[THIN] IISLOCK and STA
- From: george.wasgatt@xxxxxxxxxxxx
- To: thin@xxxxxxxxxxxxx
- Date: Tue, 8 Oct 2002 14:52:01 -0400
I installed IISLOCK on my STA server and promptly broke STA. I was not
surprised since I broke OWA that way last year. I looked in the Thin Net
archives and found the following from Drazen Vidokovic. Unchecking the
'Writing to Content Directories' in IISLOCK fixed the problem. SO thanks
for the help. I was curious about the article referenced as being 'on
Citrix user group'. What's that and where can I find it.
--------------------------------------------------------
There is an article about that on Citrix user group from Edward R. Chu I
followed what he wrote and I have it working. After much experimentation, I
found the answer to my own question. Here it is for any readers. Assuming
that you have a dedicated STA server and don't want to use the IIS for any
other purpose, you need to run IISLockD and choose the following items:
1) Choose the "Other" template. This basically means custom.
2) Allow only the base web service.
3) Check ALL the script maps. STA doesn't appear to use ANY scripts at all.
4) In "Additional security" check everything except the Scripts virtual
directory (STA puts a config file and a .DLL in this folder) and "writing to
content directories" (I'm guessing STA needs to write its tickets to a
folder).
5) You can install URLScan with all default settings. Like I said, STA
doesn't use any scripts so you can lock this down severely if you want.
Drazen
**********************************************
This weeks sponsor 99Point9.com
99Point9 helps solve your unresolved technical
server-based questions, issues and incidents.
http://www.99point9.com
***********************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link.
http://thethin.net/citrixlist.cfm
Other related posts:
