[THIN] Re: Procedure for restricting program access by users in terminal server 2003
- From: "Kevin R. Fjelsted" <kfjelsted@xxxxxxxxxxxxxx>
- To: <thin@xxxxxxxxxxxxx>
- Date: Sun, 8 May 2005 23:17:35 -0500
I am trying to get a simple case working.
I have a hash rule set to in a GPO for software restriction.
Then I have a second GPO with scope of one security group.
I have the same hash rule set to allow.
I have also set the second GPO to precedence.
I am still getting deny with the security group.
However if I completely remove the deny rule from the first GPO and set the
rule in the second to deny then I get a deny within that security group.
What am I overlooking regarding precedence?
-Kevin Fjelsted
deny
-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx]On
Behalf Of Edward VanDewars
Sent: Saturday, May 07, 2005 12:31 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Procedure for restricting program access by users in
terminal server 2003
Look at Software Restriction Policies:
http://support.microsoft.com/default.aspx?scid=kb;en-us;324036
SRP works at the OU level via a GPO but it will do what you want and I
think it is awesome in "default deny" mode where you specify only what
you want to run. Just be sure to test your rule set before deploying
it.
On 5/7/05, Kevin R. Fjelsted <kfjelsted@xxxxxxxxxxxxxx> wrote:
>
>
> I am interested in documentation and other resources that will describe
> procedures for restricting program access by user under windows 2003.
> The scenario is that we have performed a lockdown under group policy for the
> terminal server within a domain.
> Now we have created security groups that various groupings of users are then
> added as members.
> We want to permit or deny access to installed programs based on whether a
> particular user is a member of a particular security group.
> Version of active directory is windows 2003 enhanced and we are running
> terminal server 2003.
> Please advise and post to the list for all to view.
> Thanks.
> -Kevin Fjelsted
>
********************************************************
This Weeks Sponsor: ThinPrint GmbH
Now available: The new version .print Engine 6.2 with SSL encryption
and certificate management.
http://www.thinprint.com
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
ThinWiki community - Excellent SBC Search Capabilities!
http://www.thinwiki.com
***********************************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm
********************************************************
This Weeks Sponsor: ThinPrint GmbH
Now available: The new version .print Engine 6.2 with SSL encryption
and certificate management.
http://www.thinprint.com
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
ThinWiki community - Excellent SBC Search Capabilities!
http://www.thinwiki.com
***********************************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm
Other related posts:
