But my users are used to connecting to the NFuse/CSG website, logging on, and launching their published desktop. If I use PNAgent, won't I have to train them to launch icons from their own desktops and also deploy the PNAgent client to their machines as well? _______________________________________________ Jon Luchette Emerson Hospital Technology Specialist III Work: 978-287-3369 Cell: 978-360-1379 jluchette@xxxxxxxxxxxxxxx _______________________________________________ ________________________________ From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Marc-André Lapierre Sent: Thursday, March 30, 2006 10:18 AM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: SV: Re: OT: Controlling Desktop Access I agree with Joe, PNagent is so easy, fast simple and auto-managed via the CMC... + You can even control the desktop icons the same way + you can disable an application easily through CMC and no one will be able to launch it again. Everything will be made through CMC... ________________________________ De : thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] De la part de Joe Shonk Envoyé : 30 mars 2006 10:09 À : thin@xxxxxxxxxxxxx Objet : [THIN] Re: SV: Re: OT: Controlling Desktop Access What's the resistance to using PNAgent? It's a lot less complicated and easier to support. Plus it's a supported Citrix product. Joe ________________________________ From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Svein Arild Haugum Sent: Thursday, March 30, 2006 4:32 AM To: thin@xxxxxxxxxxxxx Subject: [THIN] SV: Re: OT: Controlling Desktop Access I have made just what you are talking about. and it works like a babe. 1. redirect the startmenu trough a gpo to the temp area in the users profile. this ensures a blank startmenu. 2. exclude the temp area in the users profile from beeing saved in the roaming profile. this ensures its cleaned for each logoff. 3. make a security group in AS for each programor program group you want in the startmenu. add members to this. 4. make a share on your fileserver called startmenu$ or something like that. 5. on that share make a subfolder names excaly as the security group name. and put the shortcut in there, or in a new subfolder called program, all depending where on the startmenu you want the shortcut. 6. in your logonscript enumerate the share, and check if the user is a memeber of each group wich has a folder. this ensures that you only get shortcuts for programs you are authorised for. 7 optional, also place file/folder securityon the applications, to make it even more secure. Here is the kix code i use in the logonscript: :Startmeny use y: "\\server\startmenu$ <file:///\\server\startmenu$> " $ShortCuts="y:\" $StartMenu="%Temp%\startmeny" Cd $ShortCuts $FileName = Dir("*.*") While $FileName <> "" and @Error = 0 If Ingroup($FileName) > 0 SHELL '%comspec% /C ROBOCOPY "$ShortCuts\$FileName" "$StartMenu" /E /R:3 /W:10' EndIf If $Filename = "@userid" SHELL '%comspec% /C ROBOCOPY "$ShortCuts\$FileName" "$StartMenu" /E /R:3 /W:10' EndIf $FileName=Dir() ; Retrieve next file Loop use y: /delete Return -----Original Message----- From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Luchette, Jon Sent: Tuesday, March 28, 2006 4:02 PM To: thin@xxxxxxxxxxxxx Subject: [THIN] OT: Controlling Desktop Access Hello, I am trying to find the best way to control which users have access to which applications via the Published Desktop as I rebuild my Citrix farm. I am trying to use Group Policies to accomplish this, but need some direction/advice. Ideally I would have it setup by group, so that if a user was in Group A, somehow I would give him access to app A, B, and C via the Published Desktop, and if another user was in Group B, I would give him access to app D, E, and F, via the same desktop. How do you all currently handle this particular piece of administration? Thanks! _______________________________________________ Jon Luchette Emerson Hospital Technology Specialist III Work: 978-287-3369 Cell: 978-360-1379 jluchette@xxxxxxxxxxxxxxx _______________________________________________