In previous releases of Application Virtualization, we required admins to specify an SGBrowser account during install of the server. This account was used to READ Active Directory (AD) and resolve security groups on behalf of the user installing the Application Virtualization server. In 4.5, we remove this limitation and no longer require this account since we’re now using Windows Integrated Authentication.

When you install an App Virt Management server, you need an account (any account) with READ Access to AD. Chances are the account you’re using, to install the server, is in the Domain Users group so you have READ Access by default.

During the server install, you’re asked for a security group whose members will be allowed to administer the App Virt Management server and database. This is where you enter a previously created AD group which the user account you are installing under should be a member. The MS App Virt server performs a READ against AD to resolve the group (using the security context of the user installing the server). Then you’re asked what group of users are allowed to connect to the App Virt Management Server. This is the group that’s contained in the Provider Policy. The MS App Virt Management server, again, performs a READ against AD to resolve this group.

Ok, so now the server is up and is running under the Network Service account (changed from running as System to Network Service in 4.5). Customers have the opportunity of changing this to an AD service account if they wish. But let me be clear, the SERVER never uses this account to access AD. The App Virt Management Server service account is used to access the SQL config DB.

Full Article

SoftGrid, AppVirt, Microsoft Application Virtualization, Virtualization, Knowledgebase