Skip to content

Create the CA XCOM Batch Interactive Group

Last update March 28, 2016

We strongly recommend creating the CA-XCOM-Batch-Interactive group. Not creating this group can result in dll initialization failures, as well as affecting send jobs, pre- and post-processing scripts and remote SMTP mail notifications. All jobs, scripts, and remote SMTP notifications received by CA XCOM Data Transport for Windows (CA XCOM Data Transport) are submitted to the operating system by creating a new process. The new process will run in the security context of the user receiving the transfer that caused the process to be created. CA XCOM Data Transport adds an access control entry to the window station and desktop to allow the process to interact with the user. Once the process is complete the entry point is removed from the window station and desktop. If the process created by the transfer creates an additional process, this additional process will not have access to the window station or desktop after CA XCOM Data Transport has removed the entry control point created by the original process.

To allow this additional process to interact with the user, create a local group named CA-XCOM-Batch-Interactive and include the user receiving the transfer in it. CA XCOM Data Transport will add an access control point to the window station and desktop that will not be removed when the initial process completes.

For instructions to create local user groups and to add users to the local user group, see your Windows operating system documentation.

Consider the following points when creating this group:

  • Any user whose CA XCOM Data Transport transfer starts a background job that interacts with the window station or desktop must be a member of this group.
  • The only access permitted by this group is to the window station and desktop.
  • Local group names are case-sensitive.
Note: In Windows 7, Windows Server 2008, and later versions of Windows, the operating system mitigates this security risk by isolating services in Session0 and making Session0 non-interactive. CA XCOM runs Pre/Post processing scripts, Jobs, and Email notification scripts in the session corresponding to the owner of the transfer. If the owner is a non-logged in user, then interactive scripts are shown in session0. The CA XCOM Batch Interactive group is used only for interactive scripts running in session0.
Was this helpful?

Please log in to post comments.