[THIN] Re: IISLOCK and STA

  • From: "Chris Lynch" <lynch00@xxxxxxx>
  • To: <thin@xxxxxxxxxxxxx>
  • Date: Tue, 8 Oct 2002 12:38:59 -0700

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I don't know of where the article you are asking for is, but I have
one of my own.  If you want a copy of it, let me know.  It goes into
how the CSG is installed, along with using IISLOCKD on your Nfuse and
STA servers.

CHRIS LYNCH -  MCSE, CCNA, CCA
NETWORK ENGINEER - INFORMATION TECHNOLOGY
NRT Incorporated, 27271 Las Ramblas, Mission Viejo, CA 92691
Chris.lynch@xxxxxxxxxx  Tel 949.367.3406


- -----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of george.wasgatt@xxxxxxxxxxxx
Sent: Tuesday, October 08, 2002 12:29 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: IISLOCK and STA




I really wanted to know where the article can be found.  The
instructions were correct & they worked.

- -----Original Message-----
From: Joe Shonk [mailto:JShonk@xxxxxxxxxxxxxx]
Sent: Tuesday, October 08, 2002 3:27 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: IISLOCK and STA



You'll need to enable write permissions to the scripts directory..
The = IIS Lockdown tool changes the default permissions to read-only.

- -----Original Message-----
From: george.wasgatt@xxxxxxxxxxxx
[mailto:george.wasgatt@xxxxxxxxxxxx]
Sent: Tuesday, October 08, 2002 11:52 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] IISLOCK and STA




I installed IISLOCK on my STA server and promptly broke STA.  I was
not surprised since I broke OWA that way last year.  I looked in the
Thin = Net archives and found the following from Drazen Vidokovic. 
Unchecking the 'Writing to Content Directories' in IISLOCK fixed the
problem.  SO = thanks for the help.  I was curious about the article
referenced as being 'on Citrix user group'.  What's that and where
can I find it.

- --------------------------------------------------------
There is an article about that on Citrix user group from Edward R.
Chu I followed what he wrote and I have it working. After much =
experimentation, I found the answer to my own question. Here it is
for any readers. = Assuming that you have a dedicated STA server and
don't want to use the IIS for = any other purpose, you need to run
IISLockD and choose the following items:=20
1) Choose the "Other" template. This basically means custom.=20
2) Allow only the base web service.=20
3) Check ALL the script maps. STA doesn't appear to use ANY scripts
at = all.=20
4) In "Additional security" check everything except the Scripts
virtual directory (STA puts a config file and a .DLL in this folder)
and = "writing to content directories" (I'm guessing STA needs to
write its tickets to a folder).
 5) You can install URLScan with all default settings. Like I said,
STA doesn't use any scripts so you can lock this down severely if you
want. Drazen=20

**********************************************
This weeks sponsor 99Point9.com
99Point9 helps solve your unresolved technical
server-based questions, issues and incidents. http://www.99point9.com
***********************************************

For Archives, to Unsubscribe, Subscribe or=20
set Digest or Vacation mode use the below link.

http://thethin.net/citrixlist.cfm
**********************************************
This weeks sponsor 99Point9.com
99Point9 helps solve your unresolved technical
server-based questions, issues and incidents. http://www.99point9.com
***********************************************

For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link.

http://thethin.net/citrixlist.cfm
**********************************************
This weeks sponsor 99Point9.com
99Point9 helps solve your unresolved technical
server-based questions, issues and incidents. http://www.99point9.com
***********************************************

For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link.

http://thethin.net/citrixlist.cfm

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1

iQA/AwUBPaM0Uvl56xfvzmMfEQLA2QCfWyOLZXNi2fGqdqADVk8po9uy/SQAoJ/I
vVSAm9Ll/TxlW7ej+JHg1XCN
=lIfR
-----END PGP SIGNATURE-----

**********************************************
This weeks sponsor 99Point9.com
99Point9 helps solve your unresolved technical
server-based questions, issues and incidents.
http://www.99point9.com
***********************************************

For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link.

http://thethin.net/citrixlist.cfm

Other related posts: