[THIN] Re: IISLOCK and STA

You'll need to enable write permissions to the scripts directory.. The =
IIS Lockdown tool changes the default permissions to read-only.

-----Original Message-----
From: george.wasgatt@xxxxxxxxxxxx [mailto:george.wasgatt@xxxxxxxxxxxx]
Sent: Tuesday, October 08, 2002 11:52 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] IISLOCK and STA




I installed IISLOCK on my STA server and promptly broke STA.  I was not
surprised since I broke OWA that way last year.  I looked in the Thin =
Net
archives and found the following from Drazen Vidokovic.  Unchecking the
'Writing to Content Directories' in IISLOCK fixed the problem.  SO =
thanks
for the help.  I was curious about the article referenced as being 'on
Citrix user group'.  What's that and where can I find it.

--------------------------------------------------------
There is an article about that on Citrix user group from Edward R. Chu I
followed what he wrote and I have it working. After much =
experimentation, I
found the answer to my own question. Here it is for any readers. =
Assuming
that you have a dedicated STA server and don't want to use the IIS for =
any
other purpose, you need to run IISLockD and choose the following items:=20
1) Choose the "Other" template. This basically means custom.=20
2) Allow only the base web service.=20
3) Check ALL the script maps. STA doesn't appear to use ANY scripts at =
all.=20
4) In "Additional security" check everything except the Scripts virtual
directory (STA puts a config file and a .DLL in this folder) and =
"writing to
content directories" (I'm guessing STA needs to write its tickets to a
folder).
 5) You can install URLScan with all default settings. Like I said, STA
doesn't use any scripts so you can lock this down severely if you want.
Drazen=20

**********************************************
This weeks sponsor 99Point9.com
99Point9 helps solve your unresolved technical
server-based questions, issues and incidents.
http://www.99point9.com
***********************************************

For Archives, to Unsubscribe, Subscribe or=20
set Digest or Vacation mode use the below link.

http://thethin.net/citrixlist.cfm
**********************************************
This weeks sponsor 99Point9.com
99Point9 helps solve your unresolved technical
server-based questions, issues and incidents.
http://www.99point9.com
***********************************************

For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link.

http://thethin.net/citrixlist.cfm

Other related posts: