[THIN] Re: SMA_CTXUser account

• From: "Rick Mack" <ulrich.mack@xxxxxxxxx>
• To: thin@xxxxxxxxxxxxx
• Date: Sat, 23 Dec 2006 07:43:29 +1000

Hi Malcolm,

You're perfectly right. I conveniently (mental too hard basket?) forgot that
you would then have to add the dcom and ica listener perms.

tsconsec takes care of the ica listener, eg

*:: remove local Ctx_Sma_user*
*TSConSec /t:ICA /a:Ctx_SmaUser /p: /Q*
*:: add domain\Ctx_SmaUser*
*TSConSec /t:ICA /a:domain\Ctx_SmaUser /p:QV /Q*

The dcom perms are a bit harder but here goes. Note that this requires a
couple of utilities, dcomperm.exe and dcp.exe and that you'll also have to
think about the ctx_configmgr local user. eg

*:: set DCOM ACLs, default launch permissions*
*:: remove local Ctx_SmaUser
dcp -dl remove %computername%\Ctx_SmaUser
:: add domain\Ctx_SmaUser
dcp -dl set %domain%\Ctx_SmaUser permit

:: Citrix IMA External Storage, AppID
{2EA16A8A-9B99-4b39-9F6C-47E53A56987A}, access permissions*
*:: remove local Ctx_ConfigMgr
dcomperm -aa {2EA16A8A-9B99-4b39-9F6C-47E53A56987A} remove
%computername%\Ctx_ConfigMgr
:: add domain\Ctx_ConfigMgr
dcomperm -aa {2EA16A8A-9B99-4b39-9F6C-47E53A56987A} set
%domain%\Ctx_ConfigMgr permit

:: Citrix IMA Service, AppID {472FEEDC-FC0A-48f9-A87F-76E03653F1FF}, access
permissions*
*:: remove local Ctx_SmaUser
dcomperm -aa {472FEEDC-FC0A-48f9-A87F-76E03653F1FF} remove
%computername%\Ctx_SmaUser
:: add domain\Ctx_SmaUser
dcomperm -aa {472FEEDC-FC0A-48f9-A87F-76E03653F1FF} set %domain%\Ctx_SmaUser
permit

:: Citrix SMA Service, AppID {BBBF5400-E091-11D8-AD76-005056C00008}*
*:: remove local Ctx_SmaUser*
*dcomperm -aa {BBBF5400-E091-11D8-AD76-005056C00008} remove
%computername%\Ctx_SmaUser*
*:: add domain\Ctx_SmaUser access permission
dcomperm -aa {BBBF5400-E091-11D8-AD76-005056C00008} set %domain%\Ctx_SmaUser
permit
:: add domain\Ctx_SmaUser launch permission
dcomperm -al {BBBF5400-E091-11D8-AD76-005056C00008} set %domain%\Ctx_SmaUser
permit

:: This handles RunAs Ctx_SmaUser
dcomperm -runas {BBBF5400-E091-11D8-AD76-005056C00008} %domain%\Ctx_SmaUser
password*
**
I'd started to port this to a Vbscript using dcomperm.dll but the advent of
the ctx_smauser repair tool saved me. If you like I can send you some
example script that would help out.

regards,

Rick

Ulrich Mack
Commander Australia


On 12/23/06, Malcolm Bruton <malcolm.bruton@xxxxxxxxxxxxxxxxxx> wrote:

 Rick that's great.  I have some thing similar to this for services
already.  But won't I also need to change perms on all sorts of other things
as per CTX106393.



Some scripting work to do I think....



I was hoping that CTX111464 was the way but it of course that only resets
up what was there....



Keep thinking that citrix need to sort this as part of the install so you
can chooses a domain account !!!



Will change to system account short term...



Malcolm

• References:
  • [THIN] Re: SMA_CTXUser account
    • From: Rick Mack
  • [THIN] Re: SMA_CTXUser account
    • From: Malcolm Bruton

Other related posts:

• » [THIN] SMA_CTXUser account
• » [THIN] Re: SMA_CTXUser account
• » [THIN] Re: SMA_CTXUser account
• » [THIN] Re: SMA_CTXUser account
• » [THIN] Re: SMA_CTXUser account

1. Home
2. thin
3. Archive
4. 12-2006

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---