[THIN] Re: Registry Key to deny internet access

Just to clarify - I wasn't thinking of ntfs permission, but by using the GPO
to block access to iexplore.exe: I should have said realy.

.pac file would be the best way - just remember the ctx article re: pac
files referenced with the file:// format -
http://support.citrix.com/article/CTX102407&searchID=30002963



-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
Of Jeremy Saunders
Sent: 21 September 2006 12:12
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Registry Key to deny internet access

Hi David,

You need to setup a proxy.pac file and leave IE set to "Automatic Detect
Settings". You also lock down the Connections tab so that no one has access
to it. The proxy.pac can control exactly what you want. It's the perfect
control mechanism. When someone tries to access the Internet, it can send
them to a "bogus" proxy server that is actually an IIS web site that will
display a page saying that "This workstation cannot access the Internet",
although you can still access all Intranet sites. I've just implemented this
for a client and am most of the way through writing a whitepaper on this, as
there is little information out there on how to do it correctly.
Can you wait a couple more days and I'll send it to you?

Cheers.
                                                                
 Kind regards,                                                  
                                                                
 Jeremy Saunders                                                
 Senior Technical Specialist                                    
                                                                
 Infrastructure Technology Services                             
 (ITS) & Cerulean                                               
 Global Technology Services (GTS)                               
 IBM Australia                                                  
 Level 2, 1060 Hay Street                                       
 West Perth  WA  6005                                           
                                                                
 Visit us at                                                    
 http://www.ibm.com/services/au/its                             
                                                                
 P:  +61 8 9261 8412                F:  +61 8 9261 8486         
 M:  TBA                            E-mail:                     
                                    jeremy.saunders@xxxxxxxxxxx 
                                                                
                                                                








                                                                           
             David                                                         
             <dmauri@xxxxxxxxx                                             
             >                                                          To 
             Sent by:                  thin@xxxxxxxxxxxxx                  
             thin-bounce@freel                                          cc 
             ists.org                                                      
                                                                   Subject 
                                       [THIN] Re: Registry Key to deny     
             21/09/2006 06:59          internet access                     
             PM                                                            
                                                                           
                                                                           
             Please respond to                                             
             thin@xxxxxxxxxxxx                                             
                     g                                                     
                                                                           
                                                                           




Andrew Wood escribió:
> You could either disable access to iexplore; or set the proxy to a 
> value that doesn't exist - then disallow the user from changing the value.
>

Yes, I did it.
But, some applications (our intranet) use Iexplore.exe....so the NTFS
permissions is not the best solution.
I would like to find this registry key and set the 'false' value in it....
I have found this key:
HKusers\....sid.....\Software\Microsoft\Windows\Currentversion\internet
setting
and the value:
Defaultconnectionsettings: Type Reg_binary

but I don't what is the value to change. If it's possible,of course.


************************************************
For Archives, RSS, to Unsubscribe, Subscribe or set Digest or Vacation mode
use the below link:
http://www.freelists.org/list/thin
************************************************


************************************************
For Archives, RSS, to Unsubscribe, Subscribe or set Digest or Vacation mode
use the below link:
http://www.freelists.org/list/thin
************************************************

************************************************
For Archives, RSS, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://www.freelists.org/list/thin
************************************************

Other related posts: