ThinList Blog

Tuesday, June 24, 2008

[THIN] Client and jump drives

Running PS 4.0 on W2K3 servers. Connect client drives at logon is checked and there are no GPOs blocking this. I can successfully map com ports but when I try to map a USB jump drive, it does not map. Fails with system error 55. I’ve tried with the USB drive in place with an assigned drive letter and then logging into a Citrix desktop. From the command line, issuing the following net use E: \\client\h$ fails.

Any ideas? Has anyone gotten USB jump/flash/thumb (insert name here) drives to work in an ICA session?

[THIN] Re: Citrix in ESX 3.5

It's pretty much the same as installing it on a physical box. As for licensing, it depends on what you purchase, per device or per user. If per user, you will need 400. If per device, you need just enough to cover the number of pc's/thin client/etc that will connect to it.

adam

ananth padmanabham <isap004@yahoo.com>
Sent by: thin-bounce@freelists.org

06/23/2008 09:22 PM

Please respond to
thin@freelists.org

To	thin@freelists.org
cc
Subject	[THIN] Citrix in ESX 3.5

Hi All,

Please guide me how to install Citrix Ps4.0 in ESX 3.5?

Are there any guides, whitepapers, available ?

And how many TS Licenses are required for 400 citrix users who log in to citrix servers and work?

Anantha Padmanabham K

Bollywood, fun, friendship, sports and more. You name it, we have it.

[THIN] Re: Licensing server service

to add on, the license service is light and can be combined with other services. You could combine the TS License Server, the Citrix, License Server, web interface all on one server and not hurt yourself. You could even virtualize all that and still be ok.

Greg

On Mon, Jun 23, 2008 at 11:28 PM, BARICHELLO, Daniel <Daniel.BARICHELLO@suncorp.com.au> wrote:

Anywhere.

Regards

Daniel

-----Original Message-----
From: thin-bounce@freelists.org [mailto:thin-bounce@freelists.org] On Behalf Of SMREKAR, JACK
Sent: Tuesday, 24 June 2008 2:05 PM
To: thin@freelists.org
Subject: [THIN] Licensing server service

Is it possible to install the licensing application for Presentation
Server 4.5 on any server or does it need to be a Presentation Server
server. I know I can point any Presentation server to the service if it
is one another Presentation Server, I am just not sure if I can install
that application anywhere. I am looking to install the application on
one of our print servers as those are not rebuilt that often and it
would just be easier to have it there. But if not I can put it on one of
our Presentation servers.

Thanks

Jack Smrekar
Appleton Area School District
920-993-7062 Ext. 2123
A+ N+ Server +

************************************************
For Archives, RSS, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://www.freelists.org/list/thin
NEW! Follow Thin List on Twitter!
http://twitter.com/thinlist
Thin List discussion is now available in blog format at:
http://thinmaillist.blogspot.com
HOT! Thinlist MOBILE Feed!
http://thinlist.net/mobile
Thinlist quick pick
http://thinlist.net
************************************************

This e-mail is sent by Suncorp-Metway Limited ABN 66 010 831 722 or one of its related entities "Suncorp".
Suncorp may be contacted at Level 18, 36 Wickham Terrace, Brisbane or on 13 11 55 or at suncorp.com.au.
The content of this e-mail is the view of the sender or stated author and does not necessarily reflect the view of Suncorp. The content, including attachments, is a confidential communication between Suncorp and the intended recipient. If you are not the intended recipient, any use, interference with, disclosure or copying of this e-mail, including attachments, is unauthorised and expressly prohibited. If you have received this e-mail in error please contact the sender immediately and delete the e-mail and any attachments from your system.
If this e-mail constitutes a commercial message of a type that you no longer wish to receive please reply to this e-mail by typing Unsubscribe in the subject line.

************************************************
For Archives, RSS, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://www.freelists.org/list/thin
NEW! Follow Thin List on Twitter!
http://twitter.com/thinlist
Thin List discussion is now available in blog format at:
http://thinmaillist.blogspot.com
HOT! Thinlist MOBILE Feed!
http://thinlist.net/mobile
Thinlist quick pick
http://thinlist.net
************************************************

[THIN] Re: Citrix in ESX 3.5

Starter for 10..

http://knmi.wordpress.com/best-practices-for-deploying-citrix-on-esx/

http://www.vmware.com/pdf/vi_performance_tuning.pdf

http://support.citrix.com/article/CTX997956

If you're buying new it'll be XenApp 4.5 rather than PS4.0

You'll want 400 user TS Licenses.

From: thin-bounce@freelists.org [mailto:thin-bounce@freelists.org] On Behalf Of ananth padmanabham
Sent: 24 June 2008 05:23
To: thin@freelists.org
Subject: [THIN] Citrix in ESX 3.5

Hi All,

Please guide me how to install Citrix Ps4.0 in ESX 3.5?

Are there any guides, whitepapers, available ?

And how many TS Licenses are required for 400 citrix users who log in to citrix servers and work?

Anantha Padmanabham K

Bollywood, fun, friendship, sports and more. You name it, we have it.

[THIN] Re: Licensing server service

Anywhere.

Regards

Daniel

-----Original Message-----
From: thin-bounce@freelists.org [mailto:thin-bounce@freelists.org] On Behalf Of SMREKAR, JACK
Sent: Tuesday, 24 June 2008 2:05 PM
To: thin@freelists.org
Subject: [THIN] Licensing server service

Is it possible to install the licensing application for Presentation
Server 4.5 on any server or does it need to be a Presentation Server
server. I know I can point any Presentation server to the service if it
is one another Presentation Server, I am just not sure if I can install
that application anywhere. I am looking to install the application on
one of our print servers as those are not rebuilt that often and it
would just be easier to have it there. But if not I can put it on one of
our Presentation servers.

Thanks

Jack Smrekar
Appleton Area School District
920-993-7062 Ext. 2123
A+ N+ Server +

************************************************
For Archives, RSS, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://www.freelists.org/list/thin
NEW! Follow Thin List on Twitter!
http://twitter.com/thinlist
Thin List discussion is now available in blog format at:
http://thinmaillist.blogspot.com
HOT! Thinlist MOBILE Feed!
http://thinlist.net/mobile
Thinlist quick pick
http://thinlist.net
************************************************

This e-mail is sent by Suncorp-Metway Limited ABN 66 010 831 722 or one of its related entities "Suncorp".
Suncorp may be contacted at Level 18, 36 Wickham Terrace, Brisbane or on 13 11 55 or at suncorp.com.au.
The content of this e-mail is the view of the sender or stated author and does not necessarily reflect the view of Suncorp. The content, including attachments, is a confidential communication between Suncorp and the intended recipient. If you are not the intended recipient, any use, interference with, disclosure or copying of this e-mail, including attachments, is unauthorised and expressly prohibited. If you have received this e-mail in error please contact the sender immediately and delete the e-mail and any attachments from your system.
If this e-mail constitutes a commercial message of a type that you no longer wish to receive please reply to this e-mail by typing Unsubscribe in the subject line.
************************************************
For Archives, RSS, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://www.freelists.org/list/thin
NEW! Follow Thin List on Twitter!
http://twitter.com/thinlist
Thin List discussion is now available in blog format at:
http://thinmaillist.blogspot.com
HOT! Thinlist MOBILE Feed!
http://thinlist.net/mobile
Thinlist quick pick
http://thinlist.net
************************************************

[THIN] Citrix in ESX 3.5

Hi All,

Please guide me how to install Citrix Ps4.0 in ESX 3.5?

Are there any guides, whitepapers, available ?

And how many TS Licenses are required for 400 citrix users who log in to citrix servers and work?

Anantha Padmanabham K

Bollywood, fun, friendship, sports and more. You name it, we have it.

[THIN] Licensing server service

Thanks

Jack Smrekar
Appleton Area School District
920-993-7062 Ext. 2123
A+ N+ Server +

Monday, June 23, 2008

[THIN] Re: DSN and Access db

This isnt a mod to the db though, its a mod to the environment.

Setting up a dsn is effectively a reg key, so setting it in a policy
shouldnt be an issue.

Berny

On 6/24/08, StGeorge <wcsconnect@gmail.com> wrote:
> Just heard that Austrade will not support a dB that is modified in this way
> - the only alternative is to merge the data - will check this out.
>
> Many thanks
>
> Rob
>
> On Tue, Jun 24, 2008 at 9:39 AM, Berny Stapleton <berny@technology.net.au>
> wrote:
>
>> Umm, what about a user dsn, set in a registry key? The app would make
>> a call to a dsn, it couldnt determine user from system could it? Get a
>> test instance and try a user dsn and see if it works.
>>
>> Berny
>>
>> On 6/24/08, Greg Reese <gareese@gmail.com> wrote:
>> > it's a shame they hard code it. Multiple DSN's would do the trick for
>> you.
>> >
>> > On Mon, Jun 23, 2008 at 6:00 PM, StGeorge <wcsconnect@gmail.com> wrote:
>> >
>> >> Good Morning,
>> >>
>> >> We have a client running an Aust trade db Application. The application
>> >> uses
>> >> a System DSN to talk to an access db.
>> >> We require for good governance to run a separate db for each state,
>> >> does
>> >> anybody have any ideas as to get round this
>> >> problem? Currently if we change the DSN to point to Victoria then all
>> >> users
>> >> get the Victoria db and similar for QLD.
>> >> I was thinking of changing the DSN on the fly but I am not sure if the
>> >> application after locating the db would continue using the DSN,
>> >> this would cause a corruption with users updating the wrong db. The
>> >> DSN
>> >> is
>> >> hard coded in the the application.
>> >>
>> >> They are running a single 4.5 Adv Citrix server.
>> >>
>> >> Regards
>> >>
>> >> Rob
>> >>
>> >
>>
>> --
>> Sent from Gmail for mobile | mobile.google.com
>> ************************************************
>> For Archives, RSS, to Unsubscribe, Subscribe or
>> set Digest or Vacation mode use the below link:
>> http://www.freelists.org/list/thin
>> NEW! Follow Thin List on Twitter!
>> http://twitter.com/thinlist
>> Thin List discussion is now available in blog format at:
>> http://thinmaillist.blogspot.com
>> HOT! Thinlist MOBILE Feed!
>> http://thinlist.net/mobile
>> Thinlist quick pick
>> http://thinlist.net
>> ************************************************
>>
>

--
Sent from Gmail for mobile | mobile.google.com
************************************************
For Archives, RSS, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://www.freelists.org/list/thin
NEW! Follow Thin List on Twitter!
http://twitter.com/thinlist
Thin List discussion is now available in blog format at:
http://thinmaillist.blogspot.com
HOT! Thinlist MOBILE Feed!
http://thinlist.net/mobile
Thinlist quick pick
http://thinlist.net
************************************************

[THIN] Re: DSN and Access db

Just heard that Austrade will not support a dB that is modified in this way - the only alternative is to merge the data - will check this out.

Many thanks

Rob

On Tue, Jun 24, 2008 at 9:39 AM, Berny Stapleton <berny@technology.net.au> wrote:

Umm, what about a user dsn, set in a registry key? The app would make
a call to a dsn, it couldnt determine user from system could it? Get a
test instance and try a user dsn and see if it works.

Berny

On 6/24/08, Greg Reese <gareese@gmail.com> wrote:
> it's a shame they hard code it. Multiple DSN's would do the trick for you.
>
> On Mon, Jun 23, 2008 at 6:00 PM, StGeorge <wcsconnect@gmail.com> wrote:
>
>> Good Morning,
>>
>> We have a client running an Aust trade db Application. The application
>> uses
>> a System DSN to talk to an access db.
>> We require for good governance to run a separate db for each state, does
>> anybody have any ideas as to get round this
>> problem? Currently if we change the DSN to point to Victoria then all
>> users
>> get the Victoria db and similar for QLD.
>> I was thinking of changing the DSN on the fly but I am not sure if the
>> application after locating the db would continue using the DSN,
>> this would cause a corruption with users updating the wrong db. The DSN
>> is
>> hard coded in the the application.
>>
>> They are running a single 4.5 Adv Citrix server.
>>
>> Regards
>>
>> Rob
>>
>

--
Sent from Gmail for mobile | mobile.google.com
************************************************
For Archives, RSS, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://www.freelists.org/list/thin
NEW! Follow Thin List on Twitter!
http://twitter.com/thinlist
Thin List discussion is now available in blog format at:
http://thinmaillist.blogspot.com
HOT! Thinlist MOBILE Feed!
http://thinlist.net/mobile
Thinlist quick pick
http://thinlist.net
************************************************

[THIN] Re: DSN and Access db

Umm, what about a user dsn, set in a registry key? The app would make
a call to a dsn, it couldnt determine user from system could it? Get a
test instance and try a user dsn and see if it works.

Berny

On 6/24/08, Greg Reese <gareese@gmail.com> wrote:
> it's a shame they hard code it. Multiple DSN's would do the trick for you.
>
> On Mon, Jun 23, 2008 at 6:00 PM, StGeorge <wcsconnect@gmail.com> wrote:
>
>> Good Morning,
>>
>> We have a client running an Aust trade db Application. The application
>> uses
>> a System DSN to talk to an access db.
>> We require for good governance to run a separate db for each state, does
>> anybody have any ideas as to get round this
>> problem? Currently if we change the DSN to point to Victoria then all
>> users
>> get the Victoria db and similar for QLD.
>> I was thinking of changing the DSN on the fly but I am not sure if the
>> application after locating the db would continue using the DSN,
>> this would cause a corruption with users updating the wrong db. The DSN
>> is
>> hard coded in the the application.
>>
>> They are running a single 4.5 Adv Citrix server.
>>
>> Regards
>>
>> Rob
>>
>

[THIN] Re: DSN and Access db

it's a shame they hard code it. Multiple DSN's would do the trick for you.

On Mon, Jun 23, 2008 at 6:00 PM, StGeorge <wcsconnect@gmail.com> wrote:

Good Morning,

We have a client running an Aust trade db Application. The application uses a System DSN to talk to an access db.
We require for good governance to run a separate db for each state, does anybody have any ideas as to get round this
problem? Currently if we change the DSN to point to Victoria then all users get the Victoria db and similar for QLD.
I was thinking of changing the DSN on the fly but I am not sure if the application after locating the db would continue using the DSN,
this would cause a corruption with users updating the wrong db. The DSN is hard coded in the the application.

They are running a single 4.5 Adv Citrix server.

Regards

Rob

[THIN] DSN and Access db

Good Morning,

We have a client running an Aust trade db Application. The application uses a System DSN to talk to an access db.
We require for good governance to run a separate db for each state, does anybody have any ideas as to get round this
problem? Currently if we change the DSN to point to Victoria then all users get the Victoria db and similar for QLD.
I was thinking of changing the DSN on the fly but I am not sure if the application after locating the db would continue using the DSN,
this would cause a corruption with users updating the wrong db. The DSN is hard coded in the the application.

They are running a single 4.5 Adv Citrix server.

Regards

Rob

[THIN] Re: Printers not deleting on exit

Thanks! Those look very useful.

Rob

From: thin-bounce@freelists.org [mailto:thin-bounce@freelists.org] On Behalf Of TSguy92 Lan
Sent: Monday, June 23, 2008 12:53 PM
To: thin@freelists.org
Subject: [THIN] Re: Printers not deleting on exit

Hi,

Not quite sure on issue # 1, but as for issue # 2.

If you installed VMware tools on the virtualized terminal server, and if you enabled the "shared folders feature", there is a specific file that gets put under each user's profile which prevents user profiles from clearing off the server correctly. That file = hgfs.dat.

The following link details this issue and a suggested correction:

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1317

You may also want to take a look at the UPHC as well:

http://www.microsoft.com/downloads/details.aspx?FamilyId=1B286E6D-8912-4E18-B570-42470E2F3582&displaylang=en

HTH

Lan

On Mon, Jun 23, 2008 at 9:24 AM, Rob Moore <RMoore@afsc.org> wrote:

Hello—

Sorry for what I imagine is a very basic question. But I administer (among other servers at a non-profit) only two Terminal Services servers (Windows Server 2003) that are mostly "set and forget." So when problems crop up, I don't have much experience to draw on.

Anyway, I recently migrated one of my TS servers to a virtual environment (VMWare Infrastructure). Almost all went well. There are two problems, though:

1. When people log off the terminal server, their printers don't delete. A lot of these printers, though not all, are the Fallback Printers.

2. User's profiles are located on another server but are cached locally on the terminal server. When the user exits, the cached profiles are not being deleted. And then the next time the user logs onto the TS, a new copy of the cached profile is created. Any particular user now has many many cached profiles.

Neither of these behaviors were exhibiting themselves before the migration. As far as I can see, all the appropriate local policies and permissions moved over in the migration. There's nothing in the Event Logs.

Can anybody help me figure out what's going on?

Thanks,

Rob

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Rob Moore

Network Manager

215-241-7870

Help Desk: 800-500-AFSC

[THIN] Re: Printers not deleting on exit

On Mon, Jun 23, 2008 at 9:24 AM, Rob Moore <RMoore@afsc.org> wrote:

Hello—

Sorry for what I imagine is a very basic question. But I administer (among other servers at a non-profit) only two Terminal Services servers (Windows Server 2003) that are mostly "set and forget." So when problems crop up, I don't have much experience to draw on.

Anyway, I recently migrated one of my TS servers to a virtual environment (VMWare Infrastructure). Almost all went well. There are two problems, though:

1. When people log off the terminal server, their printers don't delete. A lot of these printers, though not all, are the Fallback Printers.

2. User's profiles are located on another server but are cached locally on the terminal server. When the user exits, the cached profiles are not being deleted. And then the next time the user logs onto the TS, a new copy of the cached profile is created. Any particular user now has many many cached profiles.

Neither of these behaviors were exhibiting themselves before the migration. As far as I can see, all the appropriate local policies and permissions moved over in the migration. There's nothing in the Event Logs.

Can anybody help me figure out what's going on?

Thanks,

Rob

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Rob Moore

Network Manager

215-241-7870

Help Desk: 800-500-AFSC

[THIN] Re: Printers not deleting on exit

Run RSOP on the server you are haveing problems with and verify policies are being set.

Jim Kenzig
Microsoft MVP - Windows Server Presentation and Hosted Desktop Virtualization
Citrix Technology Professional
Blog: http://www.techblink.com

On Mon, Jun 23, 2008 at 12:24 PM, Rob Moore <RMoore@afsc.org> wrote:

Hello—

Sorry for what I imagine is a very basic question. But I administer (among other servers at a non-profit) only two Terminal Services servers (Windows Server 2003) that are mostly "set and forget." So when problems crop up, I don't have much experience to draw on.

Anyway, I recently migrated one of my TS servers to a virtual environment (VMWare Infrastructure). Almost all went well. There are two problems, though:

1. When people log off the terminal server, their printers don't delete. A lot of these printers, though not all, are the Fallback Printers.

2. User's profiles are located on another server but are cached locally on the terminal server. When the user exits, the cached profiles are not being deleted. And then the next time the user logs onto the TS, a new copy of the cached profile is created. Any particular user now has many many cached profiles.

Neither of these behaviors were exhibiting themselves before the migration. As far as I can see, all the appropriate local policies and permissions moved over in the migration. There's nothing in the Event Logs.

Can anybody help me figure out what's going on?

Thanks,

Rob

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Rob Moore

Network Manager

215-241-7870

Help Desk: 800-500-AFSC

[THIN] Printers not deleting on exit

Hello—

Sorry for what I imagine is a very basic question. But I administer (among other servers at a non-profit) only two Terminal Services servers (Windows Server 2003) that are mostly “set and forget.” So when problems crop up, I don’t have much experience to draw on.

Anyway, I recently migrated one of my TS servers to a virtual environment (VMWare Infrastructure). Almost all went well. There are two problems, though:

1. When people log off the terminal server, their printers don’t delete. A lot of these printers, though not all, are the Fallback Printers.

2. User’s profiles are located on another server but are cached locally on the terminal server. When the user exits, the cached profiles are not being deleted. And then the next time the user logs onto the TS, a new copy of the cached profile is created. Any particular user now has many many cached profiles.

Can anybody help me figure out what’s going on?

Thanks,

Rob

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Rob Moore

Network Manager

215-241-7870

Help Desk: 800-500-AFSC

[THIN] Download Pick: Virtual Machine Remote Control Client Plus (VMRCplus)

VMRCplus is a tool for both configuration management of Virtual Server and remote control of virtual machines. It allows for local and remote management of Virtual Server and supports simultaneous management of up to 32 Virtual Server hosts.

Remote control sessions of virtual machines are grouped in a single window using Tab pages. The interface enables sorting virtual machines based on various properties like name, status and description. Multi-select of virtual machines enable you to perform actions to change their status or open remote control sessions all at once.

VMRCplus is a Windows application and does not require IIS to manage Virtual Server.
Get it at:
http://www.microsoft.com/downloads/details.aspx?FamilyID=80adc08c-bfc6-4c3a-b4f1-772f550ae791&DisplayLang=en

--
Jim Kenzig
Microsoft MVP - Windows Server Presentation and Hosted Desktop Virtualization
Citrix Technology Professional
Blog: http://www.techblink.com

[THIN] Re: Terminal Services Configuration

That's exactly how I am recovering the account at the moment while I am doing up the build. In the long term though, this won't be a requirement and if we have to do anything, it's will be because the box has been compromised and then it's cloning, examination and a rebuild with a fix.

The new admin account already has permissions over those keys, so that's not it.

Berny

2008/6/23 Adam Thompson <adwulf@gmail.com>:

2008/6/23 Berny Stapleton <berny@technology.net.au>:

> The administrator account on this host is disabled, and I am trying to
> replace it. Effectively, I want the Administrator SID to be useless,
> unfortunately from what I have seen so far is that Windows is hard coded in
> places to use the Administrator SID, so this is going to be impossible. I
> would like to get as close to it as possible though.
>
> The only way I can get the admin account back now is to boot off a CD and
> modify the registry offline.
>

You should be able to regain access to the Administrator account by
using the bootdisk at:
http://home.eunet.no/pnordahl/ntpasswd/
- it will unlock and enable the administrator account, as well as
reset the password.

To allow non-admins the rights to modify the TS configuration, I'd run
some regmon/filemon traces to see where the config is kept.
Then create a group (eg TermServAdmins) and grant modify permissions
on those files/keys for that group.

Start by looking at HKLM\Software\Policies\Microsoft\Windows
NT\Terminal Services
and
HKLM\Software\Windows NT\Current Version\Terminal Server

and seeing what the current permissions are. You might be able to
fine-tune the permissions a bit (so some TS admins can do certain
things, but not others).

--
AdamT
"At times one remains faithful to a cause only because its opponents
do not cease to be insipid." - Nietzsche
************************************************
For Archives, RSS, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://www.freelists.org/list/thin
NEW! Follow Thin List on Twitter!
http://twitter.com/thinlist
Thin List discussion is now available in blog format at:
http://thinmaillist.blogspot.com
HOT! Thinlist MOBILE Feed!
http://thinlist.net/mobile
Thinlist quick pick
http://thinlist.net
************************************************

[THIN] Re: Terminal Services Configuration

It is possible to disable the administrator account via local security policy and that's exactly how we are doing it. I have written up a security policy that we are applying to the machine, and I have a batch file of subinacl commands that make permissions changes to the registry and filesytem for the new users and administrators groups.

I am trying to limit scope, and there are things that I want the new admin user to be able to do, and others that I don't. Changing TS config is one thing that I would like them to be able to do; acting as part of the operating system, I don't.

It's an un-attended install for us, so ghosting the server I don't care too much about, I just rebuild the box, drop a couple of software components on it, re-harden it, and drop it back off into the wild. I can have it back within a day, and that's good enough for the business.

Berny

2008/6/23 Joe Shonk <joe.shonk@gmail.com>:

Is that really necessary? It is not recommended (nor possible via normal means) to disable the administrator's account. If you're worried about someone getting in the machine and having admin rights then keep the scope of the administrators group to the local administrator and keep a ghost image of the server for easy recovery.

Joe

On Mon, Jun 23, 2008 at 5:15 AM, Berny Stapleton <berny@technology.net.au> wrote:

The administrator account on this host is disabled, and I am trying to replace it. Effectively, I want the Administrator SID to be useless, unfortunately from what I have seen so far is that Windows is hard coded in places to use the Administrator SID, so this is going to be impossible. I would like to get as close to it as possible though.

The only way I can get the admin account back now is to boot off a CD and modify the registry offline.

Berny

2008/6/23 Joe Shonk <joe.shonk@gmail.com>:

Run with elevated rights?

Joe

On Mon, Jun 23, 2008 at 4:23 AM, Berny Stapleton <berny@technology.net.au> wrote:
Hi all,

Does anyone know how to allow permissions to modify / configure the Terminal Services Configuration without adding someone to the Administrators group?

I have given the user Full Control on the permissions tab, but they can't modify the configuration...

Thanks,

Berny

[THIN] Re: Terminal Services Configuration

Is that really necessary? It is not recommended (nor possible via normal means) to disable the administrator's account. If you're worried about someone getting in the machine and having admin rights then keep the scope of the administrators group to the local administrator and keep a ghost image of the server for easy recovery.

Joe

On Mon, Jun 23, 2008 at 5:15 AM, Berny Stapleton <berny@technology.net.au> wrote:

The administrator account on this host is disabled, and I am trying to replace it. Effectively, I want the Administrator SID to be useless, unfortunately from what I have seen so far is that Windows is hard coded in places to use the Administrator SID, so this is going to be impossible. I would like to get as close to it as possible though.

The only way I can get the admin account back now is to boot off a CD and modify the registry offline.

Berny

2008/6/23 Joe Shonk <joe.shonk@gmail.com>:

Run with elevated rights?

Joe

On Mon, Jun 23, 2008 at 4:23 AM, Berny Stapleton <berny@technology.net.au> wrote:
Hi all,

Does anyone know how to allow permissions to modify / configure the Terminal Services Configuration without adding someone to the Administrators group?

I have given the user Full Control on the permissions tab, but they can't modify the configuration...

Thanks,

Berny

[THIN] Re: Terminal Services Configuration

2008/6/23 Berny Stapleton <berny@technology.net.au>:
> The administrator account on this host is disabled, and I am trying to
> replace it. Effectively, I want the Administrator SID to be useless,
> unfortunately from what I have seen so far is that Windows is hard coded in
> places to use the Administrator SID, so this is going to be impossible. I
> would like to get as close to it as possible though.
>
> The only way I can get the admin account back now is to boot off a CD and
> modify the registry offline.
>

You should be able to regain access to the Administrator account by
using the bootdisk at:
http://home.eunet.no/pnordahl/ntpasswd/

- it will unlock and enable the administrator account, as well as
reset the password.

To allow non-admins the rights to modify the TS configuration, I'd run
some regmon/filemon traces to see where the config is kept.
Then create a group (eg TermServAdmins) and grant modify permissions
on those files/keys for that group.

Start by looking at HKLM\Software\Policies\Microsoft\Windows
NT\Terminal Services
and
HKLM\Software\Windows NT\Current Version\Terminal Server

and seeing what the current permissions are. You might be able to
fine-tune the permissions a bit (so some TS admins can do certain
things, but not others).

--
AdamT
"At times one remains faithful to a cause only because its opponents
do not cease to be insipid." - Nietzsche
************************************************
For Archives, RSS, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://www.freelists.org/list/thin
NEW! Follow Thin List on Twitter!
http://twitter.com/thinlist
Thin List discussion is now available in blog format at:
http://thinmaillist.blogspot.com
HOT! Thinlist MOBILE Feed!
http://thinlist.net/mobile
Thinlist quick pick
http://thinlist.net
************************************************

[THIN] Re: Terminal Services Configuration

The administrator account on this host is disabled, and I am trying to replace it. Effectively, I want the Administrator SID to be useless, unfortunately from what I have seen so far is that Windows is hard coded in places to use the Administrator SID, so this is going to be impossible. I would like to get as close to it as possible though.

The only way I can get the admin account back now is to boot off a CD and modify the registry offline.

Berny

2008/6/23 Joe Shonk <joe.shonk@gmail.com>:

Run with elevated rights?

Joe

On Mon, Jun 23, 2008 at 4:23 AM, Berny Stapleton <berny@technology.net.au> wrote:
Hi all,

Does anyone know how to allow permissions to modify / configure the Terminal Services Configuration without adding someone to the Administrators group?

I have given the user Full Control on the permissions tab, but they can't modify the configuration...

Thanks,

Berny

[THIN] Re: Terminal Services Configuration

Run with elevated rights?

Joe

On Mon, Jun 23, 2008 at 4:23 AM, Berny Stapleton <berny@technology.net.au> wrote:

Hi all,

Does anyone know how to allow permissions to modify / configure the Terminal Services Configuration without adding someone to the Administrators group?

I have given the user Full Control on the permissions tab, but they can't modify the configuration...

Thanks,

Berny

[THIN] Re: Terminal Services Configuration

Since TS is a service I would suspect you have to give them rights to modify services also.

On Mon, Jun 23, 2008 at 7:23 AM, Berny Stapleton <berny@technology.net.au> wrote:

Hi all,

Does anyone know how to allow permissions to modify / configure the Terminal Services Configuration without adding someone to the Administrators group?

I have given the user Full Control on the permissions tab, but they can't modify the configuration...

Thanks,

Berny

--
Jim Kenzig
Microsoft MVP - Windows Server Presentation and Hosted Desktop Virtualization
Citrix Technology Professional
Blog: http://www.techblink.com

[THIN] Terminal Services Configuration

Hi all,

Does anyone know how to allow permissions to modify / configure the Terminal Services Configuration without adding someone to the Administrators group?

I have given the user Full Control on the permissions tab, but they can't modify the configuration...

Thanks,

Berny

ThinList Blog

Tuesday, June 24, 2008

[THIN] Client and jump drives

[THIN] Re: Citrix in ESX 3.5

[THIN] Re: Licensing server service

[THIN] Re: Citrix in ESX 3.5

[THIN] Re: Licensing server service

[THIN] Citrix in ESX 3.5

[THIN] Licensing server service

Monday, June 23, 2008

[THIN] Re: DSN and Access db

[THIN] Re: DSN and Access db

[THIN] Re: DSN and Access db

[THIN] Re: DSN and Access db

[THIN] DSN and Access db

[THIN] Re: Printers not deleting on exit

[THIN] Re: Printers not deleting on exit

[THIN] Re: Printers not deleting on exit

[THIN] Printers not deleting on exit

[THIN] Download Pick: Virtual Machine Remote Control Client Plus (VMRCplus)

[THIN] Re: Terminal Services Configuration

[THIN] Re: Terminal Services Configuration

[THIN] Re: Terminal Services Configuration

[THIN] Re: Terminal Services Configuration

[THIN] Re: Terminal Services Configuration

[THIN] Re: Terminal Services Configuration

[THIN] Re: Terminal Services Configuration

[THIN] Terminal Services Configuration

About Me

Blog Archive