[THIN] SV: Re: OT: Controlling Desktop Access
- From: "Svein Arild Haugum" <svein@xxxxxxxxxxxxxx>
- To: <thin@xxxxxxxxxxxxx>
- Date: Thu, 30 Mar 2006 13:32:02 +0200
I have made just what you are talking about. and it works like a babe.
1. redirect the startmenu trough a gpo to the temp area in the users
profile. this ensures a blank startmenu.
2. exclude the temp area in the users profile from beeing saved in the
roaming profile. this ensures its cleaned for each logoff.
3. make a security group in AS for each programor program group you want
in the startmenu. add members to this.
4. make a share on your fileserver called startmenu$ or something like
that.
5. on that share make a subfolder names excaly as the security group
name. and put the shortcut in there, or in a new subfolder called
program, all depending where on the startmenu you want the shortcut.
6. in your logonscript enumerate the share, and check if the user is a
memeber of each group wich has a folder. this ensures that you only get
shortcuts for programs you are authorised for.
7 optional, also place file/folder securityon the applications, to make
it even more secure.
Here is the kix code i use in the logonscript:
:Startmeny
use y: "\\server\startmenu$"
$ShortCuts="y:\"
$StartMenu="%Temp%\startmeny"
Cd $ShortCuts
$FileName = Dir("*.*")
While $FileName <> "" and @Error = 0
If Ingroup($FileName) > 0
SHELL '%comspec% /C ROBOCOPY "$ShortCuts\$FileName" "$StartMenu" /E
/R:3 /W:10'
EndIf
If $Filename = "@userid"
SHELL '%comspec% /C ROBOCOPY "$ShortCuts\$FileName" "$StartMenu" /E
/R:3 /W:10'
EndIf
$FileName=Dir() ; Retrieve next file
Loop
use y: /delete
Return
-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Luchette, Jon
Sent: Tuesday, March 28, 2006 4:02 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] OT: Controlling Desktop Access
Hello,
I am trying to find the best way to control which users have access to
which applications via the Published Desktop as I rebuild my Citrix
farm. I am trying to use Group Policies to accomplish this, but need
some direction/advice. Ideally I would have it setup by group, so that
if a user was in Group A, somehow I would give him access to app A, B,
and C via the Published Desktop, and if another user was in Group B, I
would give him access to app D, E, and F, via the same desktop.
How do you all currently handle this particular piece of administration?
Thanks!
_______________________________________________
Jon Luchette
Emerson Hospital
Technology Specialist III
Work: 978-287-3369
Cell: 978-360-1379
jluchette@xxxxxxxxxxxxxxx
_______________________________________________
Other related posts:
