[THIN] Re: SMA_CTXUser account

Hi Malcolm,

Sorry, sent the reply before it was finished.

It isn't hard to script adding a domain account to the service.

You're looking at 2 services, the citrix print manager servcie and the
citrix sma service. Logon account information is defined under
HKLM\System\CurrentControlSet\Services\service_name.

The following script example could do what you want:

strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
   & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")

Set colServices = objWMIService.ExecQuery _
   ("SELECT * FROM Win32_Service WHERE StartName = '.\ctx_smauser'")

For Each objService In colServices
   errServiceChange = objService.Change _
       ( , , , , , , "Domain\dom_ctx_smauser" , "")
   errReturn = objService.Change( , , , , , , , "dom_ctx_password")
Next
The other alternative, since the domain account has uniform credentials, is
that you could use a simple service key reg export and import to propagate
the new logon account.

regards,

Rick

Ulrich Mack
Commander Australia


On 12/22/06, Malcolm Bruton <malcolm.bruton@xxxxxxxxxxxxxxxxxx> wrote:


Hi all

We currently have policies in place which restrict which accounts can log
on as a service.

Because the SMA_CTXUser account is a local account and the SID will be
different for each server how can I add this to the policy?  I could add the
power users group but of course this grants other members in this group the
ability to log on as a service.

Ideally what i'd like to do is run the Citrix Print services as a domain
account but I need a scripted way to do this across all servers.  Anyone had
any luck with this?

Another option is to set the services to run  as a local system accounts
but again this is not ideal.

Malcolm

Other related posts: