Thanks for the reply. Is there anywhere you could point me for more information on the scripting that would need to be done? Thanks, Mike MacDonald -----Original Message----- From: Claudio Rodrigues [mailto:crodrigues@xxxxxxxxxxxxxxxxxxxxx] Sent: Thursday, December 04, 2003 10:49 AM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: Accessing Published Applications From a Published Desktop You can try a script that would retrieve the computer name that is connecting and then check if that computer has another connection opened already or even deny connections coming from the server where the PN ICA passthrough is. I know on SecureRDP (that works with ICA also) I can set the # of connections allowed per user or per IP address and that would help I guess. The script I think will work also... -----Original Message----- From: Mike MacDonald [mailto:Mike.MacDonald@xxxxxxxx] Sent: December 4, 2003 10:35 AM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: Accessing Published Applications From a Published Desktop One thing I forgot to mention, the most obvious solution of limiting the number of instances of the published desktop the users can run to one doesn't work. This is because some users need to be logged in from more than one client. -Mike MacDonald -----Original Message----- From: Mike MacDonald Sent: Thu 12/4/2003 10:28 AM To: thin@xxxxxxxxxxxxx Cc: Subject: Accessing Published Applications From a Published Desktop First, we are running W2K/MFXP FR3 and most users connect to a published desktop. We also use published applications. Basically we follow an 80/20 rule, meaning if 80% of the users run an application it gets installed on the published desktop server, if 20% or less use it we install it on a published application server. My issue is that once in the published desktop users have access to PN using ICA passthrough, from which they can access their published applications. The problem is that they can also access their published desktops. Our users are not the most savvy, so we have a lot of cases were they connect to their published desktop multiple times, one inside the other. What I would like to do is either: 1) Restrict their ability to launch the published desktop from the published desktop servers. >or< 2) Create ICA files on the published desktop servers and provide access to the published apps that way. The problem here has been trying to get the ICA file to use pass-through authentication. From what I understand you can't do the pass-through authentication within an ICA file? Is there a good way to implement either solution or is there another alternative I haven't cosidered. Thanks in advance, Mike MacDonald, MCSE, CCA