[THIN] Re: Registry Key to deny internet access

This method does not have those issues, as we are not setting an antomatic
configuration script within the browser itself, we are just telling the
browser to use DHCP and/or DNS to locate the proxy.pac (wpad.dat), which
makes it all automatic and seamless, and removes any such issues like this.

Cheers.

 Kind regards,

 Jeremy Saunders
 Senior Technical Specialist

 Infrastructure Technology Services
 (ITS) & Cerulean
 Global Technology Services (GTS)
 IBM Australia
 Level 2, 1060 Hay Street
 West Perth  WA  6005

 Visit us at
 http://www.ibm.com/services/au/its

 P:  +61 8 9261 8412                F:  +61 8 9261 8486
 M:  TBA                            E-mail:
                                    jeremy.saunders@xxxxxxxxxxx










                                                                       
             "Andrew Wood"                                             
             <andrew.wood@gilw                                         
             ood-cs.co.uk>                                              To
             Sent by:                  <thin@xxxxxxxxxxxxx>            
             thin-bounce@freel                                          cc
             ists.org                                                  
                                                                   Subject
                                       [THIN] Re: Registry Key to deny 
             21/09/2006 07:20          internet access                 
             PM                                                        
                                                                       
                                                                       
             Please respond to                                         
             thin@xxxxxxxxxxxx                                         
                     g                                                 
                                                                       
                                                                       




Just to clarify - I wasn't thinking of ntfs permission, but by using the
GPO
to block access to iexplore.exe: I should have said realy.

.pac file would be the best way - just remember the ctx article re: pac
files referenced with the file:// format -
http://support.citrix.com/article/CTX102407&searchID=30002963



-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf
Of Jeremy Saunders
Sent: 21 September 2006 12:12
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Registry Key to deny internet access

Hi David,

You need to setup a proxy.pac file and leave IE set to "Automatic Detect
Settings". You also lock down the Connections tab so that no one has access
to it. The proxy.pac can control exactly what you want. It's the perfect
control mechanism. When someone tries to access the Internet, it can send
them to a "bogus" proxy server that is actually an IIS web site that will
display a page saying that "This workstation cannot access the Internet",
although you can still access all Intranet sites. I've just implemented
this
for a client and am most of the way through writing a whitepaper on this,
as
there is little information out there on how to do it correctly.
Can you wait a couple more days and I'll send it to you?

Cheers.

 Kind regards,

 Jeremy Saunders
 Senior Technical Specialist

 Infrastructure Technology Services
 (ITS) & Cerulean
 Global Technology Services (GTS)
 IBM Australia
 Level 2, 1060 Hay Street
 West Perth  WA  6005

 Visit us at
 http://www.ibm.com/services/au/its

 P:  +61 8 9261 8412                F:  +61 8 9261 8486
 M:  TBA                            E-mail:
                                    jeremy.saunders@xxxxxxxxxxx











             David
             <dmauri@xxxxxxxxx
             >                                                          To
             Sent by:                  thin@xxxxxxxxxxxxx
             thin-bounce@freel                                          cc
             ists.org
                                                                   Subject
                                       [THIN] Re: Registry Key to deny
             21/09/2006 06:59          internet access
             PM


             Please respond to
             thin@xxxxxxxxxxxx
                     g






Andrew Wood escribió:
> You could either disable access to iexplore; or set the proxy to a
> value that doesn't exist - then disallow the user from changing the
value.
>

Yes, I did it.
But, some applications (our intranet) use Iexplore.exe....so the NTFS
permissions is not the best solution.
I would like to find this registry key and set the 'false' value in it....
I have found this key:
HKusers\....sid.....\Software\Microsoft\Windows\Currentversion\internet
setting
and the value:
Defaultconnectionsettings: Type Reg_binary

but I don't what is the value to change. If it's possible,of course.


************************************************
For Archives, RSS, to Unsubscribe, Subscribe or set Digest or Vacation mode
use the below link:
http://www.freelists.org/list/thin
************************************************


************************************************
For Archives, RSS, to Unsubscribe, Subscribe or set Digest or Vacation mode
use the below link:
http://www.freelists.org/list/thin
************************************************

************************************************
For Archives, RSS, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://www.freelists.org/list/thin
************************************************


************************************************
For Archives, RSS, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://www.freelists.org/list/thin
************************************************

Other related posts: