Hi Jim, Deleting the profile using the System applet does a few other things. First it checks to see if the profile is being used. Then if you delete the profile, it also deletes the appropriate SID entry under HKLM\Software\Microsoft\Windows NT\CurrentVersion\Profilelist. On controlling the properties tab, I haven't done this but it looks like a number of different DLLs are used (try running "control sysdm.cpl" with filemon and regmon running). There's no reason at all why you couldn't use a tool like reshacker to modify the appropriate DLL to remove some functionality. Then have 2 copies of the DLL in the search path, a crippled one for plebs, and a fully functional one for the "real" admiinstrator. Regards, Rick Ulrich Mack rmack@xxxxxxxxxxxxxx Volante Systems 18 Heussler Terrace, Milton 4064 Queensland Australia tel +61 7 32467704 -----Original Message----- From: Jim Hathaway [mailto:JimH@xxxxxxxxxxxxxxx] Sent: Wednesday, 9 April 2003 2:39 AM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: OT: GPO policy If your citrix admins have browsing access to c:\documents and settings (win2k) or c:\winnt\profiles (TSE) they can delete any profiles straight from there.=20 There is nothing special done in deleting the profiles from My computer, that manually deleting the files from Explorer won't do.=20 They will (of course) not be able to determine if a profile is roaming or local, or be able to quickly determine the last login time, when using explorer.=20 Out of more curiosity . . :)=20 What kind of profiles are they deleting? Cached roaming copies that aren't being removed properly?=20 What about scripting the removal of any cached profiles during a nightly reboot? Be careful not to delete the default user profile or the All user profiles with this process. But something that copies all profiles out to a temp directory for the admin's to go through (for any missed files) and then wipes all cached copies after a reboot should help clean this up. Just a thought. HTH J -----Original Message----- From: Chris Lynch [mailto:lynch00@xxxxxxx]=20 Sent: Tuesday April 08, 2003 9:20 AM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: OT: GPO policy =3D20 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Well, this policy is for Citrix Admins. I want them to be able to delete profiles, but not to change the computer name, unjoin from the domain, change the pagefile, etc. If there is a better way, I'm all ears. Thanks, Chris - -----Original Message----- From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Hathaway Sent: Tuesday, April 08, 2003 9:14 AM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: OT: GPO policy Out of curiosity Chris, what kind of access do you need to provide someone with in the property tabs of My computer? Is this something that you might be able to make a custom MMC applet for instead? I personally haven't come across any policies that allow this kind of granular control in the property tabs of My computer. Generally, disabling the 'properties' tab for My computer is restriction enough. J - -----Original Message----- From: Chris Lynch [mailto:lynch00@xxxxxxx]=3D3D20 Sent: Tuesday April 08, 2003 8:58 AM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: OT: GPO policy =3D3D3D20 - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Anyone? - - -----Original Message----- From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On = =3D Behalf Of Chris Lynch Sent: Monday, April 07, 2003 1:19 PM To: TheThin. net Subject: [THIN] OT: GPO policy =3D3D3D3D20 - - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have a quick question. Does anyone have any templates or know of the =3D =3D3D3D =3D3D3D3D code to add in a policy to hide specific tabs in the = =3D Properties of =3D3D =3D3D3D My =3D3D3D3D Computer? Thanks, Chris - - -----BEGIN PGP SIGNATURE----- Version: PGP 8.0 Comment: Public PGP key for Chris Lynch iQA/AwUBPpHdKW9fg+xq5T3MEQLUNACg526gXsHg91OQtCYU5LehMuIfhwYAnjMo MGq8/bLarwGj2pOiB7bpLP/X =3D3D3D3D3DOSVp - - -----END PGP SIGNATURE----- ******************************************************** This Week's Sponsor - ThinPrint Simply the best print solution for Microsoft Terminal Services=3D3D3D20 and Citrix Metaframe. http://www.thinprint.com/ ********************************************************** For Archives, to Unsubscribe, Subscribe or=3D3D3D20 set Digest or Vacation mode use the below link: =3D3D3D =3D http://thethin.net/citrixlist.cfm - -----BEGIN PGP SIGNATURE----- Version: PGP 8.0 Comment: Public PGP key for Chris Lynch iQA/AwUBPpLxnG9fg+xq5T3MEQLWPgCg9/qe+zxdnXBb3a9Va8ifoXhn1iUAni0q SgtswFUGVA75vvk6fwYQgfE8 =3D3D3D3DCPxY - -----END PGP SIGNATURE----- ******************************************************** This Week's Sponsor - ThinPrint Simply the best print solution for Microsoft Terminal Services=3D3D20 and Citrix Metaframe. http://www.thinprint.com/ ********************************************************** For Archives, to Unsubscribe, Subscribe or=3D3D20 set Digest or Vacation mode use the below link: =3D http://thethin.net/citrixlist.cfm ******************************************************** This Week's Sponsor - ThinPrint Simply the best print solution for Microsoft Terminal Services=3D20 and Citrix Metaframe. http://www.thinprint.com/ ********************************************************** For Archives, to Unsubscribe, Subscribe or=3D20 set Digest or Vacation mode use the below link: =3D http://thethin.net/citrixlist.cfm -----BEGIN PGP SIGNATURE----- Version: PGP 8.0 Comment: Public PGP key for Chris Lynch iQA/AwUBPpL2v29fg+xq5T3MEQIbaACg8zhsPOqcQx2jpCIM/49itJ3GQPEAoNij YkLg/94m6V7QNrcl1YlY742l =3D3DfXV4 -----END PGP SIGNATURE----- ******************************************************** This Week's Sponsor - ThinPrint Simply the best print solution for Microsoft Terminal Services=20 and Citrix Metaframe. http://www.thinprint.com/ ********************************************************** For Archives, to Unsubscribe, Subscribe or=20 set Digest or Vacation mode use the below link: http://thethin.net/citrixlist.cfm ******************************************************** This Week's Sponsor - ThinPrint Simply the best print solution for Microsoft Terminal Services and Citrix Metaframe. http://www.thinprint.com/ ********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thethin.net/citrixlist.cfm -------------------------------------------------------------------------------------------------------------------- The information contained in this e-mail is confidential and may be subject to legal professional privilege. It is intended solely for the addressee. If you receive this e-mail by mistake please promptly inform us by reply e-mail and then delete the e-mail and destroy any printed copy. You must not disclose or use in any way the information in the e-mail. There is no warranty that this email or any attachment or message is error or virus free. It may be a private communication, and if so, does not represent the views of Volante group Limited. ******************************************************** This Week's Sponsor - ThinPrint Simply the best print solution for Microsoft Terminal Services and Citrix Metaframe. http://www.thinprint.com/ ********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thethin.net/citrixlist.cfm