Well there's computer policy settings (probably HKLM stuff) and user policy stuff (normally HKCU stuff). Now for the moment, forget about loopback processing. Machine / computer section policies apply when the machine comes up, and it's account within AD, authenticates. User policies apply when the user logs in, and are for user settings. The setting you are talking about - from memory - is a computer setting. Now whilst loopback processing, allows user based policies to be dependent on the computer (or the computer's AD location - depending on how you view it...), I'm not sure the reverse applies. Reading between the lines, that's how I perceive you want to play this - actually have a machine based setting be dependent on the current user - and I'm far from convinced that's valid, or will work. However, I could be wrong - and there may be a user setting that restricts / allows more than one session - but historically I always thought it was a machine / connection thing. Neil > -----Original Message----- > From: thin-bounce@xxxxxxxxxxxxx > [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Nick Smith > Sent: 02 July 2004 10:38 > To: thin@xxxxxxxxxxxxx > Subject: [THIN] Less stupid > > OK, same issue as the dumb one, but this is a problem of > understanding rather than 'blindness'. > > I've never really got how GPOs 'merge'. > > I have a GPO, applied now to all servers, which states "Only > on session per user". I want to disable that GPO for one > user, 'demo' (Who, for convenicence, is also in his own OU, > and his own security group). > > What I've tried; > > 1) Put permissions on the Allow_single_session_only GPO for > the 'demo' security group. I can see this group, I can set > permissions, I click 'OK' and the group doesn't show up in > the permissions list. > > 2) Create a GPO applied to the 'demo' OU, which specifically > disable the singel session value. No effect. > > I know I'm being stupid, and have a feeling it's something > to do with loopback, or permissions, but can't get to it. > > Any help much appreciated, as we're mean to go public with > this demo soemtime today! > > Nick *********************************************** This e-mail and its attachments are confidential and are intended for the above named recipient only. If this has come to you in error, please notify the sender immediately and delete this e-mail from your system. You must take no action based on this, nor must you copy or disclose it or any part of its contents to any person or organisation. Statements and opinions contained in this email may not necessarily represent those of Littlewoods. Please note that e-mail communications may be monitored. The registered office of Littlewoods Limited and its subsidiaries is 100 Old Hall Street, Liverpool, L70 1AB. Registered number of Littlewoods Limited is 262152. ************************************************ ******************************************************** This weeks sponsor Emergent Online Thinssentials Utilities Using the latest software, hardware, networking technologies, proven technical expertise, proprietary software and best practices, EOL provides custom-tailored solutions for each client?s mission and specific goals. http://www.go-eol.com ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm