It's a little utility I put together a few years ago. Basically it creates a start menu or desktop for users based on their NT group memberships. If they are in group A they get icons 1, 2 and 3, If they are in group B they get icons 4 and 5. If they are in both groups they get all 5 icons. We use it as a simple way to manage published desktops with a wide variety of apps and users - each user gets only the icons that are relevant to them - and the management overhead is small. -----Original Message----- From: Toby [mailto:toby.percival@xxxxxxxxx] Sent: 01 August 2006 14:29 To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: Published Desktop lockdown - using startbuild So what does Startbuild actually do..? Any info on the web? On 8/1/06, Angus Macdonald < Angus.Macdonald@xxxxxxxxxxxxxxxxxxx <mailto:Angus.Macdonald@xxxxxxxxxxxxxxxxxxx> > wrote: We are, but then I wrote StartBuild. -----Original Message----- From: Angela Smith [mailto: angela_smith9@xxxxxxxxxxx <mailto:angela_smith9@xxxxxxxxxxx> ] Sent: 01 August 2006 13:14 To: thin@xxxxxxxxxxxxx <mailto:thin@xxxxxxxxxxxxx> Subject: [THIN] Published Desktop lockdown - using startbuild Hi Is there anyone out there using Startbuild on Windows 2003 Servers for their Published Desktops in Production? Thanks >From: Angus Macdonald < <mailto:Angus.Macdonald@xxxxxxxxxxxxxxxxxxx> Angus.Macdonald@xxxxxxxxxxxxxxxxxxx> >Reply-To: thin@xxxxxxxxxxxxx <mailto:thin@xxxxxxxxxxxxx> >To: thin@xxxxxxxxxxxxx <mailto:thin@xxxxxxxxxxxxx> >Subject: [THIN] Re: Published Desktop lockdown >Date: Mon, 17 Jul 2006 14:27:20 +0100 > >Or hunt around for the StartBuild service (it used to be on thethin.net <http://thethin.net> - >perhaps it still is) which does the same thing with less effort. > >Angus > >PS found it! > > http://thethin.net/startbuild.zip <http://thethin.net/startbuild.zip> > >-----Original Message----- >From: Jeff Pitsch [mailto: jepitsch@xxxxxxxxx <mailto:jepitsch@xxxxxxxxx> ] >Sent: 17 July 2006 14:20 >To: thin@xxxxxxxxxxxxx <mailto:thin@xxxxxxxxxxxxx> >Subject: [THIN] Re: Published Desktop lockdown > > >Use login scripts and copy shortcuts based on group membership. > > >Jeff Pitsch >Microsoft MVP - Terminal Server > >Forums not enough? >Get support from the experts at your business > < http://jeffpitschconsulting.com/ <http://jeffpitschconsulting.com/> > http://jeffpitschconsulting.com <http://jeffpitschconsulting.com> > > > > >On 7/17/06, Luchette, Jon < JLuchette@xxxxxxxxxxxxxxx <mailto:JLuchette@xxxxxxxxxxxxxxx> ><mailto: JLuchette@xxxxxxxxxxxxxxx <mailto:JLuchette@xxxxxxxxxxxxxxx> > > wrote: > >how do you control what applications/shortcuts are on that desktop for >these >users? > > > >_______________________________________________ >Jon Luchette > >Emerson Hospital >Technology Specialist III > >Work: 978-287-3369 >Cell: 978-360-1379 > > jluchette@xxxxxxxxxxxxxxx <mailto:jluchette@xxxxxxxxxxxxxxx> <mailto: jluchette@xxxxxxxxxxxxxxx <mailto:jluchette@xxxxxxxxxxxxxxx> > >_______________________________________________ > > > > > _____ > >From: thin-bounce@xxxxxxxxxxxxx <mailto:thin-bounce@xxxxxxxxxxxxx> <mailto: thin-bounce@xxxxxxxxxxxxx <mailto:thin-bounce@xxxxxxxxxxxxx> > >[mailto: > thin-bounce@xxxxxxxxxxxxx <mailto:thin-bounce@xxxxxxxxxxxxx> <mailto: thin-bounce@xxxxxxxxxxxxx <mailto:thin-bounce@xxxxxxxxxxxxx> > ] On Behalf Of >Bill Sorenson >Sent: Monday, July 17, 2006 9:04 AM > >To: thin@xxxxxxxxxxxxx <mailto:thin@xxxxxxxxxxxxx> <mailto: thin@xxxxxxxxxxxxx <mailto:thin@xxxxxxxxxxxxx> > >Subject: [THIN] Re: Published Desktop lockdown > > > > >We believe that this is the simplest answer and allows users to control >their own look and feel without risking anything. We use a folder under >their Home drive location to store the desktop. > >We also mark any application shortcuts Read Only to help reduce the issue >of >deleted shortcuts to critical applications. Works great. > >Bill > >Bill Sorenson > >Focused Solutions Consulting, Inc. > > www.ivdesk.com <http://www.ivdesk.com> < http://www.ivdesk.com/ <http://www.ivdesk.com/> > > >612-869-1081 > >612-868-5786 cell > > > _____ > >From: thin-bounce@xxxxxxxxxxxxx <mailto:thin-bounce@xxxxxxxxxxxxx> <mailto: thin-bounce@xxxxxxxxxxxxx <mailto:thin-bounce@xxxxxxxxxxxxx> > >[mailto: > thin-bounce@xxxxxxxxxxxxx <mailto:thin-bounce@xxxxxxxxxxxxx> <mailto: thin-bounce@xxxxxxxxxxxxx <mailto:thin-bounce@xxxxxxxxxxxxx> > ] On Behalf Of >Jeff Pitsch >Sent: Monday, July 17, 2006 8:01 AM >To: thin@xxxxxxxxxxxxx <mailto:thin@xxxxxxxxxxxxx> <mailto: thin@xxxxxxxxxxxxx <mailto:thin@xxxxxxxxxxxxx> > >Subject: [THIN] Re: Published Desktop lockdown > > >If your allowing users to write to the desktop, then simply redirect the >desktop. The redirection does not have to be centralized, you can have a >redirected desktop for each user. > > >Jeff Pitsch >Microsoft MVP - Terminal Server > >Forums not enough? >Get support from the experts at your business > < http://jeffpitschconsulting.com/ <http://jeffpitschconsulting.com/> > http://jeffpitschconsulting.com <http://jeffpitschconsulting.com> > > > > >On 7/17/06, Luchette, Jon < <mailto: JLuchette@xxxxxxxxxxxxxxx <mailto:JLuchette@xxxxxxxxxxxxxxx> > > JLuchette@xxxxxxxxxxxxxxx <mailto:JLuchette@xxxxxxxxxxxxxxx> > wrote: > >I am running into the same issue and I think the only limiting factor with >this suggestion is that users will not have their "own" desktop so they >cannot save files to the desktop or make any other similar changes. > >What is the best way to give the users their own desktop so they can save >files to it, and to control what is on the desktop based on group? With >normal folder redirection I don't think this is doable right??? > > > > >_______________________________________________ >Jon Luchette > >Emerson Hospital >Technology Specialist III > >Work: 978-287-3369 >Cell: 978-360-1379 > > jluchette@xxxxxxxxxxxxxxx <mailto:jluchette@xxxxxxxxxxxxxxx> <mailto: jluchette@xxxxxxxxxxxxxxx <mailto:jluchette@xxxxxxxxxxxxxxx> > >_______________________________________________ > > > > > _____ > >From: thin-bounce@xxxxxxxxxxxxx <mailto:thin-bounce@xxxxxxxxxxxxx> <mailto: thin-bounce@xxxxxxxxxxxxx <mailto:thin-bounce@xxxxxxxxxxxxx> > >[mailto: ><mailto: thin-bounce@xxxxxxxxxxxxx <mailto:thin-bounce@xxxxxxxxxxxxx> > thin-bounce@xxxxxxxxxxxxx <mailto:thin-bounce@xxxxxxxxxxxxx> ] On Behalf Of >Jeff Pitsch >Sent: Monday, July 17, 2006 8:52 AM >To: thin@xxxxxxxxxxxxx <mailto:thin@xxxxxxxxxxxxx> <mailto: thin@xxxxxxxxxxxxx <mailto:thin@xxxxxxxxxxxxx> > >Subject: [THIN] Re: Published Desktop lockdown > > > >An alternative is to have a centralized desktop with all the icons. Then >use Access based enumeration and NTFS permissions. This will only show the >appropriate icons to the appropriate users. Very simple and very >effective. > > > >Jeff Pitsch >Microsoft MVP - Terminal Server > >Forums not enough? >Get support from the experts at your business > <http://jeffpitschconsulting.com> http://jeffpitschconsulting.com < http://jeffpitschconsulting.com/ <http://jeffpitschconsulting.com/> > > > > > >On 7/14/06, Angela Smith < <mailto: <mailto:angela_smith9@xxxxxxxxxxx> angela_smith9@xxxxxxxxxxx> > angela_smith9@xxxxxxxxxxx <mailto:angela_smith9@xxxxxxxxxxx> > wrote: > >Greg > >Will do some investigation in regards to pnagent. Will Flex provide that >lockdown capability? Do Citrix support flex? Ive heard some good things >about it but was a little concerned with the lack of support.. > > > >From: "Greg Reese" < <mailto: gareese@xxxxxxxxx <mailto:gareese@xxxxxxxxx> > gareese@xxxxxxxxx <mailto:gareese@xxxxxxxxx> > > >Reply-To: thin@xxxxxxxxxxxxx <mailto:thin@xxxxxxxxxxxxx> <mailto: <mailto:thin@xxxxxxxxxxxxx> thin@xxxxxxxxxxxxx> > >To: thin@xxxxxxxxxxxxx <mailto:thin@xxxxxxxxxxxxx> <mailto: thin@xxxxxxxxxxxxx <mailto:thin@xxxxxxxxxxxxx> > > >Subject: [THIN] Re: Published Desktop lockdown > >Date: Sat, 15 Jul 2006 08:02:52 +1200 > > > >use the pn agent. That is exactly what it is for. Put them on mandatory > >profiles or flxe profiles. Then you only have one thing to manage and >they > > >get the dynamic environment they need. The result is simple and clean if > >you do it right. > > > >Greg > > > >On 7/15/06, Angela Smith < angela_smith9@xxxxxxxxxxx <mailto:angela_smith9@xxxxxxxxxxx> ><mailto: angela_smith9@xxxxxxxxxxx <mailto:angela_smith9@xxxxxxxxxxx> > > wrote: > >> > >>I was thinking that.. Only issue though is I want to be able to create > >>icons based on AD group membership via a login script. Wont setting the > >>desktop to Read only break this? > >> > >>I vaguely remember reading about people using the PNAgent to create > >>desktop > >>icons in a published desktop. Is this the best practice way of doing > >>this? > >> > >> > >> >From: "Jim Kenzig http://ThinHelp.com <http://ThinHelp.com> < http://thinhelp.com/ <http://thinhelp.com/> > " < > jkenzig@xxxxxxxxx <mailto:jkenzig@xxxxxxxxx> <mailto: jkenzig@xxxxxxxxx <mailto:jkenzig@xxxxxxxxx> > > > >> >Reply-To: thin@xxxxxxxxxxxxx <mailto:thin@xxxxxxxxxxxxx> <mailto: thin@xxxxxxxxxxxxx <mailto:thin@xxxxxxxxxxxxx> > > >> >To: thin@xxxxxxxxxxxxx <mailto:thin@xxxxxxxxxxxxx> <mailto: thin@xxxxxxxxxxxxx <mailto:thin@xxxxxxxxxxxxx> > > >> >Subject: [THIN] Re: Published Desktop lockdown > >> >Date: Fri, 14 Jul 2006 05:22:24 -0700 (PDT) > >> > > >> >Just make the desktop folder in the profile read only. > >> > JK > >> > > >> >cstalhoodwrote: > >> > Have you considered redirecting the Desktop to the user's home > >> >directory? > >> > > >> >-----Original Message----- > >> >From: thin-bounce@xxxxxxxxxxxxx <mailto:thin-bounce@xxxxxxxxxxxxx> <mailto: <mailto:thin-bounce@xxxxxxxxxxxxx> thin-bounce@xxxxxxxxxxxxx> >[mailto: <mailto: thin-bounce@xxxxxxxxxxxxx <mailto:thin-bounce@xxxxxxxxxxxxx> > thin-bounce@xxxxxxxxxxxxx <mailto:thin-bounce@xxxxxxxxxxxxx> ] On > >> >Behalf Of > >> >Angela Smith > >> >Sent: Friday, July 14, 2006 6:43 AM > >> >To: thin@xxxxxxxxxxxxx <mailto:thin@xxxxxxxxxxxxx> <mailto: <mailto:thin@xxxxxxxxxxxxx> thin@xxxxxxxxxxxxx> > >> >Subject: [THIN] Published Desktop lockdown > >> > > >> >Hi > >> > > >> >Ive just built a new farm based on Windows 2003 and Citrix Metaframe > >> >Presentation Server 4. Ive published a desktop and am looking for the > >>best > >> >way to lockdown the "published desktop". Im using Group Policy and >have > >>set > >> >several settings to lock the published desktop. I have an issue where >I > >> >don?t want the users to see/access the servers local drives. Ive > >> >accomplished this via the following settings: > >> > > >> >User Configuration\Administrative Templates\windows components\windows > >> >explorer\Hide these specified drives in My Computer > >> >User Configuration\Administrative Templates\\windows >components\windows > >> >explorer\Prevent access to drives from My Computer > >> > > >> >My issue is that the users can create folders on the desktop but >cannot > >> >delete them (due to the above Group Policy settings). How can I easily > >> >prevent the users from being able to make any changes to the desktop? > >> > > >> >As a side note, how do people control what icons are created on the > >> >desktop?? I was thinking of using a script that copies icons to the > >>desktop > >> >based on AD group membership. Is there a better way to do this? > >> > > >> >Thanks > >> > > >> >_________________________________________________________________ > >> >Research and compare new cars side by side at carpoint.com.au <http://carpoint.com.au> >< http://carpoint.com.au/ <http://carpoint.com.au/> > > >> > > >> >< <http://a.ninemsn.com.au/b.aspx?URL=http%3A%2F%2Fsecure%2Dau%2Eimrworldwide> http://a.ninemsn.com.au/b.aspx?URL=http%3A%2F%2Fsecure%2Dau%2Eimrworldwide % >2Ecom%2Fcgi%2Dbin%2Fa%2Fci%5F450304%2Fet%5F2%2Fcg%5F801459%2Fpi%5F1004813%2 F >ai%5F833884&_t=54321&_r=hotmail_endtext&_m=EXT> > http://a.ninemsn.com.au/b.aspx?URL=http%3A%2F%2Fsecure%2Dau%2Eimrworldwide% <http://a.ninemsn.com.au/b.aspx?URL=http%3A%2F%2Fsecure%2Dau%2Eimrworldwide% > 2 >Ecom%2Fcgi%2Dbin%2Fa%2Fci%5F450304%2Fet%5F2%2Fcg%5F801459%2Fpi%5F1004813%2F a >i%5F833884&_t=54321&_r=hotmail_endtext&_m=EXT > >> > > >> >************************************************ > >> >For Archives, RSS, to Unsubscribe, Subscribe or > >> >set Digest or Vacation mode use the below link: > >> > < //www.freelists.org/list/thin <//www.freelists.org/list/thin> > > <//www.freelists.org/list/thin> //www.freelists.org/list/thin > >> >************************************************ > >> > > >> >************************************************ > >> >For Archives, RSS, to Unsubscribe, Subscribe or > >> >set Digest or Vacation mode use the below link: > >> > < //www.freelists.org/list/thin <//www.freelists.org/list/thin> > > <//www.freelists.org/list/thin> //www.freelists.org/list/thin > >> >************************************************ > >> > > >> > >>_________________________________________________________________ > >>Find lost friends & family online! Search for free. > >> > >> >< http://ninemsn.com.au/share/redir/adTrack.asp?mode=click <http://ninemsn.com.au/share/redir/adTrack.asp?mode=click&clientID=389&refe> &clientID=389&refe r >ral=HM_tagline&URL= http://ninemsn.schoolfriends.com.au <http://ninemsn.schoolfriends.com.au> > > <http://ninemsn.com.au/share/redir/adTrack.asp?mode=click&clientID=389&refer > http://ninemsn.com.au/share/redir/adTrack.asp?mode=click&clientID=389&refer r >al=HM_tagline&URL= http://ninemsn.schoolfriends.com.au <http://ninemsn.schoolfriends.com.au> > >> > >>************************************************ > >>For Archives, RSS, to Unsubscribe, Subscribe or > >>set Digest or Vacation mode use the below link: > >> < <//www.freelists.org/list/thin> //www.freelists.org/list/thin> > //www.freelists.org/list/thin <//www.freelists.org/list/thin> > >>************************************************ > >> > >_________________________________________________________________ >Meet Sexy Singles today @ Lavalife - Click here > <http://a.ninemsn.com.au/b.aspx?URL=http%3A%2F%2Flavalife9%2Eninemsn%2Ecom%2 > http://a.ninemsn.com.au/b.aspx?URL=http%3A%2F%2Flavalife9%2Eninemsn%2Ecom%2 E >au%2Fclickthru%2Fclickthru%2Eact%3Fid%3Dninemsn%26context%3Dan99%26locale%3 D >en%5FAU%26a%3D22740 >< <http://a.ninemsn.com.au/b.aspx?URL=http%3A%2F%2Flavalife9%2Eninemsn%2Ecom%> http://a.ninemsn.com.au/b.aspx?URL=http%3A%2F%2Flavalife9%2Eninemsn%2Ecom% 2 >Eau%2Fclickthru%2Fclickthru%2Eact%3Fid%3Dninemsn%26context%3Dan99%26locale% 3 >Den%5FAU%26a%3D22740&_t=751140432&_r=emailtagline_meetsexy_june&_m=EXT> >&_t=751140432&_r=emailtagline_meetsexy_june&_m=EXT > >************************************************ >For Archives, RSS, to Unsubscribe, Subscribe or >set Digest or Vacation mode use the below link: > //www.freelists.org/list/thin <//www.freelists.org/list/thin> < //www.freelists.org/list/thin <//www.freelists.org/list/thin> > >************************************************ > > > > > _________________________________________________________________ Find lost friends & family online! Search for free. http://ninemsn.com.au/share/redir/adTrack.asp?mode=click <http://ninemsn.com.au/share/redir/adTrack.asp?mode=click&clientID=389&refer r> &clientID=389&referr al=HM_tagline&URL= http://ninemsn.schoolfriends.com.au <http://ninemsn.schoolfriends.com.au> ************************************************ For Archives, RSS, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: //www.freelists.org/list/thin <//www.freelists.org/list/thin> ************************************************ ************************************************ For Archives, RSS, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: //www.freelists.org/list/thin <//www.freelists.org/list/thin> ************************************************