[THIN] Re: Installing Programs on the Server

  • From: "Braebaum, Neil" <Neil.Braebaum@xxxxxxxxxxxxxxxxx>
  • To: "'thin@xxxxxxxxxxxxx'" <thin@xxxxxxxxxxxxx>
  • Date: Thu, 6 Feb 2003 13:56:44 -0000

Comments inline...

> -----Original Message-----
> From: Brian Murphy [mailto:bem9127@xxxxxxxxx] 
> Sent: 06 February 2003 13:49
> To: thin@xxxxxxxxxxxxx
> Subject: [THIN] Re: Installing Programs on the Server
> Importance: Low
> 
> You don't seem to need admin rights to install the Hotbar.  
> It uses an ActiveX control for the installation via the 
> website.

Then you need admin rights, and / or conducive DACLs on both (probably) the
local filesystem, and hives of the registry that *users* shouldn't be able
to modify.

> I have seen the problem before.  You can't restrict 
> ActiveX in IE unless you want your users to be prompted every 
> 5 seconds when browsing the internet.

You can, unless you don't want to exercise some semblance of control over
what happens with communal server resource. ActiveX can be restricted by
various means - often done at firewall level, never mind any local
restrictions.

> My resolution to the 
> problem was to leave the Hotbar directory intact under 
> C:\Program Files and then change the NTFS permissions to 
> "Deny" Everyone.  Then you need to remove the registry key 
> under HKLM\Software and I believe a corresponding key under 
> HKCU\Software

You would allow a normal user to modify HKLM in the first place???

> This will keep them from being able to reinstall because the 
> installation will fail when it tries to reinstall into Program Files.

Stop them in the first place - unless you have a business need for them to
have free reign - in which case perhaps terminal server is not the most
appropriate choice - perhaps a normal desktop / PC solution would be better.

It's decidedly difficult to manage a scenario where terminal server users
can modify the local server - and it destroys a lot of the advantages.

Neil

***********************************************************************
This e-mail and its attachments are intended for the above named 
recipient(s) only and are confidential and may be privileged.
If they have come to you in error you must take no action based 
on them, nor must you copy or disclose them or any part of 
their contents to any person or organisation; please notify the 
sender immediately and delete this e-mail and its attachments from 
your computer system.

Please note that Internet communications are not necessarily secure 
and may be changed, intercepted or corrupted. We advise that 
you understand and observe this lack of security when e-mailing us 
and we will not accept any liability for any such changes, 
interceptions or corruptions. 

Although we have taken steps to ensure that this e-mail and its 
attachments are free from any virus, we advise that in keeping 
with good computing practice the recipient should ensure they 
are actually virus free.

Copyright in this e-mail and attachments created by us belongs 
to Littlewoods. 

Littlewoods takes steps to prohibit the transmission of offensive, 
obscene or discriminatory material.  If this message contains 
inappropriate material please forward the e-mail intact to 
postmaster@xxxxxxxxxxxxxxxxx and it will be investigated. 
Statements and opinions contained in this e-mail may not 
necessarily represent those of Littlewoods.

Please note that e-mail communication may be monitored.

Registered office: 
Littlewoods Retail Limited, 
Sir John Moores Building, 
100 Old Hall Street, 
Liverpool,
L70 1AB 
Registered no: 421258  

http://www.littlewoods.com 
***********************************************************************
********************************************
This Week's Sponsor: triCerat Inc.
Let triCerat simplify the administration 
of your Terminal Servers.
http://www.triCerat.com
********************************************

For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm

Other related posts: