[THIN] Re: SMA_CTXUser account
- From: "Rick Mack" <ulrich.mack@xxxxxxxxx>
- To: thin@xxxxxxxxxxxxx
- Date: Fri, 22 Dec 2006 09:06:01 +1000
Hi Malcolm,
Sorry, sent the reply before it was finished.
It isn't hard to script adding a domain account to the service.
You're looking at 2 services, the citrix print manager servcie and the
citrix sma service. Logon account information is defined under
HKLM\System\CurrentControlSet\Services\service_name.
The following script example could do what you want:
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colServices = objWMIService.ExecQuery _
("SELECT * FROM Win32_Service WHERE StartName = '.\ctx_smauser'")
For Each objService In colServices
errServiceChange = objService.Change _
( , , , , , , "Domain\dom_ctx_smauser" , "")
errReturn = objService.Change( , , , , , , , "dom_ctx_password")
Next
The other alternative, since the domain account has uniform credentials, is
that you could use a simple service key reg export and import to propagate
the new logon account.
regards,
Rick
Ulrich Mack
Commander Australia
On 12/22/06, Malcolm Bruton <malcolm.bruton@xxxxxxxxxxxxxxxxxx> wrote:
Hi all
We currently have policies in place which restrict which accounts can log
on as a service.
Because the SMA_CTXUser account is a local account and the SID will be
different for each server how can I add this to the policy? I could add the
power users group but of course this grants other members in this group the
ability to log on as a service.
Ideally what i'd like to do is run the Citrix Print services as a domain
account but I need a scripted way to do this across all servers. Anyone had
any luck with this?
Another option is to set the services to run as a local system accounts
but again this is not ideal.
Malcolm
Other related posts:
