Unfortunately I am in a time crunch and am finding I don't know enough about how Group Policies are applied. What I am trying to do is this: I have a Group Policy that is configured to map printers (under User Configuration) for all domain users, and this is successfully applied and works fine. However, if this policy is run when the user logs into one of our Citrix servers, it essentially breaks Citrix, so I have to prevent that policy from running ONLY from our computers which run Citrix.
We have a domain that contains both Windows 2003 and 2008 domain controllers as I am attempting to transition away from the 2003 DCs within the week. We're a small shop, so our domain is completely flat; we do not split any users or computers between OU's. My domain functional level is Windows 2003. The permissions on this policy which is applied to our domain appear as follows:
Domain Admins: Allow Read, Allow Apply Group Policy
MyGroup: Allow Read, Allow Apply Group Policy
CitrixServer1$: Deny Read, Deny Apply Group Policy
CitrixServer2$: Deny Read, Deny Apply Group Policy
Is this supposed to work as I expect? Is there a better way for me to accomplish what I want, which is to map printers for all users reliably but NOT perform this function when the user logs on to Citrix? No matter what I have tried so far, I can't get this policy NOT to be applied when the user logs into a computer that I have specified denied in the security filtering for that policy.
Thanks much for any and all help.