Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Problem between user and admin policies

Status
Not open for further replies.
isterios

isterios

IS-IT--Management
Joined
Apr 16, 2003
Messages
205
Location
NL
Here is our configuration:

on our active directory, we have a group of users which has specific policies on the domain (apart from citrix).

Moreover, this group has an access to Citrix (virtual desktop and published applications). These users will have an access to citrix AND keep an access to individual PCs on the domain. Policies are different in both cases (for Citrix or for domain).

So policies for the domain and for Citrix are not the same.

My question is: I would like to attribute restictive policies for these users on Citrix, but I don't want these policies to be applied on my own account, as Citrix admin. (ex. prevent acces for control panel, for prompt, run etc.)

We tried a lot of things without success:
1. I cannot apply specific policies to this group of users (OU) on the active directory, as I can not change their domain policies.
2. I created a Citrix OU on the AD. I put my servers in this OU. Problem: if I modify policies on this citrix OU, these policies will apply for my admin. account also.
3. I can not move the users in my OU citrix and apply policies, as they need to keep strictly their domain policies and nothing more or less.
4. We made a script (kix32) which made a
distinction between admin and users logging on the citrix server. Problem: we didn't succeed in giving write permissions for the users into the registry for changing keys. And it will be quite complex to find every keys necessary for every policy we want to apply.

Did someone find a solution in this kind of model?

Thank you vm.
 
Sort by date Sort by votes
We got around those issues by creating a citrix users group and a citrix administrators group. Based on those groups we applied poliie restricting access to things like shutdown, command prompt etc.. only to the servers and only for members of the citrix users group. The citrix adminitrator groups was placed into the local admin group on the server and voila.
 
Upvote 0 Downvote
Thank Philly.

We did this: we created two groups (admin and users) in the Citrix OU and we applied security to each of this group. For example we want control panel to be hidden for users, and not for admin.

We set a policy object for the admin group (basicadminobject) and a policy object for the users group(basiusersobject). In each object I set the control panel policy (hidden for users and not configured for admin.)

We put the correct accounts in each group. I made a gpupdate /force on both citrix servers.

We test: I log on at user: it doesn't work, the control panel icon appears...

Did I miss something?

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sebastian42
  • Locked
  • Question Question
Possibly a timing problem
Replies
0
Views
787
Sebastian42
Sebastian42
MartijnNL
  • Locked
  • Question Question
DCL: Counting number of user processes for a period of time
Replies
1
Views
506
yamyam
yamyam
badger007
  • Locked
  • Question Question
simh vax openvms editor problem
Replies
1
Views
526
badger007
badger007
Icanpingit
  • Locked
  • Question Question
Changes in Citrix Policies
Replies
1
Views
290
ntinlin
ntinlin
Breezeman
  • Locked
  • Question Question
Stop users from saving to their user directory on C: of application servers
Replies
3
Views
600
JayIT
JayIT

Part and Inventory Search

Sponsor

Back
Top