Link to home
Create AccountLog in
Avatar of entint

asked on

Help with file lock issue in Citrix Farm

I am a newbie to citrix administration

We have a 15 server citrix farm that was recently upgraded from Windows 2000/citrix presentation server 4.0 to Windows 2003 sp2 r2 and presentation server 4.5. This same script worked and sourced the %user name% in office file locks.

Now when users log into citrix and open word,excel files from network drive, and another user tries to open same file it show it is locked by user jgibner "the one who installed citrix and office"
I found the registry key asscoiated with the username in office
> \UserInfo
I have a batch script and registry file that is part of their log in script under
c:\windows\application compatibility scripts\logon
here is what they read
Batch script:

@echo on

regedit /s %systemroot%\Applic~1\logon\officeusername.reg


registry script:

Windows Registry Editor Version 5.00


Any suggesstion to get the file lock to show correct user???

Avatar of BLipman
Flag of United States of America image

The way I like to troubleshoot scripts is to use a published desktop.  Create a new published application that you give only to a test user (not an admin).  Launch the desktop and manually execute your script from the command line.  This will allow you to see any errors.  
If you don't see the problem, run Regmon and see if you are having registry permissions issues:

Let me know if you get anywhere with this.

Avatar of entint


I could not execute .bat script as user

I actually tracked down a program "ifmember" is running

all of the scripts that have "ifmember" in them I can run as "normal user"

could you talk me through the difference between login scripts in active directory in active directory
and the ones on c:\windows\application compatibilty scripts\logon

First, what group is ifmember checking against?  It will appear next to the ifmember statement; you need to make sure your desired users are in the group it specifies.  The way ifmember works is with errorlevels, if true it returns a 1, false returns 0.  I use this:

ifmember "group name"
if errorlevel 1 net use x: \\server\share /persistent:no

That way only people in "group name" get the drive mapping.  

Active Directory login scrips are usually stored in:
and are called according to where the user accounts sit.  If the GPO that calls the logon script is linked to an OU that contains your users then they will get the mapping.  

The Application Compatibility Scripts do special things to adapt programs and environments to applications you run on your server.  Instead of putting your custom scripts there, I like to put them in System32 and then call them in the AppSetup registry key (just do a Find on the HKLM tree and you will find it).  Citrix puts a few scripts there, you just throw a comma in at the end and type your batch file name in.  Likewise, store ifmember.exe and any other tools you call in System32 (like sleep.exe for example).  

Perhaps your ifmember is correct but your server is too locked down and the users can't call ifmember...or does the system find and call it?  You can test this by giving read/execute rights to system32 just for that user; if it works then you have an NTFS lockdown issue because this normally works just fine w/o changing permissions on system32.  

If you use AD, remember to put a copy of ifmember.exe in the netlogon folder or wherever you are storing your script.  

Let me know if this helps.

Avatar of entint


Microsoft has a office reource kit, this allows you delete HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Common
> \UserInfo and user initials key and custom load the hive for each user
that was the fix
Avatar of ee_auto

Link to home
Create an account to see this answer
Signing up is free. No credit card required.
Create Account