[gptalk] Re: Setting program access on TS using GP
- From: "Kevin Gay" <kevin.gay@xxxxxxxxx>
- To: <gptalk@xxxxxxxxxxxxx>
- Date: Wed, 25 Jun 2008 11:47:59 -0500
I've found a way to actually hide applications (such as from the
programs menu or desktop) with just group policy. What I've done in the
past for some select applications is use a vb script in conjunction with
software restriction policies. i.e. a logon script that checks if the
user logging in is a member of a security group that grants access to
Visio. If they are, have the script create a shortcut in the programs
menu and where ever else. And with the Software Restriction Policies
(SRP) grant access to the visio.exe. Otherwise if they're not then
delete the visio shortcut and SRP will take care of the access. But this
setup can take quite some time to set up with the scripting portion, but
once it's set it works.
If anyone knows how to hide applications with group policy and no
scripts.. do share.
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Savanah Garrison
Sent: Wednesday, June 25, 2008 11:12 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Setting program access on TS using GP
I just want some programs to not be visible to some users on my TS. Is
GP the best way to accomplish that?
________________________________
From: Nelson, Jamie [mailto:Jamie.Nelson@xxxxxxx]
Sent: Wednesday, June 25, 2008 10:09 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Setting program access on TS using GP
Well, it depends on what your definition of "set access" is. If you want
to prevent them from being executed you could look at Software
Restriction Policy, but be careful in your approach. If those
applications are policy aware (meaning they look in the two "policy"
areas of the registry), the company that made them may already have ADM
templates to control some settings. Otherwise, you'll can take one of
two approaches:
1. create a custom ADM for any registry controlled settings and
"tattoo" them (meaning they won't undo themselves after a machine falls
out of scope). This is the classic way most of us are used to OR
2. Use the new Group Policy Preference (GPP) extensions to
populate the registry settings. This approach would be more similar to
the way a group policy setting behaves in that you can tell GPP to
remove the setting when a machine falls out of scope.
As far as Office is concerned, there are already Microsoft-provided ADM
templates that are part of the Resource Kits for each Office version,
which will allow you to control just about anything you can imagine. You
can download them from the Office downloads area.
Hope that helps a little.
Jamie Nelson | Infrastructure Consultant | BI&T Operations | Devon
Energy | Work: 405.552.8054 | http://www.dvn.com <http://www.dvn.com/>
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Savanah Garrison
Sent: Tuesday, June 24, 2008 7:48 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Setting program access on TS using GP
I need to set access to specific programs on my terminal server using
group policy. I understand that this IS possible, but that I need to
add custom ADM templates for each program? Where do I find those ADM
templates? I have some non-standard programs like timberline and argus
as well as the normal Office suite that I would like to lock down.
Thank you!
Savanah Garrison
IT Specialist
Trademark Property Company
817.639.2708
CONFIDENTIAL NOTICE: This electronic transmission and any documents or
other writings sent with it constitute confidential information intended
only for the named recipient. If you have received this communication
in error, do not read it. Please reply to the sender that you have
received the message in error, then delete the message. Any disclosure,
copying, distribution or the taking of any action concerning the
contents of this communication or any attachment(s) by anyone other than
the named recipient is strictly prohibited.
________________________________
Confidentiality Warning: This message and any attachments are intended
only for the use of the intended recipient(s), are confidential, and may
be privileged. If you are not the intended recipient, you are hereby
notified that any review, retransmission, conversion to hard copy,
copying, circulation or other use of all or any portion of this message
and any attachments is strictly prohibited. If you are not the intended
recipient, please notify the sender immediately by return e-mail, and
delete this message and any attachments from your system.
CONFIDENTIAL NOTICE: This electronic transmission and any documents or
other writings sent with it constitute confidential information intended
only for the named recipient. If you have received this communication
in error, do not read it. Please reply to the sender that you have
received the message in error, then delete the message. Any disclosure,
copying, distribution or the taking of any action concerning the
contents of this communication or any attachment(s) by anyone other than
the named recipient is strictly prohibited.
Other related posts:
