No announcement yet.

Can I have it both ways???

  • Filter
  • Time
  • Show
Clear All
new posts

  • Can I have it both ways???

    I have users that use PC's at times and Thin Clients with Citrix published desktops at others. When they use the PC's I would like to have no restrictions. When they use the published desktop I would like it locked down.
    Right now I can only seem to have all or nothing. Filtering doesn't seem to help even if I only put the Citrix server on the list. If the user is not on the list no restrictions are applied in either situation. If the user is on the filtered list the restrictions are enforced in both situations. It's alomost like I need an and/or situation. When a user logs in "and" hits a certain machine apply the GPO. If the user logs in "and is not" hitting a Citrix server ignore the GPO.

    Thanks, Jon

  • #2
    Re: Can I have it both ways???

    After some searching it sure looks like I need to use loopback prcessing to get this done.
    Can anyone give me a rundown on this? All the things I've read don't outline how to do this in simple terms. I know it can't be rocket science.....


    • #3
      Re: Can I have it both ways???

      Group policy is applied in two areas- by user and by computer. What you hope to achieve is a computer-only application of rules.
      In our environment we created an isolated OU for Terminal servers (called SV-terminals) then built up a policy called TermServ and applied it to the OU. As we add Terminal servers, they are moved from the Computers OU to this SV-Terminals OU.
      The specific setting for Loopback processing is
      Computer Configuration/Administrative Templates/System/Group Policy/User Group Policy loopback processing mode
      Ours is enabled and set for Merge, but you may want to use Replace.