Permissions

From ThinManager Knowledge Base
Jump to: navigation, search

ThinServer on Synchronized systems should run the same user for the Thinserver Service.

Terminal Servers/Display Servers set up in ThinManager should also use the same User set in the Thinserver Service.


Local User

By default the Administrators group will have access to everything locally. Different Permissions can be delegated via the ThinManager Security Groups.

Example:

  • Server A User: Administrator1
  • Server B User: Administrator1

Active Directory

In order for the Active Directory Integration to work the user Thinserver is running as needs these permissions:

  • “List Contents”

Thinserver need to be able to read certain properties of the AD users:

  • Name
  • userPrincipalName
  • distinguishedName
  • objectClass
  • objectGuid
  • objectSid
  • userAccountControl
  • objectCategory
  • sAMAccountName

Thinserver also needs to be able to read some attributes for the domain object:

  • maxPwdAge
  • minPwdAge
  • minPwdLength
  • Pwd-Properties