Dec 052018
 

It can be usefull to launch certain tasks on the behalf of the user, in the user security context, on a CVAD server.

Create the task in the Task Scheduler then export it as XML. Find and replace the “<Principals>” entries with either Interactive Users or Users:

Interactive Users:
  <Principals>
    <Principal id="InteractiveUsers">
      <GroupId>S-1-5-4</GroupId>
      <RunLevel>LeastPrivilege</RunLevel>
    </Principal>
  </Principals>

or Users
  <Principals>
    <Principal id="InteractiveUsers">
      <GroupId>S-1-5-32-545</GroupId>
      <RunLevel>HighestAvailable</RunLevel>
    </Principal>
  </Principals>

Interactive users is the one I use the most. I keep the Users group ID in case I would neet to run a task with high privileges. But this is not recommended and even dangerous. Interactive tasks (impersonating users security context) can be used for small local tasks, but should not be used to run more important applications.

What about GPPs?

When deploying an interactive task via GPP to all Citrix CVAD servers, “%LogonDomain%\%LogonUser%” can be used in the graphic interface.

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

(required)

(required)

This site uses Akismet to reduce spam. Learn how your comment data is processed.