[THIN] Re: SMA_CTXUser account

Rick that's great.  I have some thing similar to this for services
already.  But won't I also need to change perms on all sorts of other
things as per CTX106393.

 

Some scripting work to do I think....

 

I was hoping that CTX111464 was the way but it of course that only
resets up what was there....

 

Keep thinking that citrix need to sort this as part of the install so
you can chooses a domain account !!!

 

Will change to system account short term...

 

Malcolm

 

 

________________________________

From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Rick Mack
Sent: 21 December 2006 23:06
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: SMA_CTXUser account

 

Hi Malcolm,

 

Sorry, sent the reply before it was finished.

 

It isn't hard to script adding a domain account to the service.

 

You're looking at 2 services, the citrix print manager servcie and the
citrix sma service. Logon account information is defined under
HKLM\System\CurrentControlSet\Services\service_name. 

 

The following script example could do what you want:

 

strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
    & "{impersonationLevel=impersonate}!\\" & strComputer &
"\root\cimv2")

Set colServices = objWMIService.ExecQuery _
    ("SELECT * FROM Win32_Service WHERE StartName = '.\ctx_smauser'")

For Each objService In colServices
    errServiceChange = objService.Change _
        ( , , , , , , "Domain\dom_ctx_smauser" , "") 
    errReturn = objService.Change( , , , , , , , "dom_ctx_password")  
Next

The other alternative, since the domain account has uniform credentials,
is that you could use a simple service key reg export and import to
propagate the new logon account.

 

regards,

 

Rick

 

Ulrich Mack

Commander Australia 


 

On 12/22/06, Malcolm Bruton <malcolm.bruton@xxxxxxxxxxxxxxxxxx> wrote: 

Hi all

We currently have policies in place which restrict which accounts can
log on as a service.

Because the SMA_CTXUser account is a local account and the SID will be
different for each server how can I add this to the policy?  I could add
the power users group but of course this grants other members in this
group the ability to log on as a service. 

Ideally what i'd like to do is run the Citrix Print services as a domain
account but I need a scripted way to do this across all servers.  Anyone
had any luck with this?

Another option is to set the services to run  as a local system accounts
but again this is not ideal. 

Malcolm

Other related posts: