The problem is quite complex:
We have a domain with global policies applied on users.
I have to apply my own policies for Citrix, for these same users. So these users connect sometimes on the domain (without Citrix) and sometimes on Citrix.
I cannot create a Citrix OU (group) on the active directory: as a matter of fact, if I create a citrix OU on the domain with my citrix policies, there will be a conflict between the domain policies and the citrix policies (my citrix policies are much more stronger than the domain policies). Ex: hide drives. If I hid drives on this OU, the users won't see anymore their drives when they connect on the domain (without Citrix), which is not possible.
I cannot create a Citrix OU with specific accounts on the active directory, only for Citrix: I would have for each account to reconnect the mail, the drives mappings etc.
If I apply policies on the citrix server, locally, the policies apply on my administrator account also (like no registry access, no start group access, no drives mapping access etc.) And I can not anymore administrate my server.
I would like a kind of local OU (not domain OU) with policies that don't apply on the administrator account.
But it seems local policies on local group is impossible.
I must specify that I have no permissions to modify the domain policies (but I could obtain permissions to manage a Citrix OU on the domain).
What could I do acording to you?
Thank you.
We have a domain with global policies applied on users.
I have to apply my own policies for Citrix, for these same users. So these users connect sometimes on the domain (without Citrix) and sometimes on Citrix.
I cannot create a Citrix OU (group) on the active directory: as a matter of fact, if I create a citrix OU on the domain with my citrix policies, there will be a conflict between the domain policies and the citrix policies (my citrix policies are much more stronger than the domain policies). Ex: hide drives. If I hid drives on this OU, the users won't see anymore their drives when they connect on the domain (without Citrix), which is not possible.
I cannot create a Citrix OU with specific accounts on the active directory, only for Citrix: I would have for each account to reconnect the mail, the drives mappings etc.
If I apply policies on the citrix server, locally, the policies apply on my administrator account also (like no registry access, no start group access, no drives mapping access etc.) And I can not anymore administrate my server.
I would like a kind of local OU (not domain OU) with policies that don't apply on the administrator account.
But it seems local policies on local group is impossible.
I must specify that I have no permissions to modify the domain policies (but I could obtain permissions to manage a Citrix OU on the domain).
What could I do acording to you?
Thank you.