Operating System Installation Management (OSIM) requires a local user "canonprv" on every boot server. 

This user is used when OSIM is configured in share mode. The BootImage uses "canonprv" to connect to the OS Image share and copy the OS install files to the target PC.

The password for this user is controlled by the Boot Server and is changed daily. The password is encrypted and stored in the comstore.

Only the boot server can change the password.

If the user is deleted by accident, and then recreated, control of the password needs to be handed back to OSIM before the functionality is restored.

This document describes how to recreate the "canonprv" user and hand control of the password back to OSIM.

Use the following procedure to recreate the canonprv user:

1. sdbsswitch -t
   
   
2. create a new canonprv user in Windows with password C@nonprv1 (ensure you uncheck all boxes)
   
   
3. cd to "C:\Program Files\CA\DSM\osimips\os-template\updates\winpe30\i386\ca-osim"
   
   
4. run the command
   canet crypt canonprv C@nonprv1
   
   
5. Copy the encrypted output
   
   
6. run the command
   ccnfcmda -cmd getparametervalue -ps itrm/scalability_server/osim/managedpc/server -pn logonpasswd
   
   
7. run the command
   ccnfcmda -cmd setparametervalue -ps itrm/scalability_server/osim/managedpc/server -pn logonpasswd -v <password>
   where <password> = the encrypted password copied in step 5
   
   
8. run the command
   ccnfcmda -cmd getparametervalue -ps itrm/scalability_server/osim/managedpc/server -pn logonpasswd
   and verify that the value was updated
   
   
9. sdbsswitch -s

After this the shares will have been recreated with the correct permissions for canonprv, the password for canonprv will also have been changed. This can be verified by running the getparametervalue again. The boot server automatically changes the password for security reasons.