However, you can also adjust the accounts which will be permitted to configure a FAS server via registry.
To do this:
On the FAS server, run regedit as a local administrator.
Navigate to HKEY_USERSS-1-5-20SoftwareCitrixAuthenticationUserCredentialServices – you should find there is already a value named “Version” here.
Create a new string value named “AdministrationACL”.
Provide a value which is the SDDL string for the users or groups you to grant permission to.
The SDDL string should have format:
O:BAG:DUD:P(A;OICI;SW;;;<SID-1>)..(A;OICI;SW;;;<SID-n>)
For example, to grant permission to configure the FAS server to any member of the group with SID “S-1-5-21-1018754310-151723792-3234634592-1628” use the following string:
O:BAG:DUD:P(A;OICI;SW;;;S-1-5-21-1018754310-151723792-3234634592-1628)