Again, I'm pretty sure I tried setting a Deny for "apply policy" to the Admins group. Because it's a Computer object, it doesn't apply on a group basis. At least that's how it feels.
On 12 February 2011 00:01, Webster <[email protected]> wrote: > Deny the policy to your admin groups. Also Deny any lockdown policies to > your admin groups. > > > > Thanks > > > > > > Carl Webster > > Consultant and Citrix Technology Professional > > http://dabcc.com/Webster > > > > > > > > *From:* Rankin, James R [mailto:[email protected]] > *Subject:* Re: Quick Terminal Services Profile question > > > > I am sure I tried that, but will revisit. The problem is that unless I log > on to the console the TS profile applies. its a pain to say the least > > Typed frustratingly slowly on my BlackBerry® wireless device > ------------------------------ > > *From: *Miller Bonnie L. <[email protected]> > > *Subject: *RE: Quick Terminal Services Profile question > > > > I had a similar problem when applying a software restriction policy to our > RDS servers while loopback is enabled, trying to keep it from applying to > administrators. > > > > The trick I’m using is to use a group for your TS/RDS users and then filter > the policy to only apply to that group plus the computer accounts of the > RDS/TS servers. > > > > You probably also have to reboot the server(s) in question after making the > change, since you’re dealing with a computer-based policy. Not sure if this > will work in your scenario (SRPs are user-based policies), but might be > worth a try. > > > > *From:* James Rankin [mailto:[email protected]] > *Subject:* Re: Quick Terminal Services Profile question > > > > This GPO is certainly annoying! > > When configured, it kicks in for *every *user on the terminal server > (including admins). Obviously I want regular users to get the mandatory > profile and admins to have a standard profile. But as it is a Computer GPO, > I can't filter it by groups or users. I can't even use AppSense to deploy it > as it can only have conditions determined for the computer object. This > seems a bit insane - I can set the TS profile for users, but only on a > machine basis? > > The only thing I can think of to work around is to run a user logon script > that runs tsprof to change their profile setting to the mandatory if they > are in a certain group. But that seems a little bit backward to me, I was > hoping to handle this via a GPO. Am I missing something glaringly obvious > here? > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > -- "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question." *IMPORTANT: This email is intended for the use of the individual addressee(s) named above and may contain information that is confidential, privileged or unsuitable for overly sensitive persons with low self-esteem, no sense of humour or irrational religious beliefs. If you are not the intended recipient, any dissemination, distribution or copying of this email is not authorised (either explicitly or implicitly) and constitutes an irritating social faux pas. Unless the word absquatulation has been used in its correct context somewhere other than in this warning, it does not have any legal or no grammatical use and may be ignored. No animals were harmed in the transmission of this email, although the kelpie next door is living on borrowed time, let me tell you. Those of you with an overwhelming fear of the unknown will be gratified to learn that there is no hidden message revealed by reading this warning backwards, so just ignore that Alert Notice from Microsoft. However, by pouring a complete circle of salt around yourself and your computer you can ensure that no harm befalls you and your pets. If you have received this email in error, please add some nutmeg and egg whites, whisk and place in a warm oven for 40 minutes.* ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
