[THIN] Re: Citrix security question

• From: "PETERSON, DAVID" <DPETERSO@xxxxxxxxxxx>
• To: <thin@xxxxxxxxxxxxx>
• Date: Fri, 11 Feb 2005 09:49:47 -0500

It is recommended that you make some changes. This security bulletin
should help:

MS02-064

-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Jason Benway
Sent: Friday, February 11, 2005 9:01 AM
To: 'thin@xxxxxxxxxxxxx'
Subject: [THIN] Citrix security question

I just installed Citrix XP onto a Windows 2000 SP4 server.
I was looking at the ntfs file permissions and realized that the
everyone
group has full access to all the folders at the root. And the terminal
server users has modify access to the program files folder.

That just doesn't seem right. It seems like they could delete/overwrite
any
files they wanted or install any program that doesn't write to the
registry.

I've never looked at a fresh install before, I always assumed that since
all
my users are standard users, not power users or local admins, I'd be ok,
but
looking it this I'm not so sure.

Do any of you change the default security settings?

Thanks,jb
********************************************************
This Weeks Sponsor: ThinPrint, GmbH
Now available: .print Remote Desktop Printing Engine 
for Microsoft Terminal Services
http://www.thinprint.com/dotprint/index.php?s=682&lc=1
********************************************************** 
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
ThinWiki community - Excellent SBC Search Capabilities!
http://www.thinwiki.com
***********************************************************
For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm


NOTICE: This electronic mail transmission from the law firm of Dinsmore & Shohl 
may constitute an attorney-client communication that is privileged at law.  It 
is not intended for transmission to, or receipt by, any unauthorized persons. 
If you have received this electronic mail transmission in error, please delete 
it from your system without copying it, and notify the sender by reply e-mail, 
so that our address record can be corrected.

********************************************************
This Weeks Sponsor: ThinPrint, GmbH
Now available: .print Remote Desktop Printing Engine
for Microsoft Terminal Services
http://www.thinprint.com/dotprint/index.php?sh2&lc=1
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
ThinWiki community - Excellent SBC Search Capabilities!
http://www.thinwiki.com
***********************************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm

Other related posts:

• » [THIN] Citrix security question
• » [THIN] Re: Citrix security question
• » [THIN] Re: Citrix security question
• » [THIN] Re: Citrix security question
• » [THIN] Re: Citrix security question
• » [THIN] Re: Citrix security question
• » [THIN] Re: Citrix security question

1. Home
2. thin
3. Archive
4. 02-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---