Yeah, that's why you have to have something like AppSec, or someone can email themselves CMD.EXE from NT4 and get a command prompt. NT4's CMD.EXE doesn't respect the registry setting because it didn't exist when NT4 was written. JD > -----Original Message----- > From: thin-bounce@xxxxxxxxxxxxx > [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Euan Cooper > Sent: Wednesday, 25 February 2004 9:44 a.m. > To: 'thin@xxxxxxxxxxxxx' > Subject: [THIN] Re: Darn Command Prompt - was Re: Restrict > Drive Access > > Even more interesting! - Jeff you are quite right - NT4 > version of CMD.EXE DOES let users get to a command prompt - > FWIW the W2k version of command.com also allows users access > to a commmand prompt. > > > > > -----Original Message----- > From: Jeff Durbin [mailto:techlists@xxxxxxxxxxxxx] > Sent: Wednesday, 25 February 2004 8:42 a.m. > To: thin@xxxxxxxxxxxxx > Subject: [THIN] Re: Darn Command Prompt - was Re: Restrict > Drive Access > > > Nope. Although, I can tell you that they're putting CMD.EXE > from NT 4 (I assume you're running Win2K) because Win2K's > CMD.EXE respects the registry setting and refuses to run. Add > AppSec to the mix and you're set. > > JD > > > -----Original Message----- > > From: thin-bounce@xxxxxxxxxxxxx > > [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Seitz, Linden > > Sent: Wednesday, 25 February 2004 8:33 a.m. > > To: 'thin@xxxxxxxxxxxxx' > > Subject: [THIN] Darn Command Prompt - was Re: Restrict Drive Access > > > > I have the following registry key > > (HKCU\Software\Policies\Microsoft\Windows\System\DisableCMD = > > 2) set to "try" to disable a user's ability to open and run the > > command prompt. The scenario I can't get past is if a user > places a > > copy of cmd.exe in their personal directory and run it from > a Citrix > > session. The command prompt runs and the user is able to > circumvent > > my Hide Drives and Prevent Drive Access settings. Is there > any way to > > avoid this from happening other than using Appsec or other add-ons? > > > > -----Original Message----- > > From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx]On > > Behalf Of Jeff Durbin > > Sent: Tuesday, February 24, 2004 12:27 PM > > To: thin@xxxxxxxxxxxxx > > Subject: [THIN] Re: Restrict Drive Access > > > > > > Have used it at virtually every client that had Citrix or Terminal > > Services. > > It does prevent access to drives, which can be a problem > for your app. > > I've never seen a major problem as a result of using it. > > > > JD > > > > > -----Original Message----- > > > From: thin-bounce@xxxxxxxxxxxxx > > > [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Seitz, Linden > > > Sent: Wednesday, 25 February 2004 3:53 a.m. > > > To: Thin@Freelists. Org (E-mail) > > > Subject: [THIN] Restrict Drive Access > > > > > > Anyone using the "Prevent access to drives in My Computer" > > in security > > > policy or .adm files in addition to hiding the drives? I > > would like > > > to know if this setting "could" cause any file access > problems if I > > > enable it on my OS and Application partitions. Thanks! > > > ******************************************************** > > > This weeks sponsor triCerat Inc. > > > triCerat makes your job easier by offering essential > > applications to > > > eliminate your printing, policy and profile, and your application > > > management problems. > > > http://www.triCerat.com > > > ********************************************************** > > > Useful Thin Client Computing Links are available at: > > > http://thin.net/links.cfm > > > *********************************************************** > > > For Archives, to Unsubscribe, Subscribe or set Digest or > > Vacation mode > > > use the below link: > > > http://thin.net/citrixlist.cfm > > > > > > > ******************************************************** > > This weeks sponsor triCerat Inc. > > triCerat makes your job easier by offering essential > applications to > > eliminate your printing, policy and profile, and your application > > management problems. > > http://www.triCerat.com > > ********************************************************** > > Useful Thin Client Computing Links are available at: > > http://thin.net/links.cfm > > *********************************************************** > > For Archives, to Unsubscribe, Subscribe or set Digest or > Vacation mode > > use the below link: > > http://thin.net/citrixlist.cfm > > ******************************************************** > > This weeks sponsor triCerat Inc. > > triCerat makes your job easier by offering essential > applications to > > eliminate your printing, policy and profile, and your application > > management problems. > > http://www.triCerat.com > > ********************************************************** > > Useful Thin Client Computing Links are available at: > > http://thin.net/links.cfm > > *********************************************************** > > For Archives, to Unsubscribe, Subscribe or set Digest or > Vacation mode > > use the below link: > > http://thin.net/citrixlist.cfm > > > > ******************************************************** > This weeks sponsor triCerat Inc. > triCerat makes your job easier by offering essential > applications to eliminate your printing, policy and profile, > and your application management problems. > http://www.triCerat.com > ********************************************************** > Useful Thin Client Computing Links are available at: > http://thin.net/links.cfm > *********************************************************** > For Archives, to Unsubscribe, Subscribe or set Digest or > Vacation mode use the below link: > http://thin.net/citrixlist.cfm > ******************************************************** > This weeks sponsor triCerat Inc. > triCerat makes your job easier by offering essential > applications to eliminate your printing, policy and profile, > and your application management problems. > http://www.triCerat.com > ********************************************************** > Useful Thin Client Computing Links are available at: > http://thin.net/links.cfm > *********************************************************** > For Archives, to Unsubscribe, Subscribe or set Digest or > Vacation mode use the below link: > http://thin.net/citrixlist.cfm > ******************************************************** This weeks sponsor triCerat Inc. triCerat makes your job easier by offering essential applications to eliminate your printing, policy and profile, and your application management problems. http://www.triCerat.com ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm