Solved

Single user using Thin and Thick client

Posted on 2013-05-10
5
565 Views
Last Modified: 2013-05-15
Hello, I have a user that uses a laptop.  At times they also use a thin client.

I want to user to have one id that will not restrict them while using the thick client.  For example, in my GPO I do not allow thin client users to access the C drive.  I do want the user to access the c drive while on the laptop (or the laptops C drive).

Is there a way to make this so the user can have one set of permission while using the laptop and different while using thin client with the same user id?
0
Comment
Question by:tucktech
  • 3
  • 2
5 Comments
 
LVL 10

Assisted Solution

by:Casey Herman
Casey Herman earned 500 total points
ID: 39156324
You can add the user to the local  "Administrators" goup on the local laptop if you trust them on that laptop.
0
 

Author Comment

by:tucktech
ID: 39157903
The user already has access as administrator to local machine.  The problem is RDS GPO's get applied and I cannot access C drive, etc..
0
 
LVL 10

Assisted Solution

by:Casey Herman
Casey Herman earned 500 total points
ID: 39161155
You can create a secondary GPO apply it their laptop. Enable loopback processing. Allow what ever RDS policies you need and set it to replace in this case so it overrides the standard RDS policy that you have.

So in the security you deny the new policy for whatever the standard OU ex "Win7 Desktops" Group you have for the rest of the network and allow it for "Laptop Computers" or whatever specific group you want to put this users machine in. If you apply it by group you can set this up and apply it to others as needed.  That way if they come in on a TS or desktop and their drive permissions are different the policy still gets applied to block their drives. The loopback will make sure that whatever the current policy is gets overwritten and applied to that user.
Just my 2 cents.. Good Luck!


-Casey
0
 

Author Comment

by:tucktech
ID: 39161208
Hello Casey,

I have two policies, default domain policy which I have some basic folder redirection and a RDS Policy.

I had loopback enabled within the RDS policy and then I went into the RDS policy security, added the laptop computer and clicked on "deny".

This did not work so I removed loopback, I have not enabled it.

I figured out that I needed to remove the local profile and recreate it and then the laptop was able to access the local c drive.

If I enable loopback that should work, correct?    Per this note does it appear I understand your instructions?

I do agree that I should make a new group, "thick clients" to exclude RDS policy....

Thanks!
0
 
LVL 10

Accepted Solution

by:
Casey Herman earned 500 total points
ID: 39161257
The loopback option on the new policy, if set to replace, will override and previous policies that were set for the user.

Computer with user policy->  both applied
User with policy ->Above user policy applied
User with loopback set to merge-> all above policies applied.
User with loopback set to replace->the replace policy wins.

Make sense?

It sounds like you understand it to me. :)  

Since the user is an admin on the local machine you can also Gpupdate /force to grab the policies and also rsop to see which ones and what order they are getting applied.

Just make sure that you set in security on the policy that all can read the policy but uncheck apply to the groups you do not want to have the policy.

-Casey
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Join & Write a Comment

Remote Desktop Connections allow you to control remote host machines via the magic of the Internet and RDP (Remote Desktop Protocol). For the purposes of this article we will assume you are connecting from your home PC or laptop to a remote offic…
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now