[THIN] Re: Windows Explorer on citrix
- From: Philip Walley <mythinlist@xxxxxxxxx>
- To: thin@xxxxxxxxxxxxx
- Date: Wed, 30 Aug 2006 08:08:45 -0500
IE, yea, use the prevent setting and they aren't getting in.
Jon D wrote:
But as far as internet explorer is concerned, it does obey these
registry keys, and so therefore should be safe?
On 8/29/06, *Carl Stalhood* <cstalhood@xxxxxxxxxxxxx
<mailto:cstalhood@xxxxxxxxxxxxx>> wrote:
Keep in mind that the policy settings are simply registry values.
A program
has to be written to read the registry values and perform the
requested
restrictions.
Explorer has been written to hide and prevent access to drives
when these
registry values are present. This extends to the common open/save
dialog
boxes.
Some programs offer other means of browsing drives and these policy
restrictions are usually ignored.
-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx <mailto:thin-bounce@xxxxxxxxxxxxx>
[mailto:thin-bounce@xxxxxxxxxxxxx
<mailto:thin-bounce@xxxxxxxxxxxxx>] On Behalf
Of Joe Shonk
Sent: Tuesday, August 29, 2006 4:53 PM
To: thin@xxxxxxxxxxxxx <mailto:thin@xxxxxxxxxxxxx>
Subject: [THIN] Re: Windows Explorer on citrix
You may want to reread the thread... Philip states there are 2
options...
One hides and one restricts access. You can even combine in some
cases.
Joe
-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx <mailto:thin-bounce@xxxxxxxxxxxxx>
[mailto: thin-bounce@xxxxxxxxxxxxx
<mailto:thin-bounce@xxxxxxxxxxxxx>] On Behalf
Of Rick Fogarty
Sent: Tuesday, August 29, 2006 2:47 PM
To: thin@xxxxxxxxxxxxx <mailto:thin@xxxxxxxxxxxxx>
Subject: [THIN] Re: Windows Explorer on citrix
IIRC, this just hides them, doesn't block access to them.
-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx <mailto:thin-bounce@xxxxxxxxxxxxx>
[mailto: thin-bounce@xxxxxxxxxxxxx
<mailto:thin-bounce@xxxxxxxxxxxxx>] On Behalf
Of Philip Walley
Sent: Tuesday, August 29, 2006 2:50 PM
To: thin@xxxxxxxxxxxxx <mailto:thin@xxxxxxxxxxxxx>
Subject: [THIN] Re: Windows Explorer on citrix
user configuration -> administrative templates -> windows
components ->
windows explorer
2 different options:
Hide these specified drives in My Computer
or
Prevent access to drives from My Computer
HBooGz wrote:
> out of curiosity, which GPO settings can be used to block access to
> the local drives ?
>
> On 8/29/06, *Jon D* <rekcahpmip@xxxxxxxxx
<mailto:rekcahpmip@xxxxxxxxx>
> <mailto:rekcahpmip@xxxxxxxxx <mailto:rekcahpmip@xxxxxxxxx>>> wrote:
>
> Yeah I have GPOs in place to block access to the local
drive, and
> I followed the MS TS best practice white papers. Is there
anything
> else?
>
>
>
> On 8/29/06, *Jeff Pitsch* <jepitsch@xxxxxxxxx
<mailto:jepitsch@xxxxxxxxx>
> <mailto:jepitsch@xxxxxxxxx <mailto:jepitsch@xxxxxxxxx>> > wrote:
>
> you must ALWAYS treat published applications as if you were
> publishing a desktop. Security by obscurity in TS is way to
> easy to get around.
>
>
> Jeff Pitsch
> Microsoft MVP - Terminal Server
>
> Forums not enough?
> Get support from the experts at your business
> http://jeffpitschconsulting.com
> <http://jeffpitschconsulting.com/>
>
>
>
>
> On 8/29/06, *Jon D* < rekcahpmip@xxxxxxxxx
<mailto:rekcahpmip@xxxxxxxxx>
> <mailto:rekcahpmip@xxxxxxxxx
<mailto:rekcahpmip@xxxxxxxxx>>> wrote:
>
> I'm thinking about publishing windows explorer on citrix
> via the internet explorer like this:
> "M:\Program Files\Internet Explorer\IEXPLORE.EXE" -e k:
>
> Can anyone think of any potential issues, or reasons why
> this would be a bad idea?
>
> I tried to access the M: drive on the server through
this
> app, and even with domain admin rights, it doesn't
seem to
> allow you to do it, so I feel somewhat safe in
regards to
> that.... Not sure if I should feel safe, or if theres a
> way around it.
>
>
>
> Thanks in advance,
> Jon
>
>
>
> .
>
>
>
>
>
>
>
> --
> HBooGz:\>
************************************************
For Archives, RSS, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://www.freelists.org/list/thin
************************************************
************************************************
For Archives, RSS, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://www.freelists.org/list/thin
************************************************
************************************************
For Archives, RSS, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://www.freelists.org/list/thin
************************************************
************************************************
For Archives, RSS, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://www.freelists.org/list/thin
<http://www.freelists.org/list/thin>
************************************************
************************************************
For Archives, RSS, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://www.freelists.org/list/thin
************************************************
- References:
- [THIN] Re: Windows Explorer on citrix
- From: Joe Shonk
- [THIN] Re: Windows Explorer on citrix
- From: Carl Stalhood
- [THIN] Re: Windows Explorer on citrix
- From: Jon D
Other related posts:
- » [THIN] Windows Explorer on citrix
- » [THIN] Re: Windows Explorer on citrix
- » [THIN] Re: Windows Explorer on citrix
- » [THIN] Re: Windows Explorer on citrix
- » [THIN] Re: Windows Explorer on citrix
- » [THIN] Re: Windows Explorer on citrix
- » [THIN] Re: Windows Explorer on citrix
- » [THIN] Re: Windows Explorer on citrix
- » [THIN] Re: Windows Explorer on citrix
- » [THIN] Re: Windows Explorer on citrix
- » [THIN] Re: Windows Explorer on citrix
- » [THIN] Re: Windows Explorer on citrix
- » [THIN] Re: Windows Explorer on citrix
- » [THIN] Re: Windows Explorer on citrix
On 8/29/06, *Carl Stalhood* <cstalhood@xxxxxxxxxxxxx <mailto:cstalhood@xxxxxxxxxxxxx>> wrote:
Keep in mind that the policy settings are simply registry values.
A program
has to be written to read the registry values and perform the
requested
restrictions. Explorer has been written to hide and prevent access to drives
when these
registry values are present. This extends to the common open/save
dialog
boxes. Some programs offer other means of browsing drives and these policy
restrictions are usually ignored. -----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx <mailto:thin-bounce@xxxxxxxxxxxxx>
[mailto:thin-bounce@xxxxxxxxxxxxx
<mailto:thin-bounce@xxxxxxxxxxxxx>] On Behalf
Of Joe Shonk
Sent: Tuesday, August 29, 2006 4:53 PM
To: thin@xxxxxxxxxxxxx <mailto:thin@xxxxxxxxxxxxx>
Subject: [THIN] Re: Windows Explorer on citrix You may want to reread the thread... Philip states there are 2
options...
One hides and one restricts access. You can even combine in some
cases.Joe
-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx <mailto:thin-bounce@xxxxxxxxxxxxx>
[mailto: thin-bounce@xxxxxxxxxxxxx
<mailto:thin-bounce@xxxxxxxxxxxxx>] On Behalf
Of Rick Fogarty
Sent: Tuesday, August 29, 2006 2:47 PM
To: thin@xxxxxxxxxxxxx <mailto:thin@xxxxxxxxxxxxx>
Subject: [THIN] Re: Windows Explorer on citrixIIRC, this just hides them, doesn't block access to them.
-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx <mailto:thin-bounce@xxxxxxxxxxxxx>
[mailto: thin-bounce@xxxxxxxxxxxxx
<mailto:thin-bounce@xxxxxxxxxxxxx>] On Behalf
Of Philip Walley
Sent: Tuesday, August 29, 2006 2:50 PM
To: thin@xxxxxxxxxxxxx <mailto:thin@xxxxxxxxxxxxx>
Subject: [THIN] Re: Windows Explorer on citrix user configuration -> administrative templates -> windows
components ->
windows explorer2 different options:
Hide these specified drives in My Computer
or
Prevent access to drives from My Computer HBooGz wrote:
> out of curiosity, which GPO settings can be used to block access to
> the local drives ?
>
> On 8/29/06, *Jon D* <rekcahpmip@xxxxxxxxx
<mailto:rekcahpmip@xxxxxxxxx>
> <mailto:rekcahpmip@xxxxxxxxx <mailto:rekcahpmip@xxxxxxxxx>>> wrote:
>
> Yeah I have GPOs in place to block access to the local
drive, and
> I followed the MS TS best practice white papers. Is there
anything
> else?
>
>
>
> On 8/29/06, *Jeff Pitsch* <jepitsch@xxxxxxxxx
<mailto:jepitsch@xxxxxxxxx>
> <mailto:jepitsch@xxxxxxxxx <mailto:jepitsch@xxxxxxxxx>> > wrote:
>
> you must ALWAYS treat published applications as if you were
> publishing a desktop. Security by obscurity in TS is way to
> easy to get around.
>
>
> Jeff Pitsch
> Microsoft MVP - Terminal Server
>
> Forums not enough?
> Get support from the experts at your business
> http://jeffpitschconsulting.com
> <http://jeffpitschconsulting.com/>
>
>
>
>
> On 8/29/06, *Jon D* < rekcahpmip@xxxxxxxxx
<mailto:rekcahpmip@xxxxxxxxx>
> <mailto:rekcahpmip@xxxxxxxxx
<mailto:rekcahpmip@xxxxxxxxx>>> wrote:
>
> I'm thinking about publishing windows explorer on citrix
> via the internet explorer like this:
> "M:\Program Files\Internet Explorer\IEXPLORE.EXE" -e k:
>
> Can anyone think of any potential issues, or reasons why
> this would be a bad idea?
>
> I tried to access the M: drive on the server through
this
> app, and even with domain admin rights, it doesn't
seem to
> allow you to do it, so I feel somewhat safe in
regards to
> that.... Not sure if I should feel safe, or if theres a
> way around it.
>
>
>
> Thanks in advance,
> Jon
>
>
>
> .
>
>
>
>
>
>
>
> --
> HBooGz:\>
************************************************
For Archives, RSS, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://www.freelists.org/list/thin
************************************************ ************************************************
For Archives, RSS, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://www.freelists.org/list/thin
************************************************ ************************************************
For Archives, RSS, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://www.freelists.org/list/thin
************************************************ ************************************************
For Archives, RSS, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://www.freelists.org/list/thin
<http://www.freelists.org/list/thin>
************************************************- [THIN] Re: Windows Explorer on citrix
- From: Joe Shonk
- [THIN] Re: Windows Explorer on citrix
- From: Carl Stalhood
- [THIN] Re: Windows Explorer on citrix
- From: Jon D