No WI box involved. From a Juniper session you can connect direct to published apps. Once you are inside running say word using a Hyperlink you can open IE. Using that IE session you are on the LAN. If all traffic does not go via proxy (as is case now) user can run whatever internal web apps they want (which is what we are trying to restrict). The internal users and external users can be the same user with the same ID. We just want then to be able to use IE internally with any web app but use the same servers. We know the IP address will be different if they are external and they use the Java client. That's about it. Using clever IP based scripting would help but the way we currently disable IE is using NTFS permissions to deny. Reg Hacking to disable IE.....Hmmmmnnnnn...And have to put it back for internal users.....Ugly.... Malcolm -----Original Message----- From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Andrew Wood Sent: 02 November 2005 14:46 To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: IE lockdown Secondary proxy server for 'external users' - on login, check the client name - if it begins WI change their proxy server settings? _____ From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of BRUTON, Malcolm, FM Sent: 02 November 2005 14:23 To: 'thin@xxxxxxxxxxxxx' Subject: [THIN] IE lockdown Guys Have a bunch of office servers which we wish to give access to external users using Juniper. Essentially we just publish applications and users can connect to a defined set of published apps via Juniper bookmarks. They can then run there apps just like in the office. However we need to restrict what they can do with IE. For instance. We don't mind them surfing the internet but we need to be able to restrict the ability to run any internal web based applications. We want to be able to control what content with IE they can get to when they are external. However we would also like internal and external users to share the same servers. Suggestion on how we do this? My guess is we could do some complex login scripting to detect what their IP address is or something like that. The user ID is the same both internal and external and AD groups will be the same. Any easy suggestions rather than silo the boxes? Malcolm **************************************************************************** ******* The Royal Bank of Scotland plc. Registered in Scotland No 90312. Registered Office: 36 St Andrew Square, Edinburgh EH2 2YB. Authorised and regulated by the Financial Services Authority This e-mail message is confidential and for use by the addressee only. If the message is received by anyone other than the addressee, please return the message to the sender by replying to it and then delete the message from your computer. Internet e-mails are not necessarily secure. The Royal Bank of Scotland plc does not accept responsibility for changes made to this message after it was sent. Whilst all reasonable care has been taken to avoid the transmission of viruses, it is the responsibility of the recipient to ensure that the onward transmission, opening or use of this message and any attachments will not adversely affect its systems or data. No responsibility is accepted by The Royal Bank of Scotland plc in this regard and the recipient should carry out such virus and other checks as it considers appropriate. Visit our websites at: http://www.rbs.co.uk/CBFM http://www.rbsmarkets.com **************************************************************************** **** *********************************************************************************** The Royal Bank of Scotland plc. Registered in Scotland No 90312. Registered Office: 36 St Andrew Square, Edinburgh EH2 2YB. Authorised and regulated by the Financial Services Authority This e-mail message is confidential and for use by the addressee only. If the message is received by anyone other than the addressee, please return the message to the sender by replying to it and then delete the message from your computer. Internet e-mails are not necessarily secure. The Royal Bank of Scotland plc does not accept responsibility for changes made to this message after it was sent. Whilst all reasonable care has been taken to avoid the transmission of viruses, it is the responsibility of the recipient to ensure that the onward transmission, opening or use of this message and any attachments will not adversely affect its systems or data. No responsibility is accepted by The Royal Bank of Scotland plc in this regard and the recipient should carry out such virus and other checks as it considers appropriate. Visit our websites at: http://www.rbs.co.uk/CBFM http://www.rbsmarkets.com ********************************************************************************