[THIN] Re: Group policy
- From: "Jim Hathaway" <JimH@xxxxxxxxxxxxxxx>
- To: <thin@xxxxxxxxxxxxx>
- Date: Fri, 6 Jun 2003 10:06:58 -0700
Rob,=20
My standard on this kind of setup is to apply all restrictive TS based
policies to the Citrix OU w/ loopback enabled of course on "replace"
mode.=20
With "replace mode" it dosen't matter what other OU's are out there for
your laptop users, they only get citrix specific restrictive policies
when they log onto the citrix servers.=20
On the Citrix OU itself, I'll generally have a policy break down like
this:
Citrix Server policy - machine only policy (user policies disabled)
applied to a security group containing only the Citrix servers. Security
templates, machine level restrictions or
settings applied here.
Restricted user policy - User only policy (machine policies disabled)
applied to a security group containing only users logging into the
system that require restrictions, or
specialized desktops / start menus.=20
Admin user policy - User only policy (machine policies disabled) applied
to either domain admins or an IT admin group. Generally used for login
script support, and in some cases re-directed start
menu's / desktops for admin folks.=20
Not to say that this is the only way to do this, but I've had no issues
with this type of setup at many sites. In general I look to keep all
Citrix related restrictions and controls isolated to the OU where the
servers are. I don't see much reason to mix TS based policies w/
desktops, as generally the TS policies I've created (and more specificly
the GP launched login scripts) are geared much more twoards controlling
the end users environment within their terminal session.
HTH
J
-----Original Message-----
From: Rob Ellis [mailto:rob.ellis@xxxxxxxxxxxxxxx]=20
Sent: Friday, June 06, 2003 9:07 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Group policy
We currently have 2 metaframe XP servers, they sit in their own OU, with
no specific policy applied. We give our users a full desktop, which they
access through Nfuse & CSG. The user accounts sit in a 'Normal Users'
OU, to which a GPO has been applied to lock down various settings so
that they don't break the Citrix servers, etc.
In addition, we have a load of laptops in their own OU, which has a GPO
applied. We have used loopback processing so that both the machine and
the user parts of this policy apply, overriding the 'Normal Users' OU
policy. This is because laptop users also log into Citrix.
We are about ready to install a 3rd metaframe box, and I'm thinking
about reworking the GPOs.
How do people out there do GPOs in an environment like this?
Regards,
Rob Ellis=20
Network Manager=20
Profectus IT=20
Tel 023 9224 7979=20
Mob 07974 111867
********************************************************
This Week's Sponsor - Appsense Technologies
New! AppSense Optimizer is a new product from AppSense=20
designed to increase the user capacity of your servers.=20
http://www.appsense.com/
**********************************************************
Useful Thin Client Computing Links are available at:
http://thethin.net/links.cfm
For Archives, to Unsubscribe, Subscribe or=20
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm
********************************************************
This Week's Sponsor - Appsense Technologies
New! AppSense Optimizer is a new product from AppSense
designed to increase the user capacity of your servers.
http://www.appsense.com/
**********************************************************
Useful Thin Client Computing Links are available at:
http://thethin.net/links.cfm
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm
Other related posts:
