To change the options described in this topic, click the cog icon.
Disable users in ShareFile
By default, the User Management Tool retains ShareFile user accounts that would not be created by the current rules. This prevents the automatic deletion of ShareFile user accounts that were created outside of the User Management Tool. Select the Automatically disable users not part of domain Rules option only if you want to remove ShareFile user accounts that do not meet the current rules for account creation.
Continue or stop scheduled jobs after an error
You can choose whether to continue scheduled jobs when the User Management Tool cannot process a rule due to a problem such as a missing last name or email address in an Active Directory record. By default, scheduled jobs continue to the next rule after an error occurs.
After the User Management Tool skips a rule due to an error, it also skips any subsequent rules that are based on the same AD object. For example, if the action to create users for a particular AD group fails, the tool also skips an action to create a distribution group for the same AD group. This avoids creating a distribution group with members that are not yet created as ShareFile users.
For rules that are run directly from the User Management Tool Rules tab, the User Management Tool always skips a rule that causes an error and continues to the next rule.
Log Active Directory operations
Automatically disable users not part of domain rules: This option should only be used in extremely rare cases in which the following is true.
- All membership in ShareFile is very strictly managed by a single set of all-encompassing rules.
- All of the groups and users in those rules are members of the same domain.
When enabled, the User Management Tool finds any users in ShareFile who are not part of the active rules being run and disables the users. For security, the master admin is not disabled even when you select this option. A best practice is to keep this item unchecked.
Configure a proxy server
To specify a proxy server for the User Management Tool, you must be logged on as an administrative user. As a result, scheduled jobs that are run under a Windows service account cannot use the proxy server until you configure the job to use the proxy settings. The following steps describe how to specify a proxy server, export the settings, and then configure a scheduled job to use those settings.
Log on to Windows as an administrative user.
Click the cog icon to open the Options page, click Configure Proxy, and then specify the proxy settings.
If you will run scheduled jobs as administrator, you have completed the proxy setup.
If scheduled jobs will be run as another user, such as a Windows service account, export the proxy settings: In the Options page, click Export Proxy Settings.
The proxy settings are exported to C:\ProgramData\Citrix\ShareFile\User Management Tool\proxy.config. The file is encrypted using Windows Data Protect API (DPAPI) machine-level encryption, plus a key that is unique to your User Management Tool installation. Use this file for all of the jobs scheduled from the computer where you are logged on.
Configure each scheduled job to use the exported proxy settings.
Open the Windows Scheduled Tasks management console, right-click the job you need to configure with the proxy settings, and then select Properties.
Click the Actions tab, select the Start a program action, and then click Edit.
Add the following to the end of the Add arguments entry: A space followed by /importproxy.
Make sure that you enter the argument after the existing entry and a space.
After you click OK, the Task Scheduler might ask you if you want it to run C:\Program with some arguments. Click No.
After the scheduled job successfully uses the proxy settings, the umt.log file will include the following entries:
ImportedProxy_Get Found exported proxy settings at: C:\ProgramData\Citrix\ShareFile\User Management Tool\proxy.config Retrieved proxy settings from file.