Jeff I wish it was that simple. It's not about Web browsing. It's about retricting which sites they can access that are internal when the users are external. We want to share servers between internal and external users. We want the internal users to be able to access all sites includng our internal web based apps. When the same user is external say in a web cafe we do not want them to be able to access our internal web sites. We can't do it via group membership so we must do via IP.... We curently split our servers so internal access is to one set and external is to another set with IE completly disabled. We could achive this by moving our servers into a DMZ and applting firewall restrictions but then we have to open up lots of ports in DMZ for Citrix server to work with our the management stuff. Less than ideal. Hoping we can use some form of IP restiction with IE blocking to achive this. Playing with PAC files but struggling. I get the feeling I am missing something really simple..... PS we are on XP FRE3 and hopefully moving to PS4 laster this year Malcolm -----Original Message----- From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Jeff Pitsch Sent: 25 January 2006 15:48 To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: Applying Restrictions Via IP Citrix policies can be applied by IP no problem. IE browsing would be best controlled through your firewall...hint hint Jeff Pitsch On 1/25/06, BRUTON, Malcolm, FM <Malcolm.BRUTON@xxxxxxxx <mailto:Malcolm.BRUTON@xxxxxxxx> > wrote: And I would like the same for something like IE. As in certain IP addresses can browse but others can't.... -----Original Message----- From: thin-bounce@xxxxxxxxxxxxx <mailto:thin-bounce@xxxxxxxxxxxxx> [mailto:thin-bounce@xxxxxxxxxxxxx <mailto:thin-bounce@xxxxxxxxxxxxx> ] On Behalf Of Russell Robertson Sent: 25 January 2006 13:32 To: thin@xxxxxxxxxxxxx <mailto:thin@xxxxxxxxxxxxx> Subject: [THIN] Applying Restrictions Via IP I'd like to switch on client drive mapping but only for some of our external users (using WI3.0/CSG2.0). The idea being that we trust some external sites but not all (e.g., web café would not be trusted). We thought we could do this via IP address, has anyone done this sort of thing before and could pass on advice? Thanks Russell Russell Robertson Skibo Technologies T: +44 (0)1224 355250 E: <mailto:russell.robertson@xxxxxxxxxx> russell.robertson@xxxxxxxxx W: <http://www.skibo.com/> www.skibo.com Microsoft Certified Partners Citrix Solutions Advisers Northern Business Star Awards Finalists 2005 **************************************************************************** ******* The Royal Bank of Scotland plc. Registered in Scotland No 90312. Registered Office: 36 St Andrew Square, Edinburgh EH2 2YB. Authorized and regulated by the Financial Services Authority This e-mail message is confidential and for use by the addressee only. If the message is received by anyone other than the addressee, please return the message to the sender by replying to it and then delete the message from your computer. Internet e-mails are not necessarily secure. The Royal Bank of Scotland plc does not accept responsibility for changes made to this message after it was sent. Whilst all reasonable care has been taken to avoid the transmission of viruses, it is the responsibility of the recipient to ensure that the onward transmission, opening or use of this message and any attachments will not adversely affect its systems or data. No responsibility is accepted by The Royal Bank of Scotland plc in this regard and the recipient should carry out such virus and other checks as it considers appropriate. Visit our websites at: http://www.rbos.com <http://www.rbos.com/> http://www.rbsmarkets.com <http://www.rbsmarkets.com/> **************************************************************************** ****