{"id":8602,"date":"2006-10-25T22:04:00","date_gmt":"1999-11-29T20:00:00","guid":{"rendered":"https:\/\/aidanfinn.com\/?p=8602"},"modified":"2006-10-25T22:04:00","modified_gmt":"1999-11-29T20:00:00","slug":"terminal-services-profiles-and-abe","status":"publish","type":"post","link":"https:\/\/aidanfinn.com\/?p=8602","title":{"rendered":"Terminal Services, Profiles and ABE"},"content":{"rendered":"<p>My current client is in the process of deploying a new Windows 2003 Active Directory and a Citrix PS4 environment.\u00a0 Requirements for the Citrix environment are:<\/p>\n<ul>\n<li>They want to use mandatory profiles (if at all possible).<\/li>\n<li>They wish to use controlled start menus and desktops.<\/li>\n<li>They want to install all applications on each server.<\/li>\n<li>They want to publish the desktop to users via WYSE terminals.<\/li>\n<li>They want to control access to licensed applications.<\/li>\n<li>License controls should be done via Domain Global or Domain Local groups.<\/li>\n<\/ul>\n<p>Hmm.\u00a0 <\/p>\n<p>A well known Citrix expert consultancy firm recommended that they use scripts to build a users start menu and desktop based on group membership.\u00a0 Nasty!\u00a0 I like scripts but this would be a pain to own and maintain over time.\u00a0 I first became aware of the Citrix requirements at a progress meeting yesterday.\u00a0 I listened quietly and then I had a what was either a brainwave or a brain fart that evolved a bit.<\/p>\n<ul>\n<li>A single startmenu and desktop would be hosted on a DFS file share (replicated on the LAN).<\/li>\n<li>Shortcuts for all applications would be installed in the start menu (and desktop as neccessary).<\/li>\n<li>Shortcuts for restricted access programs would be permissioned using a suitably named domain group.<\/li>\n<li>The program folders for the restricted programs would be secured using the same groups.<\/li>\n<li>Users logging onto the Citrix servers would get the shared start menu and desktop via redirected folders and loopback group policy processing.<\/li>\n<li>ABE (<a href=\"http:\/\/www.microsoft.com\/windowsserver2003\/techinfo\/overview\/abe.mspx\">Access Based Enumeration<\/a>) would be installed on the hosting machines and configured for the replica shares.<\/li>\n<\/ul>\n<p>One of the guys gave this a test and it worked.\u00a0 A user with restricted access only downloaded the shortcuts they should have had access to.\u00a0 I was expecting to see loads of USERENV errors in the application log on the server but there were none.\u00a0 It appears to work really nicely.\u00a0 I&#8217;m now wondering if we need ABE in this equation.\u00a0 We&#8217;ll see how it goes in future testing.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>My current client is in the process of deploying a new Windows 2003 Active Directory and a Citrix PS4 environment.\u00a0 Requirements for the Citrix environment are: They want to use mandatory profiles (if at all possible). They wish to use controlled start menus and desktops. They want to install all applications on each server. They &hellip; <a href=\"https:\/\/aidanfinn.com\/?p=8602\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Terminal Services, Profiles and ABE&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-8602","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"aioseo_notices":[],"jetpack_featured_media_url":"","amp_enabled":true,"_links":{"self":[{"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/posts\/8602","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=8602"}],"version-history":[{"count":0,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/posts\/8602\/revisions"}],"wp:attachment":[{"href":"https:\/\/aidanfinn.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=8602"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=8602"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=8602"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}