I thought AAC would allow you to do clever checks on the endpoint - I didn't realise it'd be able to modify functionality within an individual published application? The way I was thinking of would be to redirect your users to different citrix servers based on their source location. The sensitive users would be directed to servers with an lmhosts file that 'blocked' the UNC by overriding the source name's IP resolution. messy mind. _____ From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Jeff Pitsch Sent: 06 September 2006 18:41 To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: UNC Blocking with external access only The only way that I'm aware of to control that type of access through Presetnation Server is using AAC. You can then use the filters within AAC on your published applications. Jeff Pitsch Microsoft MVP - Terminal Server Provision Networks VIP Forums not enough? Get support from the experts at your business http://jeffpitschconsulting.com <http://jeffpitschconsulting.com/> On 9/6/06, BRUTON, Malcolm, GBM <Malcolm.BRUTON@xxxxxxxx> wrote: I asumme this is if you are publishing folders on Juniper? We publish Citrix apps on Juniper only....So the control really needs to be within the citrix session. Further ideas? -----Original Message----- From: thin-bounce@xxxxxxxxxxxxx [mailto: <mailto:thin-bounce@xxxxxxxxxxxxx> thin-bounce@xxxxxxxxxxxxx] On Behalf Of Andrew Wood Sent: 06 September 2006 14:07 To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: UNC Blocking with external access only A Juniper device'll let you do it as well won't it? You can allow unc access and then define roles that would allow access to those resources. You could either allow full network browse access - or publish the folder themselves iirc. _____ From: thin-bounce@xxxxxxxxxxxxx [mailto: <mailto:thin-bounce@xxxxxxxxxxxxx> thin-bounce@xxxxxxxxxxxxx] On Behalf Of BRUTON, Malcolm, GBM Sent: 06 September 2006 13:51 To: ' <mailto:thin@xxxxxxxxxxxxx> thin@xxxxxxxxxxxxx' Subject: [THIN] UNC Blocking with external access only All We are after a product that will allow us block sensitive unc's for users. This of course needs to differ depending on if the user is internal or external. When they are external they connect to Citrix via Juniper. When they are internal they use either normal desktops or Citrix. I believe by using CAG with AAC we can do this. Can anybody suggest any other software\hardware\methods that we could to achieve this? Malcolm **************************************************************************** ******* The Royal Bank of Scotland plc. Registered in Scotland No 90312. Registered Office: 36 St Andrew Square, Edinburgh EH2 2YB. Authorised and regulated by the Financial Services Authority This e-mail message is confidential and for use by the addressee only. If the message is received by anyone other than the addressee, please return the message to the sender by replying to it and then delete the message from your computer. Internet e-mails are not necessarily secure. The Royal Bank of Scotland plc does not accept responsibility for changes made to this message after it was sent. Whilst all reasonable care has been taken to avoid the transmission of viruses, it is the responsibility of the recipient to ensure that the onward transmission, opening or use of this message and any attachments will not adversely affect its systems or data. No responsibility is accepted by The Royal Bank of Scotland plc in this regard and the recipient should carry out such virus and other checks as it considers appropriate. Visit our websites at: http://www.rbos.com <http://www.rbos.com/> http://www.rbsmarkets.com <http://www.rbsmarkets.com/> **************************************************************************** *******