Solved

Single user using Thin and Thick client

Posted on 2013-05-10
5
573 Views
Last Modified: 2013-05-15
Hello, I have a user that uses a laptop.  At times they also use a thin client.

I want to user to have one id that will not restrict them while using the thick client.  For example, in my GPO I do not allow thin client users to access the C drive.  I do want the user to access the c drive while on the laptop (or the laptops C drive).

Is there a way to make this so the user can have one set of permission while using the laptop and different while using thin client with the same user id?
0
Comment
Question by:tucktech
  • 3
  • 2
5 Comments
 
LVL 10

Assisted Solution

by:Casey Herman
Casey Herman earned 500 total points
ID: 39156324
You can add the user to the local  "Administrators" goup on the local laptop if you trust them on that laptop.
0
 

Author Comment

by:tucktech
ID: 39157903
The user already has access as administrator to local machine.  The problem is RDS GPO's get applied and I cannot access C drive, etc..
0
 
LVL 10

Assisted Solution

by:Casey Herman
Casey Herman earned 500 total points
ID: 39161155
You can create a secondary GPO apply it their laptop. Enable loopback processing. Allow what ever RDS policies you need and set it to replace in this case so it overrides the standard RDS policy that you have.

So in the security you deny the new policy for whatever the standard OU ex "Win7 Desktops" Group you have for the rest of the network and allow it for "Laptop Computers" or whatever specific group you want to put this users machine in. If you apply it by group you can set this up and apply it to others as needed.  That way if they come in on a TS or desktop and their drive permissions are different the policy still gets applied to block their drives. The loopback will make sure that whatever the current policy is gets overwritten and applied to that user.
Just my 2 cents.. Good Luck!


-Casey
0
 

Author Comment

by:tucktech
ID: 39161208
Hello Casey,

I have two policies, default domain policy which I have some basic folder redirection and a RDS Policy.

I had loopback enabled within the RDS policy and then I went into the RDS policy security, added the laptop computer and clicked on "deny".

This did not work so I removed loopback, I have not enabled it.

I figured out that I needed to remove the local profile and recreate it and then the laptop was able to access the local c drive.

If I enable loopback that should work, correct?    Per this note does it appear I understand your instructions?

I do agree that I should make a new group, "thick clients" to exclude RDS policy....

Thanks!
0
 
LVL 10

Accepted Solution

by:
Casey Herman earned 500 total points
ID: 39161257
The loopback option on the new policy, if set to replace, will override and previous policies that were set for the user.

Computer with user policy->  both applied
User with policy ->Above user policy applied
User with loopback set to merge-> all above policies applied.
User with loopback set to replace->the replace policy wins.

Make sense?

It sounds like you understand it to me. :)  

Since the user is an admin on the local machine you can also Gpupdate /force to grab the policies and also rsop to see which ones and what order they are getting applied.

Just make sure that you set in security on the policy that all can read the policy but uncheck apply to the groups you do not want to have the policy.

-Casey
0

Featured Post

Gigs: Get Your Project Delivered by an Expert

Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I'll explain how to setup a Plex Media Server (https://plex.tv/) on a Redhat (Centos) 7 based NAS with screenshots to help those looking for assistance.  What is Plex? If you aren't familiar with Plex, it’s a DLNA media serv…
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question