How to get Fraps working with Citrix XenApp 7.5 & Login VSI Graphics Framework

This is one of my many series of how to scale test applications using Login VSI Graphics Framework.

If you are interested in trying out the new Graphics Framework from LoginVSI Click here to register for the public beta.

LoginVSI GFX requires you to have Fraps installed on your either VDI or XenApp server.

To get Fraps working correctly, you might run into the issue I have been having. UAC will not allow it to run or if you have UAC disable, you still get a UAC prompt.

This article describes how to get Fraps working in a multisession environment Microsoft Remote Desktop Services 2012R2, Citrix XenApp 7.5 with Login VSI Graphics Framework.

1. Additional effects of disabling UAC – source Microsoft

If you try to use Windows Explorer to browse to a directory in which you do not have Read permissions, Explorer will offer to change the directory’s permissions to grant your user account access to it permanently. The results depend on whether UAC is enabled. For more information, click the following article number to view the article in the Microsoft Knowledge Base: 950934 When you click Continue for folder access in Windows Explorer, your user account is added to the ACL for the folder

If UAC is disabled, Windows Explorer continues to display UAC “shield” icons for items that require elevation and to include Run as administrator in the context menus of applications and application shortcuts. Because the UAC elevation mechanism is disabled, these commands have no effect, and applications run in the same security context as the user who is logged on.
If UAC is enabled, when the console utility Runas.exe is used to start a program by using a user account that is subject to token filtering, the program runs with the user’s filtered token. If UAC is disabled, the program that is started runs with the user’s full token.
If UAC is enabled, local accounts that are subject to token filtering cannot be used for remote administration over network interfaces other than Remote Desktop (for example, through NET USE or WinRM). A local account that authenticates over such an interface obtains only the privileges that are granted to the account’s filtered token. If UAC is disabled, this restriction is removed. (The restriction can also be removed by using the LocalAccountTokenFilterPolicy setting that is described in Microsoft Knowledge Base article 951016.) Removing this restriction can increase the risk of system compromise in an environment where many systems have an administrative local account that has the same user name and password. We recommend that you make sure that other mitigations are employed against this risk. For more information about recommended mitigations, click the following link:

I highly recommend disabling UAC with Microsoft Server 2012R2 RDS in a Citrix XenApp 7.5 environment, this is both for SBC but also for VDI. There is seen strange behavior where IE11 dont work as expected and applications dont launch as the users expect. UAC can be very painfull, but its also securing the desktop/server. So be aware if you want to use UAC, you might run into some challenges.

When you install fraps in a Windows Server 2012R2 RDS environment and “normal” users are connecting they will get a prompt when the executable is launched.
This is normal behavior even with UAC enabled, read the “red line” above for why Microsoft is behaving like this.

Fraps is a requirement to get Login VSI Graphical Workload working, cause Login VSI Graphical Workload is capturing FPS in the machine with Fraps and FPS in the protocol to the endpoint, and LoginVSI can also with customized workload capture the FPS inside the application. So 3 layers of capturing Frames Pr Second (Virtual Machine”System”, Application, Protocol”to the endpoint)

The solution to get fraps working in a Microsoft Server 2012R2 RDS / Citrix XenApp 7.5 enviroment is by eliminating the UAC prompt for individual programs with Microsoft Windows Compatibility Toolkit

2. Eliminating UAC prompt for individual programs with Citrix XenApp 7.5

FYI – I recommend using a Golden Image to test the below instructions and automate it if possible with software deployment. :)Here is how I was able to stop the annoying UAC prompt in Windows Server 2012R2 with Citrix XenApp 7.5

Download the Windows Compatibility Toolkit from: http://www.microsoft.com/en-us/download/details.aspx?id=7352
- Choose ApplicationCompatibilityToolkitSetup.exe and download the component.
- Install ApplicationCompatibilityToolkitSetup.exe
Open the Compatibility Administrator (use 32 bit for 32 bit programs and 64 for 64 bit)
Click the Fix Button which will bring up a wizard
- Type the name of the program (eg. Fraps)
- Click the browse button and select the program
- Check the RunAsInvoker box and nothing else
- Click Next twice and then Finish
Click Save
- Type in a name for the database, I used Fraps.
- Select a location/name for the save, I used the same directory as the program and “fraps.sdb”
Exit Windows Compatibility Toolkit
Start an elevated command prompt
- Click the start button
- Type: cmd
- Right click on the cmd result and select “Run as administrator”
Navigate to the directory you saved the sdb file to
Type: sdbinst Fraps.sdb
You should see the following result:
- Installation of Fraps complete.
All done! Enjoy your starting of the Fraps with multiple users in Citrix XenApp 7.5 with LoginVSI without UAC prompts!