[THIN] Re: Question on security policies for local logon
- From: "Bray, Donovan (ESC)" <BrayD@xxxxxxxxxxxxxxxxxx>
- To: thin@xxxxxxxxxxxxx
- Date: Tue, 2 Aug 2005 11:20:44 -0700
Make sure that you check the "type" of group it is that you have added.
Make sure that it is a Global Security Group, and not a distribution group,
or a Domain Local Security Group.
-----Original Message-----
From: Paul Stansel [mailto:Paul.Stansel@xxxxxxxxxxxx]
Sent: Monday, August 01, 2005 1:25 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Question on security policies for local logon
I'm saying that if a user is in a specific domain group that is in the local
Remote Desktop Users group, they still get the error. If they are in one of
the other domain groups that has Remote Desktop Users local membership, they
get access. Only run published apps is not checked.
-Paul
-----Original Message-----
From: Joe Shonk [mailto:joe.shonk@xxxxxxxxx]
Sent: Monday, August 01, 2005 4:16 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Question on security policies for local logon
Do you have "Only allow Published Applications" checked under the ica-tcp
properties?
Not sure if I read your post right... It sounds like your saying that if the
users in not part of the Remote Desktop Users group then they get an error.
This is by design in W2k3. In order for users to connect to a W2k3
TS/Citrix server they also need to a member of the local Remote Desktop
Users group.
Joe
-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
Of Paul Stansel
Sent: Monday, August 01, 2005 1:05 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Question on security policies for local logon
We have a security group that defines what standard users are allowed
"Remote Desktop Users" rights to our Citrix servers. It only applies to
machines in the Citrix OU. All of our Windows 2000 boxes are fine, but one
of our
Win2K3
boxes is acting strangely. I have defined the group as part of "Remote
Desktop Users." However, any user trying to log in to that one server that
aren't also in one of the other groups granted Remote Desktop Access get the
message about not being able to log in interactively. Our AD guys swear it
must be something on my side, but I'm not sure where else to look. Any
ideas?
Thanks,
Paul
********************************************************
This weeks sponsor: SuperSpeed
Try Us To improve performance along with other agents!
FREE 30-day Trial!
http://www.superspeed.com/servers/computing.php?ID=100
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
ThinWiki community - Excellent SBC Search Capabilities!
http://www.thinwiki.com
***********************************************************
For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use
the below link:
http://thin.net/citrixlist.cfm
********************************************************
This weeks sponsor: SuperSpeed
Try Us To improve performance along with other agents!
FREE 30-day Trial!
http://www.superspeed.com/servers/computing.php?ID=100
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
ThinWiki community - Excellent SBC Search Capabilities!
http://www.thinwiki.com
***********************************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm
Other related posts:
