Scenario: Using a network access role to edit group policies

The steps in this section illustrate a specific scenario of how to configure and use a desktop right and a network access right that allows the user Josh.Adams to log on with his normal Active Directory credentials, open an application that enables him to edit group policies, then connect to a domain controller with administrative privileges so that he can edit a Group Policy Object.

1. Install the Centrify Agent for Windows on the domain controller.
2. Install the Centrify Agent for Windows on a Windows computer that hosts the Group Policy Management console that the Josh.Adams uses to access the domain controller remotely.
3. Assign Josh.Adams the predefined Windows Login role and the custom role definition gpedit that includes a desktop right and a network access right.
4. Josh Adams logs on to his Windows computer using his Active Directory user name and password.

   To use a role with network access rights, you cannot log on using a local user account. You must use a domain user account authenticated using Active Directory.

5. On his local computer, Josh right-clicks the Centrify icon in the system tray section of the task bar, then selects New Desktop.

6. In his list of available roles, Josh selects his gpedit role, then clicks OK.

7. Josh opens the Group Policy Management console on his local computer, connects to the domain controller in the console, then selects the default domain policy Group Policy Object.

8. Josh right-clicks the default domain policy, then selects Edit to modify the group policy.

9. When he is done working with the group policies, he switches back to his default desktop.