the bitmap cache directory and to determine the minimum size of bitmaps that will be cached. The caching of bitmaps results in storing commonly used graphics objects on a local disk drive and thus allows fast access to these objects when they are required again. If the bandwidth of the network is limited, the activation of this option increases the system performance. If the client is located in a high-speed network, however, the bitmap cache should be set to zero.

The Hotkeys tab allows the configuration of the assignment of certain standard tasks and standard key combinations on a local desktop to alternative key combinations used from the remote session. This is a very important functionality to coordinate the cooperation of the local and the remote window manager.

Click To expand
Figure 9-16: Configuration of the ICA client hotkeys.

The last tab, named Event Logging, instructs the Program Neighborhood client, including the ICA client, on how to keep a log of various events in the ICA environment.

The integration of devices locally attached to the client is also handled through ICA protocol, which usually is related to the mapping of the serial and parallel interfaces and the printers attached to them. The result of the mapping of client devices and server devices can easily be verified in Windows Explorer. All remapped devices besides the client drives in the network neighborhood can be seen there. Because they all represent network resources for a MetaFrame server, they are symbolized accordingly.

Click To expand
Figure 9-17: Remapped drives and devices in the Windows Explorer of an ICA session. You can see the remapping convention of Microsoft (\\Client\DevideName) and Citrix (renamed drive letter).

The Program Neighborhood Agent

The Program Neighborhood Agent was developed by Citrix to provide administrators a completely centrally manageable ICA client environment. The Program Neighborhood Agent compensates for the weakness of the full Program Neighborhood client, namely its high complexity for most users. All important configuration parameters of the Program Neighborhood Agent are centrally stored in an XML file on a Web server, but not on the client platform or in the user profile. On the desktops or in the Start menus of the target client platforms, all references to published applications are thus strictly given according to the rules in the XML file. As a consequence, users cannot create their own ICA configurations for the connection to individually selected servers with published applications or desktops. This feature makes the Program Neighborhood Agent very attractive for MetaFrame environments, in which the liberties of the users have to be limited for cost and efficiency reasons. Instead of having to modify individual .ini files on the client platforms, now the change of the central XML file is sufficient to set up general configuration defaults.

For the installation of the Program Neighborhood Agent, an executable installation file (Ica32a.exe) and a Microsoft Installer package (Ica32a.msi) is provided. Again, there exists no functional difference between the packages. Also, their size is only a little smaller than the installation packages for the full Program Neighborhood client.

How can the Program Neighborhood Agent know after an installation on a target client platform where the central XML configuration file is located? One option to configure the default location setting is to let the installing user type in the needed address to the Web server. But this is an awkward procedure, which again leads to errors. It is much better to preset the parameters. This leads to the second configuration option, which requires the extraction of the installation package (for example, with WinZip) and the modification of the Install.ini configuration file.

The contents of the unmodified Install.ini file is shown in Listing 9-1.

Listing 9-1: Contents of the Install.ini configuration file
Start example
;StartMenu=Citrix PNAgent
End example

Removing the semicolon at the beginning of the line can activate the individual options of the Install.ini configuration file. Before the options listed in Table 9.5 are valid for a given environment, correct values must be entered. After storing the configuration file, a new installation package can be compiled by using an appropriate tool.

Table 9.5: The Options of the Install.ini Configuration File




Specifies the address of the Web server with the XML configuration file, which can be found under the predefined \Citrix\PNAgent\config.xml link folder


Specifies the client name


Specifies the installation folder of the Program Neighborhood Agent


Specifies the folder in the Start menu where the icon of the Program Neighborhood Agent is placed


Specifies if the pass-through authentication is activated (yes) or not (no)


Specifies if the start screen with the license agreements is displayed (yes) or not (no)

To activate the Config.xml configuration file with the correct settings requires that it be provided over the predefined Web server. The easiest way to configure, maintain, and provide the Config.xml file is to use the Web Interface for MetaFrame XP. (See also Chapter 13.) The access to the Web-based administration tool is done over http://<Servername>/Citrix/PNAgentAdmin.

Click To expand
Figure 9-18: The Program Neighborhood Agent administration tool.

The configuration file contains a number of parameters used for the global setting of what users of the Program Neighborhood Agent are allowed to see and if they may change certain settings. This includes the options to change the settings in the following Program Neighborhood Agent tabs:

  • Server settings Configuration of Server URL, refresh interval, SSL/TLS settings, and logon methods.

  • Application display Configuration of published application links in the Start menu, on the desktop, and in the taskbar.

  • Application refresh Configuration of the settings on when and how often the client requests a current list of published applications from the server hosting the Web Interface for MetaFrame XP.

  • Session options Configuration of window size, color depth, and audio quality.


    The Config.xml file allows the hiding of complete Program Neighborhood Agent tabs, but not the blocking of individual setting options within a tab.

After the Program Neighborhood Agent launches and the user authentication takes place, all published application icons will be displayed on the desktop, in the Start menu, or in the taskbar, according to the configuration in the central Config.xml file. The Program Neighborhood Agent executable itself hides behind a little icon in the taskbar notification area (that is, on the right side of the taskbar). The Properties context menu item of this icon opens a dialog box. This dialog box allows the modification of the parameters that the user is allowed to change according to the configuration defined by the Program Neighborhood Agent administrator. The tabs in the Program Neighborhood Agent can include the setting of the server URL, the logon mode, the application display, and the session options.

Click To expand
Figure 9-19: Setting the Program Neighborhood Agent properties on a client.

The Web Client

If ICA sessions are to be launched over a Web page rather than using a client’s Windows desktop or Start menu, the management functionalities of the Program Neighborhood are no longer necessary on the client. Only the basic functionalities of an ICA client are needed in such an environment. The associated parameters can be passed from the Web server to the ICA client before it requests the establishment of a connection to a MetaFrame server. Fairly recently, Citrix provided special clients for this purpose. It is, however, much easier to use the same basic ICA client engine for Web environments that is used for the Program Neighborhood clients. For this reason, Citrix still provides special ICA Web client installation packages for Windows-based platforms, but they do not contain an explicit Web client anymore. On the contrary, each current ICA client for Windows can be registered as a COM component on a client platform and then can be started over a link on a Web page. (See also “Web Interface for MetaFrame XP” and “Citrix MetaFrame Secure Access Manager” in Chapter 13.)

The special Web installation packages for 32-bit Windows clients with no Program Neighborhood client software show some minor differences from the standard installation routine. This difference can be explained primarily by the fact that little user interaction is desired for installation over the Web only, and not all functionalities of the full Program Neighborhood client are needed. That’s why there are no differences between core functionalities of the ICA Web client and the Program Neighborhood client. However, the installation of the Web client does not create a Program Neighborhood icon on the client’s desktop or Start menu. Furthermore, no help files are copied to the client platform. All this reduces the size of the associated Web installation packages Ica32t.exe and Wficat.cab, which are only about 2 MB large.

The same .ini files as for the full Program Neighborhood clients are used for the configuration of the Web clients. Because of the automatic Web client installation process, it might be necessary to adapt the parameters of the .ini configuration files in the installation packages according to the given requirements before they are deployed.

Program Neighborhood Connection Center

The Program Neighborhood Connection Center gives you an overview of all remote desktops and published applications started in a 32-bit Windows ICA client. As soon as the first ICA connection is established, the little Connection Center icon is displayed on the right side of a client’s taskbar.

Clicking with the right mouse button or double-clicking with the left mouse button on the Program Neighborhood Connection Center opens a dialog box. It shows all active ICA connections and allows a number of actions: disconnect a session, log off a user, terminate an application, change the security settings, and display the properties.

Click To expand
Figure 9-20: The Program Neighborhood Connection Center with one active MetaFrame desktop.

The dialog box with the properties of an ICA session contains information about encryption and produced network traffic. The Security button leads to a dialog box that controls the access to local client files. For a selected connection, it is possible to configure no access, read-only access, or full access to the local file system. Furthermore, this dialog box allows the decision if the security configuration will be applied globally to the client or per connection, or if it just applies to the selected application or desktop.

After this chapter’s introduction of the Citrix MetaFrame XP Presentation Server architecture and communication mechanisms, the next chapter will highlight the associated administration tools and operation concepts.