Hi Malcolm, You're perfectly right. I conveniently (mental too hard basket?) forgot that you would then have to add the dcom and ica listener perms. tsconsec takes care of the ica listener, eg *:: remove local Ctx_Sma_user* *TSConSec /t:ICA /a:Ctx_SmaUser /p: /Q* *:: add domain\Ctx_SmaUser* *TSConSec /t:ICA /a:domain\Ctx_SmaUser /p:QV /Q* The dcom perms are a bit harder but here goes. Note that this requires a couple of utilities, dcomperm.exe and dcp.exe and that you'll also have to think about the ctx_configmgr local user. eg *:: set DCOM ACLs, default launch permissions* *:: remove local Ctx_SmaUser dcp -dl remove %computername%\Ctx_SmaUser :: add domain\Ctx_SmaUser dcp -dl set %domain%\Ctx_SmaUser permit :: Citrix IMA External Storage, AppID {2EA16A8A-9B99-4b39-9F6C-47E53A56987A}, access permissions* *:: remove local Ctx_ConfigMgr dcomperm -aa {2EA16A8A-9B99-4b39-9F6C-47E53A56987A} remove %computername%\Ctx_ConfigMgr :: add domain\Ctx_ConfigMgr dcomperm -aa {2EA16A8A-9B99-4b39-9F6C-47E53A56987A} set %domain%\Ctx_ConfigMgr permit :: Citrix IMA Service, AppID {472FEEDC-FC0A-48f9-A87F-76E03653F1FF}, access permissions* *:: remove local Ctx_SmaUser dcomperm -aa {472FEEDC-FC0A-48f9-A87F-76E03653F1FF} remove %computername%\Ctx_SmaUser :: add domain\Ctx_SmaUser dcomperm -aa {472FEEDC-FC0A-48f9-A87F-76E03653F1FF} set %domain%\Ctx_SmaUser permit :: Citrix SMA Service, AppID {BBBF5400-E091-11D8-AD76-005056C00008}* *:: remove local Ctx_SmaUser* *dcomperm -aa {BBBF5400-E091-11D8-AD76-005056C00008} remove %computername%\Ctx_SmaUser* *:: add domain\Ctx_SmaUser access permission dcomperm -aa {BBBF5400-E091-11D8-AD76-005056C00008} set %domain%\Ctx_SmaUser permit :: add domain\Ctx_SmaUser launch permission dcomperm -al {BBBF5400-E091-11D8-AD76-005056C00008} set %domain%\Ctx_SmaUser permit :: This handles RunAs Ctx_SmaUser dcomperm -runas {BBBF5400-E091-11D8-AD76-005056C00008} %domain%\Ctx_SmaUser password* ** I'd started to port this to a Vbscript using dcomperm.dll but the advent of the ctx_smauser repair tool saved me. If you like I can send you some example script that would help out. regards, Rick Ulrich Mack Commander Australia On 12/23/06, Malcolm Bruton <malcolm.bruton@xxxxxxxxxxxxxxxxxx> wrote:
Rick that's great. I have some thing similar to this for services already. But won't I also need to change perms on all sorts of other things as per CTX106393. Some scripting work to do I think.... I was hoping that CTX111464 was the way but it of course that only resets up what was there.... Keep thinking that citrix need to sort this as part of the install so you can chooses a domain account !!! Will change to system account short term... Malcolm