Need Help on Difficult GPO Requirement

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: Joe Mowry (jmowry_at_joment.com)
Date: 08/10/04 

Date: Tue, 10 Aug 2004 00:36:48 -0400

Ladies and Gentleman,
I've been trying for the last couple of weeks in my spare time to
accomplish assigning GPO's to restrict and lockdown Drive access,
internet access, and other service and apply an Excel policy to set
general options and lock down other fucntions.

I have a single Domain (Domain1)
Multiple Global Groups in Domain1
File and print server (PFserver.domain1)
Citrix Servers Citrix1.domain1 and Citrix2.domain1 Single Published
application Excel No Desktop.

My problem is this. There is a global group (Budgets) that access
Citrix1 and2 .domain1 to run Excel. During the Citrix access by the
users in the Budgets group I need to highly restrict access to Drive
access, internet access through Excel, mapping network drives and
apply the Excel policy which sets items in the general tab.

What I've done so far which works like gangbusters but affects all the
desk/lap tops even when not in/accessing the Citrix app through the
Citrix Client. Caused a massive load to the call center when they
logged on and couldn't do anything on their local machine.
*******
Created an OU (CITRIXTS) Direct parent is Domain1
Created Policy (CTX-SERVERS) and Added the two citrix servers and the
Budget group as members and configured the (computer policy only)
Linked this GP to Domain1
Created Policy (CTX-Excel ) and added two citrix servers and the
Budget group. Configured the user policy here removing Drive access
though Windows Explorer and My Computer and setting the Excel portions
of the policy.
Linked to Domain1
When both were linked all hell broke loose. The Citrix servers and
Excel was just the way it was supposed to be. But the desk/lap tops
now had all the settings even when not in the Citrix Client.

My goal is to have this group of users to always have the established
domain1 policy when not in/accessing the Citrix Client and have the
full power of the GPO's applied only when using the Citrix Client to
access the Restricted Citrix Environment.

Anyone got a good idea on how to do this?
All help would be greatly appreciated.

Thanks all,
Joe Mowry
Sr. Technical Flunky
Just when the light come on and I start to see things clearly
comes the brownout and the fuse blows.

Relevant Pages

  • Re: Need Help on Difficult GPO Requirement
    ... >Loopback processing of Group Policy is what you want to look at. ... >> Multiple Global Groups in Domain1 ... >> application Excel No Desktop. ... >> now had all the settings even when not in the Citrix Client. ...
    (microsoft.public.win2000.group_policy)
  • Mail Merge cant find data source in Office XP...but it could in 2000!
    ... He has a database which uses VB to generate an Excel ... The db is accessed by users via Citrix, ... selects the data source, the Document and mail merge then work fine. ... The network drive that the Excel spreadsheet is usually saved to is ...
    (microsoft.public.word.mailmerge.fields)
  • Re: Password Expiry Notice not taking effect in Citrix
    ... This setting maps to the registry key you provided so it may not solve anything by doing this with Group Policy but I will test it out today. ... not on the citrix servers so I dont know what the difference is. ... >> The users are gettting a prompt 14 days before it changes when they>> log ...
    (microsoft.public.win2000.group_policy)
  • Re: Password Expiry Notice not taking effect in Citrix
    ... is the citrix machine in the target OU ... The password policy is a bit unique/confusing for one main reason. ... Citrix Servers, it has kept the registry setting as 14. ...
    (microsoft.public.win2000.group_policy)
  • Flashing cells
    ... This is because your Citrix administrators have ... each Citrix server or alternatively on the Excel ...
    (microsoft.public.excel.crashesgpfs)