[THIN] Re: SV: Re: OT: Controlling Desktop Access
- From: "Luchette, Jon" <JLuchette@xxxxxxxxxxxxxxx>
- To: <thin@xxxxxxxxxxxxx>
- Date: Thu, 30 Mar 2006 10:22:43 -0500
But my users are used to connecting to the NFuse/CSG website, logging on, and
launching their published desktop. If I use PNAgent, won't I have to train
them to launch icons from their own desktops and also deploy the PNAgent client
to their machines as well?
_______________________________________________
Jon Luchette
Emerson Hospital
Technology Specialist III
Work: 978-287-3369
Cell: 978-360-1379
jluchette@xxxxxxxxxxxxxxx
_______________________________________________
________________________________
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of
Marc-André Lapierre
Sent: Thursday, March 30, 2006 10:18 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: SV: Re: OT: Controlling Desktop Access
I agree with Joe,
PNagent is so easy, fast simple and auto-managed via the CMC... + You can even
control the desktop icons the same way + you can disable an application easily
through CMC and no one will be able to launch it again. Everything will be made
through CMC...
________________________________
De : thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] De la part de
Joe Shonk
Envoyé : 30 mars 2006 10:09
À : thin@xxxxxxxxxxxxx
Objet : [THIN] Re: SV: Re: OT: Controlling Desktop Access
What's the resistance to using PNAgent? It's a lot less complicated and easier
to support. Plus it's a supported Citrix product.
Joe
________________________________
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of
Svein Arild Haugum
Sent: Thursday, March 30, 2006 4:32 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] SV: Re: OT: Controlling Desktop Access
I have made just what you are talking about. and it works like a babe.
1. redirect the startmenu trough a gpo to the temp area in the users profile.
this ensures a blank startmenu.
2. exclude the temp area in the users profile from beeing saved in the roaming
profile. this ensures its cleaned for each logoff.
3. make a security group in AS for each programor program group you want in the
startmenu. add members to this.
4. make a share on your fileserver called startmenu$ or something like that.
5. on that share make a subfolder names excaly as the security group name. and
put the shortcut in there, or in a new subfolder called program, all depending
where on the startmenu you want the shortcut.
6. in your logonscript enumerate the share, and check if the user is a memeber
of each group wich has a folder. this ensures that you only get shortcuts for
programs you are authorised for.
7 optional, also place file/folder securityon the applications, to make it even
more secure.
Here is the kix code i use in the logonscript:
:Startmeny
use y: "\\server\startmenu$ <file:///\\server\startmenu$> "
$ShortCuts="y:\"
$StartMenu="%Temp%\startmeny"
Cd $ShortCuts
$FileName = Dir("*.*")
While $FileName <> "" and @Error = 0
If Ingroup($FileName) > 0
SHELL '%comspec% /C ROBOCOPY "$ShortCuts\$FileName" "$StartMenu" /E /R:3
/W:10'
EndIf
If $Filename = "@userid"
SHELL '%comspec% /C ROBOCOPY "$ShortCuts\$FileName" "$StartMenu" /E /R:3 /W:10'
EndIf
$FileName=Dir() ; Retrieve next file
Loop
use y: /delete
Return
-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of
Luchette, Jon
Sent: Tuesday, March 28, 2006 4:02 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] OT: Controlling Desktop Access
Hello,
I am trying to find the best way to control which users have access to which
applications via the Published Desktop as I rebuild my Citrix farm. I am
trying to use Group Policies to accomplish this, but need some
direction/advice. Ideally I would have it setup by group, so that if a user
was in Group A, somehow I would give him access to app A, B, and C via the
Published Desktop, and if another user was in Group B, I would give him access
to app D, E, and F, via the same desktop.
How do you all currently handle this particular piece of administration?
Thanks!
_______________________________________________
Jon Luchette
Emerson Hospital
Technology Specialist III
Work: 978-287-3369
Cell: 978-360-1379
jluchette@xxxxxxxxxxxxxxx
_______________________________________________
Other related posts:
