Most people know that when installing MetaFrame Presentation Server, the standard Microsoft GINA is replaced by a Citrix GINA. However, it turns out that a lot of people don’t know exactly what a GINA is and why Citrix does this.
What is a GINA?
The word “GINA” is an acronym for “graphical identification and authentication.” In regular Windows systems, the GINA is a DLL file called msgina.dll that’s responsible for the bit of code that displays the “Press CTRL+ALT+DEL to log on” and that accepts your username and password.
In case the default GINA from Microsoft does not provide all the functionality that a software vendor needs, the default GINA can be replaced with one from the third-party vendor. The most obvious example of this is probably from Novell. When you install Novell’s Client32 software, Microsoft’s default GINA is replaced by one from Novell that adds functionality for authenticating to NDS trees. (When this happens you can see the difference. Novell’s GINA has many more options than Microsoft’s, and it’s red and white instead of blue and gray.)
In technical terms, installing the Novell Client32 configures a system to use a file called nwgina.dll as the GINA instead of the default msgina.dll from Microsoft. The GINA that a particular system uses is configured on a system-wide basis in the following registry location: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVerson\WinLogon. A string value called “GinaDLL” contains the name of the GINA file that the system should use.
Once you install Citrix MetaFrame Presentation Server on a Terminal Server, you’ll see that that registry value is automatically set to “ctxgina.dll,” which is Citrix’s custom GINA.
Why does Citrix replace the default Microsoft GINA?
As we mentioned previously, third-party software vendors can install their own custom GINAs. The custom GINAs can totally replace the default Microsoft GINA, or they can simply augment the Microsoft GINA, adding a few new features here and there. (The specific behavior of a new GINA is dictated by how the GINA is actually written, not by any specific registry key.)
In the case of Citrix’s MetaFrame GINA, Citrix decided to simply add a few new features to Microsoft’s GINA. Basically, they’ve extended it in a way that allows their GINA to intercept any Citrix-specific calls. Standard Microsoft GINA calls are simply handed over to the Microsoft GINA. In a sense, you could say that a MetaFrame Presentation Server makes use of both the Microsoft and Citrix GINAs.
Specifically, Citrix built their own GINA to support the following Citrix functionality:
- Auto client reconnect / Session Reliability
- The automatic passing of credentials to the server via ICA
- Long password support via ICA (greater than 15 characters)
- UPN (User Principal Name) style logon via ICA
If you choose to edit the registry to change the GINA back to the default Microsoft GINA, then Citrix MetaFrame will still work. However, you’ll lose the advanced functionality specified above.
The only other thing worth mentioning when talking about the GINA is that which GINA a connection uses can be somewhat controlled within that connection’s configuration. For example, within a connection’s properties in the Citrix Connection Configuration utility (double-click the connection name | select the “Advanced” button) there is an checkbox labeled “Use Default NT Authentication.”
Checking that box forces any sessions connecting via that connection to use the default msgina.dll instead of any third party GINA that might be specified in the registry. I’m not exactly sure why you’d want to do that, but the option is there if you want it.
Well, that pretty much sums up all you need to know about the GINA in a MetaFrame Presentation Server environment. There’s not really any action you have to take on this—I just felt that this was good information to have.