Solved

Single user using Thin and Thick client

Posted on 2013-05-10
5
570 Views
Last Modified: 2013-05-15
Hello, I have a user that uses a laptop.  At times they also use a thin client.

I want to user to have one id that will not restrict them while using the thick client.  For example, in my GPO I do not allow thin client users to access the C drive.  I do want the user to access the c drive while on the laptop (or the laptops C drive).

Is there a way to make this so the user can have one set of permission while using the laptop and different while using thin client with the same user id?
0
Comment
Question by:tucktech
  • 3
  • 2
5 Comments
 
LVL 10

Assisted Solution

by:Casey Herman
Casey Herman earned 500 total points
ID: 39156324
You can add the user to the local  "Administrators" goup on the local laptop if you trust them on that laptop.
0
 

Author Comment

by:tucktech
ID: 39157903
The user already has access as administrator to local machine.  The problem is RDS GPO's get applied and I cannot access C drive, etc..
0
 
LVL 10

Assisted Solution

by:Casey Herman
Casey Herman earned 500 total points
ID: 39161155
You can create a secondary GPO apply it their laptop. Enable loopback processing. Allow what ever RDS policies you need and set it to replace in this case so it overrides the standard RDS policy that you have.

So in the security you deny the new policy for whatever the standard OU ex "Win7 Desktops" Group you have for the rest of the network and allow it for "Laptop Computers" or whatever specific group you want to put this users machine in. If you apply it by group you can set this up and apply it to others as needed.  That way if they come in on a TS or desktop and their drive permissions are different the policy still gets applied to block their drives. The loopback will make sure that whatever the current policy is gets overwritten and applied to that user.
Just my 2 cents.. Good Luck!


-Casey
0
 

Author Comment

by:tucktech
ID: 39161208
Hello Casey,

I have two policies, default domain policy which I have some basic folder redirection and a RDS Policy.

I had loopback enabled within the RDS policy and then I went into the RDS policy security, added the laptop computer and clicked on "deny".

This did not work so I removed loopback, I have not enabled it.

I figured out that I needed to remove the local profile and recreate it and then the laptop was able to access the local c drive.

If I enable loopback that should work, correct?    Per this note does it appear I understand your instructions?

I do agree that I should make a new group, "thick clients" to exclude RDS policy....

Thanks!
0
 
LVL 10

Accepted Solution

by:
Casey Herman earned 500 total points
ID: 39161257
The loopback option on the new policy, if set to replace, will override and previous policies that were set for the user.

Computer with user policy->  both applied
User with policy ->Above user policy applied
User with loopback set to merge-> all above policies applied.
User with loopback set to replace->the replace policy wins.

Make sense?

It sounds like you understand it to me. :)  

Since the user is an admin on the local machine you can also Gpupdate /force to grab the policies and also rsop to see which ones and what order they are getting applied.

Just make sure that you set in security on the policy that all can read the policy but uncheck apply to the groups you do not want to have the policy.

-Casey
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Remote Desktop Connections allow you to control remote host machines via the magic of the Internet and RDP (Remote Desktop Protocol). For the purposes of this article we will assume you are connecting from your home PC or laptop to a remote offic…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now