[THIN] Re: nt4 users in nt4 domain accessing win2k domain

• From: "Steve Raffensberger" <sraffens1@xxxxxxxxxxx>
• To: <thin@xxxxxxxxxxxxx>
• Date: Thu, 30 Oct 2003 15:07:12 -0500

Brian,

If you don't have any Citrix servers in the NT4 domain, you should be able
to specify roaming Terminal Server profiles without disturbing their
workstation profiles. There are a few things you can try before giving up on
your cunning plan.

1. For a few trial users, set their NT4 Terminal Server profiles up for
roaming. Leave their normal profiles alone.
2. On the share where the roaming profiles will reside, pre-create a
directory for each user and give the user full control. This is important
because W2K will attempt to modify the permissions and fail if it can't.
3. In each Citrix server, under the LOCAL GPO, enable Local Computer
Policy\Computer Configuration\Administrative Templates\System\Logon\Add the
Administrators security group to roaming user profiles. This will keep the
above step from locking you (the administrator) out.
4. Make sure that your AD GPO applies to the group "Everyone". You can use
the resource kit utility "gpresult" to see if it actually applies or not.
5. Within, your AD GPO, you will find many settings duplicated under
Computer Configuration and User Configuration. Set them both identically.
The Computer Configurations will probably be the only ones that actually
work when using loopback mode.

Good luck,

Raff

-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx]On
Behalf Of Brian Lilley
Sent: Thursday, October 30, 2003 11:01 AM
To: 'thin@xxxxxxxxxxxxx'
Subject: [THIN] nt4 users in nt4 domain accessing win2k domain


Hi All,

I had a cunning plan which is now no longer as cunning as I'd first thought.

The story is this...

We have a customer who has a user base on NT4 workstations in an NT4 domain.
We installed an Active Directory based Citrix farm to run our application.

I built a GPO and attached it to an OU containing the Citrix servers to
restrict their access when running the application in a seamless window.
This GPO has loopback enabled which I hoped would replace the users'
existing profile/policies...but...as it turns out, loopback processing does
not work unless both machine and user account come from Windows 2000 and
Active directory respectively...booohoohoo

so...does anyone have any emergency backup cunning plans...

I thought about a resitricted mandatory profile which would make life nice
and easy but unfortunately they require Outlook profiley things..

What would I have to do in order to provide a resitricted profile template
for a roaming profile based user..

thanks in advance, Brianos

PS. nt profiles are a dark dark art


**********************************************************************
The information contained in this e-mail message is intended
only for the individuals named above.  If you are not the
intended recipient, you should be aware that any
dissemination, distribution, forwarding or other duplication
of this communication is strictly prohibited.  The views
expressed in this e-mail are those of the individual author
and not necessarily those of Vivista Limited.
Prior to taking any action based upon this e-mail message
you should seek appropriate confirmation of its authenticity.
If you have received this e-mail in error, please immediately
notify the sender by using the e-mail reply facility.
**********************************************************************


_____________________________________________________________________

This message has been checked for all known viruses on behalf of Vivista by
MessageLabs.

http://www.messagelabs.com or Email: mailsweeper.info@xxxxxxxxxxxxx

Vivista formerly Securicor Information Systems for further information
http://www.vivista.co.uk

********************************************************
This Weeks Sponsor Pearl Software
Internet Monitoring, Filtering, and Control Solutions
Enabling User & Group Level Oversight & Access Policies
Fully Functional in a Thick or Thin Client Environment
http://www.pearlsw.com
**********************************************************
Useful Thin Client Computing Links are available at:
http://thethin.net/links.cfm
New! Online Thin Computing Magazine Site
http://www.OnDemandAccess.com

For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm

********************************************************
This Weeks Sponsor Pearl Software
Internet Monitoring, Filtering, and Control Solutions
Enabling User & Group Level Oversight & Access Policies
Fully Functional in a Thick or Thin Client Environment
http://www.pearlsw.com
**********************************************************
Useful Thin Client Computing Links are available at:
http://thethin.net/links.cfm
New! Online Thin Computing Magazine Site
http://www.OnDemandAccess.com

For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm

• References:
  • [THIN] nt4 users in nt4 domain accessing win2k domain
    • From: Brian Lilley

Other related posts:

• » [THIN] nt4 users in nt4 domain accessing win2k domain
• » [THIN] Re: nt4 users in nt4 domain accessing win2k domain
• » [THIN] Re: nt4 users in nt4 domain accessing win2k domain
• » [THIN] Re: nt4 users in nt4 domain accessing win2k domain
• » [THIN] Re: nt4 users in nt4 domain accessing win2k domain
• » [THIN] Re: nt4 users in nt4 domain accessing win2k domain

1. Home
2. thin
3. Archive
4. 10-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---