[THIN] Re: Applying Restrictions Via IP
- From: "Guzzo, Mark A (Mark)" <guzzo@xxxxxxxxxx>
- To: "'thin@xxxxxxxxxxxxx'" <thin@xxxxxxxxxxxxx>
- Date: Thu, 26 Jan 2006 08:00:53 -0600
How about using the app ieblock? It was mentioned here some time ago and I used
it with great success at my last job. You should be able to find it here:
http://www.fgagne.com/arbo_ds.php?ModPath=Downloads&root_arbo=Downloads/Outils
HTH...
M a r k G u z z o
Utility Infrastructure Services
Citrix / VMware Administrator
Lucent Technologies
2601 Lucent Ln, Lisle, IL 60532-3640
RM:52N15
W/F:630.979.9731
-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of
Jeff Pitsch
Sent: Thursday, January 26, 2006 7:42 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Applying Restrictions Via IP
IE, while it has zone control, is not really designed for what you want to do.
that's why firewall's and proxy's were invented ;)
the problem you have is that you can't make any exceptions based on client IP
because the client IP will always be the terminal server. You could, I
suppose, do some fancy scripting that populates the restricted sites
dynamically when a user logs in. Otherwise, group policy own't help you. Your
best bet would be the either the scripting solution or possibly a 3rd party
solution (not sure which though since everything depends on client iP).
Jeff
On 1/26/06, BRUTON, Malcolm, FM <Malcolm.BRUTON@xxxxxxxx> wrote:
Jeff
I wish it was that simple. It's not about Web browsing. It's about
retricting which sites they can access that are internal when the users are
external.
We want to share servers between internal and external users. We want
the internal users to be able to access all sites includng our internal web
based apps. When the same user is external say in a web cafe we do not want
them to be able to access our internal web sites.
We can't do it via group membership so we must do via IP....
We curently split our servers so internal access is to one set and
external is to another set with IE completly disabled.
We could achive this by moving our servers into a DMZ and applting
firewall restrictions but then we have to open up lots of ports in DMZ for
Citrix server to work with our the management stuff. Less than ideal.
Hoping we can use some form of IP restiction with IE blocking to achive
this. Playing with PAC files but struggling.
I get the feeling I am missing something really simple.....
PS we are on XP FRE3 and hopefully moving to PS4 laster this year
Malcolm
-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx
<mailto:thin-bounce@xxxxxxxxxxxxx> [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Jeff Pitsch
Sent: 25 January 2006 15:48
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Applying Restrictions Via IP
Citrix policies can be applied by IP no problem.
IE browsing would be best controlled through your
firewall...hint hint
Jeff Pitsch
On 1/25/06, BRUTON, Malcolm, FM <Malcolm.BRUTON@xxxxxxxx >
wrote:
And I would like the same for something like IE. As in
certain IP addresses can browse but others can't....
-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx
<mailto:thin-bounce@xxxxxxxxxxxxx> [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Russell Robertson
Sent: 25 January 2006 13:32
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Applying Restrictions Via IP
I'd like to switch on client drive mapping but
only for some of our external users (using WI3.0/CSG2.0). The idea being that
we trust some external sites but not all (e.g., web café would not be
trusted).
We thought we could do this via IP address, has
anyone done this sort of thing before and could pass on advice?
Thanks
Russell
Russell Robertson
Skibo Technologies
T: +44 (0)1224 355250
E: russell.robertson@xxxxxxxxx
<mailto:russell.robertson@xxxxxxxxxx>
W: www.skibo.com <http://www.skibo.com/>
Microsoft Certified Partners
Citrix Solutions Advisers
Northern Business Star Awards Finalists 2005
***********************************************************************************
The Royal Bank of Scotland plc. Registered in Scotland
No 90312. Registered Office: 36 St Andrew Square, Edinburgh EH2 2YB.
Authorized and regulated by the Financial Services
Authority
This e-mail message is confidential and for use by the
addressee only. If the message is received by anyone
other
than the addressee, please return the message to the
sender
by replying to it and then delete the message from your
computer. Internet e-mails are not necessarily secure.
The
Royal Bank of Scotland plc does not accept
responsibility for
changes made to this message after it was sent.
Whilst all reasonable care has been taken to avoid the
transmission of viruses, it is the responsibility of
the recipient to
ensure that the onward transmission, opening or use of
this
message and any attachments will not adversely affect
its
systems or data. No responsibility is accepted by The
Royal
Bank of Scotland plc in this regard and the recipient
should carry
out such virus and other checks as it considers
appropriate.
Visit our websites at:
http://www.rbos.com <http://www.rbos.com/>
http://www.rbsmarkets.com <http://www.rbsmarkets.com/>
********************************************************************************
************************************************
For Archives, RSS, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
//www.freelists.org/list/thin
************************************************
Other related posts:
