[THIN] Re: OT: GPO policy
- From: "Mack, Rick" <RMack@xxxxxxxxxxxxxx>
- To: "'thin@xxxxxxxxxxxxx'" <thin@xxxxxxxxxxxxx>
- Date: Wed, 9 Apr 2003 07:22:43 +1000
Hi Jim,
Deleting the profile using the System applet does a few other things. First
it checks to see if the profile is being used. Then if you delete the
profile, it also deletes the appropriate SID entry under
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Profilelist.
On controlling the properties tab, I haven't done this but it looks like a
number of different DLLs are used (try running "control sysdm.cpl" with
filemon and regmon running). There's no reason at all why you couldn't use a
tool like reshacker to modify the appropriate DLL to remove some
functionality. Then have 2 copies of the DLL in the search path, a crippled
one for plebs, and a fully functional one for the "real" admiinstrator.
Regards,
Rick
Ulrich Mack
rmack@xxxxxxxxxxxxxx
Volante Systems
18 Heussler Terrace, Milton 4064
Queensland Australia
tel +61 7 32467704
-----Original Message-----
From: Jim Hathaway [mailto:JimH@xxxxxxxxxxxxxxx]
Sent: Wednesday, 9 April 2003 2:39 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: OT: GPO policy
If your citrix admins have browsing access to c:\documents and settings
(win2k) or c:\winnt\profiles (TSE) they can delete any profiles straight
from there.=20
There is nothing special done in deleting the profiles from My computer,
that manually deleting the files from Explorer won't do.=20
They will (of course) not be able to determine if a profile is roaming or
local, or be able to quickly determine the last login time, when using
explorer.=20
Out of more curiosity . . :)=20
What kind of profiles are they deleting? Cached roaming copies that aren't
being removed properly?=20
What about scripting the removal of any cached profiles during a nightly
reboot? Be careful not to delete the default user profile or the All user
profiles with this process. But something that copies all profiles out to a
temp directory for the admin's to go through (for any missed
files) and then wipes all cached copies after a reboot should help clean
this up.
Just a thought.
HTH
J
-----Original Message-----
From: Chris Lynch [mailto:lynch00@xxxxxxx]=20
Sent: Tuesday April 08, 2003 9:20 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: OT: GPO policy
=3D20
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Well, this policy is for Citrix Admins. I want them to be able to delete
profiles, but not to change the computer name, unjoin from the domain,
change the pagefile, etc. If there is a better way, I'm all ears.
Thanks,
Chris
- -----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
Of Jim Hathaway
Sent: Tuesday, April 08, 2003 9:14 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: OT: GPO policy
Out of curiosity Chris, what kind of access do you need to provide someone
with in the property tabs of My computer?
Is this something that you might be able to make a custom MMC applet for
instead?
I personally haven't come across any policies that allow this kind of
granular control in the property tabs of My computer. Generally, disabling
the 'properties' tab for My computer is restriction enough.
J
- -----Original Message-----
From: Chris Lynch [mailto:lynch00@xxxxxxx]=3D3D20
Sent: Tuesday April 08, 2003 8:58 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: OT: GPO policy
=3D3D3D20
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Anyone?
- - -----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On = =3D
Behalf Of Chris Lynch
Sent: Monday, April 07, 2003 1:19 PM
To: TheThin. net
Subject: [THIN] OT: GPO policy
=3D3D3D3D20
- - -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I have a quick question. Does anyone have any templates or know of the =3D
=3D3D3D =3D3D3D3D code to add in a policy to hide specific tabs in the = =3D
Properties of =3D3D =3D3D3D My =3D3D3D3D Computer?
Thanks,
Chris
- - -----BEGIN PGP SIGNATURE-----
Version: PGP 8.0
Comment: Public PGP key for Chris Lynch
iQA/AwUBPpHdKW9fg+xq5T3MEQLUNACg526gXsHg91OQtCYU5LehMuIfhwYAnjMo
MGq8/bLarwGj2pOiB7bpLP/X
=3D3D3D3D3DOSVp
- - -----END PGP SIGNATURE-----
********************************************************
This Week's Sponsor - ThinPrint
Simply the best print solution for
Microsoft Terminal Services=3D3D3D20
and Citrix Metaframe.
http://www.thinprint.com/
**********************************************************
For Archives, to Unsubscribe, Subscribe or=3D3D3D20
set Digest or Vacation mode use the below link: =3D3D3D =3D
http://thethin.net/citrixlist.cfm
- -----BEGIN PGP SIGNATURE-----
Version: PGP 8.0
Comment: Public PGP key for Chris Lynch
iQA/AwUBPpLxnG9fg+xq5T3MEQLWPgCg9/qe+zxdnXBb3a9Va8ifoXhn1iUAni0q
SgtswFUGVA75vvk6fwYQgfE8
=3D3D3D3DCPxY
- -----END PGP SIGNATURE-----
********************************************************
This Week's Sponsor - ThinPrint
Simply the best print solution for
Microsoft Terminal Services=3D3D20
and Citrix Metaframe.
http://www.thinprint.com/
**********************************************************
For Archives, to Unsubscribe, Subscribe or=3D3D20
set Digest or Vacation mode use the below link: =3D
http://thethin.net/citrixlist.cfm
********************************************************
This Week's Sponsor - ThinPrint
Simply the best print solution for
Microsoft Terminal Services=3D20
and Citrix Metaframe.
http://www.thinprint.com/
**********************************************************
For Archives, to Unsubscribe, Subscribe or=3D20
set Digest or Vacation mode use the below link: =3D
http://thethin.net/citrixlist.cfm
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0
Comment: Public PGP key for Chris Lynch
iQA/AwUBPpL2v29fg+xq5T3MEQIbaACg8zhsPOqcQx2jpCIM/49itJ3GQPEAoNij
YkLg/94m6V7QNrcl1YlY742l
=3D3DfXV4
-----END PGP SIGNATURE-----
********************************************************
This Week's Sponsor - ThinPrint
Simply the best print solution for
Microsoft Terminal Services=20
and Citrix Metaframe.
http://www.thinprint.com/
**********************************************************
For Archives, to Unsubscribe, Subscribe or=20
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm
********************************************************
This Week's Sponsor - ThinPrint
Simply the best print solution for
Microsoft Terminal Services
and Citrix Metaframe.
http://www.thinprint.com/
**********************************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm
--------------------------------------------------------------------------------------------------------------------
The information contained in this e-mail is confidential and may be subject
to legal professional privilege. It is intended solely for the addressee.
If you receive this e-mail by mistake please promptly inform us by reply
e-mail and then delete the e-mail and destroy any printed copy. You must
not disclose or use in any way the information in the e-mail. There is no
warranty that this email or any attachment or message is error or virus free.
It may be a private
communication, and if so, does not represent the views of Volante group Limited.
********************************************************
This Week's Sponsor - ThinPrint
Simply the best print solution for
Microsoft Terminal Services
and Citrix Metaframe.
http://www.thinprint.com/
**********************************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm
Other related posts:
