Solved

Single user using Thin and Thick client

Posted on 2013-05-10
5
583 Views
Last Modified: 2013-05-15
Hello, I have a user that uses a laptop.  At times they also use a thin client.

I want to user to have one id that will not restrict them while using the thick client.  For example, in my GPO I do not allow thin client users to access the C drive.  I do want the user to access the c drive while on the laptop (or the laptops C drive).

Is there a way to make this so the user can have one set of permission while using the laptop and different while using thin client with the same user id?
0
Comment
Question by:tucktech
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 10

Assisted Solution

by:Casey Herman
Casey Herman earned 500 total points
ID: 39156324
You can add the user to the local  "Administrators" goup on the local laptop if you trust them on that laptop.
0
 

Author Comment

by:tucktech
ID: 39157903
The user already has access as administrator to local machine.  The problem is RDS GPO's get applied and I cannot access C drive, etc..
0
 
LVL 10

Assisted Solution

by:Casey Herman
Casey Herman earned 500 total points
ID: 39161155
You can create a secondary GPO apply it their laptop. Enable loopback processing. Allow what ever RDS policies you need and set it to replace in this case so it overrides the standard RDS policy that you have.

So in the security you deny the new policy for whatever the standard OU ex "Win7 Desktops" Group you have for the rest of the network and allow it for "Laptop Computers" or whatever specific group you want to put this users machine in. If you apply it by group you can set this up and apply it to others as needed.  That way if they come in on a TS or desktop and their drive permissions are different the policy still gets applied to block their drives. The loopback will make sure that whatever the current policy is gets overwritten and applied to that user.
Just my 2 cents.. Good Luck!


-Casey
0
 

Author Comment

by:tucktech
ID: 39161208
Hello Casey,

I have two policies, default domain policy which I have some basic folder redirection and a RDS Policy.

I had loopback enabled within the RDS policy and then I went into the RDS policy security, added the laptop computer and clicked on "deny".

This did not work so I removed loopback, I have not enabled it.

I figured out that I needed to remove the local profile and recreate it and then the laptop was able to access the local c drive.

If I enable loopback that should work, correct?    Per this note does it appear I understand your instructions?

I do agree that I should make a new group, "thick clients" to exclude RDS policy....

Thanks!
0
 
LVL 10

Accepted Solution

by:
Casey Herman earned 500 total points
ID: 39161257
The loopback option on the new policy, if set to replace, will override and previous policies that were set for the user.

Computer with user policy->  both applied
User with policy ->Above user policy applied
User with loopback set to merge-> all above policies applied.
User with loopback set to replace->the replace policy wins.

Make sense?

It sounds like you understand it to me. :)  

Since the user is an admin on the local machine you can also Gpupdate /force to grab the policies and also rsop to see which ones and what order they are getting applied.

Just make sure that you set in security on the policy that all can read the policy but uncheck apply to the groups you do not want to have the policy.

-Casey
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question