Did you create a new GPO for the support group? Jeff On 6/6/05, Kevin R. Fjelsted <kfjelsted@xxxxxxxxxxxxxx> wrote: > I set the default SRP to Deny all scope anyone which contains all the users. > Actually I then want to permit the support group which is a subset of anyone > to run the program. > When I set allow for this group I still get a deny on the program for all > including support. > -Kevin > > > -----Original Message----- > From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx]On > Behalf Of Jeff Pitsch > Sent: Monday, May 09, 2005 6:31 AM > To: thin@xxxxxxxxxxxxx > Subject: [THIN] Re: Procedure for restricting program access by users in > terminal server 2003 > > > There is an entire heirarchy within SRP. As with most permissions, > applying deny overrides everything (except in the case of the default > rule). What is your default SRP setting: Allow all or deny all? If > Allow all, just set one GPO for everyone but the group of users you > want to have run the program and set those users to deny. That's all > you have to do. > > Jeff Pitsch > > > On 5/9/05, Kevin R. Fjelsted <kfjelsted@xxxxxxxxxxxxxx> wrote: > > I am trying to get a simple case working. > > I have a hash rule set to in a GPO for software restriction. > > Then I have a second GPO with scope of one security group. > > I have the same hash rule set to allow. > > I have also set the second GPO to precedence. > > I am still getting deny with the security group. > > However if I completely remove the deny rule from the first GPO and set the > > rule in the second to deny then I get a deny within that security group. > > What am I overlooking regarding precedence? > > -Kevin Fjelsted > > > > deny > > > > -----Original Message----- > > From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx]On > > Behalf Of Edward VanDewars > > Sent: Saturday, May 07, 2005 12:31 PM > > To: thin@xxxxxxxxxxxxx > > Subject: [THIN] Re: Procedure for restricting program access by users in > > terminal server 2003 > > > > Look at Software Restriction Policies: > > http://support.microsoft.com/default.aspx?scid=kb;en-us;324036 > > > > SRP works at the OU level via a GPO but it will do what you want and I > > think it is awesome in "default deny" mode where you specify only what > > you want to run. Just be sure to test your rule set before deploying > > it. > > > > On 5/7/05, Kevin R. Fjelsted <kfjelsted@xxxxxxxxxxxxxx> wrote: > > > > > > > > > I am interested in documentation and other resources that will describe > > > procedures for restricting program access by user under windows 2003. > > > The scenario is that we have performed a lockdown under group policy for > > > the > > > terminal server within a domain. > > > Now we have created security groups that various groupings of users are > > > then > > > added as members. > > > We want to permit or deny access to installed programs based on whether a > > > particular user is a member of a particular security group. > > > Version of active directory is windows 2003 enhanced and we are running > > > terminal server 2003. > > > Please advise and post to the list for all to view. > > > Thanks. > > > -Kevin Fjelsted > > > > > ******************************************************** > > This Weeks Sponsor: ThinPrint GmbH > > Now available: The new version .print Engine 6.2 with SSL encryption > > and certificate management. > > http://www.thinprint.com > > ********************************************************** > > Useful Thin Client Computing Links are available at: > > http://thin.net/links.cfm > > ThinWiki community - Excellent SBC Search Capabilities! > > http://www.thinwiki.com > > *********************************************************** > > For Archives, to Unsubscribe, Subscribe or > > set Digest or Vacation mode use the below link: > > http://thin.net/citrixlist.cfm > > ******************************************************** > > This Weeks Sponsor: ThinPrint GmbH > > Now available: The new version .print Engine 6.2 with SSL encryption > > and certificate management. > > http://www.thinprint.com > > ********************************************************** > > Useful Thin Client Computing Links are available at: > > http://thin.net/links.cfm > > ThinWiki community - Excellent SBC Search Capabilities! > > http://www.thinwiki.com > > *********************************************************** > > For Archives, to Unsubscribe, Subscribe or > > set Digest or Vacation mode use the below link: > > http://thin.net/citrixlist.cfm > > > ******************************************************** > This Weeks Sponsor: ThinPrint GmbH > Now available: The new version .print Engine 6.2 with SSL encryption > and certificate management. > http://www.thinprint.com > ********************************************************** > Useful Thin Client Computing Links are available at: > http://thin.net/links.cfm > ThinWiki community - Excellent SBC Search Capabilities! > http://www.thinwiki.com > *********************************************************** > For Archives, to Unsubscribe, Subscribe or > set Digest or Vacation mode use the below link: > http://thin.net/citrixlist.cfm > ******************************************************** > This Weeks Sponsor: ThinPrint GmbH > Now available: The new version .print Engine 6.2 with SSL encryption > and certificate management. > http://www.thinprint.com > ********************************************************** > Useful Thin Client Computing Links are available at: > http://thin.net/links.cfm > ThinWiki community - Excellent SBC Search Capabilities! > http://www.thinwiki.com > *********************************************************** > For Archives, to Unsubscribe, Subscribe or > set Digest or Vacation mode use the below link: > http://thin.net/citrixlist.cfm > ******************************************************** This Weeks Sponsor: ThinPrint GmbH Now available: The new version .print Engine 6.2 with SSL encryption and certificate management. http://www.thinprint.com ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm ThinWiki community - Excellent SBC Search Capabilities! http://www.thinwiki.com *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm