Comments inline... > -----Original Message----- > From: Brian Murphy [mailto:bem9127@xxxxxxxxx] > Sent: 06 February 2003 13:49 > To: thin@xxxxxxxxxxxxx > Subject: [THIN] Re: Installing Programs on the Server > Importance: Low > > You don't seem to need admin rights to install the Hotbar. > It uses an ActiveX control for the installation via the > website. Then you need admin rights, and / or conducive DACLs on both (probably) the local filesystem, and hives of the registry that *users* shouldn't be able to modify. > I have seen the problem before. You can't restrict > ActiveX in IE unless you want your users to be prompted every > 5 seconds when browsing the internet. You can, unless you don't want to exercise some semblance of control over what happens with communal server resource. ActiveX can be restricted by various means - often done at firewall level, never mind any local restrictions. > My resolution to the > problem was to leave the Hotbar directory intact under > C:\Program Files and then change the NTFS permissions to > "Deny" Everyone. Then you need to remove the registry key > under HKLM\Software and I believe a corresponding key under > HKCU\Software You would allow a normal user to modify HKLM in the first place??? > This will keep them from being able to reinstall because the > installation will fail when it tries to reinstall into Program Files. Stop them in the first place - unless you have a business need for them to have free reign - in which case perhaps terminal server is not the most appropriate choice - perhaps a normal desktop / PC solution would be better. It's decidedly difficult to manage a scenario where terminal server users can modify the local server - and it destroys a lot of the advantages. Neil *********************************************************************** This e-mail and its attachments are intended for the above named recipient(s) only and are confidential and may be privileged. If they have come to you in error you must take no action based on them, nor must you copy or disclose them or any part of their contents to any person or organisation; please notify the sender immediately and delete this e-mail and its attachments from your computer system. Please note that Internet communications are not necessarily secure and may be changed, intercepted or corrupted. We advise that you understand and observe this lack of security when e-mailing us and we will not accept any liability for any such changes, interceptions or corruptions. Although we have taken steps to ensure that this e-mail and its attachments are free from any virus, we advise that in keeping with good computing practice the recipient should ensure they are actually virus free. Copyright in this e-mail and attachments created by us belongs to Littlewoods. Littlewoods takes steps to prohibit the transmission of offensive, obscene or discriminatory material. If this message contains inappropriate material please forward the e-mail intact to postmaster@xxxxxxxxxxxxxxxxx and it will be investigated. Statements and opinions contained in this e-mail may not necessarily represent those of Littlewoods. Please note that e-mail communication may be monitored. Registered office: Littlewoods Retail Limited, Sir John Moores Building, 100 Old Hall Street, Liverpool, L70 1AB Registered no: 421258 http://www.littlewoods.com *********************************************************************** ******************************************** This Week's Sponsor: triCerat Inc. Let triCerat simplify the administration of your Terminal Servers. http://www.triCerat.com ******************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thethin.net/citrixlist.cfm