Can't you set policies to prevent the settings being deployed filtered by whether the user connects via Access Gateway? Sent from my (new!) BlackBerry, which may make me an antiques dealer, but it's reliable as hell for email delivery :-) -----Original Message----- From: Tom Sorenson <tsorenson99@xxxxxxxxx> Sender: thin-bounce@xxxxxxxxxxxxx Date: Thu, 24 Oct 2013 15:31:00 To: <thin@xxxxxxxxxxxxx> Reply-To: thin@xxxxxxxxxxxxx Subject: [THIN] Deny external users resources Hi List, I've asked a similar question previously, but my requirements from management have changed. I need to deny printing, drives, clipboard etc to external users. Here's my setup Netscaler 9.3 Web Interface 5.4 XenApp 6.5 I've considered creating a set of servers to service external connections with these capabilities turned off. I would hide other connections using the methods to hide apps and folders in WI. Management is unhappy with this solution. I've seen that this can be done with "Smart Access" but does this not imply using the netscaler ssl vpn plugin? I want to avoid using any additional clients if at all possible. Your wisdom and advice would be most appreciated. Thank you