Blog Comments

  1. SYNACK's Avatar
    • |
    • permalink
    You want routing rather than NAT unless you have two seporate chunks using the same ip addresses and need to use double NAT and routing. Using seporate ip ranges and routing should be much simpler.
  2. JJanisch's Avatar
    • |
    • permalink
    I have a fantastic diagram on how VLAN's work if you would like to see!
  3. TheScarfedOne's Avatar
    • |
    • permalink
    There is an update to this article in progress - as I now use NTLM as the users logon to the Thin PC as their own user, it still triggers the RDP, but then autologs in to the RDP.
  4. TheScarfedOne's Avatar
    • |
    • permalink
    It was just a standard limited account. Group policy locked out to prevent anything other than a "Cancel" box showing from a CTRL - ALT - DEL.

    Using Shelly to replace the shell to use the script calling an RDP file (yes with the domain prefix included - as highlighted by other comments), prevents any access to the account itself. It has no desktop, user home folder, or even profile. All it is is a network access account, to allow calling of the RDP with the GPO for "ignore certificates" set.
  5. SwedishChef's Avatar
    • |
    • permalink
    Hi Pal, what restrictions did you place on the network account ?

    Incidentally we get the user problem that edugeekdan outlined on our older CE4.0 terminals, not found a solution yet.
  6. X-13's Avatar
    • |
    • permalink
    This isn't a comment. If I was commenting, I would be expressing how funny I found this.
  7. simpsonj's Avatar
    • |
    • permalink
    Beautiful, thank you very much! I'll give that a shot with my thin-client machine hopefully today.
  8. Arthur's Avatar
    • |
    • permalink
    Quote Originally Posted by simpsonj
    Do you have a link to the Shelly utility?
    Try this... @simpsonj

    www.insidetheregistry.com/content/authors/user177/file/shelly.zip
  9. DAZZD88's Avatar
    • |
    • permalink
    A co-worker of mine has previously added other staff here on FB (without worrying whether she can trust them or not) and one of them decided post comments and have a go at her.

    Myself, I only add those I trust. Yes, the point about the BTRD is valid but if your a member of your SMT has to spend time looking for such places, then it makes you wonder why they're not doing their job.
  10. burgemaster's Avatar
    • |
    • permalink
    Just out of interest this is a USER policy so placed in the student or staff OU.
    How do you deal with different locations? e.g. In the library students need a different start menu to the ICT Suite.

    Currently with have loopback processing enabled and a GP in the COMPUTER OU for that group?
    Is there a better way? GPP ?
  11. Cache's Avatar
    • |
    • permalink
  12. RabbieBurns's Avatar
    • |
    • permalink
    If you run the following command

    Code:
    Add-PSSnapin Quest.ActiveRoles.ADManagement -ErrorAction SilentlyContinue
    in a standard shell, you can then run the above Quest cmdlets
  13. Cache's Avatar
    • |
    • permalink
    I'm going to ask probably what is a really stupid question, but I'm trying to improve our setup again (after several modifictions of other bit's you've posted).

    I notice in the Top Screenshot you have 3 User Policy Settings, management, staff and Students.

    What is the security filtering on the policies to make the changes to the different user groups? Does just removing all users and adding the Server and the relevent user group do that filtering?

    (and not really relevent to this but might as well ask here - what difference does having the Run is User's secuirty context have? I've never ticked that on any of my printer deployments yet....)
  14. simpsonj's Avatar
    • |
    • permalink
    Do you have a link to the Shelly utility? Looks like InsideTheRegistry has had an update, and I can't find the program as all links point to a dead page.
  15. TheScarfedOne's Avatar
    • |
    • permalink
    @Browolf - the latency you mention is the hazard of using a network path for the redirect. I actually use a local path - with some scripts that keep this up to date. I will do an updated copy of this post with the changes I actually use...
    Updated 15th November 2011 at 02:14 PM by TheScarfedOne
  16. CAM's Avatar
    • |
    • permalink
    Unfortunately so.

    Interestingly, Apple's employees are trying to organise a union entirely for themselves.
  17. X-13's Avatar
    • |
    • permalink
    Bah. Is there no such thing as free speech anymore?

    Shameful, just shameful.
  18. CAM's Avatar
    • |
    • permalink
    I recall being 11 years old and allowed to take a sip from my father's pint on holiday. It was vile! Things have changed a bit now but I didn't touch beer again until I was 18.
    Updated 5th November 2011 at 12:46 PM by CAM (Typo-swatting)
  19. Butuz's Avatar
    • |
    • permalink
    Fantastic work Dave. Great video too!

    Butuz
  20. waynewaynegoaway's Avatar
    • |
    • permalink