I had to create a specific OU for WebSense systems for the local WebSense account - however as I recall it only needed to be present on the actual WebSense server itself, not on any of the Citrix servers.
I just went the easy route and created a Citrix Servers OU with the Restricted Groups/User Rights GPO naming the local accounts. I am pretty sure the ctx_cpsvcuser is the only one that gets used (it runs a service, as I recall, although I haven't tried removing it from there yet). The specific OU seemed the easiest route as I have lots of GPOs specifically for my Citrix servers, Loopback Policy Processing and the like. 2009/5/28 Joe Heaton <[email protected]> > That's exactly the case here. One of the accounts is the Ctx_SmaUser > account, the other is a Websense account. For some reason, local policies > on the servers here are set by a domain GPO. This is what is causing the > issue, because the domain GPO can't map a local account to a SID... > > So is the solution to remove the servers in question from the OU, or remove > the local policy settings from the GPO? Which is the wiser path to follow? > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
