You want routing rather than NAT unless you have two seporate chunks using the same ip addresses and need to use double NAT and routing. Using seporate ip ranges and routing should be much simpler.
I have a fantastic diagram on how VLAN's work if you would like to see!
There is an update to this article in progress - as I now use NTLM as the users logon to the Thin PC as their own user, it still triggers the RDP, but then autologs in to the RDP.
It was just a standard limited account. Group policy locked out to prevent anything other than a "Cancel" box showing from a CTRL - ALT - DEL.
Using Shelly to replace the shell to use the script calling an RDP file (yes with the domain prefix included - as highlighted by other comments), prevents any access to the account itself. It has no desktop, user home folder, or even profile. All it is is a network access account, to allow calling of the RDP with the GPO for "ignore certificates" set.
Hi Pal, what restrictions did you place on the network account ?
Incidentally we get the user problem that edugeekdan outlined on our older CE4.0 terminals, not found a solution yet.
This isn't a comment. If I was commenting, I would be expressing how funny I found this.
Beautiful, thank you very much! I'll give that a shot with my thin-client machine hopefully today.
Originally Posted by simpsonj Do you have a link to the Shelly utility? Try this... @simpsonj www.insidetheregistry.com/content/authors/user177/file/shelly.zip
A co-worker of mine has previously added other staff here on FB (without worrying whether she can trust them or not) and one of them decided post comments and have a go at her.
Myself, I only add those I trust. Yes, the point about the BTRD is valid but if your a member of your SMT has to spend time looking for such places, then it makes you wonder why they're not doing their job.
Just out of interest this is a USER policy so placed in the student or staff OU.
How do you deal with different locations? e.g. In the library students need a different start menu to the ICT Suite.
Currently with have loopback processing enabled and a GP in the COMPUTER OU for that group?
Is there a better way? GPP ?
If you run the following command Code: Add-PSSnapin Quest.ActiveRoles.ADManagement -ErrorAction SilentlyContinue in a standard shell, you can then run the above Quest cmdlets
Add-PSSnapin Quest.ActiveRoles.ADManagement -ErrorAction SilentlyContinue
I'm going to ask probably what is a really stupid question, but I'm trying to improve our setup again (after several modifictions of other bit's you've posted).
I notice in the Top Screenshot you have 3 User Policy Settings, management, staff and Students.
What is the security filtering on the policies to make the changes to the different user groups? Does just removing all users and adding the Server and the relevent user group do that filtering?
(and not really relevent to this but might as well ask here - what difference does having the Run is User's secuirty context have? I've never ticked that on any of my printer deployments yet....)
Do you have a link to the Shelly utility? Looks like InsideTheRegistry has had an update, and I can't find the program as all links point to a dead page.
@Browolf - the latency you mention is the hazard of using a network path for the redirect. I actually use a local path - with some scripts that keep this up to date. I will do an updated copy of this post with the changes I actually use...
Interestingly, Apple's employees are trying to organise a union entirely for themselves.
Bah. Is there no such thing as free speech anymore?
Shameful, just shameful.
I recall being 11 years old and allowed to take a sip from my father's pint on holiday. It was vile! Things have changed a bit now but I didn't touch beer again until I was 18.
Fantastic work Dave. Great video too!
Check out KeePass Password Safe