Citrix XenApp published applications are not available for domain admin group if using account security identifiers (SID)

Version 1

    Problem

    When publishing Citrix XenApp 6.5 applications through RES Workspace Manager with "process access control" set to use Account SIDS, the applications are published correctly, however, they are not made available for the domain admin group while in a managed session.

    Cause

    When Microsoft User Access Control (UAC) is enabled, the domain admin group SID is removed from the user`s token bag. The user will still show up in the group if you use account names, since this is a direct query. To save time, the user`s token bag is used for the account SIDs instead of a query from active directory for all SID memberships. If UAC is turned off, the domain admin SID will be in the user`s token bag.

    Solution

    This issue is resolved in RES Workspace Manager 2012 SR4.
     
    In case the Service Release is not (yet) available or in case the Service Release cannot be installed, a revision containing this update is available on request at RES Support.
     
    IMPORTANT: A revision contains multiple fixes. Only apply this revision when you are experiencing a specific problem. Unless you are severely impacted by this specific problem, RES Software recommends that you wait for the next service release containing these fixes.