I run all my apps this way. Each app has a corresponding group in AD and that group is what has access to the app. Works well. We use this with the pn agent on a published desktop. If I add a user to the group, the app appears on their desktop shortly thereafter. It also helps wen someone asks for a new user and they just say they need the same apps as another user. I just copy that user and they get all the right apps. All access is managed by AD. Greg On Wed, 15 Sep 2004 18:36:32 -0600, Turman, David C. <david_turman@xxxxxxxxxxxxxxxx> wrote: > Well, because of this FERC 2004 order we have to keep about 20% > of our users from running an app. We use an Intranet page to > as a menu to it. I plan on securing the .exe, but it would be > nice if the 20% could not even get to the server. Basically, > the whole company but the 20% can run the app, and it would be > a bitch to maintain a positive access list instead of a negative. > > -----Original Message----- > From: Philip Walley > To: thin@xxxxxxxxxxxxx > Sent: 9/15/2004 4:47 PM > Subject: [THIN] Re: Published App Groups > > that will work unless a user has explicit access or is a member of > another group that has rights. If that is what you need to do, I don't > think there is much that can be done other then setting the rights on > the .exe > > -----Original Message----- > From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx]On > Behalf Of John Elstone > Posted At: Wednesday, September 15, 2004 4:43 PM > Posted To: The thin mailing list > Conversation: [THIN] Re: Published App Groups > Subject: [THIN] Re: Published App Groups > > Dont give that user group access to the published app and they wont get > the icon to run it. If you want to secure it further you can modify the > permissions on the executable so its the same as the published app. > > "Turman, David C." <david_turman@xxxxxxxxxxxxxxxx> wrote: > > Is there any way to explicitly deny a group running a published > app on MF XP like you can deny in access NTFS? > > ******************************************************** > This Weeks Sponsor triCerat: > Have you had your fill of printing support calls, unauthorized apps running > on unsecured Terminal Servers, profile headaches, and application performance > problems? Join us and learn how you can have a less demanding on-demand > enterprise! > http://www.tricerat.com/?page=events#register > ********************************************************** > Useful Thin Client Computing Links are available at: > http://thin.net/links.cfm > *********************************************************** > For Archives, to Unsubscribe, Subscribe or > set Digest or Vacation mode use the below link: > http://thin.net/citrixlist.cfm > ******************************************************** This Weeks Sponsor triCerat: Have you had your fill of printing support calls, unauthorized apps running on unsecured Terminal Servers, profile headaches, and application performance problems? Join us and learn how you can have a less demanding on-demand enterprise! http://www.tricerat.com/?page=events#register ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm