[THIN] Re: IISLOCK and STA
- From: "Joe Shonk" <JShonk@xxxxxxxxxxxxxx>
- To: <thin@xxxxxxxxxxxxx>
- Date: Tue, 8 Oct 2002 12:27:21 -0700
You'll need to enable write permissions to the scripts directory.. The =
IIS Lockdown tool changes the default permissions to read-only.
-----Original Message-----
From: george.wasgatt@xxxxxxxxxxxx [mailto:george.wasgatt@xxxxxxxxxxxx]
Sent: Tuesday, October 08, 2002 11:52 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] IISLOCK and STA
I installed IISLOCK on my STA server and promptly broke STA. I was not
surprised since I broke OWA that way last year. I looked in the Thin =
Net
archives and found the following from Drazen Vidokovic. Unchecking the
'Writing to Content Directories' in IISLOCK fixed the problem. SO =
thanks
for the help. I was curious about the article referenced as being 'on
Citrix user group'. What's that and where can I find it.
--------------------------------------------------------
There is an article about that on Citrix user group from Edward R. Chu I
followed what he wrote and I have it working. After much =
experimentation, I
found the answer to my own question. Here it is for any readers. =
Assuming
that you have a dedicated STA server and don't want to use the IIS for =
any
other purpose, you need to run IISLockD and choose the following items:=20
1) Choose the "Other" template. This basically means custom.=20
2) Allow only the base web service.=20
3) Check ALL the script maps. STA doesn't appear to use ANY scripts at =
all.=20
4) In "Additional security" check everything except the Scripts virtual
directory (STA puts a config file and a .DLL in this folder) and =
"writing to
content directories" (I'm guessing STA needs to write its tickets to a
folder).
5) You can install URLScan with all default settings. Like I said, STA
doesn't use any scripts so you can lock this down severely if you want.
Drazen=20
**********************************************
This weeks sponsor 99Point9.com
99Point9 helps solve your unresolved technical
server-based questions, issues and incidents.
http://www.99point9.com
***********************************************
For Archives, to Unsubscribe, Subscribe or=20
set Digest or Vacation mode use the below link.
http://thethin.net/citrixlist.cfm
**********************************************
This weeks sponsor 99Point9.com
99Point9 helps solve your unresolved technical
server-based questions, issues and incidents.
http://www.99point9.com
***********************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link.
http://thethin.net/citrixlist.cfm
Other related posts:
