Re: Log On as a Service question

I had to create a specific OU for WebSense systems for the local WebSense account - however as I recall it only needed to be present on the actual WebSense server itself, not on any of the Citrix servers. I just went the easy route and created a Citrix Servers OU with the Restricted Groups/User Ri

RE: Log On as a Service question

I am trying to see why would you even try and place this account through domain GPO, why not place the said account in appropriate built-in groups (Administrator etc.) and get over with it. FYI, Citrix PS 4.5 and above has eliminated all accounts other than "ctx_cpsvcuser", that's the only acc

RE: Log On as a Service question

Remove the setting from the GPO and put it in the Local Policy. -Original Message- From: Joe Heaton [mailto:jhea...@etp.ca.gov] Sent: Thursday, May 28, 2009 1:38 PM To: NT System Admin Issues Subject: RE: Log On as a Service question yes, the accounts are able to do what they need to do

Re: Log On as a Service question

Joe, I don't want to lead you down the wrong path. I could be totally off base and whatever I recall may be specific to our environment. I tried locating some old conversations with one of my colleagues about those accounts, but I couldn't find anything. I'll keep looking and let you know if I co

Re: Log On as a Service question

Hmm, anyone else know anything about that? It'd reduce my headache quite a bit if I could remove that. We're running PS 4.0 if that makes any difference. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ ~

Re: Log On as a Service question

t. I believe I > tried this years ago and as long as the local account names were the same it > still worked. > > -Original Message- > From: Joe Heaton [mailto:jhea...@etp.ca.gov] > Sent: Thursday, May 28, 2009 7:48 AM > To: NT System Admin Issues > Subject: Log On as a

RE: Log On as a Service question

yes, the accounts are able to do what they need to do. However, because the rights are being assigned to local policy, through GPO, these local accounts are being applied to other servers. i.e. srv1\Ctx_Smauser is being assigned to srv2, srv3, etc. Since there's no mapping to a domain SID, it

RE: Log On as a Service question

- From: Joe Heaton [mailto:jhea...@etp.ca.gov] Sent: Thursday, May 28, 2009 7:48 AM To: NT System Admin Issues Subject: Log On as a Service question I have two local accounts that have been granted the Log On as a Service permission, within a GPO. This is causing Event ID 1202 errors, from

Re: Log On as a Service question

That's exactly the case here. One of the accounts is the Ctx_SmaUser account, the other is a Websense account. For some reason, local policies on the servers here are set by a domain GPO. This is what is causing the issue, because the domain GPO can't map a local account to a SID... So is th

Re: Log On as a Service question

I usually add a specific GPO for servers that need local accounts with special user rights, in a separate OU. The only ones I have that do this are Citrix servers which have some queer local accounts that need to have some rights on the system. 2009/5/28 Joe Heaton > I have two local accounts th

RE: Log On as a Service question

Is it a local policy? -Original Message- From: Joe Heaton [mailto:jhea...@etp.ca.gov] Sent: Thursday, May 28, 2009 10:48 AM To: NT System Admin Issues Subject: Log On as a Service question I have two local accounts that have been granted the Log On as a Service permission, within a GPO

Log On as a Service question

I have two local accounts that have been granted the Log On as a Service permission, within a GPO. This is causing Event ID 1202 errors, from SceCli. The main description is as follows: "Security policies were propagated with warning. 0x534 : No mapping between account names and security IDs