If you don't do anything to actively prevent software from being
installed, they may be able to install some software - not all software
installations require elevated *rights* - merely conducive permissions.
Neil
-----Original Message-----
From: Lutz, Ken [mailto:KLUTZ@xxxxxxxxxxxxxxxxx]
Sent: 15 December 2003 20:14
To: 'thin@xxxxxxxxxxxxx'
Subject: [THIN] Re: Yahoo messenger
Thanks Greg. I'm beginning to think that I need to leave the
empty folder and put security on it like you said. What bothers me most
is that I thought that a general user couldn't install software, yet
this did with Yahoo messenger.
Ken ...
-----Original Message-----
From: Greg Reese [mailto:GReese@xxxxxxxxxxxxxxxx]
Sent: Monday, December 15, 2003 11:51 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Yahoo messenger
if it installs to a folder or reg key, just leave the
structure there but empty and set the security to it to no access.
Disable the stuff in IE for loading Active x controls.
This can lead to other problems though. Use it cautiously.
I have had it sneak on my servers from time to time. I
don't think it does any damage.
Greg
-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx
[mailto:thin-bounce@xxxxxxxxxxxxx]On Behalf Of Lutz, Ken
Sent: Monday, December 15, 2003 2:06 PM
To: 'thin@xxxxxxxxxxxxx'
Subject: [THIN] Re: Yahoo messenger
That will block the site, but how do I set up my
Citrix servers so that the users can't install software, yet have the
level of access they need to Program Files?
I always thought that basic users couldn't
install software.
Ken ...
-----Original Message-----
From: Jim Kenzig http://thethin.net
[mailto:jimkenz@xxxxxxxxxxxxxx]
Sent: Monday, December 15, 2003 10:58 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Yahoo messenger
Point all of the yahoo messenger servers
to 127.0.0.1 in your hosts file or dns.
JK
-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx
[mailto:thin-bounce@xxxxxxxxxxxxx]On Behalf Of Lutz, Ken
Sent: Monday, December 15, 2003 1:27 PM
To: Thin - List (thin@xxxxxxxxxxxxx)
Subject: [THIN] Yahoo messenger
I just found Yahoo messenger on one of
my Citrix servers. I thought that I had the server locked down tight
enough that users couldn't install their own software. None of my users
have any elevated rights. They are not power users. It looks like one
user loaded the software, and then another was able to access it. What
is the best way to lock this down so that my users can't install any
software? Do I need to remove the Creator Owner setting from the ACL
for the Program Files folder to keep users from installing software?
How are others preventing the loading of software by users?
I install the software that I want
loaded, and I install as an administrator.
Windows 2000 SP3 MetaFrame FR2/SP2 in a
Windows 2000 AD domain.
***********************************************
This e-mail and its attachments are confidential
and are intended for the above named recipient
only. If this has come to you in error, please
notify the sender immediately and delete this
e-mail from your system.
You must take no action based on this, nor must
you copy or disclose it or any part of its contents
to any person or organisation.
Statements and opinions contained in this email may
not necessarily represent those of Littlewoods.
Please note that e-mail communications may be monitored.
The registered office of Littlewoods Limited and its
subsidiaries is 100 Old Hall Street, Liverpool, L70 1AB.
Registered number of Littlewoods Limited is 262152.
************************************************