[THIN] Re: Published Desktop lockdown

If your allowing users to write to the desktop, then simply redirect the
desktop.  The redirection does not have to be centralized, you can have a
redirected desktop for each user.


*Jeff Pitsch Microsoft MVP - Terminal Server*

*Forums not enough?
Get support from the experts at your business
**http://jeffpitschconsulting.com* <http://jeffpitschconsulting.com/>



On 7/17/06, Luchette, Jon <JLuchette@xxxxxxxxxxxxxxx> wrote:

I am running into the same issue and I think the only limiting factor with this suggestion is that users will not have their "own" desktop so they cannot save files to the desktop or make any other similar changes.

What is the best way to give the users their own desktop so they can save
files to it, and to control what is on the desktop based on group?  With
normal folder redirection I don't think this is doable right???



_______________________________________________
*Jon Luchette
*** *Emerson Hospital*
*Technology Specialist III*
 *Work: 978-287-3369*
*Cell:  978-360-1379*

jluchette@xxxxxxxxxxxxxxx
*_______________________________________________*



 ------------------------------
*From:* thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] *On
Behalf Of *Jeff Pitsch
*Sent:* Monday, July 17, 2006 8:52 AM
*To:* thin@xxxxxxxxxxxxx
*Subject:* [THIN] Re: Published Desktop lockdown


An alternative is to have a centralized desktop with all the icons. Then use Access based enumeration and NTFS permissions. This will only show the appropriate icons to the appropriate users. Very simple and very effective.



Jeff Pitsch
Microsoft MVP - Terminal Server

Forums not enough?
Get support from the experts at your business
http://jeffpitschconsulting.com



On 7/14/06, Angela Smith <angela_smith9@xxxxxxxxxxx> wrote:
>
> Greg
>
> Will do some investigation in regards to pnagent.  Will Flex provide
> that
> lockdown capability?  Do Citrix support flex?  Ive heard some good
> things
> about it but was a little concerned with the lack of support..
>
>
> >From: "Greg Reese" <gareese@xxxxxxxxx>
> >Reply-To: thin@xxxxxxxxxxxxx
> >To: thin@xxxxxxxxxxxxx
> >Subject: [THIN] Re: Published Desktop lockdown
> >Date: Sat, 15 Jul 2006 08:02:52 +1200
> >
> >use the pn agent.  That is exactly what it is for.  Put them on
> mandatory
> >profiles or flxe profiles.  Then you only have one thing to manage and
> they
> >get the dynamic environment they need.  The result is simple and clean
> if
> >you do it right.
> >
> >Greg
> >
> >On 7/15/06, Angela Smith < angela_smith9@xxxxxxxxxxx> wrote:
> >>
> >>I was thinking that..  Only issue though is I want to be able to
> create
> >>icons based on AD group membership via a login script.  Wont setting
> the
> >>desktop to Read only break this?
> >>
> >>I vaguely remember reading about people using the PNAgent to create
> >>desktop
> >>icons in a published desktop.  Is this the best practice way of doing
> >>this?
> >>
> >>
> >> >From: "Jim Kenzig http://ThinHelp.com <http://thinhelp.com/>" <
> jkenzig@xxxxxxxxx>
> >> >Reply-To: thin@xxxxxxxxxxxxx
> >> >To: thin@xxxxxxxxxxxxx
> >> >Subject: [THIN] Re: Published Desktop lockdown
> >> >Date: Fri, 14 Jul 2006 05:22:24 -0700 (PDT)
> >> >
> >> >Just make the desktop folder in the profile read only.
> >> >   JK
> >> >
> >> >cstalhoodwrote:
> >> >   Have you considered redirecting the Desktop to the user's home
> >> >directory?
> >> >
> >> >-----Original Message-----
> >> >From: thin-bounce@xxxxxxxxxxxxx [mailto: thin-bounce@xxxxxxxxxxxxx]
> On
> >> >Behalf Of
> >> >Angela Smith
> >> >Sent: Friday, July 14, 2006 6:43 AM
> >> >To: thin@xxxxxxxxxxxxx
> >> >Subject: [THIN] Published Desktop lockdown
> >> >
> >> >Hi
> >> >
> >> >Ive just built a new farm based on Windows 2003 and Citrix Metaframe
> >> >Presentation Server 4. Ive published a desktop and am looking for
> the
> >>best
> >> >way to lockdown the "published desktop". Im using Group Policy and
> have
> >>set
> >> >several settings to lock the published desktop. I have an issue
> where I
> >> >don?t want the users to see/access the servers local drives. Ive
> >> >accomplished this via the following settings:
> >> >
> >> >User Configuration\Administrative Templates\windows
> components\windows
> >> >explorer\Hide these specified drives in My Computer
> >> >User Configuration\Administrative Templates\\windows
> components\windows
> >> >explorer\Prevent access to drives from My Computer
> >> >
> >> >My issue is that the users can create folders on the desktop but
> cannot
> >> >delete them (due to the above Group Policy settings). How can I
> easily
> >> >prevent the users from being able to make any changes to the
> desktop?
> >> >
> >> >As a side note, how do people control what icons are created on the
> >> >desktop?? I was thinking of using a script that copies icons to the
> >>desktop
> >> >based on AD group membership. Is there a better way to do this?
> >> >
> >> >Thanks
> >> >
> >> >_________________________________________________________________
> >> >Research and compare new cars side by side at carpoint.com.au
> >> >
> 
>>http://a.ninemsn.com.au/b.aspx?URL=http%3A%2F%2Fsecure%2Dau%2Eimrworldwide%2Ecom%2Fcgi%2Dbin%2Fa%2Fci%5F450304%2Fet%5F2%2Fcg%5F801459%2Fpi%5F1004813%2Fai%5F833884&_t=54321&_r=hotmail_endtext&_m=EXT
> >> >
> >> >************************************************
> >> >For Archives, RSS, to Unsubscribe, Subscribe or
> >> >set Digest or Vacation mode use the below link:
> >> > http://www.freelists.org/list/thin
> >> >************************************************
> >> >
> >> >************************************************
> >> >For Archives, RSS, to Unsubscribe, Subscribe or
> >> >set Digest or Vacation mode use the below link:
> >> >http://www.freelists.org/list/thin
> >> >************************************************
> >> >
> >>
> >>_________________________________________________________________
> >>Find lost friends & family online! Search for free.
> >>
> 
>>http://ninemsn.com.au/share/redir/adTrack.asp?mode=click&clientID=389&referral=HM_tagline&URL=http://ninemsn.schoolfriends.com.au
> >>
> >>************************************************
> >>For Archives, RSS, to Unsubscribe, Subscribe or
> >>set Digest or Vacation mode use the below link:
> >>http://www.freelists.org/list/thin
> >>************************************************
> >>
>
> _________________________________________________________________
> Meet Sexy Singles today @ Lavalife - Click here
> 
http://a.ninemsn.com.au/b.aspx?URL=http%3A%2F%2Flavalife9%2Eninemsn%2Ecom%2Eau%2Fclickthru%2Fclickthru%2Eact%3Fid%3Dninemsn%26context%3Dan99%26locale%3Den%5FAU%26a%3D22740&_t=751140432&_r=emailtagline_meetsexy_june&_m=EXT
>
>
> ************************************************
> For Archives, RSS, to Unsubscribe, Subscribe or
> set Digest or Vacation mode use the below link:
> http://www.freelists.org/list/thin
> ************************************************
>


Other related posts: