We're using it on there now, although we only have a W2K domain. -----Original Message----- From: Angela Smith [mailto:angela_smith9@xxxxxxxxxxx] Sent: 01 August 2006 19:31 To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: Published Desktop lockdown - using startbuild Angus Have you used this on Windows 2003 SP1 servers before? Thanks >From: Angus Macdonald <Angus.Macdonald@xxxxxxxxxxxxxxxxxxx> >Reply-To: thin@xxxxxxxxxxxxx >To: thin@xxxxxxxxxxxxx >Subject: [THIN] Re: Published Desktop lockdown - using startbuild >Date: Tue, 1 Aug 2006 15:34:08 +0100 > >It's a little utility I put together a few years ago. Basically it creates >a >start menu or desktop for users based on their NT group memberships. If >they >are in group A they get icons 1, 2 and 3, If they are in group B they get >icons 4 and 5. If they are in both groups they get all 5 icons. We use it >as >a simple way to manage published desktops with a wide variety of apps and >users - each user gets only the icons that are relevant to them - and the >management overhead is small. > >-----Original Message----- >From: Toby [mailto:toby.percival@xxxxxxxxx] >Sent: 01 August 2006 14:29 >To: thin@xxxxxxxxxxxxx >Subject: [THIN] Re: Published Desktop lockdown - using startbuild > > >So what does Startbuild actually do..? > >Any info on the web? > > >On 8/1/06, Angus Macdonald < Angus.Macdonald@xxxxxxxxxxxxxxxxxxx ><mailto:Angus.Macdonald@xxxxxxxxxxxxxxxxxxx> > wrote: > >We are, but then I wrote StartBuild. > >-----Original Message----- >From: Angela Smith [mailto: angela_smith9@xxxxxxxxxxx ><mailto:angela_smith9@xxxxxxxxxxx> ] >Sent: 01 August 2006 13:14 >To: thin@xxxxxxxxxxxxx <mailto:thin@xxxxxxxxxxxxx> >Subject: [THIN] Published Desktop lockdown - using startbuild > > > >Hi > >Is there anyone out there using Startbuild on Windows 2003 Servers for >their > >Published Desktops in Production? > >Thanks > > >From: Angus Macdonald < <mailto:Angus.Macdonald@xxxxxxxxxxxxxxxxxxx> >Angus.Macdonald@xxxxxxxxxxxxxxxxxxx> > >Reply-To: thin@xxxxxxxxxxxxx <mailto:thin@xxxxxxxxxxxxx> > >To: thin@xxxxxxxxxxxxx <mailto:thin@xxxxxxxxxxxxx> > >Subject: [THIN] Re: Published Desktop lockdown > >Date: Mon, 17 Jul 2006 14:27:20 +0100 > > > >Or hunt around for the StartBuild service (it used to be on thethin.net ><http://thethin.net> - > >perhaps it still is) which does the same thing with less effort. > > > >Angus > > > >PS found it! > > > > http://thethin.net/startbuild.zip <http://thethin.net/startbuild.zip> > > > >-----Original Message----- > >From: Jeff Pitsch [mailto: jepitsch@xxxxxxxxx <mailto:jepitsch@xxxxxxxxx> >] > >Sent: 17 July 2006 14:20 > >To: thin@xxxxxxxxxxxxx <mailto:thin@xxxxxxxxxxxxx> > >Subject: [THIN] Re: Published Desktop lockdown > > > > > >Use login scripts and copy shortcuts based on group membership. > > > > > >Jeff Pitsch > >Microsoft MVP - Terminal Server > > > >Forums not enough? > >Get support from the experts at your business > > < http://jeffpitschconsulting.com/ <http://jeffpitschconsulting.com/> > >http://jeffpitschconsulting.com <http://jeffpitschconsulting.com> > > > > > > > > > >On 7/17/06, Luchette, Jon < JLuchette@xxxxxxxxxxxxxxx ><mailto:JLuchette@xxxxxxxxxxxxxxx> > ><mailto: JLuchette@xxxxxxxxxxxxxxx <mailto:JLuchette@xxxxxxxxxxxxxxx> > > >wrote: > > > >how do you control what applications/shortcuts are on that desktop for > >these > >users? > > > > > > > >_______________________________________________ > >Jon Luchette > > > >Emerson Hospital > >Technology Specialist III > > > >Work: 978-287-3369 > >Cell: 978-360-1379 > > > > jluchette@xxxxxxxxxxxxxxx <mailto:jluchette@xxxxxxxxxxxxxxx> <mailto: >jluchette@xxxxxxxxxxxxxxx <mailto:jluchette@xxxxxxxxxxxxxxx> > > >_______________________________________________ > > > > > > > > > > _____ > > > >From: thin-bounce@xxxxxxxxxxxxx <mailto:thin-bounce@xxxxxxxxxxxxx> ><mailto: thin-bounce@xxxxxxxxxxxxx <mailto:thin-bounce@xxxxxxxxxxxxx> > > >[mailto: > > thin-bounce@xxxxxxxxxxxxx <mailto:thin-bounce@xxxxxxxxxxxxx> <mailto: >thin-bounce@xxxxxxxxxxxxx <mailto:thin-bounce@xxxxxxxxxxxxx> > ] On Behalf >Of > >Bill Sorenson > >Sent: Monday, July 17, 2006 9:04 AM > > > >To: thin@xxxxxxxxxxxxx <mailto:thin@xxxxxxxxxxxxx> <mailto: >thin@xxxxxxxxxxxxx <mailto:thin@xxxxxxxxxxxxx> > > >Subject: [THIN] Re: Published Desktop lockdown > > > > > > > > > >We believe that this is the simplest answer and allows users to control > >their own look and feel without risking anything. We use a folder under > >their Home drive location to store the desktop. > > > >We also mark any application shortcuts Read Only to help reduce the issue > >of > >deleted shortcuts to critical applications. Works great. > > > >Bill > > > >Bill Sorenson > > > >Focused Solutions Consulting, Inc. > > > > www.ivdesk.com <http://www.ivdesk.com> < http://www.ivdesk.com/ ><http://www.ivdesk.com/> > > > > >612-869-1081 > > > >612-868-5786 cell > > > > > > _____ > > > >From: thin-bounce@xxxxxxxxxxxxx <mailto:thin-bounce@xxxxxxxxxxxxx> ><mailto: thin-bounce@xxxxxxxxxxxxx <mailto:thin-bounce@xxxxxxxxxxxxx> > > >[mailto: > > thin-bounce@xxxxxxxxxxxxx <mailto:thin-bounce@xxxxxxxxxxxxx> <mailto: >thin-bounce@xxxxxxxxxxxxx <mailto:thin-bounce@xxxxxxxxxxxxx> > ] On Behalf >Of > >Jeff Pitsch > >Sent: Monday, July 17, 2006 8:01 AM > >To: thin@xxxxxxxxxxxxx <mailto:thin@xxxxxxxxxxxxx> <mailto: >thin@xxxxxxxxxxxxx <mailto:thin@xxxxxxxxxxxxx> > > >Subject: [THIN] Re: Published Desktop lockdown > > > > > >If your allowing users to write to the desktop, then simply redirect the > >desktop. The redirection does not have to be centralized, you can have a > >redirected desktop for each user. > > > > > >Jeff Pitsch > >Microsoft MVP - Terminal Server > > > >Forums not enough? > >Get support from the experts at your business > > < http://jeffpitschconsulting.com/ <http://jeffpitschconsulting.com/> > >http://jeffpitschconsulting.com <http://jeffpitschconsulting.com> > > > > > > > > > >On 7/17/06, Luchette, Jon < <mailto: JLuchette@xxxxxxxxxxxxxxx ><mailto:JLuchette@xxxxxxxxxxxxxxx> > > > JLuchette@xxxxxxxxxxxxxxx <mailto:JLuchette@xxxxxxxxxxxxxxx> > wrote: > > > >I am running into the same issue and I think the only limiting factor >with > >this suggestion is that users will not have their "own" desktop so they > >cannot save files to the desktop or make any other similar changes. > > > >What is the best way to give the users their own desktop so they can save > >files to it, and to control what is on the desktop based on group? With > >normal folder redirection I don't think this is doable right??? > > > > > > > > > >_______________________________________________ > >Jon Luchette > > > >Emerson Hospital > >Technology Specialist III > > > >Work: 978-287-3369 > >Cell: 978-360-1379 > > > > jluchette@xxxxxxxxxxxxxxx <mailto:jluchette@xxxxxxxxxxxxxxx> <mailto: >jluchette@xxxxxxxxxxxxxxx <mailto:jluchette@xxxxxxxxxxxxxxx> > > >_______________________________________________ > > > > > > > > > > _____ > > > >From: thin-bounce@xxxxxxxxxxxxx <mailto:thin-bounce@xxxxxxxxxxxxx> ><mailto: thin-bounce@xxxxxxxxxxxxx <mailto:thin-bounce@xxxxxxxxxxxxx> > > >[mailto: > ><mailto: thin-bounce@xxxxxxxxxxxxx <mailto:thin-bounce@xxxxxxxxxxxxx> > >thin-bounce@xxxxxxxxxxxxx <mailto:thin-bounce@xxxxxxxxxxxxx> ] On Behalf Of > >Jeff Pitsch > >Sent: Monday, July 17, 2006 8:52 AM > >To: thin@xxxxxxxxxxxxx <mailto:thin@xxxxxxxxxxxxx> <mailto: >thin@xxxxxxxxxxxxx <mailto:thin@xxxxxxxxxxxxx> > > >Subject: [THIN] Re: Published Desktop lockdown > > > > > > > >An alternative is to have a centralized desktop with all the icons. Then > >use Access based enumeration and NTFS permissions. This will only show >the > >appropriate icons to the appropriate users. Very simple and very > >effective. > > > > > > > >Jeff Pitsch > >Microsoft MVP - Terminal Server > > > >Forums not enough? > >Get support from the experts at your business > > <http://jeffpitschconsulting.com> http://jeffpitschconsulting.com < >http://jeffpitschconsulting.com/ <http://jeffpitschconsulting.com/> > > > > > > > > > > >On 7/14/06, Angela Smith < <mailto: <mailto:angela_smith9@xxxxxxxxxxx> >angela_smith9@xxxxxxxxxxx> > > angela_smith9@xxxxxxxxxxx <mailto:angela_smith9@xxxxxxxxxxx> > wrote: > > > >Greg > > > >Will do some investigation in regards to pnagent. Will Flex provide that > >lockdown capability? Do Citrix support flex? Ive heard some good things > >about it but was a little concerned with the lack of support.. > > > > > > >From: "Greg Reese" < <mailto: gareese@xxxxxxxxx ><mailto:gareese@xxxxxxxxx> > gareese@xxxxxxxxx <mailto:gareese@xxxxxxxxx> > > > >Reply-To: thin@xxxxxxxxxxxxx <mailto:thin@xxxxxxxxxxxxx> <mailto: ><mailto:thin@xxxxxxxxxxxxx> thin@xxxxxxxxxxxxx> > > >To: thin@xxxxxxxxxxxxx <mailto:thin@xxxxxxxxxxxxx> <mailto: >thin@xxxxxxxxxxxxx <mailto:thin@xxxxxxxxxxxxx> > > > >Subject: [THIN] Re: Published Desktop lockdown > > >Date: Sat, 15 Jul 2006 08:02:52 +1200 > > > > > >use the pn agent. That is exactly what it is for. Put them on >mandatory > > >profiles or flxe profiles. Then you only have one thing to manage and > >they > > > > >get the dynamic environment they need. The result is simple and clean >if > > >you do it right. > > > > > >Greg > > > > > >On 7/15/06, Angela Smith < angela_smith9@xxxxxxxxxxx ><mailto:angela_smith9@xxxxxxxxxxx> > ><mailto: angela_smith9@xxxxxxxxxxx <mailto:angela_smith9@xxxxxxxxxxx> > > >wrote: > > >> > > >>I was thinking that.. Only issue though is I want to be able to >create > > >>icons based on AD group membership via a login script. Wont setting >the > > >>desktop to Read only break this? > > >> > > >>I vaguely remember reading about people using the PNAgent to create > > >>desktop > > >>icons in a published desktop. Is this the best practice way of doing > > >>this? > > >> > > >> > > >> >From: "Jim Kenzig http://ThinHelp.com <http://ThinHelp.com> < >http://thinhelp.com/ <http://thinhelp.com/> > " < > > jkenzig@xxxxxxxxx <mailto:jkenzig@xxxxxxxxx> <mailto: jkenzig@xxxxxxxxx ><mailto:jkenzig@xxxxxxxxx> > > > > >> >Reply-To: thin@xxxxxxxxxxxxx <mailto:thin@xxxxxxxxxxxxx> <mailto: >thin@xxxxxxxxxxxxx <mailto:thin@xxxxxxxxxxxxx> > > > >> >To: thin@xxxxxxxxxxxxx <mailto:thin@xxxxxxxxxxxxx> <mailto: >thin@xxxxxxxxxxxxx <mailto:thin@xxxxxxxxxxxxx> > > > >> >Subject: [THIN] Re: Published Desktop lockdown > > >> >Date: Fri, 14 Jul 2006 05:22:24 -0700 (PDT) > > >> > > > >> >Just make the desktop folder in the profile read only. > > >> > JK > > >> > > > >> >cstalhoodwrote: > > >> > Have you considered redirecting the Desktop to the user's home > > >> >directory? > > >> > > > >> >-----Original Message----- > > >> >From: thin-bounce@xxxxxxxxxxxxx <mailto:thin-bounce@xxxxxxxxxxxxx> ><mailto: <mailto:thin-bounce@xxxxxxxxxxxxx> thin-bounce@xxxxxxxxxxxxx> > >[mailto: <mailto: thin-bounce@xxxxxxxxxxxxx ><mailto:thin-bounce@xxxxxxxxxxxxx> > thin-bounce@xxxxxxxxxxxxx ><mailto:thin-bounce@xxxxxxxxxxxxx> ] On > > >> >Behalf Of > > >> >Angela Smith > > >> >Sent: Friday, July 14, 2006 6:43 AM > > >> >To: thin@xxxxxxxxxxxxx <mailto:thin@xxxxxxxxxxxxx> <mailto: ><mailto:thin@xxxxxxxxxxxxx> thin@xxxxxxxxxxxxx> > > >> >Subject: [THIN] Published Desktop lockdown > > >> > > > >> >Hi > > >> > > > >> >Ive just built a new farm based on Windows 2003 and Citrix Metaframe > > >> >Presentation Server 4. Ive published a desktop and am looking for >the > > >>best > > >> >way to lockdown the "published desktop". Im using Group Policy and > >have > > >>set > > >> >several settings to lock the published desktop. I have an issue >where > >I > > >> >don?t want the users to see/access the servers local drives. Ive > > >> >accomplished this via the following settings: > > >> > > > >> >User Configuration\Administrative Templates\windows >components\windows > > >> >explorer\Hide these specified drives in My Computer > > >> >User Configuration\Administrative Templates\\windows > >components\windows > > >> >explorer\Prevent access to drives from My Computer > > >> > > > >> >My issue is that the users can create folders on the desktop but > >cannot > > >> >delete them (due to the above Group Policy settings). How can I >easily > > >> >prevent the users from being able to make any changes to the >desktop? > > >> > > > >> >As a side note, how do people control what icons are created on the > > >> >desktop?? I was thinking of using a script that copies icons to the > > >>desktop > > >> >based on AD group membership. Is there a better way to do this? > > >> > > > >> >Thanks > > >> > > > >> >_________________________________________________________________ > > >> >Research and compare new cars side by side at carpoint.com.au ><http://carpoint.com.au> > >< http://carpoint.com.au/ <http://carpoint.com.au/> > > > >> > > > >> > >< ><http://a.ninemsn.com.au/b.aspx?URL=http%3A%2F%2Fsecure%2Dau%2Eimrworldwide > >http://a.ninemsn.com.au/b.aspx?URL=http%3A%2F%2Fsecure%2Dau%2Eimrworldwide >% > >2Ecom%2Fcgi%2Dbin%2Fa%2Fci%5F450304%2Fet%5F2%2Fcg%5F801459%2Fpi%5F1004813%2 >F > >ai%5F833884&_t=54321&_r=hotmail_endtext&_m=EXT> > > >http://a.ninemsn.com.au/b.aspx?URL=http%3A%2F%2Fsecure%2Dau%2Eimrworldwide% ><http://a.ninemsn.com.au/b.aspx?URL=http%3A%2F%2Fsecure%2Dau%2Eimrworldwide % > > >2 > >Ecom%2Fcgi%2Dbin%2Fa%2Fci%5F450304%2Fet%5F2%2Fcg%5F801459%2Fpi%5F1004813%2F > >a > >i%5F833884&_t=54321&_r=hotmail_endtext&_m=EXT > > >> > > > >> >************************************************ > > >> >For Archives, RSS, to Unsubscribe, Subscribe or > > >> >set Digest or Vacation mode use the below link: > > >> > < //www.freelists.org/list/thin ><//www.freelists.org/list/thin> > > > <//www.freelists.org/list/thin> //www.freelists.org/list/thin > > >> >************************************************ > > >> > > > >> >************************************************ > > >> >For Archives, RSS, to Unsubscribe, Subscribe or > > >> >set Digest or Vacation mode use the below link: > > >> > < //www.freelists.org/list/thin ><//www.freelists.org/list/thin> > > > <//www.freelists.org/list/thin> //www.freelists.org/list/thin > > >> >************************************************ > > >> > > > >> > > >>_________________________________________________________________ > > >>Find lost friends & family online! Search for free. > > >> > > >> > >< http://ninemsn.com.au/share/redir/adTrack.asp?mode=click ><http://ninemsn.com.au/share/redir/adTrack.asp?mode=click&clientID=389&refe > >&clientID=389&refe >r > >ral=HM_tagline&URL= http://ninemsn.schoolfriends.com.au ><http://ninemsn.schoolfriends.com.au> > > > ><http://ninemsn.com.au/share/redir/adTrack.asp?mode=click&clientID=389&refe r > > >http://ninemsn.com.au/share/redir/adTrack.asp?mode=click&clientID=389&refer >r > >al=HM_tagline&URL= http://ninemsn.schoolfriends.com.au ><http://ninemsn.schoolfriends.com.au> > > >> > > >>************************************************ > > >>For Archives, RSS, to Unsubscribe, Subscribe or > > >>set Digest or Vacation mode use the below link: > > >> < <//www.freelists.org/list/thin> >//www.freelists.org/list/thin> > > //www.freelists.org/list/thin <//www.freelists.org/list/thin> > > >>************************************************ > > >> > > > >_________________________________________________________________ > >Meet Sexy Singles today @ Lavalife - Click here > > ><http://a.ninemsn.com.au/b.aspx?URL=http%3A%2F%2Flavalife9%2Eninemsn%2Ecom% 2 > > >http://a.ninemsn.com.au/b.aspx?URL=http%3A%2F%2Flavalife9%2Eninemsn%2Ecom%2 >E > >au%2Fclickthru%2Fclickthru%2Eact%3Fid%3Dninemsn%26context%3Dan99%26locale%3 >D > >en%5FAU%26a%3D22740 > >< ><http://a.ninemsn.com.au/b.aspx?URL=http%3A%2F%2Flavalife9%2Eninemsn%2Ecom% > >http://a.ninemsn.com.au/b.aspx?URL=http%3A%2F%2Flavalife9%2Eninemsn%2Ecom% >2 > >Eau%2Fclickthru%2Fclickthru%2Eact%3Fid%3Dninemsn%26context%3Dan99%26locale% >3 > >Den%5FAU%26a%3D22740&_t=751140432&_r=emailtagline_meetsexy_june&_m=EXT> > >&_t=751140432&_r=emailtagline_meetsexy_june&_m=EXT > > > >************************************************ > >For Archives, RSS, to Unsubscribe, Subscribe or > >set Digest or Vacation mode use the below link: > > //www.freelists.org/list/thin <//www.freelists.org/list/thin> >< //www.freelists.org/list/thin <//www.freelists.org/list/thin> > > >************************************************ > > > > > > > > > > > >_________________________________________________________________ >Find lost friends & family online! Search for free. >http://ninemsn.com.au/share/redir/adTrack.asp?mode=click ><http://ninemsn.com.au/share/redir/adTrack.asp?mode=click&clientID=389&refe r >r> &clientID=389&referr >al=HM_tagline&URL= http://ninemsn.schoolfriends.com.au ><http://ninemsn.schoolfriends.com.au> > >************************************************ >For Archives, RSS, to Unsubscribe, Subscribe or >set Digest or Vacation mode use the below link: >//www.freelists.org/list/thin <//www.freelists.org/list/thin> >************************************************ >************************************************ >For Archives, RSS, to Unsubscribe, Subscribe or >set Digest or Vacation mode use the below link: >//www.freelists.org/list/thin <//www.freelists.org/list/thin> >************************************************ > > > _________________________________________________________________ Be the one of the first to try the NEW Windows Live Mail. http://ideas.live.com/programPage.aspx?versionId=5d21c51a-b161-4314-9b0e-491 1fb2b2e6d ************************************************ For Archives, RSS, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: //www.freelists.org/list/thin ************************************************ ************************************************ For Archives, RSS, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: //www.freelists.org/list/thin ************************************************