[THIN] Re: Citrix Lockdowns
- From: "Jay P. Moock" <jmoock@xxxxxxxxxxxxxxxxx>
- To: <thin@xxxxxxxxxxxxx>
- Date: Tue, 19 Dec 2006 07:34:33 -0500
For controlling drive mapping, you may be able to create a Citrix policy
that controls drive mapping and apply/deny it based on the client's IP.
Software Restriction Policies are incredibly powerful. Much better than
the "Don't run specified Windows applications" GPO and AppSec.
-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Angela Smith
Sent: Tuesday, December 19, 2006 7:28 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Citrix Lockdowns
Malcom
What MS policy settings do you use to catch the 95%??
We would prefer the users to use the Citrix client as they have it
installed and we have had issues with Java versions in the past.
If I created a new ICA connection, can I somehow direct external users
to use that ICA connection (perhaps via AD group membership). This
would allow me to have a more locked down configuration for external
users and internal users would be unaffected. Is this possible?
Thanks
>From: "Malcolm Bruton" <malcolm.bruton@xxxxxxxxxxxxxxxxxx>
>Reply-To: thin@xxxxxxxxxxxxx
>To: <thin@xxxxxxxxxxxxx>
>Subject: [THIN] Re: Citrix Lockdowns
>Date: Tue, 19 Dec 2006 04:29:14 -0500
>
>Easiest way would be to use the java clients only. Configure Web
>interface so the java client will not map local drives and disallow
copy and pasting.
>etc. You could change the ICA connection properties to do this but I
>would assume that you have internal users connecting to that same
>server so that is probably not an option.
>
>There are holes in bith citrix polices and MS policies. We use MS
>policies (mainly becuase we are on MF XP still) Using MS policies does
>allow you to get 95% of the easy stuff to be locked down. To get 100%
>you need to use a third party.
>
>________________________________
>
>From: thin-bounce@xxxxxxxxxxxxx on behalf of Angela Smith
>Sent: Tue 19/12/2006 04:08
>To: thin@xxxxxxxxxxxxx
>Subject: [THIN] Citrix Lockdowns
>
>
>
>Hi
>
>I am looking at locking down our Citrx farm for all Remote Users. I
>have 2 issues I was hoping to get some information on:
>
>1) Is there a way to restrict users from copying files in a citrix
>session to their local drives. Here is my scenario..
>
>A user will connect to our Citrix Presentation Server 4 farm using Web
>Interface. If they open Windows Explorer (on Citrix) they can right
>click a file on the corporate network, select copy then minimise the
>published application and can paste in their local Windows Explorer.
>These users have a Citrix client installed. The Web Interface is setup
>to use a Citrix Client with Java as fallback.
>
>2) Has anyone implemented a Software Restriction Policy on Citrix? Does
>it work or should I use the "Don't run specified Windows applications"
>GPO?? I want to restrict all executables except for Internet Explorer
>and MS Office apps. Whats the best way for me to do this?
>
>Thanks
>Angela
>
>_________________________________________________________________
>Advertisement: Fresh jobs daily. Stop waiting for the newspaper. Search
>Now!
>www.seek.com.au
>http://a.ninemsn.com.au/b.aspx?URL=http%3A%2F%2Fninemsn%2Eseek%2Ecom%2E
>au&_t=757263760&_r=Hotmail_EndText_Dec06&_m=EXT
>
>SBC SITES ONLY GOOGLE SEARCH: http://www.F1U.com <http://www.f1u.com/>
>************************************************
>For Archives, RSS, to Unsubscribe, Subscribe or set Digest or Vacation
>mode use the below link:
>//www.freelists.org/list/thin
>************************************************
>
>
><< winmail.dat >>
_________________________________________________________________
Advertisement: Mobiles, computers, handsets, iPODs and more!
http://a.ninemsn.com.au/b.aspx?URL=http%3A%2F%2Fwww%2Etradingpost%2Ecom%
2Eau%2Fsearch%2Fcat%5FPhones%5Fns%5FTrue%5Foff%5F0%5Fsect%5FAutomotive%5
Fsort%5FotRZSQ1BJDZfdRZSQSearchDisplayPriorityIndAVSCotRZSQ1BJDZfdRZSQFi
rstPublished%5Fsqt%5F2%5Fsrch%5Fmobile%2Bphones%5Fsrchtype%5Fint%5Fstate
%5F9%5Fstpg%5F1%5Fsubs%5FUsed%2BCars%5F%3Freferrer%3Dplacement13&_t=7595
68604&_r=Email_Tagline1&_m=EXT
SBC SITES ONLY GOOGLE SEARCH: http://www.F1U.com
************************************************
For Archives, RSS, to Unsubscribe, Subscribe or set Digest or Vacation
mode use the below link:
//www.freelists.org/list/thin
************************************************
SBC SITES ONLY GOOGLE SEARCH: http://www.F1U.com
************************************************
For Archives, RSS, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
//www.freelists.org/list/thin
************************************************
Other related posts:
