[THIN] Re: Procedure for restricting program access by users in terminal server 2003

• From: Jeff Pitsch <jepitsch@xxxxxxxxx>
• To: thin@xxxxxxxxxxxxx
• Date: Mon, 6 Jun 2005 10:45:59 -0400

Did you create a new GPO for the support group?

Jeff

On 6/6/05, Kevin R. Fjelsted <kfjelsted@xxxxxxxxxxxxxx> wrote:
> I set the default SRP to Deny all scope anyone which contains all the users.
> Actually  I then want to permit the support group which is a subset of anyone 
> to run the program.
> When I set allow for this group I still get a deny on the program for all 
> including support.
> -Kevin
> 
> 
> -----Original Message-----
> From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx]On
> Behalf Of Jeff Pitsch
> Sent: Monday, May 09, 2005 6:31 AM
> To: thin@xxxxxxxxxxxxx
> Subject: [THIN] Re: Procedure for restricting program access by users in
> terminal server 2003
> 
> 
> There is an entire heirarchy within SRP.  As with most permissions,
> applying deny overrides everything (except in the case of the default
> rule).  What is your default SRP setting:  Allow all or deny all?  If
> Allow all, just set one GPO for everyone but the group of users you
> want to have run the program and set those users to deny.  That's all
> you have to do.
> 
> Jeff Pitsch
> 
> 
> On 5/9/05, Kevin R. Fjelsted <kfjelsted@xxxxxxxxxxxxxx> wrote:
> > I am trying to get a simple case working.
> > I have a hash rule set to  in a GPO for software restriction.
> > Then I have a second GPO with scope of one security group.
> > I have the same hash rule set to allow.
> > I have also set the second GPO to precedence.
> > I am still getting deny with the security group.
> > However if I completely remove the deny rule from the first GPO and set the 
> > rule in the second to deny then I get a deny within that security group.
> > What am I overlooking regarding precedence?
> > -Kevin Fjelsted
> >
> > deny
> >
> > -----Original Message-----
> > From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx]On
> > Behalf Of Edward VanDewars
> > Sent: Saturday, May 07, 2005 12:31 PM
> > To: thin@xxxxxxxxxxxxx
> > Subject: [THIN] Re: Procedure for restricting program access by users in
> > terminal server 2003
> >
> > Look at Software Restriction Policies:
> > http://support.microsoft.com/default.aspx?scid=kb;en-us;324036
> >
> > SRP works at the OU level via a GPO but it will do what you want and I
> > think it is awesome in "default deny" mode where you specify only what
> > you want to run.  Just be sure to test your rule set before deploying
> > it.
> >
> > On 5/7/05, Kevin R. Fjelsted <kfjelsted@xxxxxxxxxxxxxx> wrote:
> > >
> > >
> > > I am interested in documentation and other resources that will describe
> > > procedures for restricting program access by user under windows 2003.
> > > The scenario is that we have performed a lockdown under group policy for 
> > > the
> > > terminal server within a domain.
> > > Now we have created security groups that various groupings of users are 
> > > then
> > > added as members.
> > > We want to permit or deny access to installed programs based on whether a
> > > particular user is a member of a particular security group.
> > > Version of active directory is windows 2003 enhanced and we are running
> > > terminal server 2003.
> > > Please advise and post to the list for all to view.
> > > Thanks.
> > > -Kevin Fjelsted
> > >
> > ********************************************************
> > This Weeks Sponsor: ThinPrint GmbH
> > Now available: The new version .print Engine 6.2 with SSL encryption
> > and certificate management.
> > http://www.thinprint.com
> > **********************************************************
> > Useful Thin Client Computing Links are available at:
> > http://thin.net/links.cfm
> > ThinWiki community - Excellent SBC Search Capabilities!
> > http://www.thinwiki.com
> > ***********************************************************
> > For Archives, to Unsubscribe, Subscribe or
> > set Digest or Vacation mode use the below link:
> > http://thin.net/citrixlist.cfm
> > ********************************************************
> > This Weeks Sponsor: ThinPrint GmbH
> > Now available: The new version .print Engine 6.2 with SSL encryption
> > and certificate management.
> > http://www.thinprint.com
> > **********************************************************
> > Useful Thin Client Computing Links are available at:
> > http://thin.net/links.cfm
> > ThinWiki community - Excellent SBC Search Capabilities!
> > http://www.thinwiki.com
> > ***********************************************************
> > For Archives, to Unsubscribe, Subscribe or
> > set Digest or Vacation mode use the below link:
> > http://thin.net/citrixlist.cfm
> >
> ********************************************************
> This Weeks Sponsor: ThinPrint GmbH
> Now available: The new version .print Engine 6.2 with SSL encryption
> and certificate management.
> http://www.thinprint.com
> **********************************************************
> Useful Thin Client Computing Links are available at:
> http://thin.net/links.cfm
> ThinWiki community - Excellent SBC Search Capabilities!
> http://www.thinwiki.com
> ***********************************************************
> For Archives, to Unsubscribe, Subscribe or
> set Digest or Vacation mode use the below link:
> http://thin.net/citrixlist.cfm
> ********************************************************
> This Weeks Sponsor: ThinPrint GmbH
> Now available: The new version .print Engine 6.2 with SSL encryption
> and certificate management.
> http://www.thinprint.com
> **********************************************************
> Useful Thin Client Computing Links are available at:
> http://thin.net/links.cfm
> ThinWiki community - Excellent SBC Search Capabilities!
> http://www.thinwiki.com
> ***********************************************************
> For Archives, to Unsubscribe, Subscribe or
> set Digest or Vacation mode use the below link:
> http://thin.net/citrixlist.cfm
>
********************************************************
This Weeks Sponsor: ThinPrint GmbH
Now available: The new version .print Engine 6.2 with SSL encryption
and certificate management.
http://www.thinprint.com
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
ThinWiki community - Excellent SBC Search Capabilities!
http://www.thinwiki.com
***********************************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm

• References:
  • [THIN] Re: Procedure for restricting program access by users in terminal server 2003
    • From: Kevin R. Fjelsted

Other related posts:

• » [THIN] Procedure for restricting program access by users in terminal server 2003
• » [THIN] Re: Procedure for restricting program access by users in terminal server 2003
• » [THIN] Re: Procedure for restricting program access by users in terminal server 2003
• » [THIN] Re: Procedure for restricting program access by users in terminal server 2003
• » [THIN] Re: Procedure for restricting program access by users in terminal server 2003
• » [THIN] Re: Procedure for restricting program access by users in terminal server 2003
• » [THIN] Re: Procedure for restricting program access by users in terminal server 2003
• » [THIN] Re: Procedure for restricting program access by users in terminal server 2003
• » [THIN] Re: Procedure for restricting program access by users in terminal server 2003
• » [THIN] Re: Procedure for restricting program access by users in terminal server 2003
• » [THIN] Re: Procedure for restricting program access by users in terminal server 2003

1. Home
2. thin
3. Archive
4. 06-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---