What is the Icaclient.adm and how to use it – ICA and IMA explained… briefly


Intro

ADM files are Network and System administrators best kept secrets. If you know how to use and configure them you will look like a genius in your IT department. To explain in simple words: ADM files populate user and computer interface settings and allow you to edit and make modifications to those settings(see Microsoft link further below to download O.S. ADM files)

If you use Citrix in your environment, there are two acronyms you must know:
ICA and IMA

ICA or Independent Computing Architecture is Citrix proprietary protocol that specifies how data travels between server and clients. I like to use the middle letter “C” as a mnemonic to remind me that ICA is a “client” protocol because it is installed on a “client” device; when installed it allows the “client” to gain access to applications and other resources stored on a server. That is the reason why you need a “client” plugin (aka as Citrix Online plugin, Citrix Receiver, Program Neighborhood, etc). The plugin contains the code and the set of files used for the ICA protocol.
The ICA protocol uses port 1494 to communicate (and port 2598 if session reliability is enabled)

What most people don’t know is the fact that there is a ADM file associated to the Citrix plugin that manages several client settings when data is received on the client
To use the ICA.ADM administrative template you need to load two components:
1. Load the GPOE (group Policy Object Editor) by opening MMC (start-run-MMC) and clicking on File-Add/Remove Snap-in and select GPOE from the list
2. Load the ICA.ADM file by right clicking on administrative templates and selecting “Add Remove Templates”. Browse to the Citrix ICA configuration folder (c:\program files\citrix\ICA client\configuration) and selecting the icaclient.adm file there
Once loaded you can then edit the GPO file and enable and disable several ICA settings.
The modifiable container settings are:

Network Routing
User authentication
Remoting client devices
User Experience
Client Engine and
Multi-Stream ICA

These 6 containers have 27 configurable settings. These 27 configurable settings have 98 possible options that can be modified for the Citrix Receiver plugin version 13! These numbers will vary depending on the version of the plugin)

The ICA protocol has a server component called the ICA Listener; the settings on the ICA Listener can be modified on the server under the Terminal Services Configuration Menu

Important things to remember:

“In Citrix products, Citrix policies always supersede all other policies and settings in your environment, including Active Directory policies and Windows settings

BUT (and this is a big BUT!) Always remember:

the most restrictive settings usually wins! (contradictory but true!)

Any rule that is disabled takes precedence over a lower-ranked rule that is enabled. Policy rules that are not configured are ignored.

Using Citrix policies with Active Directory
Active Directory and Windows policies do not take precedence over XenApp
policies. In a XenApp environment and with XenApp features, Citrix policies always take precedence over Windows policies and settings. Citrix XenApp policies were designed, so that they do not conflict with Active Directory policies.
In a Citrix environment, XenApp policy rules override the same settings
configured in an Active Directory policy or using the Terminal Services
Configuration tool. They also override Microsoft policies, including those that
are related to typical Remote Desktop Protocol (RDP) client connection settings such as the policies for Desktop wallpaper, Menu animations, and Windows contents while dragging.
However, XenApp policy rules do not always override policies for encryption and shadowing. These policies behave according to the most restrictive settings configured by the Terminal Services Configuration tool, Active Directory group policies, application configuration, and Citrix policies.
If you are familiar with Active Directory, note these important distinctions:
• For Active Directory policies, the disabled setting affects how the feature
functions. That is, it disables or enables the feature.
• For XenApp policies, the disabled setting only prevents a lower-priority
policy from being able to enable the policy rule. Disabling a XenApp policy
rule does not disable its corresponding feature in the product.” source: Citrix XenApp Admin Guide

======
IMA
======
ICA is for “clients” and IMA is for “servers”
This distinction is very clear
IMA or “Independent Management Architecture” is a Windows server protocol and a database component

IMA is both a database (called data store) and the protocol used to transfer background information among the XenApp servers

It is important to emphasize that: The IMA protocol is used for server-to-server communication only. The server to client communication is done by the ICA protocol

Every XenApp server in a XenApp farm runs the “IMA Service.” This service is the central component that communicates with the IMA data store and other XenApp servers in the farm. Also, the IMA service communicates with the CMC (PS4.5 and XenApp 5) DSC (XenApp 6) and Apps Center (XenApp 6.5) to allow administrators to manage and configure the XenApp farm

The IMA service component contains a collection of subsystems or DLL files associated with the different parts of XenApp; There are Dlls associated with the subsystems available for the farm, such as the policies, licensing, administrators list, servers, applications, etc.

Here are some DLLs:
The subsystem used for the access database is the imaacces.dll
IMASql.dll subsystem is used for SQL database
ImaPsSs.dll subsystem is used for the servers
ImaRuntimeSS.dll
mstjes40.dll
aiess.dll

The IMA data store works on port 2512 and 2513. The port 2512 is used for communication between servers and the port 2513 is used for communication with DSC/Apps Center

Brian Madden has a great article giving great details on the six processes that take place for the IMA data store: Brian Madden

Finally find here some Microsoft ADM files available for download:

Group Policy ADM files:

“Administrative Template files are used to populate user interface settings in the Group Policy Object Editor, enabling administrators to manage registry-based policy settings. Each successive Windows operating system and service pack includes a newer version of these .adm files.” (excerpt from the link above)

Advertisements

2 Responses to “What is the Icaclient.adm and how to use it – ICA and IMA explained… briefly”

  1. Ameen Says:

    Thanks, Good crisp information

  2. Chirag Shah Says:

    Crisp and clear. Love it…. Look forward for more posts

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: