Hi Malcolm, Sorry, sent the reply before it was finished. It isn't hard to script adding a domain account to the service. You're looking at 2 services, the citrix print manager servcie and the citrix sma service. Logon account information is defined under HKLM\System\CurrentControlSet\Services\service_name. The following script example could do what you want: strComputer = "." Set objWMIService = GetObject("winmgmts:" _ & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2") Set colServices = objWMIService.ExecQuery _ ("SELECT * FROM Win32_Service WHERE StartName = '.\ctx_smauser'") For Each objService In colServices errServiceChange = objService.Change _ ( , , , , , , "Domain\dom_ctx_smauser" , "") errReturn = objService.Change( , , , , , , , "dom_ctx_password") Next The other alternative, since the domain account has uniform credentials, is that you could use a simple service key reg export and import to propagate the new logon account. regards, Rick Ulrich Mack Commander Australia On 12/22/06, Malcolm Bruton <malcolm.bruton@xxxxxxxxxxxxxxxxxx> wrote:
Hi all We currently have policies in place which restrict which accounts can log on as a service. Because the SMA_CTXUser account is a local account and the SID will be different for each server how can I add this to the policy? I could add the power users group but of course this grants other members in this group the ability to log on as a service. Ideally what i'd like to do is run the Citrix Print services as a domain account but I need a scripted way to do this across all servers. Anyone had any luck with this? Another option is to set the services to run as a local system accounts but again this is not ideal. Malcolm