Dec 052018
It can be usefull to launch certain tasks on the behalf of the user, in the user security context, on a CVAD server.
Create the task in the Task Scheduler then export it as XML. Find and replace the “<Principals>” entries with either Interactive Users or Users:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
Interactive Users: <Principals> <Principal id="InteractiveUsers"> <GroupId>S-1-5-4</GroupId> <RunLevel>LeastPrivilege</RunLevel> </Principal> </Principals> or Users <Principals> <Principal id="InteractiveUsers"> <GroupId>S-1-5-32-545</GroupId> <RunLevel>HighestAvailable</RunLevel> </Principal> </Principals> |
Interactive users is the one I use the most. I keep the Users group ID in case I would neet to run a task with high privileges. But this is not recommended and even dangerous. Interactive tasks (impersonating users security context) can be used for small local tasks, but should not be used to run more important applications.
What about GPPs?
When deploying an interactive task via GPP to all Citrix CVAD servers, “%LogonDomain%\%LogonUser%” can be used in the graphic interface.
