[THIN] Re: MSAM question
- From: Adam.Baum@xxxxxxxxxxxxxx
- To: thin@xxxxxxxxxxxxx
- Date: Thu, 18 Nov 2004 12:24:55 -0700
I couldn't figure out which rights it needs, but I know that my account
works so I copied my account to a new name and guess what, it doesn't work.
The new account is a member of all the same groups that I am and has the
same NTFS permissions I have. One of my security guys ran a tool (I think
Bindview, but maybe something else) against it and it shows us having the
same effective rights on the box. I must be special :). Is there some
tie-in from the agent service to MPS? I haven't tried it yet, but the
service accounts I am using for MSAM are not MPS admins.
adam
"Braebaum, Neil"
<Neil.Braebaum@littlew To:
<thin@xxxxxxxxxxxxx>
oods.co.uk> cc:
Sent by: Subject: [THIN] Re: MSAM
question
thin-bounce@freelists.
org
11/18/2004 08:41 AM
Please respond to thin
I'm pretty sure it's (one of) rights that are required that get
periodically blatted by the domain security policy.
Which seems somewhat weak, given that (from memory) the installer does
prompt you for credentials and (I think) defaults to domain accounts.
I also seem to recall that the documentation made no reference - other
than stating what was required. But the effective settings for whichever
right is being baulked, will tell a tale in the local security policy
mmc.
Neil
> -----Original Message-----
> From: thin-bounce@xxxxxxxxxxxxx
> [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of
> Adam.Baum@xxxxxxxxxxxxxx
> Sent: 18 November 2004 14:56
> To: thin@xxxxxxxxxxxxx
> Cc: thin@xxxxxxxxxxxxx; thin-bounce@xxxxxxxxxxxxx
> Subject: [THIN] Re: MSAM question
>
> They show the settings that the documentation says are
> necessary. However, you are right in that it is a rights
> issue of some sort. I added the service account to the
> domain admins group and it worked. Given that the account is
> in the local admin groups, it has full control to the hard
> disk so not a file permissions issue (verified). It's got to
> be a user right that CTX didn't document as being necessary.
>
> adam
>
> "Braebaum, Neil"
> <Neil.Braebaum@littlew To:
> <thin@xxxxxxxxxxxxx>
>
> oods.co.uk> cc:
>
>
> Sent by: Subject:
> [THIN] Re: MSAM question
>
> thin-bounce@freelists.
>
>
> org
>
>
>
>
>
>
>
>
> 11/18/2004 02:59 AM
>
>
> Please respond to thin
>
>
>
>
>
>
>
>
>
>
>
>
> What do the effective settings in your local policy settings
> mmc on the server show, for the rights required for the
> service account?
>
> Neil
>
> > -----Original Message-----
> > From: thin-bounce@xxxxxxxxxxxxx
> [mailto:thin-bounce@xxxxxxxxxxxxx] On
> > Behalf Of Adam.Baum@xxxxxxxxxxxxxx
> > Sent: 17 November 2004 21:12
> > To: thin@xxxxxxxxxxxxx
> > Subject: [THIN] Re: MSAM question
> >
> >
> > The services use a domain account that is in the local
> admins group.
> > I don't have any GPOs in the lab so if there is a policy issue, it
> > would have to be what came out of the box. The install did
> modify the
> > user account to give it local "run as batch:, "logon locally",
> > etc...typical stuff needed for service accounts. I've
> verified that
> > all licenses are installed and activated. No errors in the event
> > logs, just the response from MSAM listed below.
> >
> > adam
> >
> >
> >
> >
> >
> >
> >
> > "Braebaum, Neil"
> >
> >
> > <Neil.Braebaum@littlew To:
> > <thin@xxxxxxxxxxxxx>
> >
> > oods.co.uk> cc:
> >
> >
> > Sent by: Subject:
> > [THIN] Re: MSAM question
> >
> > thin-bounce@freelists.
> >
> >
> > org
> >
> >
> >
> >
> >
> >
> >
> >
> > 11/17/2004 09:53 AM
> >
> >
> > Please respond to thin
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > Check on the service account used by the MSAM services - can't
> > remember what they are for, now - it's been a while.
> >
> > I seem to remember that the account needs certain rights, which may
> > well be nullified by a domain policy granting rights to accounts.
> >
> > Check the effective settings in your local security policy
> mmc on the
> > server in question.
> >
> > Neil
> >
> > > -----Original Message-----
> > > From: thin-bounce@xxxxxxxxxxxxx
> > [mailto:thin-bounce@xxxxxxxxxxxxx] On
> > > Behalf Of Adam.Baum@xxxxxxxxxxxxxx
> > > Sent: 17 November 2004 15:46
> > > To: thin@xxxxxxxxxxxxx
> > > Subject: [THIN] Re: MSAM question
> > >
> > > Did all that..Didn't change anything. The server was
> > already enabled
> > > in the Agent server tab. adam
>
> ***********************************************
> This e-mail and its attachments are confidential
> and are intended for the above named recipient
> only. If this has come to you in error, please
> notify the sender immediately and delete this
> e-mail from your system.
> You must take no action based on this, nor must
> you copy or disclose it or any part of its contents
> to any person or organisation.
> Statements and opinions contained in this email may
> not necessarily represent those of Littlewoods.
> Please note that e-mail communications may be monitored.
> The registered office of Littlewoods Limited and its
> subsidiaries is 100 Old Hall Street, Liverpool, L70 1AB.
> Registered number of Littlewoods Limited is 262152.
> ************************************************
>
> ********************************************************
> This Weeks Sponsor Emergent Online ThinCity Conference
> Join us at ThinCity 2004: The 1st Annual Emergent OnLine
> Technology Conference http://www.ThinCity.com
> **********************************************************
> Useful Thin Client Computing Links are available at:
> http://thin.net/links.cfm
> ***********************************************************
> For Archives, to Unsubscribe, Subscribe or
> set Digest or Vacation mode use the below link:
> http://thin.net/citrixlist.cfm
>
>
>
> ********************************************************
> This Weeks Sponsor Emergent Online ThinCity Conference
> Join us at ThinCity 2004: The 1st Annual Emergent OnLine
> Technology Conference http://www.ThinCity.com
> **********************************************************
> Useful Thin Client Computing Links are available at:
> http://thin.net/links.cfm
> ***********************************************************
> For Archives, to Unsubscribe, Subscribe or
> set Digest or Vacation mode use the below link:
> http://thin.net/citrixlist.cfm
>
***********************************************
This e-mail and its attachments are confidential
and are intended for the above named recipient
only. If this has come to you in error, please
notify the sender immediately and delete this
e-mail from your system.
You must take no action based on this, nor must
you copy or disclose it or any part of its contents
to any person or organisation.
Statements and opinions contained in this email may
not necessarily represent those of Littlewoods.
Please note that e-mail communications may be monitored.
The registered office of Littlewoods Limited and its
subsidiaries is 100 Old Hall Street, Liverpool, L70 1AB.
Registered number of Littlewoods Limited is 262152.
************************************************
********************************************************
This Weeks Sponsor Emergent Online ThinCity Conference
Join us at ThinCity 2004: The 1st Annual Emergent OnLine Technology
Conference
http://www.ThinCity.com
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm
********************************************************
This Weeks Sponsor Emergent Online ThinCity Conference
Join us at ThinCity 2004: The 1st Annual Emergent OnLine Technology Conference
http://www.ThinCity.com
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm
Other related posts:
