Graham- Not sure I understand that. Are you talking about supressing the running of logon scripts when the administrator logs onto a DC locally? If so, then if you can move the logon script out of the user's AD account properties, and into a GPO, then you can use loopback on your DCs to prevent the user's normal policies from processing, including their logon script.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Graham Turner Sent: Tuesday, January 27, 2004 3:44 AM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] Limiting GPO's to Network Logons I read with interest this post. don't suppose there is any related policy that allows the administrator to suppress the processing of login script (as set in the user a/c property) when logging on locally ?? GT ----- Original Message ----- From: "Darren Mar-Elia" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, January 27, 2004 4:52 AM Subject: RE: [ActiveDir] Limiting GPO's to Network Logons Devan- I'm not sure I totally follow what you're asking to do, but if I understand it, you want to have your users get different policy restrictions when they are logged into a Citix/TS session as compared to when they're logged into their normal desktops? If that is so, then what you'll want to look into is enabling GPO loopback policy on a GPO that is linked to the OU where your Citrix servers reside. Specifically, loopback policy will let you set user policy on that TS GPO that only applies when the user is logged into the TS server. Loopback policy is located in Computer Configuration|Administrative Templates|System|Group Policy. Darren Mar-Elia -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Devan Pala Sent: Monday, January 26, 2004 8:10 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Limiting GPO's to Network Logons Hi, In a single domain environment, how could one setup restricting GPO's (user configurations) from running in a Citrix Terminal Server environment (with pass-through authentication). Users reside in a geographical based OU and the Citrix servers etc. in another OU. While logging on to a published desktop via Citrix with the same credentials the user gets the same GPO applied to that terminal session which is what I would like to restrict. Currently the only thing I have is an article on Windows NT mag http://www.windows2000mag.com/Articles/Index.cfm I haven;t tried the above yet... Thanks in advance. _________________________________________________________________ Rethink your business approach for the new year with the helpful tips here. http://special.msn.com/bcentral/prep04.armx List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
