[THIN] Re: IE lockdown

• From: "BRUTON, Malcolm, FM" <Malcolm.BRUTON@xxxxxxxx>
• To: "'thin@xxxxxxxxxxxxx'" <thin@xxxxxxxxxxxxx>
• Date: Wed, 2 Nov 2005 15:24:37 -0000

No WI box involved.  From a Juniper session you can connect direct to
published apps.  Once you are inside running say word using a Hyperlink you
can open IE.  Using that IE session you are on the LAN.  If all traffic does
not go via proxy (as is case now) user can run whatever internal web apps
they want (which is what we are trying to restrict).  The internal users and
external users can be the same user with the same ID.  We just want then to
be able to use IE internally with any web app but use the same servers.  We
know the IP address will be different if they are external and they use the
Java client.  That's about it.  Using clever IP based scripting would help
but the way we currently disable IE is using NTFS permissions to deny.  Reg
Hacking to disable IE.....Hmmmmnnnnn...And have to put it back for internal
users.....Ugly....
 
Malcolm

-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
Of Andrew Wood
Sent: 02 November 2005 14:46
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: IE lockdown


Secondary proxy server for 'external users' - on login, check the client
name - if it begins WI change their proxy server settings?

  _____  

From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
Of BRUTON, Malcolm, FM
Sent: 02 November 2005 14:23
To: 'thin@xxxxxxxxxxxxx'
Subject: [THIN] IE lockdown


Guys
 
Have a bunch of office servers which we wish to give access to external
users using Juniper.  Essentially we just publish applications and users can
connect to a defined set of published apps via Juniper bookmarks.  They can
then run there apps just like in the office.  However we need to restrict
what they can do with IE.  For instance.  We don't mind them surfing the
internet but we need to be able to restrict the ability to run any internal
web based applications.  We want to be able to control what content with IE
they can get to when they are external.  However we would also like internal
and external users to share the same servers.  Suggestion on how we do this?
My guess is we could do some complex login scripting to detect what their IP
address is or something like that.  The user ID is the same both internal
and external and AD groups will be the same.  Any easy suggestions rather
than silo the boxes?
 
Malcolm


****************************************************************************
*******
The Royal Bank of Scotland plc. Registered in Scotland No 90312. Registered
Office: 36 St Andrew Square, Edinburgh EH2 2YB. 
Authorised and regulated by the Financial Services Authority 

This e-mail message is confidential and for use by the 
addressee only. If the message is received by anyone other 
than the addressee, please return the message to the sender 
by replying to it and then delete the message from your 
computer. Internet e-mails are not necessarily secure. The 
Royal Bank of Scotland plc does not accept responsibility for 
changes made to this message after it was sent. 

Whilst all reasonable care has been taken to avoid the 
transmission of viruses, it is the responsibility of the recipient to 
ensure that the onward transmission, opening or use of this 
message and any attachments will not adversely affect its 
systems or data. No responsibility is accepted by The Royal 
Bank of Scotland plc in this regard and the recipient should carry 
out such virus and other checks as it considers appropriate. 
Visit our websites at: 
http://www.rbs.co.uk/CBFM 
http://www.rbsmarkets.com 
****************************************************************************
****




***********************************************************************************
The Royal Bank of Scotland plc. Registered in Scotland No 90312.       
Registered Office: 36 St Andrew Square, Edinburgh EH2 2YB.                      
                
Authorised and regulated by the Financial Services Authority     
 
This e-mail message is confidential and for use by the                      
addressee only. If the message is received by anyone other             
than the addressee, please return the message to the sender          
by replying to it and then delete the message from your                    
computer. Internet e-mails are not necessarily secure. The               
Royal Bank of Scotland plc does not accept responsibility for          
changes made to this message after it was sent.                              
                                                                                
                        
Whilst all reasonable care has been taken to avoid the                   
transmission of viruses, it is the responsibility of the recipient to        
ensure that the onward transmission, opening or use of this             
message and any attachments will not adversely affect its               
systems or data.  No responsibility is accepted by The Royal           
Bank of Scotland plc in this regard and the recipient should carry   
out such virus and other checks as it considers appropriate.           
                                                                                
                               Visit our websites at:                           
                                               
http://www.rbs.co.uk/CBFM                                                       
 
http://www.rbsmarkets.com                                                       
  
                                                                                
                       
********************************************************************************

Other related posts:

• » [THIN] IE lockdown
• » [THIN] Re: IE lockdown
• » [THIN] Re: IE lockdown

1. Home
2. thin
3. Archive
4. 11-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---