[THIN] Re: Procedure for restricting program access by users in terminal server 2003

• From: Edward VanDewars <evandewars@xxxxxxxxx>
• To: thin@xxxxxxxxxxxxx
• Date: Mon, 9 May 2005 08:08:45 -0400

That's not exactly a simple case.  Like Jeff said, make sure you
understand group policies and SRP before you go and implement this. 
Even if you think you fully understand group policies you should spend
plenty of time playing around with SRP before deploying it.

Since you can implement SRP on a local machine using local policies,
do that first and get your SRP developed and tweaked.  By doing that
on your own machine you have further motivation to get everything
working and tested.  Once you are sure that your SRPs are working then
you can look at rolling it out via group policies.

Also, if you've never filtered a policy based on group membership,
just put your different users into different OUs and apply the
appropriate GPO to those OUs.  Finally, it's best to make your SRP
GPOs completely separate from everything else; create self-contained
SRP GPOs so that if/when you screw up you can just disable them.

On 5/9/05, Kevin R. Fjelsted <kfjelsted@xxxxxxxxxxxxxx> wrote:
> I am trying to get a simple case working.
> I have a hash rule set to  in a GPO for software restriction.
> Then I have a second GPO with scope of one security group.
> I have the same hash rule set to allow.
> I have also set the second GPO to precedence.
> I am still getting deny with the security group.
> However if I completely remove the deny rule from the first GPO and set the 
> rule in the second to deny then I get a deny within that security group.
> What am I overlooking regarding precedence?
> -Kevin Fjelsted
>
********************************************************
This Weeks Sponsor: ThinPrint GmbH
Now available: The new version .print Engine 6.2 with SSL encryption
and certificate management.
http://www.thinprint.com
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
ThinWiki community - Excellent SBC Search Capabilities!
http://www.thinwiki.com
***********************************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm

• References:
  • [THIN] Re: Procedure for restricting program access by users in terminal server 2003
    • From: Kevin R. Fjelsted

Other related posts:

• » [THIN] Procedure for restricting program access by users in terminal server 2003
• » [THIN] Re: Procedure for restricting program access by users in terminal server 2003
• » [THIN] Re: Procedure for restricting program access by users in terminal server 2003
• » [THIN] Re: Procedure for restricting program access by users in terminal server 2003
• » [THIN] Re: Procedure for restricting program access by users in terminal server 2003
• » [THIN] Re: Procedure for restricting program access by users in terminal server 2003
• » [THIN] Re: Procedure for restricting program access by users in terminal server 2003
• » [THIN] Re: Procedure for restricting program access by users in terminal server 2003
• » [THIN] Re: Procedure for restricting program access by users in terminal server 2003
• » [THIN] Re: Procedure for restricting program access by users in terminal server 2003
• » [THIN] Re: Procedure for restricting program access by users in terminal server 2003

1. Home
2. thin
3. Archive
4. 05-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---