[THIN] Re: Published Desktop lockdown
- From: "Luchette, Jon" <JLuchette@xxxxxxxxxxxxxxx>
- To: <thin@xxxxxxxxxxxxx>
- Date: Wed, 19 Jul 2006 12:11:32 -0400
Enumeration, this explains it:
http://www.microsoft.com/downloads/details.aspx?FamilyId=04A563D9-78D9-4
342-A485-B030AC442084&displaylang=en
_______________________________________________
Jon Luchette
Emerson Hospital
Technology Specialist III
Work: 978-287-3369
Cell: 978-360-1379
jluchette@xxxxxxxxxxxxxxx
_______________________________________________
________________________________
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Michael Boggan
Sent: Wednesday, July 19, 2006 12:06 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Published Desktop lockdown
Jeff P,
You mentioned creating one desktop folder with ALL of the icons and
using NTFS permissions to control who sees what. Do you have any
documentation on how to do this. I didn't know there was a permission
for controlling if an icon is visible or not. That would be great in
our environment and make my life a lot easier.
Thanks,
Michael Boggan
________________________________
From: Angus.Macdonald@xxxxxxxxxxxxxxxxxxx
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Published Desktop lockdown
Date: Mon, 17 Jul 2006 14:27:20 +0100
Or hunt around for the StartBuild service (it used to be on
thethin.net - perhaps it still is) which does the same thing with less
effort.
Angus
PS found it!
http://thethin.net/startbuild.zip
-----Original Message-----
From: Jeff Pitsch [mailto:jepitsch@xxxxxxxxx]
Sent: 17 July 2006 14:20
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Published Desktop lockdown
Use login scripts and copy shortcuts based on group
membership.
Jeff Pitsch
Microsoft MVP - Terminal Server
Forums not enough?
Get support from the experts at your business
http://jeffpitschconsulting.com
<http://jeffpitschconsulting.com/>
On 7/17/06, Luchette, Jon <JLuchette@xxxxxxxxxxxxxxx>
wrote:
how do you control what applications/shortcuts
are on that desktop for these users?
_______________________________________________
Jon Luchette
Emerson Hospital
Technology Specialist III
Work: 978-287-3369
Cell: 978-360-1379
jluchette@xxxxxxxxxxxxxxx
_______________________________________________
________________________________
From: thin-bounce@xxxxxxxxxxxxx
[mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Bill Sorenson
Sent: Monday, July 17, 2006 9:04 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Published Desktop lockdown
We believe that this is the simplest answer and
allows users to control their own look and feel without risking
anything. We use a folder under their Home drive location to store the
desktop.
We also mark any application shortcuts Read Only
to help reduce the issue of deleted shortcuts to critical applications.
Works great.
Bill
Bill Sorenson
Focused Solutions Consulting, Inc.
www.ivdesk.com <http://www.ivdesk.com/>
612-869-1081
612-868-5786 cell
________________________________
From: thin-bounce@xxxxxxxxxxxxx
[mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Jeff Pitsch
Sent: Monday, July 17, 2006 8:01 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Published Desktop lockdown
If your allowing users to write to the desktop,
then simply redirect the desktop. The redirection does not have to be
centralized, you can have a redirected desktop for each user.
Jeff Pitsch
Microsoft MVP - Terminal Server
Forums not enough?
Get support from the experts at your business
http://jeffpitschconsulting.com
<http://jeffpitschconsulting.com/>
On 7/17/06, Luchette, Jon <
JLuchette@xxxxxxxxxxxxxxx <mailto:JLuchette@xxxxxxxxxxxxxxx> > wrote:
I am running into the same issue and I
think the only limiting factor with this suggestion is that users will
not have their "own" desktop so they cannot save files to the desktop or
make any other similar changes.
What is the best way to give the users
their own desktop so they can save files to it, and to control what is
on the desktop based on group? With normal folder redirection I don't
think this is doable right???
_______________________________________________
Jon Luchette
Emerson Hospital
Technology Specialist III
Work: 978-287-3369
Cell: 978-360-1379
jluchette@xxxxxxxxxxxxxxx
_______________________________________________
________________________________
From: thin-bounce@xxxxxxxxxxxxx [mailto:
thin-bounce@xxxxxxxxxxxxx <mailto:thin-bounce@xxxxxxxxxxxxx> ] On Behalf
Of Jeff Pitsch
Sent: Monday, July 17, 2006 8:52 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Published Desktop
lockdown
An alternative is to have a centralized
desktop with all the icons. Then use Access based enumeration and NTFS
permissions. This will only show the appropriate icons to the
appropriate users. Very simple and very effective.
Jeff Pitsch
Microsoft MVP - Terminal Server
Forums not enough?
Get support from the experts at your
business
http://jeffpitschconsulting.com
<http://jeffpitschconsulting.com/>
On 7/14/06, Angela Smith <
angela_smith9@xxxxxxxxxxx <mailto:angela_smith9@xxxxxxxxxxx> > wrote:
Greg
Will do some investigation in regards to
pnagent. Will Flex provide that
lockdown capability? Do Citrix support
flex? Ive heard some good things
about it but was a little concerned with
the lack of support..
>From: "Greg Reese" < gareese@xxxxxxxxx
<mailto:gareese@xxxxxxxxx> >
>Reply-To: thin@xxxxxxxxxxxxx
>To: thin@xxxxxxxxxxxxx
>Subject: [THIN] Re: Published Desktop
lockdown
>Date: Sat, 15 Jul 2006 08:02:52 +1200
>
>use the pn agent. That is exactly what
it is for. Put them on mandatory
>profiles or flxe profiles. Then you
only have one thing to manage and they
>get the dynamic environment they need.
The result is simple and clean if
>you do it right.
>
>Greg
>
>On 7/15/06, Angela Smith <
angela_smith9@xxxxxxxxxxx> wrote:
>>
>>I was thinking that.. Only issue
though is I want to be able to create
>>icons based on AD group membership via
a login script. Wont setting the
>>desktop to Read only break this?
>>
>>I vaguely remember reading about
people using the PNAgent to create
>>desktop
>>icons in a published desktop. Is this
the best practice way of doing
>>this?
>>
>>
>> >From: "Jim Kenzig
http://ThinHelp.com <http://thinhelp.com/> " <jkenzig@xxxxxxxxx >
>> >Reply-To: thin@xxxxxxxxxxxxx
>> >To: thin@xxxxxxxxxxxxx
>> >Subject: [THIN] Re: Published
Desktop lockdown
>> >Date: Fri, 14 Jul 2006 05:22:24
-0700 (PDT)
>> >
>> >Just make the desktop folder in the
profile read only.
>> > JK
>> >
>> >cstalhoodwrote:
>> > Have you considered redirecting
the Desktop to the user's home
>> >directory?
>> >
>> >-----Original Message-----
>> >From: thin-bounce@xxxxxxxxxxxxx
[mailto: thin-bounce@xxxxxxxxxxxxx <mailto:thin-bounce@xxxxxxxxxxxxx> ]
On
>> >Behalf Of
>> >Angela Smith
>> >Sent: Friday, July 14, 2006 6:43 AM
>> >To: thin@xxxxxxxxxxxxx
>> >Subject: [THIN] Published Desktop
lockdown
>> >
>> >Hi
>> >
>> >Ive just built a new farm based on
Windows 2003 and Citrix Metaframe
>> >Presentation Server 4. Ive published
a desktop and am looking for the
>>best
>> >way to lockdown the "published
desktop". Im using Group Policy and have
>>set
>> >several settings to lock the
published desktop. I have an issue where I
>> >don?t want the users to see/access
the servers local drives. Ive
>> >accomplished this via the following
settings:
>> >
>> >User Configuration\Administrative
Templates\windows components\windows
>> >explorer\Hide these specified drives
in My Computer
>> >User Configuration\Administrative
Templates\\windows components\windows
>> >explorer\Prevent access to drives
from My Computer
>> >
>> >My issue is that the users can
create folders on the desktop but cannot
>> >delete them (due to the above Group
Policy settings). How can I easily
>> >prevent the users from being able to
make any changes to the desktop?
>> >
>> >As a side note, how do people
control what icons are created on the
>> >desktop?? I was thinking of using a
script that copies icons to the
>>desktop
>> >based on AD group membership. Is
there a better way to do this?
>> >
>> >Thanks
>> >
>>
>_________________________________________________________________
>> >Research and compare new cars side
by side at carpoint.com.au <http://carpoint.com.au/>
>> >
>>
http://a.ninemsn.com.au/b.aspx?URL=http%3A%2F%2Fsecure%2Dau%2Eimrworldwi
de%2Ecom%2Fcgi%2Dbin%2Fa%2Fci%5F450304%2Fet%5F2%2Fcg%5F801459%2Fpi%5F100
4813%2Fai%5F833884&_t=54321&_r=hotmail_endtext&_m=EXT
<http://a.ninemsn.com.au/b.aspx?URL=http://secure-au.imrworldwide.com/cg
i-bin/a/ci_450304/et_2/cg_801459/pi_1004813/ai_833884&_t=54321&_r=hotmai
l_endtext&_m=EXT>
>> >
>>
>************************************************
>> >For Archives, RSS, to Unsubscribe,
Subscribe or
>> >set Digest or Vacation mode use the
below link:
>> > //www.freelists.org/list/thin
<//www.freelists.org/list/thin>
>>
>************************************************
>> >
>>
>************************************************
>> >For Archives, RSS, to Unsubscribe,
Subscribe or
>> >set Digest or Vacation mode use the
below link:
>> > //www.freelists.org/list/thin
<//www.freelists.org/list/thin>
>>
>************************************************
>> >
>>
>>_________________________________________________________________
>>Find lost friends & family online!
Search for free.
>>
>>
http://ninemsn.com.au/share/redir/adTrack.asp?mode=click&clientID=389&re
ferral=HM_tagline&URL=http://ninemsn.schoolfriends.com.au
<http://ninemsn.com.au/share/redir/adTrack.asp?mode=click&clientID=389&r
eferral=HM_tagline&URL=http://ninemsn.schoolfriends.com.au>
>>
>>************************************************
>>For Archives, RSS, to Unsubscribe,
Subscribe or
>>set Digest or Vacation mode use the
below link:
>> //www.freelists.org/list/thin
<//www.freelists.org/list/thin>
>>************************************************
>>
_________________________________________________________________
Meet Sexy Singles today @ Lavalife -
Click here
http://a.ninemsn.com.au/b.aspx?URL=http%3A%2F%2Flavalife9%2Eninemsn%2Eco
m%2Eau%2Fclickthru%2Fclickthru%2Eact%3Fid%3Dninemsn%26context%3Dan99%26l
ocale%3Den%5FAU%26a%3D22740&_t=751140432&_r=emailtagline_meetsexy_june&_
m=EXT
<http://a.ninemsn.com.au/b.aspx?URL=http://lavalife9.ninemsn.com.au/clic
kthru/clickthru.act?id%3Dninemsn%26context%3Dan99%26locale%3Den_AU%26a%3
D22740&_t=751140432&_r=emailtagline_meetsexy_june&_m=EXT>
************************************************
For Archives, RSS, to Unsubscribe,
Subscribe or
set Digest or Vacation mode use the
below link:
//www.freelists.org/list/thin
************************************************
Other related posts:
