Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

regular users can now restart/shutdown citrix server

Status
Not open for further replies.
otisteav

otisteav

IS-IT--Management
Feb 20, 2002
7
US
When I joined the Citrix server to Active Directory, suddenly all users have rights to restart or worst, shutdown the server. Before joining AD, there use to be a group called, Power Users. That group is no longer around after joining AD. Now everybody seem to have Power Users rights. How do i remove that access and what ever happened to Power Users group??
 
Sort by date Sort by votes
Hey otisteav,
That exact thing happend to me. We have 30 citrix servers running windows 2000 sp/2 and MF 1.8 w/sp3. Our servers had NT policies applied to it and they worked great!
After our move to AD they stopped working!!!!! Our end-users had the ability to reboot/shutdown/install wallpaper/screensavers and other bad things. The reason why our policies stopped working was because the policies were created with a NT 4 policy editor (poledit). This worked great if u were in a NT 4.0 environment but it doesn't work in a Ad environment. You'll have to create an OU for your citrix servers and then move your citrix servers into that OU. Then you will apply Group Policies via Ad to that OU and that should take care of it.

Hope that helps out.
 
Upvote 0 Downvote
It's possible to use local Group policies under Win2K if needed. Run gpedit.msc on a 'master' server- then copy the files from %systemroot%\winnt\system32\group policy (hidden folder) to the corresponding folders on your servers- then deny read permission for the folders to admins and bingo off you go.

You can also place the files on a central server and force the others in the farm to read from them. Logon on time is extended though.

Hope this helps.
 
Upvote 0 Downvote
Thanks enigma99 and Strongone for your post, but I had
a feeling that my problem was much more simplistic. And it was afer talking to MS tech support.

Before joining AD, local security policy only had 'administrators' and 'power users' the right to 'shutdown system'. After joing AD, local security policy was still the same, HOWEVER, effective policy settings came into play. So, it turned out that the Domain Controller Policy had Printer Operators with rights to shutdown system. And sure enough, users were a member of Printer Operators.

I removed the Printer Operators from 'shutdown system' and everything to back to normal.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

vgulielmus
  • Question
Windows 10 Pro - cannot use the start button
Replies
3
Views
246
vgulielmus
vgulielmus
wavestar69
  • Locked
  • Question
Trouble starting WinFrame 1.7 after replacing server
Replies
0
Views
134
wavestar69
wavestar69
damienenglish
  • Locked
  • Question
Citrix Replication Fault Detection
Replies
0
Views
113
damienenglish
damienenglish
DreemaGurl
  • Locked
  • Question
Can't log on to Citrix through emote access portal
Replies
1
Views
277
ntinlin
ntinlin
SpenceWaller
  • Locked
  • Question
Citrix CSG - Allow users to change password
Replies
0
Views
83
SpenceWaller
SpenceWaller

Part and Inventory Search

Sponsor

Back
Top