Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Desktop published

Status
Not open for further replies.
jdl508

jdl508

Technical User
Apr 30, 2001
242
US
Hello, I have an application that requires me to publish the whole desktop because it ties in with a few other third party programs. My question is that I know this is a big security risk and what are common practices for using the whole desktop in a published manner. Is all security done through pol editor and nt groups like a regular domain? Also how can I get users to be able to cut and paste between client pc and the virtual citrix desktop? is this possible? I really want to lock the desktop down (no shut down, browsing the network etc.) so the user can only run the needed apps and printers. Also will i need to logon as each user and setup a new printer for them etc.?
thanks for all the help
jdl508
 
Sort by date Sort by votes
This all depends on what your environment is. If you are NT4 domain, you can accomplish this by using poledit and NT groups. You can lock things down, and you can also set up custom groups that will allow you to define a shared desktop and start menu depending on what group you are in.

If you are on a Win2000 network with Active Directory, Group Policy will allow you to do the same thing, but you would use group policy (of course) instead of policy editor.

Cut and paste will work between the Citrix desktop and the client, as long as it is turned on at the client end.

Printing is a breeze if you are using MetaFrame XP and "auto-created" printers.

Let me know a little more about your environment, then we can go from there.
 
Upvote 0 Downvote
SeanFlynn,
thanks for the response! I really appreciate it. Our environment is NT4 domain. We have MF 1.8 on windows 2000 adv server. I currently have apps published and they are set to run seamlesselly Of course now for 1 of our apps that won't work. I am going to look into poledit. We do currently use groups, I just hate to lock a user down for everything if they only need to be locked down on this box. Thanks again
jdl
 
Upvote 0 Downvote
Another quick question, where do you allow cut and paste on the client side? Also is poledit for win2k / winnt in othere words will it work for me in an nt4 domain and on a 2000 server? thanks
jdl
 
Upvote 0 Downvote
HI JDL
The setting to allow clipboard cut/paste is in the Citrix Connection Configuration -> Client Settings -> Client Mapping Overrides. Make sure that you have not disabled client clipboard mapping. Also do not disable client drive mapping.

Poledit works for W2K and NT4. You have an environment much like mine, NT4 domain with W2K servers.

Good luck.
 
Upvote 0 Downvote
jdl508,

If you would like some good adm files to use in poledit check out these websites.

Excellent PDf file. Has lots of Reg Hacks.

I recommend using the poledit on each NT 4.0 TS server. You can set it to grab the policy for the server and not the domain. works better this way. It is one of the fist settings in the policy editor. I don't remeber which one but the 2 websites should help you understand and lock down that server.
Email me if you need help.
Good Luck,
Steve
 
Upvote 0 Downvote
Hello and thnks for the info, I have downloaded poledit whcih seems to be nothing more than policy editor in winnt server. Anyway my prob is that poledit doesnt want to work on my windows 2000 server. I have had better luck with the 95 version but when it tries to save to the registry it errrors out. ANy ideas. I really didnt want to use NT because these users need full working profiles on there local boxes its just when they TS into citrix that I wnat to lock them down. Thanks again.
jdl
 
Upvote 0 Downvote
Since you have W2k do the following for your Citrix servers.

Open Active Directory Users and COmputers Snap-in.
Create a new OU and move your citrix servers to it.
Right Click the new OU and select properties.
Click the tab group policy
click add and work in this area.
on you citrix servers you need to run gpedit.msc and look under the computer configuration for "User Group Policy Loopback processing mode" enable it. You can search Microsoft's site for documentation about it.

Good Luck,
Steve Thank You,
Steve
 
Upvote 0 Downvote
Steve, that would work great except that I dont have a win2k domain, this is an nt4 domain (unfortunately). Anyway I am still in poledit hell trying to figure this little thing out. It doesnt seem to want to apply the policies to the win2k server?!? anyway Steve the site you gave me dabcc.com is excellent with a thousand great q / a's so thanks, i'll just keep plugging away till i figure this out. I may just have to use domain policies for the citrix users, through NT policy editor I just wish i could apply only those to this box and still let my admin have FULL control of the box :)
thanks
jdl
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

GeoffWilkins1962
  • Locked
  • Question
Desktop 5.6 and HP Protect
Replies
0
Views
117
GeoffWilkins1962
GeoffWilkins1962
johnsolo
  • Locked
  • Question
about xen desktop connection
Replies
0
Views
126
johnsolo
johnsolo
smokey7244521
  • Locked
  • Question
Citrix Published apps thru VPN
Replies
0
Views
96
smokey7244521
smokey7244521
Scuba27
  • Locked
  • Question
Published Applications Not Appearing in Citrix ICA Client
Replies
0
Views
88
Scuba27
Scuba27
UnknownEntity
  • Locked
  • Question
Xenserver running server 2008 r2 with remote desktops enabled.
Replies
0
Views
134
UnknownEntity
UnknownEntity

Part and Inventory Search

Sponsor

Back
Top