[THIN] Re: Shadowing Issue
- From: "John Hardwick" <jhardwick@xxxxxxxx>
- To: <thin@xxxxxxxxxxxxx>
- Date: Wed, 6 Oct 2004 12:22:26 -0500
Thanks for the reply Rick. My only issue with QuickShadow or even
perhaps the Shadow toolbar (haven't tested it yet) is that I need the
user to only be able to shadow a select group of users? Does anyone
know what scope the policies that are setup in Citrix apply to? I.e.
will QuickShadow only allow shadowing of the restricted set of users?
John Hardwick
President
nXio, LLC.
913-754-8120 x125
www.nxio.net
________________________________
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Rick Mack
Sent: Wednesday, October 06, 2004 6:43 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Shadowing Issue
Hi John,
Sounds like you've done all the right things.
Don't know whether I'd spend a lot more time with mfadmin.
Try the shadow toolbar or quikshadow (downloadable from www.thethin.net)
first.
If they work, then the issue is with mfadmin rather than a shadowing
rights or policies issue.
As an example, I use a script with cshadow.exe to do many to one user
shadowing (for remote group training) with almost exactly the same setup
as you.
regards,
Rick
Ulrich Mack
Volante Systems Ltd
18 Heussler Terrace, Milton 4064
Queensland Australia.
Ph: +61 7 3246 7704
email: rmack@xxxxxxxxxxxxxx
web: www.volante.com.au
-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx
[mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of John Hardwick
Sent: Wednesday, 6 October 2004 8:50 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Shadowing Issue
I have a MF 3.0 Server with all of the latest hot fixes
installed. It is running on 2003 standard server.
The problem I am having is that I have several
non-administrative users that need shadowing rights and I'm not sure
what I'm missing as I've set this up time after time on other server
farms without a problem.
I have a Citrix policy that is applied to the group of users to
be shadowed. It is configured as Configuration enabled, Allow
Shadowing, Prohibit Shadowing without notification and the permissions
are set as enabled and the group of users that need to do the shadowing
is added below.
If I do a resultant set of policy in group policy it is
configured as follows:
Computer / Administrative / Windows Components / Terminal
Services
* Allow users to connect remotely - enabled
* Automatic reconnection - enabled
* Keep-alive connections - enabled - interval 1
* Restrict to single session - disabled
* Sets rules - enabled - Full control with user's
permission
Computer / Administrative / Windows Components / Terminal
Services/Sessions
* Allow reconnection from original client only - disabled
So I thought that perhaps it was security settings or something
on the individual servers... so I took the group that contains all of
the users that should have the full rights to shadow as defined in the
Citrix policy as well and configured them manually on each of the
terminal server's ICA connections to be "Special" which is the
combination of full, user access and guest access along with logoff I
believe it was (basically everything under the advanced options.)
The users are able to logon now and go into MF Admin, right
click on a user and the only options that they get are:
Disconnect
Send Message
Reset
Status
Logoff
And if they happen to be running MF Admin from the same server
as the user they are allowed the connect option. (See problem #2
below.)
I'm not sure what I'm missing... ideally this select group of
people need to be able to shadow a set group of users no matter what
server they are on, be able to connect to their disconnects, etc as
well. I'm just out of permission places to look that I can think of.
PS... as a regular administrator (outside of the group above) I
am able to shadow any user on any server.
Problem #2...
As the domain admin and any of my admin accounts for that
matter... I am only able to connect to connections that are on the same
TS as MF Admin is running from and then MF Admin will not allow me to do
anything to a disconnected session other than reset it or log it off.
I would like to be able to connect to them.
This is a new server farm so this is all probably based on
something that I missed somewhere in the config.
Problem #3... perhaps related...
I have some users who will be disconnected from a session and
the server shows the session as disconnected, but when they attempt to
reconnect they are told they already have an instance of the application
running and it won't reconnect the session.
Sessions are set to allow reconnect from any device, so again no
clue as to why its not working.
Thanks in advance for any help or direction that anyone can
provide.
John Hardwick
President
nXio, LLC.
913-754-8120 x125
www.nxio.net
________________________________
This e-mail, including all attachments, may be confidential or
privileged. Confidentiality or privilege is not waived or lost because
this e-mail has been sent to you in error. If you are not the intended
recipient any use, disclosure or copying of this e-mail is prohibited.
If you have received it in error please notify the sender immediately by
reply e-mail and destroy all copies of this e-mail and any attachments.
All liability for direct and indirect loss arising from this e-mail and
any attachments is hereby disclaimed to the extent permitted by law.
________________________________
Other related posts:
