[THIN] Re: Less stupid
- From: "Braebaum, Neil" <Neil.Braebaum@xxxxxxxxxxxxxxxxx>
- To: <thin@xxxxxxxxxxxxx>
- Date: Fri, 2 Jul 2004 11:22:03 +0100
I don't think you can do it via this setting - as I said, I think it's a
machine / connection based thing.
The only way around it I can think of is doing it via another means,
rather than this setting. So something within the login script, or
within usrlogon.cmd which applies this logic based on exception - ie
don't allow another session, unless it's the account you want to allow.
And I seem to remember you saying these were terminal servers, but no
citrix? You could probably parse the output from quser or query session?
(ie do something like quser %USERNAME% and look for "No user exists...",
or look for the opposite, like SESSIONNAME or ID)
Neil
> -----Original Message-----
> From: thin-bounce@xxxxxxxxxxxxx
> [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Nick Smith
> Sent: 02 July 2004 10:59
> To: thin@xxxxxxxxxxxxx
> Subject: [THIN] Re: Less stupid
>
> Neil;
> You are correct as to my intention; I want it to apply to
> everyone logging on to a machine save one person.
>
> As a side-note, one of my (many) confusions about GPO is why
> there are 2 sections - computer-based and user-based, in
> every GPO, which can be applied to either users or computers.
>
> Back on my problem; can anyone think of a workaround (Perhaps
> non-GPO based)? Nick
>
> -----Original Message-----
> From: Braebaum, Neil [mailto:Neil.Braebaum@xxxxxxxxxxxxxxxxx]
> Sent: 02 July 2004 11:01
> To: thin@xxxxxxxxxxxxx
> Subject: [THIN] Re: Less stupid
>
> Well there's computer policy settings (probably HKLM stuff)
> and user policy stuff (normally HKCU stuff).
>
> Now for the moment, forget about loopback processing.
>
> Machine / computer section policies apply when the machine
> comes up, and it's account within AD, authenticates.
>
> User policies apply when the user logs in, and are for user settings.
>
> The setting you are talking about - from memory - is a
> computer setting.
>
> Now whilst loopback processing, allows user based policies to
> be dependent on the computer (or the computer's AD location -
> depending on how you view it...), I'm not sure the reverse applies.
>
> Reading between the lines, that's how I perceive you want to
> play this - actually have a machine based setting be
> dependent on the current user - and I'm far from convinced
> that's valid, or will work.
>
> However, I could be wrong - and there may be a user setting
> that restricts / allows more than one session - but
> historically I always thought it was a machine / connection thing.
>
> Neil
>
> > -----Original Message-----
> > From: thin-bounce@xxxxxxxxxxxxx
> [mailto:thin-bounce@xxxxxxxxxxxxx] On
> > Behalf Of Nick Smith
> > Sent: 02 July 2004 10:38
> > To: thin@xxxxxxxxxxxxx
> > Subject: [THIN] Less stupid
> >
> > OK, same issue as the dumb one, but this is a problem of
> understanding
>
> > rather than 'blindness'.
> >
> > I've never really got how GPOs 'merge'.
> >
> > I have a GPO, applied now to all servers, which states "Only on
> > session per user". I want to disable that GPO for one user, 'demo'
> > (Who, for convenicence, is also in his own OU, and his own security
> > group).
> >
> > What I've tried;
> >
> > 1) Put permissions on the Allow_single_session_only GPO for
> the 'demo'
>
> > security group. I can see this group, I can set permissions, I click
> > 'OK' and the group doesn't show up in the permissions list.
> >
> > 2) Create a GPO applied to the 'demo' OU, which specifically disable
> > the singel session value. No effect.
> >
> > I know I'm being stupid, and have a feeling it's something
> to do with
> > loopback, or permissions, but can't get to it.
> >
> > Any help much appreciated, as we're mean to go public with this demo
> > soemtime today!
> >
> > Nick
***********************************************
This e-mail and its attachments are confidential
and are intended for the above named recipient
only. If this has come to you in error, please
notify the sender immediately and delete this
e-mail from your system.
You must take no action based on this, nor must
you copy or disclose it or any part of its contents
to any person or organisation.
Statements and opinions contained in this email may
not necessarily represent those of Littlewoods.
Please note that e-mail communications may be monitored.
The registered office of Littlewoods Limited and its
subsidiaries is 100 Old Hall Street, Liverpool, L70 1AB.
Registered number of Littlewoods Limited is 262152.
************************************************
********************************************************
This weeks sponsor Emergent Online Thinssentials Utilities
Using the latest software, hardware, networking technologies, proven technical
expertise, proprietary software and best practices, EOL provides
custom-tailored solutions for each client?s mission and specific goals.
http://www.go-eol.com
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm
Other related posts:
