Understanding Application Isolation Environments (AIE) in Citrix Presentation Server 4

One of the new features in Citrix Presentation Server 4 is AIE (“Application Isolation Environments”), which makes it possible to install and/or run applications in a so called “Isolation Environment.” How does AIE work?

One of the new features in Citrix Presentation Server 4 is AIE (“Application Isolation Environments”), which makes it possible to install and/or run applications in a so called “Isolation Environment.”

How does AIE work?

A standard Windows application consists of many parts that normally would spread across your system in places like C:\Program Files, C:\Windows, C:\Windows\System32, as well as the HKCU and HKLM registry hives. In a nutshell, AIE redirects the files and registry values of an application installation to an “Isolation Environment” which is managed through the Presentation Server Management Console. Then when the application is run, AIE makes the application believe it’s running from the location you entered at installation time like “C:\Program Files\Application Name” when in fact the complete application code is actually in “C:\ProgramFiles\Citrix\AIE\Application Name.”

A similar process is used to redirect the application’s registry settings. An application installation that would normally create settings in a registry key like “HKLM\Software\Your App Vendor” and “HKCU\Software\Your App Vendor.” Using AIE it’s now redirected to “HKLM\Citrix\AIE\Your App Vendor” and “HKCU\Citrix\AIE\Your App Vendor.” Again AIE makes the application believe its registry keys are in HKLM\Software\Your App Vendor and HKCU\Software\AIE\Your App Vendor.

The AIE feature of PS4 can be used in two ways:

  • You can Install and then Run an application in AIE
  • You can run a “normally” installed application in an AIE.

In both cases the first thing you need to do is create an AIE.

Creating an AIE

For each application you want to isolate you need to create a separate Isolation Environment. This is done from “Isolation Environments” node in the Presentation Server Management Console. Right click it, choose “New” and type in a name for your AIE. This only needs to be done once for each Server Farm.

You are now ready to either install or run an application in the AIE.

Installing into and Running from an AIE

There are two ways to install an application into an AIE. This can be done in an automated way via Installation Manager or manually using the AIESETUP executable with the appropriate parameters.

Installing to an AIE through Installation Manager is pretty easy. Simply select the .MSI of .WFS file like you would normally do and in the “Schedule Job” screen you now have the option to select in which “Isolation Environment” you want to install the application to.

Using the AIESETUP command is a little more work but is the best way to really get familiar with AIE. The syntax of this command is pretty easy. (Type AIESETUP /? to see the options.) In the following example I will install Acrobat Reader into an AIE called “Acrobat Reader” with an Installer named “c:\AdbeRdr70_enu.exe”.

AIESETUP "Acrobat Reader" c:\AdbeRdr70_enu.exe

The setup starts and I decide to install to C:\Program Files\Adobe\Acrobat 7.0\

I’m actually monitoring the C:\Program Files\ folder while the installation is taking place. I don’t see an Adobe folder appearing. Also after the installation finishes successfully no Adobe folder is present under C:\Program Files\. All Files and Registry have been redirected. Here’s the folder where the application files actually are present:


The reason you see 3 folders here is because this application installs files outside the entered installation path. This includes Shortcuts, Common Files, a couple of DLL’s in the Windows Folder, etc. This is proof that everything an application tries to do is redirected and not only the installation path of an application.

Now that the application has been installed, you need to run it. There are two ways this can be done:

  • You can publish AIE applications
  • You can run them via a special command line

Publishing an AIE application is fairly straightforward. You simply publish it through the Presentation Server Console and in the “Specify what to publish” screen select “Isolate Application.” Then click on settings, select the correct AIE, select “Application was installed into environment” and select the appropriate shortcut from the dropdown menu. The rest is the same as “normal” application publishing. Now you can run the application from a Citrix client.

The second way of running the application is through the AIERUN executable command. This is the way you would run an AIE application from the console or from a published desktop .

To do this I run the application using the AIERUN executable command with a very long parameter:

AIERUN.EXE “Acrobat Reader” “C:\Program Files\Citrix\AIE\Acrobat Reader\Device\C\Program Files\Adobe\Acrobat 7.0\Reader\Acrord32.exe”

If you want to provide your users access to this application from a published desktop then simply create a shortcut to the AIERUN command as shown above.

The application starts. Now from within the application I browse (through File -> Open) to C:\Program Files\ and here I see the Virtualized (redirected) folder Adobe.
From the regular Windows Explorer I still don’t see the Adobe folder under C:\Program Files\.

The Isolation Environment is actually a basic form of application virtualization since the AIE makes the OS and the application executable think it’s running from its native location. (Notice I say it’s a “form” of virtualization. It’s actually very different than “true” virtualization that companies like Softricity provide.)

Running a “normally” installed application in an AIE

The second way of working with AIE is to run a “normally” installed application in AIE. This can solve a lot of multi-user application issues such as when an application stores user-specific settings in Local Machine registry. AIE really can help you with these kinds of situations.

First of you have to create an AIE in the Presentation Server Console as mentioned earlier in which you won’t install any application code. Then you can either publish the application or run it with the AIERUN command. When publishing through the PSC in the “Specify what to publish” screen simply browse to the already installed executable and then select in which AIE you want it to run.

For demonstration purposes I created an AIE named “User Settings Demo.” I published regedt32.exe and selected the AIE “User Settings Demo.” Now I run the published application with an ICA Client from the server console. I also start regedt32.exe from the server console. (Keep in mind that the Local Machine registry is the same from the server console as from within a published application as long you’re running on the same server, which I am.) During the logon script for the published application I create two empty subkeys under HKLM\Software named “usersetting1” and “usersetting2”. This is what a “bad” application could do during startup or while working with the application. The following is the result:

The left is the registry editor running on the server console. The right is the registry editor running through a published application on the same server at the same time .

The new registry keys I just created are actually saved in the user’s registry under HKCU\Software\Citrix\AIE\%AIENAME% even though for the application they appear to be under the HKLM\Software registry. This means machine settings are saved per user from now on and multiple concurrent users on the same server can have different machine settings.

What will not work with AIE?

AIE is great, but of course there are limitations. (I think we will find out in the field the hard way what the “real” limitations are.)

OS patches, drivers, and really deeply integrating applications probably won’t work, especially installing into an AIE. (Although all application isolation, virtualization, and redirection software I’ve come across have some sort of limitations like these.)

What can AIE solve?

Application Conflicts

  • Run multiple version of the same application
  • Run multiple version of the same DLL

Multi User Issues

  • Solves configuration issues with hard coded path to .INI files
  • Solves configuration issues with HKLM registry keys

Give users more “virtual” rights to an application

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

Citrix just released this:

"IMPORTANT NOTE ABOUT PRESENTATION SERVER 4.0: In some of the readiness material released prior to the launch (PPTs, Global Sales Tool Kit etc.), we mistakenly communicated to you that the Application Isolation Environment was included in both Citrix Presentation Server Enterprise Edition and Citrix Presentation Server Advanced Edition. Please be advised that the Application Isolation feature is ONLY available in Citrix Presentation Server Enterprise Edition. Should you find this error in any of the sales and marketing tools available, please visit my.citrite.net->Products->Citrix Products->Citrix Presentation Server 4.0 Sales Tool Kit for the most up-to-date material."
WE are using Softricity 's softgrid for applications in Terminal servers. If Citrix is also giving the same kind (yes/no?) feature , I don't know what will end up where?

Whatevenr it is ...users / customers are going to benefit from any new feature, so i welcome this too...
I am wondering where AIE actually interferes with the system? What do they do to replace calls to DLLs and where do they do it (by injection, NATIVE API or IAT rewriting)? Have you already found some situations where it does not work?
Apart from that I dislike the fact, that the resulting (virtual) file system path is so much longer, possibly conflicting with MAX_PATH (char sz for ANSI applications).
I believe that AIE uses a file system filter driver. The filter driver intercepts requests to open a file in kernel mode and redirects the request using a technique known as "reparsing".
I have tested it with the tech preview with office installs. I had some trouble with installing service packs into the AIE. I had also trouble with the Office 2000 install. installing the MUI didnt work, so i guess i better install the office version per language. The documentation mentioned they tested it on office installs.. the fact it didnt work look like its long from perfect or mayby even workable.

On the other hand, if u start the math.. we run a standard version (if it wasnt for the universal driver and CSG/STA, we didnt) of Citrix and it will cost us 155 per user to upgrade from a standard to enterprise, while u pay 80 per user (if u forget the entrylicence of 10.000) for Softtricity. And Softtricity is the advanced version of AIE and offers a (better?) complete different Technique (even though i havent tested softgrid yet). I think the case 9softgrid vs AIE) is comparable to the semi solution Citrix offers for printing to what the specialised companies like Tricerat offers.

So my bet is go with Softtricity.. but then again its a bet coz i didnt have the chance to testdrive Softgrid (this weekend:). And we're aiming for a non-citrix environment, we think Citrix is much too expensive for what they offer.

This is not even close to Softgird. With Softgrid you don't even run thru the install process on a Terminal Server and it's completely isolated from the OS. Application issues that might require a reinstall a application will still have to be re-installed with AIE. With SoftGrid applications cannot be changed...therefore are always "prestine". I could go on and on as I am a Softgrid Zelot.... I like AIE so far casue it's better than nothing but if you want to truly stack 100's of applications on your TS's without conflicts Softgrid is the way to go.
Brian, what do you think of the possibility to bring one AIE Environment via IM to another server (or a huge server farm)?
Isn´t that a new kind of application-deployment?

Come on, guys, give me some opinions about this phrase! (Did someone really do some tests concerning that? )

Any word on whether AIE causes any negative performance loss over regular installations? Anyone benchmarked the same application istalled both ways?
Softricty??? Are they still in business??
Why would I buy anything from those guys? I'm not big on spending my cash on companies that are on the verge of bankruptcy..

Why would I pay additional for that junk when Citrix is giving it to us for free
plus they are giving us higher user density, virtual IP, USB Sync support, and a completely redesigned universal driver.

I will be upgrading all my PS 3.0 advanced licenses to PS 4.0 enterprise..
I don't know where you come up "verge of bankruptcy"? You got a source without a Florida zip code:) More on the verge of an IPO or being bought by a bigger player I'd say.

People buy SoftGrid for the same reason people buy Citrix on top of TS or a third party utility (print/memory management) on top of Citrix. They value the extra features these products bring to the base products. PS 4 looks great but can it deliver virtualized applications in as many different scenarios as well as SoftGrid in the TS environment? I doubt it. Can PS4 deliver the same virtualized application to run on the Desktop OS too when I'm not ready to turn P4s into thin terms? No it can't. These are both great products.

SoftGrid both complements and competes with Citrix. I suspect the latter is not appreciated in some corners:)
I am not sure how many users you have in your environment and how wide spread your users are but you are in for a big shock if you think Softricity is cheaper than Citrix. AIE, is a right direction for Citrix and is free with the Enterprise version. Most users will find it cheaper to add new server for the conflicting apps than even considering the cost of Softricity. The selling slogans for Softricity will soon need updating.
I have several thousand users and most are well connected. I have several hundred that are not so well connected and are great candidates for TS/Citrix. I don’t think I ever said that Softricity is cheaper than Citrix. But as both a Softricity and Citrix customer I can tell you it can be. What may be confusing here is that Softricity deploys virtual applications to both the TS and Desktop environments. So, if I have an environment of high end managed desktops that are well connected, Softricity gives me the central management of applications we all enjoy from SBC without TS and Citrix licenses. That is the point, which is ……. shall we say makes Citrix “uncomfortable” :)

AIE is free? With that logic we would all say TS is free and stop there. That works in some environments (wish that was me!), but for most of us we need the features products like Citrix or Softricity provide.

I hope I’m not coming off as some jerk here; I love both products and just felt like we were comparing apples and oranges depending on your environment. If Citrix with AIE meets your needs great! But, please don’t tell me what works best for me. I know my environment, I’ve seen the license costs, and I have know the ROI in my environment. As I said before, Softricity is both a complement to and a competitor to Citrix. I don’t think the latter sits well with Citrix.


Bob Patterson

I’ve shown you mine, show me yours? Crap, this did not work out well for me with Cindy Carter in second grade….thought I had learned my lesson:)

Is the ability to either isolate or redirect a single file, key, or named object. This is a far more efficient way to deal with problem apps, and will save a huge amount of resource over simply isolating everything.

Once you know where you're apps problems lie, then deal with them directly instead of putting the whole app in Isolation.

Softricity cannot do that. However, at present, Softricity has the advantage on the deployment side (unless you use IM of course)


AIE uses a file filter driver to handle the file system and a registry / object hook dll for everything else.

This has all been covered at recent customer events in the UK
Nice to have virtual IP addresses in a pool for an application, but when do we get virtual MAC addresses, so eg. Cisco Softphone can enhance your anyplace any... etc. environment??

Nice article, Rodney! Hopefully the discussion can stick to the ways to use (or possibly optimize) this technology; No discussion about Softgrid, just use both, but for different situations.
hmm what a great idea..maybe Citrix should release a product that streams apps to the desktop. Sorry, I think Softricty is a joke with no future.

Will AIE help solve the problem of different applications' java applets requiring a different version of the java plugin and other client-side conflicts?
I heard AIE was causing a 15% performance hit. I'm not sure whether the customer meant 15% less users, or more proc util, or what. - but last I heard, Citrix was still working with them on the issue. Can anyone confirm this?
Softricity is a joke that has just secured an extra $15,000,000:00 dollars of VC investment, I think they have a better understanding of a business model than you appear to do. just because you do not like a technology, does not mean it is worthless. if that was the case, we would not even be having this conversation as we would all be still wearing wool sacks not cotton (luddites) writing on paper, not virtually on a screen (IBM circa 1950's) aor at the best a green screen attached to a mainframe or a mini-computer. or even attached to an OS2 workstation attached to a novell server on IPX.

and Citrix/WTS would not even have got through the door of any exec's office, and we would not have any jobs.

that my 2 pennies worth.
Virtual IP is good, but when to we get to assign it to a user. so things like experian mainframe sessions can finally be used in a CTX/WTS session.
I have read little about this and Microsoft Access. Will I be able to use AIE to let multiple users read/write and access .mdb?
I am needing to install Crystal Reports Developer in my Farm, and need to give clients rights to save reports somewhere.

I do not want them to be able to traverse the server's filesystem. Will this work for me?

Would I need to install a separate copy of CR for each client ?

AIE seems to be, for certain apps, a good deal. But how do u manage the file association.
For exemple Adobe Acrobat seting up with each AIE per language works good but if u received mail with .pdf attachement, there is no file association...
AIE is junk. We tested it and noticed roughly 30% decrease in server performance. Not only that, the majority apps don’t play well in AIE. I’m part of the Advanced Technologies Group here and have tested both solutions. Softricity blew AIE out of the water. Keep in mind AIE is version 1 so there will be problems initially, however , we had to go the SoftGrid route to ensure our sla of 99.9999% uptime. We did our due diligence and checked out Softricity’s financials as well as their relationship with Microsoft and Dell. Dell informing us that they were looking at an OEM version of SoftGrid helped in our decision making process since they ship us machines with our image already loaded on them. We’ve done extensive ROI studies and found that SoftGrid would reduce our costs by 3 to 4 times. I can get rid of my silos and deploy our applications to entire farm(s) within minutes. Look at both technologies and make up your own mind. In our environment it was a no-brainer to go with Softricity.

Your mileage may vary.

Same problem here. It's a bit of a shame.
Also there is no possibility to pre-start the application. Everytime I start the application have to adjust the same settings again and again. It's not stored in the user profile so all the setting will be lost during logoff.
Ignoring the Softricity vs AIE debate. My customer has requested AIE as the application has a HKLM\Software key that requires editing to point to two different backend servers, i.e Test and Production

I have installed and have two instances of application running under AIE following the above guide. I can see the two installs in C:\Programm Files\Citrix\AIE…..

However when I attempt to publish via the “Specify what to publish” screen select “Isolate Application” I do not see the “Application was installed into environment”.

My solution to get it working was to create a batch file containing the AIERUN executable command, and publishing the batch file.

Further investigation showed a registry key in HKLM\Software\Citrix\AIE\....Software\Citrix AIEPlaceholder. However Citrix documentation does not cover this so any tips would be appreciated

Re: File association
Posted by an Anonymous Visitor on 31 August 2005
Same problem here. It's a bit of a shame.
Also there is no possibility to pre-start the application. Everytime I start the application have to adjust the same settings again and again. It's not stored in the user profile so all the setting will be lost during logoff.

The message I replied earlier is wrong and I want to rectivicate it. The user which I used for testing purposes whas an anomynous user. This user does not save settings by default. a regular user account does !
Hi ,
I am installing my application in AIE envoirnment using the AIESETUP command. All goes well untill my application requires restart after installation. After I restart my server, the Citrix server automatically goes into execution mode and my application is not able to register the components. I have an .exe which registers the COM components and I have put that .exe in the 'RunOnce' key so that it is executed when the server restarts and the components are registered.
I have tried running the AIESETUP command from 'RunOnce' key also so that the server goes into the install mode and the components are registered properly but even that hasnt help.
Anybody has any any ideas what to do???
Thanks in advance...   
We are using both in our environment but Softricity by far performs better than CITRIX
Better in which way?  In my opinion, they are completely different technologies.  Unless you are saying that Softricity is better than Citrix's Application Isolation Environment which I doubt you'd find many people who would disagree with you here.

So can someone summarize this thread? 
Is the addtional cost of Softricity worth the investement when PS4 and AIE performs a similar (albiet degraded) function? 
Also does anyone have any idea what Softricity's pricing model looks like.  I've heard everything from $125/user to $10K for the server license.  --- The latter is very scary.
You want someone to summarize those two posts???  It's 3 lines to read, come on.  JOKE IT'S A JOKE ok, so I make myself laugh....
Have you simply contacted softricity?  That is usually how I find pricing and information on vendor products.  If you aren't sure whether softricity is worth it, then you need to do some testing before you even worry about the cost. 
And while technically AIE and softricity are both virtualizations of the file system and registry, they are not even close to being the same thing.  Again, talk to the vendor so you can understand what your looking at.
Has anyone done a comparison between Citrix PS4 Isolation and the Virtuozzo product from SWSoft? The latter appears to offer a much more rigorous application isolation framework, to the point where individual 'Virtual Private Servers' appear as separate systems in AD, enabling distinct GPOs to be applied -- even permitting each VPS to be 'rebooted' independently.
From what I've seen thus far Virtuozzo is a uniform, bottom-up implementation of process isolation, offering a cleaner, less complex to administer framework than PS4 AIE, which comes across as a last-minute add-on. I plan to try both out in coming weeks anyway, but any input from those who have gone before would be greatly appreciated.
Virtuozzo and Citrix's AIE have completely different purposes.  Virtuozzo's product is a server virtualization product.  Whereas Citrix's is an application isolation product.  I would expect that Virtuzzo would include additional overhead, though I haven't tested both products side by side to compare the performance hit.  Citrix's AIE is merely meant to overcome simple app compatibility issues and wouldn't let you run app server tiers in an isolated environment, which is more what Virtuozzo is trying to accomplish.  I would say it would be more fair to compare Virtuozzo to what VMWare does, though I wouldn't say they are functionally equal.  Even if you used Virtuozzo, you would still need a thin client technology on top of it, or vice versa.
I am trying to test to see if an application installs in an isolation environment and i am getting an error "Specified Isolation Environment was not found <0x0000006E>".
I have tried doing this logged in both as an administrator as well as a domain admin on the server. I created the Isolation Environment in the PS Console and ran the aiesetup command with the parameters its requires.
I have a test instance of a Citrix Server that has PS4 Enterprise installed with no license server. We are doing this test before we decide to buy the Enterprise Licenses. We currently have Advanced Edition licenses. Could the error be because we don't have the Enterprise licenses or should I be looking for a different fix?
any help is appreciated

Hi, I currently have a few in-house applications that use access 2003 as a front end (on the Citrix XPe FR3 servers) which accesses data (also access 2003) on a back end (on file server).  I have it setup so that when an individual user launches the Front-end of an app in the Citrix client, it launches from their W drive, i.e. TS profiles home directory.  Will AIE allow me the opportunity to scrap the use of the w drive and just run multiple front-ends from the local C drive on the citrix servers.

Kind Regars,

Kevin Dunne


Can we create the Application Isolation Environments in this case? My case is I have one server which has no much disk space it has MS office 2003 installed in the Citrix box and I want only MS office 2003 service pack2 to be installed in the Citrix box, the problem is that some users want MS office and some want MS office with SP2. I can even install Whole MS office in that box coz of disk space I want only MS office SP2. Kindly can any one help in this.

You can not do this
I was just wondering what the two products are like when it comes to scalability. With Softgrid the server is an isolated dedicated box, but does Citrix handle the application just as well?

Hi, I have try to get a Isolated installed application deploy and publiced. It works fine as publishedApplication Webbased. But local I have try to create a shortcut as in your artical I can't configure how to make this work.
- the shortcut: AIERUN.EXE "Xtendis_FR""C:\program files (x86)\Citrix\AIE|Xtendis_FR\D\Program Files (x86)\Xtendis\ \\servername\Xtendis$\DLL|Xtendis.exe"

If I run the shortcut the error is: Application execution failded(0x000000003).

Wat am doing fails?


when i am tring to install acrobate reader it gives me an error at the begining of the installation,windows installer service could not be acced.please help


You are probably installing it withing an RDP or ICA session.  You need to be at the server console or connect to the server console via RDP which in Vista is mstsc /admin


Does anyone know where the variables for AIE point to in 4.5?

This is what the server says (see below), since the variables don't exist outside the isolation environment they are hard to track down, I havn't found documentation for 4.5 from Citrix.    

User profile root


Registery: HKCU\software\Citrix\AIE\[AIE name]

Installation root


Registery: HKLM\software\Citrix\AIE\[AIE name]