Nope? The PNAgent client would on the server itself. The user will still connect to the Pub Desktop via Nfuse and PNAgent will populate the Published Desktop. The End Users will not notice a difference. Joe _____ From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Luchette, Jon Sent: Thursday, March 30, 2006 8:23 AM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: SV: Re: OT: Controlling Desktop Access But my users are used to connecting to the NFuse/CSG website, logging on, and launching their published desktop. If I use PNAgent, won't I have to train them to launch icons from their own desktops and also deploy the PNAgent client to their machines as well? _______________________________________________ Jon Luchette Emerson Hospital Technology Specialist III Work: 978-287-3369 Cell: 978-360-1379 jluchette@xxxxxxxxxxxxxxx _______________________________________________ _____ From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Marc-André Lapierre Sent: Thursday, March 30, 2006 10:18 AM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: SV: Re: OT: Controlling Desktop Access I agree with Joe, PNagent is so easy, fast simple and auto-managed via the CMC? + You can even control the desktop icons the same way + you can disable an application easily through CMC and no one will be able to launch it again. Everything will be made through CMC? _____ De : thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] De la part de Joe Shonk Envoyé : 30 mars 2006 10:09 À : thin@xxxxxxxxxxxxx Objet : [THIN] Re: SV: Re: OT: Controlling Desktop Access What?s the resistance to using PNAgent? It?s a lot less complicated and easier to support. Plus it?s a supported Citrix product. Joe _____ From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Svein Arild Haugum Sent: Thursday, March 30, 2006 4:32 AM To: thin@xxxxxxxxxxxxx Subject: [THIN] SV: Re: OT: Controlling Desktop Access I have made just what you are talking about. and it works like a babe. 1. redirect the startmenu trough a gpo to the temp area in the users profile. this ensures a blank startmenu. 2. exclude the temp area in the users profile from beeing saved in the roaming profile. this ensures its cleaned for each logoff. 3. make a security group in AS for each programor program group you want in the startmenu. add members to this. 4. make a share on your fileserver called startmenu$ or something like that. 5. on that share make a subfolder names excaly as the security group name. and put the shortcut in there, or in a new subfolder called program, all depending where on the startmenu you want the shortcut. 6. in your logonscript enumerate the share, and check if the user is a memeber of each group wich has a folder. this ensures that you only get shortcuts for programs you are authorised for. 7 optional, also place file/folder securityon the applications, to make it even more secure. Here is the kix code i use in the logonscript: :Startmeny use y: "\\server\startmenu$ <file:///\\server\startmenu$> " $ShortCuts="y:\" $StartMenu="%Temp%\startmeny" Cd $ShortCuts $FileName = Dir("*.*") While $FileName <> "" and @Error = 0 If Ingroup($FileName) > 0 SHELL '%comspec% /C ROBOCOPY "$ShortCuts\$FileName" "$StartMenu" /E /R:3 /W:10' EndIf If $Filename = "@userid" SHELL '%comspec% /C ROBOCOPY "$ShortCuts\$FileName" "$StartMenu" /E /R:3 /W:10' EndIf $FileName=Dir() ; Retrieve next file Loop use y: /delete Return -----Original Message----- From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Luchette, Jon Sent: Tuesday, March 28, 2006 4:02 PM To: thin@xxxxxxxxxxxxx Subject: [THIN] OT: Controlling Desktop Access Hello, I am trying to find the best way to control which users have access to which applications via the Published Desktop as I rebuild my Citrix farm. I am trying to use Group Policies to accomplish this, but need some direction/advice. Ideally I would have it setup by group, so that if a user was in Group A, somehow I would give him access to app A, B, and C via the Published Desktop, and if another user was in Group B, I would give him access to app D, E, and F, via the same desktop. How do you all currently handle this particular piece of administration? Thanks! _______________________________________________ Jon Luchette Emerson Hospital Technology Specialist III Work: 978-287-3369 Cell: 978-360-1379 jluchette@xxxxxxxxxxxxxxx _______________________________________________