Solved

Single user using Thin and Thick client

Posted on 2013-05-10
5
575 Views
Last Modified: 2013-05-15
Hello, I have a user that uses a laptop.  At times they also use a thin client.

I want to user to have one id that will not restrict them while using the thick client.  For example, in my GPO I do not allow thin client users to access the C drive.  I do want the user to access the c drive while on the laptop (or the laptops C drive).

Is there a way to make this so the user can have one set of permission while using the laptop and different while using thin client with the same user id?
0
Comment
Question by:tucktech
  • 3
  • 2
5 Comments
 
LVL 10

Assisted Solution

by:Casey Herman
Casey Herman earned 500 total points
ID: 39156324
You can add the user to the local  "Administrators" goup on the local laptop if you trust them on that laptop.
0
 

Author Comment

by:tucktech
ID: 39157903
The user already has access as administrator to local machine.  The problem is RDS GPO's get applied and I cannot access C drive, etc..
0
 
LVL 10

Assisted Solution

by:Casey Herman
Casey Herman earned 500 total points
ID: 39161155
You can create a secondary GPO apply it their laptop. Enable loopback processing. Allow what ever RDS policies you need and set it to replace in this case so it overrides the standard RDS policy that you have.

So in the security you deny the new policy for whatever the standard OU ex "Win7 Desktops" Group you have for the rest of the network and allow it for "Laptop Computers" or whatever specific group you want to put this users machine in. If you apply it by group you can set this up and apply it to others as needed.  That way if they come in on a TS or desktop and their drive permissions are different the policy still gets applied to block their drives. The loopback will make sure that whatever the current policy is gets overwritten and applied to that user.
Just my 2 cents.. Good Luck!


-Casey
0
 

Author Comment

by:tucktech
ID: 39161208
Hello Casey,

I have two policies, default domain policy which I have some basic folder redirection and a RDS Policy.

I had loopback enabled within the RDS policy and then I went into the RDS policy security, added the laptop computer and clicked on "deny".

This did not work so I removed loopback, I have not enabled it.

I figured out that I needed to remove the local profile and recreate it and then the laptop was able to access the local c drive.

If I enable loopback that should work, correct?    Per this note does it appear I understand your instructions?

I do agree that I should make a new group, "thick clients" to exclude RDS policy....

Thanks!
0
 
LVL 10

Accepted Solution

by:
Casey Herman earned 500 total points
ID: 39161257
The loopback option on the new policy, if set to replace, will override and previous policies that were set for the user.

Computer with user policy->  both applied
User with policy ->Above user policy applied
User with loopback set to merge-> all above policies applied.
User with loopback set to replace->the replace policy wins.

Make sense?

It sounds like you understand it to me. :)  

Since the user is an admin on the local machine you can also Gpupdate /force to grab the policies and also rsop to see which ones and what order they are getting applied.

Just make sure that you set in security on the policy that all can read the policy but uncheck apply to the groups you do not want to have the policy.

-Casey
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question