[THIN] Re: Less stupid
- From: "Rick Mack" <Rick.Mack@xxxxxxxxxxxxxx>
- To: <thin@xxxxxxxxxxxxx>
- Date: Fri, 2 Jul 2004 22:10:20 +1000
Hi,
You can stop a policy apply to a user either IF the OU they're in is set
to "block inheritance" from any OU upstream that's imposing that policy
OR if they are explicitly denied access to the policy in the appropaite
upstream OU.
Merging is just that, policies are merged together in a defined order
and you get the resultant. Eg if policy A denies something, and policy B
allows it, the end result depends on whether policy A or B comes first.
However in this particular case, the "Only one session per user" is a
machine policy, not a user policy so unless you want to put the machine
'demo' is using into it's own OU, with block inheritance set, you've got
a problem.
Regards,
Rick
Ulrich Mack
Volante Systems
18 Heussler Terrace, Milton 4064
Queensland, Australia
tel +61 7 32467704
rmack@xxxxxxxxxxxxxx
-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Nick Smith
Sent: Friday, 2 July 2004 7:38 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Less stupid
OK, same issue as the dumb one, but this is a problem of understanding
rather than 'blindness'.
I've never really got how GPOs 'merge'.
I have a GPO, applied now to all servers, which states "Only on session
per user". I want to disable that GPO for one user, 'demo' (Who, for
convenicence, is also in his own OU, and his own security group).
What I've tried;
1) Put permissions on the Allow_single_session_only GPO for the 'demo'
security group. I can see this group, I can set permissions, I click
'OK' and the group doesn't show up in the permissions list.
2) Create a GPO applied to the 'demo' OU, which specifically disable the
singel session value. No effect.
I know I'm being stupid, and have a feeling it's something to do with
loopback, or permissions, but can't get to it.
Any help much appreciated, as we're mean to go public with this demo
soemtime today!
Nick
********************************************************
This weeks sponsor Emergent Online Thinssentials Utilities Using the
latest software, hardware, networking technologies, proven technical
expertise, proprietary software and best practices, EOL provides
custom-tailored solutions for each client's mission and specific goals.
http://www.go-eol.com
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm
#####################################################################################
This e-mail, including all attachments, may be confidential or privileged.
Confidentiality or privilege is not waived or lost because this email has been
sent to you in error. If you are not the intended recipient any use,
disclosure or copying of this email is prohibited. If you have received it in
error please notify the sender immediately by reply email and destroy all
copies of this email and any attachments. All liability for direct and
indirect loss arising from this email and any attachments is hereby disclaimed
to the extent permitted by law.
#####################################################################################
********************************************************
This weeks sponsor Emergent Online Thinssentials Utilities
Using the latest software, hardware, networking technologies, proven technical
expertise, proprietary software and best practices, EOL provides
custom-tailored solutions for each client?s mission and specific goals.
http://www.go-eol.com
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm
Other related posts:
