[THIN] Re: Published Desktop lockdown - using startbuild
- From: Angus Macdonald <Angus.Macdonald@xxxxxxxxxxxxxxxxxxx>
- To: thin@xxxxxxxxxxxxx
- Date: Tue, 1 Aug 2006 22:04:43 +0100
We're using it on there now, although we only have a W2K domain.
-----Original Message-----
From: Angela Smith [mailto:angela_smith9@xxxxxxxxxxx]
Sent: 01 August 2006 19:31
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Published Desktop lockdown - using startbuild
Angus
Have you used this on Windows 2003 SP1 servers before?
Thanks
>From: Angus Macdonald <Angus.Macdonald@xxxxxxxxxxxxxxxxxxx>
>Reply-To: thin@xxxxxxxxxxxxx
>To: thin@xxxxxxxxxxxxx
>Subject: [THIN] Re: Published Desktop lockdown - using startbuild
>Date: Tue, 1 Aug 2006 15:34:08 +0100
>
>It's a little utility I put together a few years ago. Basically it creates
>a
>start menu or desktop for users based on their NT group memberships. If
>they
>are in group A they get icons 1, 2 and 3, If they are in group B they get
>icons 4 and 5. If they are in both groups they get all 5 icons. We use it
>as
>a simple way to manage published desktops with a wide variety of apps and
>users - each user gets only the icons that are relevant to them - and the
>management overhead is small.
>
>-----Original Message-----
>From: Toby [mailto:toby.percival@xxxxxxxxx]
>Sent: 01 August 2006 14:29
>To: thin@xxxxxxxxxxxxx
>Subject: [THIN] Re: Published Desktop lockdown - using startbuild
>
>
>So what does Startbuild actually do..?
>
>Any info on the web?
>
>
>On 8/1/06, Angus Macdonald < Angus.Macdonald@xxxxxxxxxxxxxxxxxxx
><mailto:Angus.Macdonald@xxxxxxxxxxxxxxxxxxx> > wrote:
>
>We are, but then I wrote StartBuild.
>
>-----Original Message-----
>From: Angela Smith [mailto: angela_smith9@xxxxxxxxxxx
><mailto:angela_smith9@xxxxxxxxxxx> ]
>Sent: 01 August 2006 13:14
>To: thin@xxxxxxxxxxxxx <mailto:thin@xxxxxxxxxxxxx>
>Subject: [THIN] Published Desktop lockdown - using startbuild
>
>
>
>Hi
>
>Is there anyone out there using Startbuild on Windows 2003 Servers for
>their
>
>Published Desktops in Production?
>
>Thanks
>
> >From: Angus Macdonald < <mailto:Angus.Macdonald@xxxxxxxxxxxxxxxxxxx>
>Angus.Macdonald@xxxxxxxxxxxxxxxxxxx>
> >Reply-To: thin@xxxxxxxxxxxxx <mailto:thin@xxxxxxxxxxxxx>
> >To: thin@xxxxxxxxxxxxx <mailto:thin@xxxxxxxxxxxxx>
> >Subject: [THIN] Re: Published Desktop lockdown
> >Date: Mon, 17 Jul 2006 14:27:20 +0100
> >
> >Or hunt around for the StartBuild service (it used to be on thethin.net
><http://thethin.net> -
> >perhaps it still is) which does the same thing with less effort.
> >
> >Angus
> >
> >PS found it!
> >
> > http://thethin.net/startbuild.zip <http://thethin.net/startbuild.zip>
> >
> >-----Original Message-----
> >From: Jeff Pitsch [mailto: jepitsch@xxxxxxxxx <mailto:jepitsch@xxxxxxxxx>
>]
> >Sent: 17 July 2006 14:20
> >To: thin@xxxxxxxxxxxxx <mailto:thin@xxxxxxxxxxxxx>
> >Subject: [THIN] Re: Published Desktop lockdown
> >
> >
> >Use login scripts and copy shortcuts based on group membership.
> >
> >
> >Jeff Pitsch
> >Microsoft MVP - Terminal Server
> >
> >Forums not enough?
> >Get support from the experts at your business
> > < http://jeffpitschconsulting.com/ <http://jeffpitschconsulting.com/> >
>http://jeffpitschconsulting.com <http://jeffpitschconsulting.com>
> >
> >
> >
> >
> >On 7/17/06, Luchette, Jon < JLuchette@xxxxxxxxxxxxxxx
><mailto:JLuchette@xxxxxxxxxxxxxxx>
> ><mailto: JLuchette@xxxxxxxxxxxxxxx <mailto:JLuchette@xxxxxxxxxxxxxxx> > >
>wrote:
> >
> >how do you control what applications/shortcuts are on that desktop for
> >these
> >users?
> >
> >
> >
> >_______________________________________________
> >Jon Luchette
> >
> >Emerson Hospital
> >Technology Specialist III
> >
> >Work: 978-287-3369
> >Cell: 978-360-1379
> >
> > jluchette@xxxxxxxxxxxxxxx <mailto:jluchette@xxxxxxxxxxxxxxx> <mailto:
>jluchette@xxxxxxxxxxxxxxx <mailto:jluchette@xxxxxxxxxxxxxxx> >
> >_______________________________________________
> >
> >
> >
> >
> > _____
> >
> >From: thin-bounce@xxxxxxxxxxxxx <mailto:thin-bounce@xxxxxxxxxxxxx>
><mailto: thin-bounce@xxxxxxxxxxxxx <mailto:thin-bounce@xxxxxxxxxxxxx> >
> >[mailto:
> > thin-bounce@xxxxxxxxxxxxx <mailto:thin-bounce@xxxxxxxxxxxxx> <mailto:
>thin-bounce@xxxxxxxxxxxxx <mailto:thin-bounce@xxxxxxxxxxxxx> > ] On Behalf
>Of
> >Bill Sorenson
> >Sent: Monday, July 17, 2006 9:04 AM
> >
> >To: thin@xxxxxxxxxxxxx <mailto:thin@xxxxxxxxxxxxx> <mailto:
>thin@xxxxxxxxxxxxx <mailto:thin@xxxxxxxxxxxxx> >
> >Subject: [THIN] Re: Published Desktop lockdown
> >
> >
> >
> >
> >We believe that this is the simplest answer and allows users to control
> >their own look and feel without risking anything. We use a folder under
> >their Home drive location to store the desktop.
> >
> >We also mark any application shortcuts Read Only to help reduce the issue
> >of
> >deleted shortcuts to critical applications. Works great.
> >
> >Bill
> >
> >Bill Sorenson
> >
> >Focused Solutions Consulting, Inc.
> >
> > www.ivdesk.com <http://www.ivdesk.com> < http://www.ivdesk.com/
><http://www.ivdesk.com/> >
> >
> >612-869-1081
> >
> >612-868-5786 cell
> >
> >
> > _____
> >
> >From: thin-bounce@xxxxxxxxxxxxx <mailto:thin-bounce@xxxxxxxxxxxxx>
><mailto: thin-bounce@xxxxxxxxxxxxx <mailto:thin-bounce@xxxxxxxxxxxxx> >
> >[mailto:
> > thin-bounce@xxxxxxxxxxxxx <mailto:thin-bounce@xxxxxxxxxxxxx> <mailto:
>thin-bounce@xxxxxxxxxxxxx <mailto:thin-bounce@xxxxxxxxxxxxx> > ] On Behalf
>Of
> >Jeff Pitsch
> >Sent: Monday, July 17, 2006 8:01 AM
> >To: thin@xxxxxxxxxxxxx <mailto:thin@xxxxxxxxxxxxx> <mailto:
>thin@xxxxxxxxxxxxx <mailto:thin@xxxxxxxxxxxxx> >
> >Subject: [THIN] Re: Published Desktop lockdown
> >
> >
> >If your allowing users to write to the desktop, then simply redirect the
> >desktop. The redirection does not have to be centralized, you can have a
> >redirected desktop for each user.
> >
> >
> >Jeff Pitsch
> >Microsoft MVP - Terminal Server
> >
> >Forums not enough?
> >Get support from the experts at your business
> > < http://jeffpitschconsulting.com/ <http://jeffpitschconsulting.com/> >
>http://jeffpitschconsulting.com <http://jeffpitschconsulting.com>
> >
> >
> >
> >
> >On 7/17/06, Luchette, Jon < <mailto: JLuchette@xxxxxxxxxxxxxxx
><mailto:JLuchette@xxxxxxxxxxxxxxx> >
> > JLuchette@xxxxxxxxxxxxxxx <mailto:JLuchette@xxxxxxxxxxxxxxx> > wrote:
> >
> >I am running into the same issue and I think the only limiting factor
>with
> >this suggestion is that users will not have their "own" desktop so they
> >cannot save files to the desktop or make any other similar changes.
> >
> >What is the best way to give the users their own desktop so they can save
> >files to it, and to control what is on the desktop based on group? With
> >normal folder redirection I don't think this is doable right???
> >
> >
> >
> >
> >_______________________________________________
> >Jon Luchette
> >
> >Emerson Hospital
> >Technology Specialist III
> >
> >Work: 978-287-3369
> >Cell: 978-360-1379
> >
> > jluchette@xxxxxxxxxxxxxxx <mailto:jluchette@xxxxxxxxxxxxxxx> <mailto:
>jluchette@xxxxxxxxxxxxxxx <mailto:jluchette@xxxxxxxxxxxxxxx> >
> >_______________________________________________
> >
> >
> >
> >
> > _____
> >
> >From: thin-bounce@xxxxxxxxxxxxx <mailto:thin-bounce@xxxxxxxxxxxxx>
><mailto: thin-bounce@xxxxxxxxxxxxx <mailto:thin-bounce@xxxxxxxxxxxxx> >
> >[mailto:
> ><mailto: thin-bounce@xxxxxxxxxxxxx <mailto:thin-bounce@xxxxxxxxxxxxx> >
>thin-bounce@xxxxxxxxxxxxx <mailto:thin-bounce@xxxxxxxxxxxxx> ] On Behalf Of
> >Jeff Pitsch
> >Sent: Monday, July 17, 2006 8:52 AM
> >To: thin@xxxxxxxxxxxxx <mailto:thin@xxxxxxxxxxxxx> <mailto:
>thin@xxxxxxxxxxxxx <mailto:thin@xxxxxxxxxxxxx> >
> >Subject: [THIN] Re: Published Desktop lockdown
> >
> >
> >
> >An alternative is to have a centralized desktop with all the icons. Then
> >use Access based enumeration and NTFS permissions. This will only show
>the
> >appropriate icons to the appropriate users. Very simple and very
> >effective.
> >
> >
> >
> >Jeff Pitsch
> >Microsoft MVP - Terminal Server
> >
> >Forums not enough?
> >Get support from the experts at your business
> > <http://jeffpitschconsulting.com> http://jeffpitschconsulting.com <
>http://jeffpitschconsulting.com/ <http://jeffpitschconsulting.com/> >
> >
> >
> >
> >
> >On 7/14/06, Angela Smith < <mailto: <mailto:angela_smith9@xxxxxxxxxxx>
>angela_smith9@xxxxxxxxxxx>
> > angela_smith9@xxxxxxxxxxx <mailto:angela_smith9@xxxxxxxxxxx> > wrote:
> >
> >Greg
> >
> >Will do some investigation in regards to pnagent. Will Flex provide that
> >lockdown capability? Do Citrix support flex? Ive heard some good things
> >about it but was a little concerned with the lack of support..
> >
> >
> > >From: "Greg Reese" < <mailto: gareese@xxxxxxxxx
><mailto:gareese@xxxxxxxxx> > gareese@xxxxxxxxx <mailto:gareese@xxxxxxxxx> >
> > >Reply-To: thin@xxxxxxxxxxxxx <mailto:thin@xxxxxxxxxxxxx> <mailto:
><mailto:thin@xxxxxxxxxxxxx> thin@xxxxxxxxxxxxx>
> > >To: thin@xxxxxxxxxxxxx <mailto:thin@xxxxxxxxxxxxx> <mailto:
>thin@xxxxxxxxxxxxx <mailto:thin@xxxxxxxxxxxxx> >
> > >Subject: [THIN] Re: Published Desktop lockdown
> > >Date: Sat, 15 Jul 2006 08:02:52 +1200
> > >
> > >use the pn agent. That is exactly what it is for. Put them on
>mandatory
> > >profiles or flxe profiles. Then you only have one thing to manage and
> >they
> >
> > >get the dynamic environment they need. The result is simple and clean
>if
> > >you do it right.
> > >
> > >Greg
> > >
> > >On 7/15/06, Angela Smith < angela_smith9@xxxxxxxxxxx
><mailto:angela_smith9@xxxxxxxxxxx>
> ><mailto: angela_smith9@xxxxxxxxxxx <mailto:angela_smith9@xxxxxxxxxxx> > >
>wrote:
> > >>
> > >>I was thinking that.. Only issue though is I want to be able to
>create
> > >>icons based on AD group membership via a login script. Wont setting
>the
> > >>desktop to Read only break this?
> > >>
> > >>I vaguely remember reading about people using the PNAgent to create
> > >>desktop
> > >>icons in a published desktop. Is this the best practice way of doing
> > >>this?
> > >>
> > >>
> > >> >From: "Jim Kenzig http://ThinHelp.com <http://ThinHelp.com> <
>http://thinhelp.com/ <http://thinhelp.com/> > " <
> > jkenzig@xxxxxxxxx <mailto:jkenzig@xxxxxxxxx> <mailto: jkenzig@xxxxxxxxx
><mailto:jkenzig@xxxxxxxxx> > >
> > >> >Reply-To: thin@xxxxxxxxxxxxx <mailto:thin@xxxxxxxxxxxxx> <mailto:
>thin@xxxxxxxxxxxxx <mailto:thin@xxxxxxxxxxxxx> >
> > >> >To: thin@xxxxxxxxxxxxx <mailto:thin@xxxxxxxxxxxxx> <mailto:
>thin@xxxxxxxxxxxxx <mailto:thin@xxxxxxxxxxxxx> >
> > >> >Subject: [THIN] Re: Published Desktop lockdown
> > >> >Date: Fri, 14 Jul 2006 05:22:24 -0700 (PDT)
> > >> >
> > >> >Just make the desktop folder in the profile read only.
> > >> > JK
> > >> >
> > >> >cstalhoodwrote:
> > >> > Have you considered redirecting the Desktop to the user's home
> > >> >directory?
> > >> >
> > >> >-----Original Message-----
> > >> >From: thin-bounce@xxxxxxxxxxxxx <mailto:thin-bounce@xxxxxxxxxxxxx>
><mailto: <mailto:thin-bounce@xxxxxxxxxxxxx> thin-bounce@xxxxxxxxxxxxx>
> >[mailto: <mailto: thin-bounce@xxxxxxxxxxxxx
><mailto:thin-bounce@xxxxxxxxxxxxx> > thin-bounce@xxxxxxxxxxxxx
><mailto:thin-bounce@xxxxxxxxxxxxx> ] On
> > >> >Behalf Of
> > >> >Angela Smith
> > >> >Sent: Friday, July 14, 2006 6:43 AM
> > >> >To: thin@xxxxxxxxxxxxx <mailto:thin@xxxxxxxxxxxxx> <mailto:
><mailto:thin@xxxxxxxxxxxxx> thin@xxxxxxxxxxxxx>
> > >> >Subject: [THIN] Published Desktop lockdown
> > >> >
> > >> >Hi
> > >> >
> > >> >Ive just built a new farm based on Windows 2003 and Citrix Metaframe
> > >> >Presentation Server 4. Ive published a desktop and am looking for
>the
> > >>best
> > >> >way to lockdown the "published desktop". Im using Group Policy and
> >have
> > >>set
> > >> >several settings to lock the published desktop. I have an issue
>where
> >I
> > >> >don?t want the users to see/access the servers local drives. Ive
> > >> >accomplished this via the following settings:
> > >> >
> > >> >User Configuration\Administrative Templates\windows
>components\windows
> > >> >explorer\Hide these specified drives in My Computer
> > >> >User Configuration\Administrative Templates\\windows
> >components\windows
> > >> >explorer\Prevent access to drives from My Computer
> > >> >
> > >> >My issue is that the users can create folders on the desktop but
> >cannot
> > >> >delete them (due to the above Group Policy settings). How can I
>easily
> > >> >prevent the users from being able to make any changes to the
>desktop?
> > >> >
> > >> >As a side note, how do people control what icons are created on the
> > >> >desktop?? I was thinking of using a script that copies icons to the
> > >>desktop
> > >> >based on AD group membership. Is there a better way to do this?
> > >> >
> > >> >Thanks
> > >> >
> > >> >_________________________________________________________________
> > >> >Research and compare new cars side by side at carpoint.com.au
><http://carpoint.com.au>
> >< http://carpoint.com.au/ <http://carpoint.com.au/> >
> > >> >
> > >>
> ><
><http://a.ninemsn.com.au/b.aspx?URL=http%3A%2F%2Fsecure%2Dau%2Eimrworldwide
>
>http://a.ninemsn.com.au/b.aspx?URL=http%3A%2F%2Fsecure%2Dau%2Eimrworldwide
>%
>
>2Ecom%2Fcgi%2Dbin%2Fa%2Fci%5F450304%2Fet%5F2%2Fcg%5F801459%2Fpi%5F1004813%2
>F
> >ai%5F833884&_t=54321&_r=hotmail_endtext&_m=EXT>
> >
>http://a.ninemsn.com.au/b.aspx?URL=http%3A%2F%2Fsecure%2Dau%2Eimrworldwide%
><http://a.ninemsn.com.au/b.aspx?URL=http%3A%2F%2Fsecure%2Dau%2Eimrworldwide
%
> >
>2
>
>Ecom%2Fcgi%2Dbin%2Fa%2Fci%5F450304%2Fet%5F2%2Fcg%5F801459%2Fpi%5F1004813%2F
>
>a
> >i%5F833884&_t=54321&_r=hotmail_endtext&_m=EXT
> > >> >
> > >> >************************************************
> > >> >For Archives, RSS, to Unsubscribe, Subscribe or
> > >> >set Digest or Vacation mode use the below link:
> > >> > < //www.freelists.org/list/thin
><//www.freelists.org/list/thin> >
> > <//www.freelists.org/list/thin> //www.freelists.org/list/thin
> > >> >************************************************
> > >> >
> > >> >************************************************
> > >> >For Archives, RSS, to Unsubscribe, Subscribe or
> > >> >set Digest or Vacation mode use the below link:
> > >> > < //www.freelists.org/list/thin
><//www.freelists.org/list/thin> >
> > <//www.freelists.org/list/thin> //www.freelists.org/list/thin
> > >> >************************************************
> > >> >
> > >>
> > >>_________________________________________________________________
> > >>Find lost friends & family online! Search for free.
> > >>
> > >>
> >< http://ninemsn.com.au/share/redir/adTrack.asp?mode=click
><http://ninemsn.com.au/share/redir/adTrack.asp?mode=click&clientID=389&refe
>
>&clientID=389&refe
>r
> >ral=HM_tagline&URL= http://ninemsn.schoolfriends.com.au
><http://ninemsn.schoolfriends.com.au> >
> >
><http://ninemsn.com.au/share/redir/adTrack.asp?mode=click&clientID=389&refe
r
> >
>http://ninemsn.com.au/share/redir/adTrack.asp?mode=click&clientID=389&refer
>r
> >al=HM_tagline&URL= http://ninemsn.schoolfriends.com.au
><http://ninemsn.schoolfriends.com.au>
> > >>
> > >>************************************************
> > >>For Archives, RSS, to Unsubscribe, Subscribe or
> > >>set Digest or Vacation mode use the below link:
> > >> < <//www.freelists.org/list/thin>
>//www.freelists.org/list/thin>
> > //www.freelists.org/list/thin <//www.freelists.org/list/thin>
> > >>************************************************
> > >>
> >
> >_________________________________________________________________
> >Meet Sexy Singles today @ Lavalife - Click here
> >
><http://a.ninemsn.com.au/b.aspx?URL=http%3A%2F%2Flavalife9%2Eninemsn%2Ecom%
2
> >
>http://a.ninemsn.com.au/b.aspx?URL=http%3A%2F%2Flavalife9%2Eninemsn%2Ecom%2
>E
>
>au%2Fclickthru%2Fclickthru%2Eact%3Fid%3Dninemsn%26context%3Dan99%26locale%3
>D
> >en%5FAU%26a%3D22740
> ><
><http://a.ninemsn.com.au/b.aspx?URL=http%3A%2F%2Flavalife9%2Eninemsn%2Ecom%
>
>http://a.ninemsn.com.au/b.aspx?URL=http%3A%2F%2Flavalife9%2Eninemsn%2Ecom%
>2
>
>Eau%2Fclickthru%2Fclickthru%2Eact%3Fid%3Dninemsn%26context%3Dan99%26locale%
>3
> >Den%5FAU%26a%3D22740&_t=751140432&_r=emailtagline_meetsexy_june&_m=EXT>
> >&_t=751140432&_r=emailtagline_meetsexy_june&_m=EXT
> >
> >************************************************
> >For Archives, RSS, to Unsubscribe, Subscribe or
> >set Digest or Vacation mode use the below link:
> > //www.freelists.org/list/thin <//www.freelists.org/list/thin>
>< //www.freelists.org/list/thin <//www.freelists.org/list/thin> >
> >************************************************
> >
> >
> >
> >
> >
>
>_________________________________________________________________
>Find lost friends & family online! Search for free.
>http://ninemsn.com.au/share/redir/adTrack.asp?mode=click
><http://ninemsn.com.au/share/redir/adTrack.asp?mode=click&clientID=389&refe
r
>r> &clientID=389&referr
>al=HM_tagline&URL= http://ninemsn.schoolfriends.com.au
><http://ninemsn.schoolfriends.com.au>
>
>************************************************
>For Archives, RSS, to Unsubscribe, Subscribe or
>set Digest or Vacation mode use the below link:
>//www.freelists.org/list/thin <//www.freelists.org/list/thin>
>************************************************
>************************************************
>For Archives, RSS, to Unsubscribe, Subscribe or
>set Digest or Vacation mode use the below link:
>//www.freelists.org/list/thin <//www.freelists.org/list/thin>
>************************************************
>
>
>
_________________________________________________________________
Be the one of the first to try the NEW Windows Live Mail.
http://ideas.live.com/programPage.aspx?versionId=5d21c51a-b161-4314-9b0e-491
1fb2b2e6d
************************************************
For Archives, RSS, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
//www.freelists.org/list/thin
************************************************
************************************************
For Archives, RSS, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
//www.freelists.org/list/thin
************************************************
Other related posts:
