[THIN] Re: XA 4.5 ICA permissions windows 2003
- From: "Jeremy Saunders" <Jeremy.Saunders@xxxxxxxxxxxxxx>
- To: <thin@xxxxxxxxxxxxx>
- Date: Fri, 27 Mar 2009 13:20:46 +1100
Yep, me too.
With TSConSec the Reset does not show in the GUI. However, if it's not
set, then the Logoff permission will not be selected. This can be quite
frustrating to work out, so be careful.
But you can also use the win32_tspermissionssetting WMI Class...
Here is an extract from one of my scripts...
-------start of script-------
Call ListenerPerms("ICA-TCP","Shadowers")
wscript.quit(0)
Sub ListenerPerms(strListener,strGroup)
Dim wshnetwork, strComputer, objWMIService, colitems, i, errResult,
objitem, itm, intQuery, intLogoff, intShadow, intLogon, intMsg,
intConnect, intDisconnect
Set wshnetwork = WScript.CreateObject("wscript.network")
strComputer = wshnetwork.ComputerName
Set objWMIService = GetObject("winmgmts:" &
"{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
set colitems = objwmiservice.execquery("select * from
win32_tspermissionssetting where terminalname='" & strListener & "'")
for each i in colitems
errResult = i.addaccount(lcase(strGroup),0)
next
' Note that we must use the actual computer name and not a "."
set objitem = objwmiservice.execquery("select * from win32_tsaccount
where AccountName ='" & strComputer & "\\" & strGroup & "'")
for each itm in objitem
intQuery = itm.modifypermissions(0,True)
intLogoff = itm.modifypermissions(2,True)
intShadow = itm.modifypermissions(4,True)
intLogon = itm.modifypermissions(5,True)
intMsg = itm.modifypermissions(7,True)
intConnect = itm.modifypermissions(8,True)
intDisconnect = itm.modifypermissions(9,True)
next
Set wshnetwork = Nothing
Set objWMIService = Nothing
set colitems = Nothing
set objitem = Nothing
end sub
-------end of script-------
This runs in my build scripts, but you can run it afterwards using
PSEXEC. It will also probably work as a Startup script too.
I hope that helps.
Cheers,
Jeremy.
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Andrew Wood
Sent: Friday, March 27, 2009 8:59 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: XA 4.5 ICA permissions windows 2003
I've always scripted this as part of the unattended install using
tsconsec.exe - I think because the values are stored in a binary key
rather than being permission on a registry setting
e.g. run tsconsec command on the server as part of the build:
TSConSec.exe /t:ica /a:Helpdesk /p:RS /q
Would set the helpdesk group to be able to reset and shadow on ica
sessions.
If you wanted to do a farm download psexec and run a for command
Create a list of your servers - put that in servers.txt
for /f "skip=3" %i in (servers.txt) do psexec \\% tsconsec.exe
<http://www.brianmadden.com/forum/file:/%25%20tsconsec.exe/> /t:ICA
/a:YourGroup /p:Flags /Q
http://portal.loginconsultants.nl/forum/attachments/TsConSec1201.zip
hth
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Stratton, Doug ISMC:EX
Sent: 26 March 2009 22:19
To: thin@xxxxxxxxxxxxx
Subject: [THIN] XA 4.5 ICA permissions windows 2003
Hi,
Just wondering if anyone knows how to set the sercurity permissions on
the ICA-TCP listener with policy (ms gp or citrix).
At this point we have to set it on each server manually and wondering if
it can be done otherwise?
We do now have GP Preferences.
Regards,
Doug Stratton, Shared Service BC
Service Desk Email: 77000@xxxxxxxxx
Service Desk Tel: (250)387-7000
#####################################################################################
Confidentiality and Privilege Notice
This document is intended solely for the named addressee. The information
contained in the pages is confidential and contains legally privileged
information. If you are not the addressee indicated in this message (or
responsible for delivery of the message to such person), you may not copy or
deliver this message to anyone, and you should destroy this message and kindly
notify the sender by reply email. Confidentiality and legal privilege are not
waived or lost by reason of mistaken delivery to you.
#####################################################################################
Other related posts: