[THIN] Re: SV: Re: OT: Controlling Desktop Access
- From: "Joe Shonk" <joe.shonk@xxxxxxxxx>
- To: <thin@xxxxxxxxxxxxx>
- Date: Thu, 30 Mar 2006 08:35:09 -0700
Nope? The PNAgent client would on the server itself. The user will still
connect to the Pub Desktop via Nfuse and PNAgent will populate the Published
Desktop. The End Users will not notice a difference.
Joe
_____
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
Of Luchette, Jon
Sent: Thursday, March 30, 2006 8:23 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: SV: Re: OT: Controlling Desktop Access
But my users are used to connecting to the NFuse/CSG website, logging on,
and launching their published desktop. If I use PNAgent, won't I have to
train them to launch icons from their own desktops and also deploy the
PNAgent client to their machines as well?
_______________________________________________
Jon Luchette
Emerson Hospital
Technology Specialist III
Work: 978-287-3369
Cell: 978-360-1379
jluchette@xxxxxxxxxxxxxxx
_______________________________________________
_____
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
Of Marc-André Lapierre
Sent: Thursday, March 30, 2006 10:18 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: SV: Re: OT: Controlling Desktop Access
I agree with Joe,
PNagent is so easy, fast simple and auto-managed via the CMC? + You can even
control the desktop icons the same way + you can disable an application
easily through CMC and no one will be able to launch it again. Everything
will be made through CMC?
_____
De : thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] De la part
de Joe Shonk
Envoyé : 30 mars 2006 10:09
À : thin@xxxxxxxxxxxxx
Objet : [THIN] Re: SV: Re: OT: Controlling Desktop Access
What?s the resistance to using PNAgent? It?s a lot less complicated and
easier to support. Plus it?s a supported Citrix product.
Joe
_____
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
Of Svein Arild Haugum
Sent: Thursday, March 30, 2006 4:32 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] SV: Re: OT: Controlling Desktop Access
I have made just what you are talking about. and it works like a babe.
1. redirect the startmenu trough a gpo to the temp area in the users
profile. this ensures a blank startmenu.
2. exclude the temp area in the users profile from beeing saved in the
roaming profile. this ensures its cleaned for each logoff.
3. make a security group in AS for each programor program group you want in
the startmenu. add members to this.
4. make a share on your fileserver called startmenu$ or something like that.
5. on that share make a subfolder names excaly as the security group name.
and put the shortcut in there, or in a new subfolder called program, all
depending where on the startmenu you want the shortcut.
6. in your logonscript enumerate the share, and check if the user is a
memeber of each group wich has a folder. this ensures that you only get
shortcuts for programs you are authorised for.
7 optional, also place file/folder securityon the applications, to make it
even more secure.
Here is the kix code i use in the logonscript:
:Startmeny
use y: "\\server\startmenu$ <file:///\\server\startmenu$> "
$ShortCuts="y:\"
$StartMenu="%Temp%\startmeny"
Cd $ShortCuts
$FileName = Dir("*.*")
While $FileName <> "" and @Error = 0
If Ingroup($FileName) > 0
SHELL '%comspec% /C ROBOCOPY "$ShortCuts\$FileName" "$StartMenu" /E /R:3
/W:10'
EndIf
If $Filename = "@userid"
SHELL '%comspec% /C ROBOCOPY "$ShortCuts\$FileName" "$StartMenu" /E /R:3
/W:10'
EndIf
$FileName=Dir() ; Retrieve next file
Loop
use y: /delete
Return
-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
Of Luchette, Jon
Sent: Tuesday, March 28, 2006 4:02 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] OT: Controlling Desktop Access
Hello,
I am trying to find the best way to control which users have access to which
applications via the Published Desktop as I rebuild my Citrix farm. I am
trying to use Group Policies to accomplish this, but need some
direction/advice. Ideally I would have it setup by group, so that if a user
was in Group A, somehow I would give him access to app A, B, and C via the
Published Desktop, and if another user was in Group B, I would give him
access to app D, E, and F, via the same desktop.
How do you all currently handle this particular piece of administration?
Thanks!
_______________________________________________
Jon Luchette
Emerson Hospital
Technology Specialist III
Work: 978-287-3369
Cell: 978-360-1379
jluchette@xxxxxxxxxxxxxxx
_______________________________________________
Other related posts:
