[THIN] Re: Published Desktop lockdown - using startbuild
- From: Angus Macdonald <Angus.Macdonald@xxxxxxxxxxxxxxxxxxx>
- To: thin@xxxxxxxxxxxxx
- Date: Tue, 1 Aug 2006 15:34:08 +0100
It's a little utility I put together a few years ago. Basically it creates a
start menu or desktop for users based on their NT group memberships. If they
are in group A they get icons 1, 2 and 3, If they are in group B they get
icons 4 and 5. If they are in both groups they get all 5 icons. We use it as
a simple way to manage published desktops with a wide variety of apps and
users - each user gets only the icons that are relevant to them - and the
management overhead is small.
-----Original Message-----
From: Toby [mailto:toby.percival@xxxxxxxxx]
Sent: 01 August 2006 14:29
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Published Desktop lockdown - using startbuild
So what does Startbuild actually do..?
Any info on the web?
On 8/1/06, Angus Macdonald < Angus.Macdonald@xxxxxxxxxxxxxxxxxxx
<mailto:Angus.Macdonald@xxxxxxxxxxxxxxxxxxx> > wrote:
We are, but then I wrote StartBuild.
-----Original Message-----
From: Angela Smith [mailto: angela_smith9@xxxxxxxxxxx
<mailto:angela_smith9@xxxxxxxxxxx> ]
Sent: 01 August 2006 13:14
To: thin@xxxxxxxxxxxxx <mailto:thin@xxxxxxxxxxxxx>
Subject: [THIN] Published Desktop lockdown - using startbuild
Hi
Is there anyone out there using Startbuild on Windows 2003 Servers for their
Published Desktops in Production?
Thanks
>From: Angus Macdonald < <mailto:Angus.Macdonald@xxxxxxxxxxxxxxxxxxx>
Angus.Macdonald@xxxxxxxxxxxxxxxxxxx>
>Reply-To: thin@xxxxxxxxxxxxx <mailto:thin@xxxxxxxxxxxxx>
>To: thin@xxxxxxxxxxxxx <mailto:thin@xxxxxxxxxxxxx>
>Subject: [THIN] Re: Published Desktop lockdown
>Date: Mon, 17 Jul 2006 14:27:20 +0100
>
>Or hunt around for the StartBuild service (it used to be on thethin.net
<http://thethin.net> -
>perhaps it still is) which does the same thing with less effort.
>
>Angus
>
>PS found it!
>
> http://thethin.net/startbuild.zip <http://thethin.net/startbuild.zip>
>
>-----Original Message-----
>From: Jeff Pitsch [mailto: jepitsch@xxxxxxxxx <mailto:jepitsch@xxxxxxxxx> ]
>Sent: 17 July 2006 14:20
>To: thin@xxxxxxxxxxxxx <mailto:thin@xxxxxxxxxxxxx>
>Subject: [THIN] Re: Published Desktop lockdown
>
>
>Use login scripts and copy shortcuts based on group membership.
>
>
>Jeff Pitsch
>Microsoft MVP - Terminal Server
>
>Forums not enough?
>Get support from the experts at your business
> < http://jeffpitschconsulting.com/ <http://jeffpitschconsulting.com/> >
http://jeffpitschconsulting.com <http://jeffpitschconsulting.com>
>
>
>
>
>On 7/17/06, Luchette, Jon < JLuchette@xxxxxxxxxxxxxxx
<mailto:JLuchette@xxxxxxxxxxxxxxx>
><mailto: JLuchette@xxxxxxxxxxxxxxx <mailto:JLuchette@xxxxxxxxxxxxxxx> > >
wrote:
>
>how do you control what applications/shortcuts are on that desktop for
>these
>users?
>
>
>
>_______________________________________________
>Jon Luchette
>
>Emerson Hospital
>Technology Specialist III
>
>Work: 978-287-3369
>Cell: 978-360-1379
>
> jluchette@xxxxxxxxxxxxxxx <mailto:jluchette@xxxxxxxxxxxxxxx> <mailto:
jluchette@xxxxxxxxxxxxxxx <mailto:jluchette@xxxxxxxxxxxxxxx> >
>_______________________________________________
>
>
>
>
> _____
>
>From: thin-bounce@xxxxxxxxxxxxx <mailto:thin-bounce@xxxxxxxxxxxxx>
<mailto: thin-bounce@xxxxxxxxxxxxx <mailto:thin-bounce@xxxxxxxxxxxxx> >
>[mailto:
> thin-bounce@xxxxxxxxxxxxx <mailto:thin-bounce@xxxxxxxxxxxxx> <mailto:
thin-bounce@xxxxxxxxxxxxx <mailto:thin-bounce@xxxxxxxxxxxxx> > ] On Behalf
Of
>Bill Sorenson
>Sent: Monday, July 17, 2006 9:04 AM
>
>To: thin@xxxxxxxxxxxxx <mailto:thin@xxxxxxxxxxxxx> <mailto:
thin@xxxxxxxxxxxxx <mailto:thin@xxxxxxxxxxxxx> >
>Subject: [THIN] Re: Published Desktop lockdown
>
>
>
>
>We believe that this is the simplest answer and allows users to control
>their own look and feel without risking anything. We use a folder under
>their Home drive location to store the desktop.
>
>We also mark any application shortcuts Read Only to help reduce the issue
>of
>deleted shortcuts to critical applications. Works great.
>
>Bill
>
>Bill Sorenson
>
>Focused Solutions Consulting, Inc.
>
> www.ivdesk.com <http://www.ivdesk.com> < http://www.ivdesk.com/
<http://www.ivdesk.com/> >
>
>612-869-1081
>
>612-868-5786 cell
>
>
> _____
>
>From: thin-bounce@xxxxxxxxxxxxx <mailto:thin-bounce@xxxxxxxxxxxxx>
<mailto: thin-bounce@xxxxxxxxxxxxx <mailto:thin-bounce@xxxxxxxxxxxxx> >
>[mailto:
> thin-bounce@xxxxxxxxxxxxx <mailto:thin-bounce@xxxxxxxxxxxxx> <mailto:
thin-bounce@xxxxxxxxxxxxx <mailto:thin-bounce@xxxxxxxxxxxxx> > ] On Behalf
Of
>Jeff Pitsch
>Sent: Monday, July 17, 2006 8:01 AM
>To: thin@xxxxxxxxxxxxx <mailto:thin@xxxxxxxxxxxxx> <mailto:
thin@xxxxxxxxxxxxx <mailto:thin@xxxxxxxxxxxxx> >
>Subject: [THIN] Re: Published Desktop lockdown
>
>
>If your allowing users to write to the desktop, then simply redirect the
>desktop. The redirection does not have to be centralized, you can have a
>redirected desktop for each user.
>
>
>Jeff Pitsch
>Microsoft MVP - Terminal Server
>
>Forums not enough?
>Get support from the experts at your business
> < http://jeffpitschconsulting.com/ <http://jeffpitschconsulting.com/> >
http://jeffpitschconsulting.com <http://jeffpitschconsulting.com>
>
>
>
>
>On 7/17/06, Luchette, Jon < <mailto: JLuchette@xxxxxxxxxxxxxxx
<mailto:JLuchette@xxxxxxxxxxxxxxx> >
> JLuchette@xxxxxxxxxxxxxxx <mailto:JLuchette@xxxxxxxxxxxxxxx> > wrote:
>
>I am running into the same issue and I think the only limiting factor with
>this suggestion is that users will not have their "own" desktop so they
>cannot save files to the desktop or make any other similar changes.
>
>What is the best way to give the users their own desktop so they can save
>files to it, and to control what is on the desktop based on group? With
>normal folder redirection I don't think this is doable right???
>
>
>
>
>_______________________________________________
>Jon Luchette
>
>Emerson Hospital
>Technology Specialist III
>
>Work: 978-287-3369
>Cell: 978-360-1379
>
> jluchette@xxxxxxxxxxxxxxx <mailto:jluchette@xxxxxxxxxxxxxxx> <mailto:
jluchette@xxxxxxxxxxxxxxx <mailto:jluchette@xxxxxxxxxxxxxxx> >
>_______________________________________________
>
>
>
>
> _____
>
>From: thin-bounce@xxxxxxxxxxxxx <mailto:thin-bounce@xxxxxxxxxxxxx>
<mailto: thin-bounce@xxxxxxxxxxxxx <mailto:thin-bounce@xxxxxxxxxxxxx> >
>[mailto:
><mailto: thin-bounce@xxxxxxxxxxxxx <mailto:thin-bounce@xxxxxxxxxxxxx> >
thin-bounce@xxxxxxxxxxxxx <mailto:thin-bounce@xxxxxxxxxxxxx> ] On Behalf Of
>Jeff Pitsch
>Sent: Monday, July 17, 2006 8:52 AM
>To: thin@xxxxxxxxxxxxx <mailto:thin@xxxxxxxxxxxxx> <mailto:
thin@xxxxxxxxxxxxx <mailto:thin@xxxxxxxxxxxxx> >
>Subject: [THIN] Re: Published Desktop lockdown
>
>
>
>An alternative is to have a centralized desktop with all the icons. Then
>use Access based enumeration and NTFS permissions. This will only show the
>appropriate icons to the appropriate users. Very simple and very
>effective.
>
>
>
>Jeff Pitsch
>Microsoft MVP - Terminal Server
>
>Forums not enough?
>Get support from the experts at your business
> <http://jeffpitschconsulting.com> http://jeffpitschconsulting.com <
http://jeffpitschconsulting.com/ <http://jeffpitschconsulting.com/> >
>
>
>
>
>On 7/14/06, Angela Smith < <mailto: <mailto:angela_smith9@xxxxxxxxxxx>
angela_smith9@xxxxxxxxxxx>
> angela_smith9@xxxxxxxxxxx <mailto:angela_smith9@xxxxxxxxxxx> > wrote:
>
>Greg
>
>Will do some investigation in regards to pnagent. Will Flex provide that
>lockdown capability? Do Citrix support flex? Ive heard some good things
>about it but was a little concerned with the lack of support..
>
>
> >From: "Greg Reese" < <mailto: gareese@xxxxxxxxx
<mailto:gareese@xxxxxxxxx> > gareese@xxxxxxxxx <mailto:gareese@xxxxxxxxx> >
> >Reply-To: thin@xxxxxxxxxxxxx <mailto:thin@xxxxxxxxxxxxx> <mailto:
<mailto:thin@xxxxxxxxxxxxx> thin@xxxxxxxxxxxxx>
> >To: thin@xxxxxxxxxxxxx <mailto:thin@xxxxxxxxxxxxx> <mailto:
thin@xxxxxxxxxxxxx <mailto:thin@xxxxxxxxxxxxx> >
> >Subject: [THIN] Re: Published Desktop lockdown
> >Date: Sat, 15 Jul 2006 08:02:52 +1200
> >
> >use the pn agent. That is exactly what it is for. Put them on mandatory
> >profiles or flxe profiles. Then you only have one thing to manage and
>they
>
> >get the dynamic environment they need. The result is simple and clean if
> >you do it right.
> >
> >Greg
> >
> >On 7/15/06, Angela Smith < angela_smith9@xxxxxxxxxxx
<mailto:angela_smith9@xxxxxxxxxxx>
><mailto: angela_smith9@xxxxxxxxxxx <mailto:angela_smith9@xxxxxxxxxxx> > >
wrote:
> >>
> >>I was thinking that.. Only issue though is I want to be able to create
> >>icons based on AD group membership via a login script. Wont setting the
> >>desktop to Read only break this?
> >>
> >>I vaguely remember reading about people using the PNAgent to create
> >>desktop
> >>icons in a published desktop. Is this the best practice way of doing
> >>this?
> >>
> >>
> >> >From: "Jim Kenzig http://ThinHelp.com <http://ThinHelp.com> <
http://thinhelp.com/ <http://thinhelp.com/> > " <
> jkenzig@xxxxxxxxx <mailto:jkenzig@xxxxxxxxx> <mailto: jkenzig@xxxxxxxxx
<mailto:jkenzig@xxxxxxxxx> > >
> >> >Reply-To: thin@xxxxxxxxxxxxx <mailto:thin@xxxxxxxxxxxxx> <mailto:
thin@xxxxxxxxxxxxx <mailto:thin@xxxxxxxxxxxxx> >
> >> >To: thin@xxxxxxxxxxxxx <mailto:thin@xxxxxxxxxxxxx> <mailto:
thin@xxxxxxxxxxxxx <mailto:thin@xxxxxxxxxxxxx> >
> >> >Subject: [THIN] Re: Published Desktop lockdown
> >> >Date: Fri, 14 Jul 2006 05:22:24 -0700 (PDT)
> >> >
> >> >Just make the desktop folder in the profile read only.
> >> > JK
> >> >
> >> >cstalhoodwrote:
> >> > Have you considered redirecting the Desktop to the user's home
> >> >directory?
> >> >
> >> >-----Original Message-----
> >> >From: thin-bounce@xxxxxxxxxxxxx <mailto:thin-bounce@xxxxxxxxxxxxx>
<mailto: <mailto:thin-bounce@xxxxxxxxxxxxx> thin-bounce@xxxxxxxxxxxxx>
>[mailto: <mailto: thin-bounce@xxxxxxxxxxxxx
<mailto:thin-bounce@xxxxxxxxxxxxx> > thin-bounce@xxxxxxxxxxxxx
<mailto:thin-bounce@xxxxxxxxxxxxx> ] On
> >> >Behalf Of
> >> >Angela Smith
> >> >Sent: Friday, July 14, 2006 6:43 AM
> >> >To: thin@xxxxxxxxxxxxx <mailto:thin@xxxxxxxxxxxxx> <mailto:
<mailto:thin@xxxxxxxxxxxxx> thin@xxxxxxxxxxxxx>
> >> >Subject: [THIN] Published Desktop lockdown
> >> >
> >> >Hi
> >> >
> >> >Ive just built a new farm based on Windows 2003 and Citrix Metaframe
> >> >Presentation Server 4. Ive published a desktop and am looking for the
> >>best
> >> >way to lockdown the "published desktop". Im using Group Policy and
>have
> >>set
> >> >several settings to lock the published desktop. I have an issue where
>I
> >> >don?t want the users to see/access the servers local drives. Ive
> >> >accomplished this via the following settings:
> >> >
> >> >User Configuration\Administrative Templates\windows components\windows
> >> >explorer\Hide these specified drives in My Computer
> >> >User Configuration\Administrative Templates\\windows
>components\windows
> >> >explorer\Prevent access to drives from My Computer
> >> >
> >> >My issue is that the users can create folders on the desktop but
>cannot
> >> >delete them (due to the above Group Policy settings). How can I easily
> >> >prevent the users from being able to make any changes to the desktop?
> >> >
> >> >As a side note, how do people control what icons are created on the
> >> >desktop?? I was thinking of using a script that copies icons to the
> >>desktop
> >> >based on AD group membership. Is there a better way to do this?
> >> >
> >> >Thanks
> >> >
> >> >_________________________________________________________________
> >> >Research and compare new cars side by side at carpoint.com.au
<http://carpoint.com.au>
>< http://carpoint.com.au/ <http://carpoint.com.au/> >
> >> >
> >>
><
<http://a.ninemsn.com.au/b.aspx?URL=http%3A%2F%2Fsecure%2Dau%2Eimrworldwide>
http://a.ninemsn.com.au/b.aspx?URL=http%3A%2F%2Fsecure%2Dau%2Eimrworldwide
%
>2Ecom%2Fcgi%2Dbin%2Fa%2Fci%5F450304%2Fet%5F2%2Fcg%5F801459%2Fpi%5F1004813%2
F
>ai%5F833884&_t=54321&_r=hotmail_endtext&_m=EXT>
>
http://a.ninemsn.com.au/b.aspx?URL=http%3A%2F%2Fsecure%2Dau%2Eimrworldwide%
<http://a.ninemsn.com.au/b.aspx?URL=http%3A%2F%2Fsecure%2Dau%2Eimrworldwide%
>
2
>Ecom%2Fcgi%2Dbin%2Fa%2Fci%5F450304%2Fet%5F2%2Fcg%5F801459%2Fpi%5F1004813%2F
a
>i%5F833884&_t=54321&_r=hotmail_endtext&_m=EXT
> >> >
> >> >************************************************
> >> >For Archives, RSS, to Unsubscribe, Subscribe or
> >> >set Digest or Vacation mode use the below link:
> >> > < //www.freelists.org/list/thin
<//www.freelists.org/list/thin> >
> <//www.freelists.org/list/thin> //www.freelists.org/list/thin
> >> >************************************************
> >> >
> >> >************************************************
> >> >For Archives, RSS, to Unsubscribe, Subscribe or
> >> >set Digest or Vacation mode use the below link:
> >> > < //www.freelists.org/list/thin
<//www.freelists.org/list/thin> >
> <//www.freelists.org/list/thin> //www.freelists.org/list/thin
> >> >************************************************
> >> >
> >>
> >>_________________________________________________________________
> >>Find lost friends & family online! Search for free.
> >>
> >>
>< http://ninemsn.com.au/share/redir/adTrack.asp?mode=click
<http://ninemsn.com.au/share/redir/adTrack.asp?mode=click&clientID=389&refe>
&clientID=389&refe
r
>ral=HM_tagline&URL= http://ninemsn.schoolfriends.com.au
<http://ninemsn.schoolfriends.com.au> >
>
<http://ninemsn.com.au/share/redir/adTrack.asp?mode=click&clientID=389&refer
>
http://ninemsn.com.au/share/redir/adTrack.asp?mode=click&clientID=389&refer
r
>al=HM_tagline&URL= http://ninemsn.schoolfriends.com.au
<http://ninemsn.schoolfriends.com.au>
> >>
> >>************************************************
> >>For Archives, RSS, to Unsubscribe, Subscribe or
> >>set Digest or Vacation mode use the below link:
> >> < <//www.freelists.org/list/thin>
//www.freelists.org/list/thin>
> //www.freelists.org/list/thin <//www.freelists.org/list/thin>
> >>************************************************
> >>
>
>_________________________________________________________________
>Meet Sexy Singles today @ Lavalife - Click here
>
<http://a.ninemsn.com.au/b.aspx?URL=http%3A%2F%2Flavalife9%2Eninemsn%2Ecom%2
>
http://a.ninemsn.com.au/b.aspx?URL=http%3A%2F%2Flavalife9%2Eninemsn%2Ecom%2
E
>au%2Fclickthru%2Fclickthru%2Eact%3Fid%3Dninemsn%26context%3Dan99%26locale%3
D
>en%5FAU%26a%3D22740
><
<http://a.ninemsn.com.au/b.aspx?URL=http%3A%2F%2Flavalife9%2Eninemsn%2Ecom%>
http://a.ninemsn.com.au/b.aspx?URL=http%3A%2F%2Flavalife9%2Eninemsn%2Ecom%
2
>Eau%2Fclickthru%2Fclickthru%2Eact%3Fid%3Dninemsn%26context%3Dan99%26locale%
3
>Den%5FAU%26a%3D22740&_t=751140432&_r=emailtagline_meetsexy_june&_m=EXT>
>&_t=751140432&_r=emailtagline_meetsexy_june&_m=EXT
>
>************************************************
>For Archives, RSS, to Unsubscribe, Subscribe or
>set Digest or Vacation mode use the below link:
> //www.freelists.org/list/thin <//www.freelists.org/list/thin>
< //www.freelists.org/list/thin <//www.freelists.org/list/thin> >
>************************************************
>
>
>
>
>
_________________________________________________________________
Find lost friends & family online! Search for free.
http://ninemsn.com.au/share/redir/adTrack.asp?mode=click
<http://ninemsn.com.au/share/redir/adTrack.asp?mode=click&clientID=389&refer
r> &clientID=389&referr
al=HM_tagline&URL= http://ninemsn.schoolfriends.com.au
<http://ninemsn.schoolfriends.com.au>
************************************************
For Archives, RSS, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
//www.freelists.org/list/thin <//www.freelists.org/list/thin>
************************************************
************************************************
For Archives, RSS, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
//www.freelists.org/list/thin <//www.freelists.org/list/thin>
************************************************
Other related posts:
