Re: Creating different policies for same user on different computers

SP,

Thanks for writing.
The best way to achieve your goals is to use Loopback Group Policy
Processing.

The way that Loopback works is that any user that logs onto that computer,
would get the user policy defined for that computer if Loopback is turned
on. This would allow for you to have multiple terminal servers, and
policies for each, so that when userA logs into serverA, they get one set of
user policy definitions, and when they log into serverB, they get yet a
different set.

Not knowing your specific environment, I cannot provide specifics on how to
structure your OU's and or policies, but Loopback is definately your answer
to the issue you posed.

Hope this helps!

--
Gary J. Griffin, MSCE/MCSE
Enterprise Platform Support
Directory Services, Microsoft Corporation




"Shadowplay" <edsmit1@yahoo.com> wrote in message
news:d2d00e0.0308130914.5df8ca6a@posting.google.com...
> I have a network that uses Citrix to gain access to a few select
> applications. We are very aware of some of the security holes within
> Citrix such as being able to gain access to the command line on the
> Metaframe server from the client. In order to remedy this we would
> like to shut down all access to taskmgr.exe to all users who access
> Citrix. The problem is in our LDAP structure all users belong to the
> same OU. So if we create polices for the entire group it would screw
> up features for users when they aren't using Citrix and are just
> trying to log in to our regular network through their client. I have
> heard of a feature within AD that allows you to set so called rules so
> that if a user accesses computer A, this set of policies applies and
> if the user accesses computer B then a different set of policiies
> would apply. Does anyone know how I could solve this problem? We are
> using Windows 2000 as our Network.
>
> I'm just beginning to learn Active Directory so if I'm speaking in
> gibberish, I apologize
>
>
> ~SP