[THIN] Re: Citrix security question

  • From: "Braebaum, Neil" <Neil.Braebaum@xxxxxxxxxxxxxxxxx>
  • To: <thin@xxxxxxxxxxxxx>
  • Date: Mon, 14 Feb 2005 09:47:54 -0000

> -----Original Message-----
> From: thin-bounce@xxxxxxxxxxxxx 
> [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Jason Benway
> Sent: 11 February 2005 14:01
> To: 'thin@xxxxxxxxxxxxx'
> Subject: [THIN] Citrix security question
> I just installed Citrix XP onto a Windows 2000 SP4 server.
> I was looking at the ntfs file permissions and realized that 
> the everyone group has full access to all the folders at the 
> root. And the terminal server users has modify access to the 
> program files folder.
> That just doesn't seem right.

Damn straight.

> It seems like they could 
> delete/overwrite any files they wanted or install any program 
> that doesn't write to the registry.

And how...

> I've never looked at a fresh install before, I always assumed 
> that since all my users are standard users, not power users 
> or local admins, I'd be ok, but looking it this I'm not so sure.
> Do any of you change the default security settings?

Hell yes.

Read-only for everything locally on terminal servers unless you want
headaches later.


This e-mail and its attachments are confidential and are intended for the above 
named recipient only. If this has come to you in error, please notify the 
sender immediately and delete this e-mail from your system. You must take no 
action based on this, nor must you copy or disclose it or any part of its 
contents to any person or organisation. Statements and opinions contained in 
this email may not necessarily represent those of Littlewoods. Please note that 
e-mail communications may be monitored. The registered office of Littlewoods 
Limited and it's subsidiaries is 100 Old Hall Street, Liverpool, L70 1AB. 
Registered number of Littlewoods Limited is 262152.

This message has been scanned for viruses by BlackSpider MailControl - 
This Weeks Sponsor: ThinPrint, GmbH
Now available: .print Remote Desktop Printing Engine
for Microsoft Terminal Services
Useful Thin Client Computing Links are available at:
ThinWiki community - Excellent SBC Search Capabilities!
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:

Other related posts: