Disabling script processing when logging onto a citrix server

We currently have a setup where a large number of citrix servers are located in a separate forest at our data center for one of our customers.  There is a forest trust between the forest at our company and the customers forest.  The customer has a log in script that is set in to run in their default domain group policy.  The problem is that when they log into the citrix servers through the trust it tries to process that script and it is creating very slow log in times.

I need to find a way to disable this script from running when they log into the citrix servers.  I was thinking about enabling loop back processing but again, I only want this change to affect the citrix servers.

How can I block this script from running when they log into only the citrix servers?  Will loop back processing solve the problem or is there another change I can make locally to each of the citrix boxes that will solve the problem?  I need to avoid making forest wide changes.  I would prefer making changes to the local policies of the citrix servers only.

lupodwdmAsked:
Who is Participating?
 
Mike KlineCommented:
Loopback policies would mean that user policies defined would apply to any user logging into the citrix  server.  What user policy were you thinking of to apply

Have you looked at using software restriction policies on the servers  http://technet.microsoft.com/en-us/library/bb457006.aspx

Thanks

Mike
0
 
Carl WebsterCommented:
I would move the script out of the DDP, put it in another GPO and deny that GPO to the Citrix users.
0
 
lupodwdmAuthor Commented:
The problem is that the people who are citrix users need this script the rest of the time when they are not accessing the citrix farm on our side.  That is why I am trying to deal with this on a server level on our side.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
lupodwdmAuthor Commented:
Is there any way to tell each server to ignore any group policy settings that are attached to the users when they log in from that forest?
0
 
Mike KlineCommented:
If you want to disable more than just the login script you can use the setting:

Allow Cross-Forest User Policy and Roaming User Profiles.

More on the setting here:   http://www.boyce.us/gp/gpcontent.asp?ID=75

It is a computer setting.  

Do you have a lab or a way to test, it will apply to all those users in the other forest.

Thanks
Mike
0
 
lupodwdmAuthor Commented:
Mkline, we have the allow cross forest GP setting enabled so that the settings from our management forest carry over into all the customer forests when we log in to do maintenance.  This is why I need something that is machine local.

Anyone have any other thoughts?  Again, I need to find something that is local to the machines and not a forest wide GP or something that is set in the customer forest.

There must be a way to do this.  
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.