[gptalk] Re: Setting program access on TS using GP

  • From: "Nelson, Jamie" <Jamie.Nelson@xxxxxxx>
  • To: <gptalk@xxxxxxxxxxxxx>
  • Date: Wed, 25 Jun 2008 10:09:29 -0500

Well, it depends on what your definition of "set access" is. If you want
to prevent them from being executed you could look at Software
Restriction Policy, but be careful in your approach. If those
applications are policy aware (meaning they look in the two "policy"
areas of the registry), the company that made them may already have ADM
templates to control some settings. Otherwise, you'll can take one of
two approaches:


1.       create a custom ADM for any registry controlled settings and
"tattoo" them (meaning they won't undo themselves after a machine falls
out of scope). This is the classic way most of us are used to OR

2.       Use the new Group Policy Preference (GPP) extensions to
populate the registry settings. This approach would be more similar to
the way a group policy setting behaves in that you can tell GPP to
remove the setting when a machine falls out of scope.


As far as Office is concerned, there are already Microsoft-provided ADM
templates that are part of the Resource Kits for each Office version,
which will allow you to control just about anything you can imagine. You
can download them from the Office downloads area.


Hope that helps a little.



Jamie Nelson | Infrastructure Consultant | BI&T Operations | Devon
Energy | Work: 405.552.8054 | http://www.dvn.com <http://www.dvn.com/> 


From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Savanah Garrison
Sent: Tuesday, June 24, 2008 7:48 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Setting program access on TS using GP


I need to set access to specific programs on my terminal server using
group policy.  I understand that this IS possible, but that I need to
add custom ADM templates for each program?  Where do I find those ADM
templates?  I have some non-standard programs like timberline and argus
as well as the normal Office suite that I would like to lock down.


Thank you!


Savanah Garrison

IT Specialist

Trademark Property Company



CONFIDENTIAL NOTICE: This electronic transmission and any documents or
other writings sent with it constitute confidential information intended
only for the named recipient.  If you have received this communication
in error, do not read it. Please reply to the sender that you have
received the message in error, then delete the message.  Any disclosure,
copying, distribution or the taking of any action concerning the
contents of this communication or any attachment(s) by anyone other than
the named recipient is strictly prohibited.


Confidentiality Warning: This message and any attachments are intended only for 
the use of the intended recipient(s), are confidential, and may be privileged. 
If you are not the intended recipient, you are hereby notified that any review, 
retransmission, conversion to hard copy, copying, circulation or other use of 
all or any portion of this message and any attachments is strictly prohibited. 
If you are not the intended recipient, please notify the sender immediately by 
return e-mail, and delete this message and any attachments from your system. 

Other related posts: