Check the file appsrv.ini under your profile and check if EnableSSOnThruICAFile=3DOn is there. Not sure if it will help..but give = it a try. Benoit Pilon Network Operations NavCanada (613) 563-5508 =20 -----Original Message----- From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Alex Marguth Sent: March 8, 2004 10:24 AM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: Limiting application access through NFuse via IIS secu rity? I agree, and it was my first suggestion. But they're trying to do this without spending money... _________________________________________ Alex Marguth AVM Technical Solutions, Inc. 503.799.3372 alex@xxxxxxxxxxxxxxxx -----Original Message----- From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Shonk, Joe - Perot Sent: Monday, March 08, 2004 7:13 AM To: 'thin@xxxxxxxxxxxxx' Subject: [THIN] Re: Limiting application access through NFuse via IIS secu rity? An easier, yet a little more expensive solution... Give out tokens (RSA, Safeword) to those users who need external access. Joe -----Original Message----- From: Alex Marguth [mailto:alex@xxxxxxxxxxxxxxxx] Sent: Monday, March 08, 2004 8:06 AM To: thin@xxxxxxxxxxxxx Subject: [THIN] Limiting application access through NFuse via IIS security? I have a client that is using NFuse internally to deliver apps to several thousand users. They would like about 200 of these people to also have access to their applications from home, but not all of them. We are able to do this somewhat successfully by installing a separate nfuse/csg server and having IIS require authentication at the metaframe directory in IIS. We also set ntfs permissions to match on the file system level. Everything works great except this requires a double logon(not acceptable to the client). Once for windows authentication and once for NFuse. If I go into the nfuse admin page and enable pass-through authentication then we get a step closer... We don't have to logon twice and we do see the correct applications for the user but we are unable to actually launch any apps. We get an error on the page that the variable NFUSE_USER not set. Basically, the user credentials are being used to authenticate but are not being carried through to the applications themselves. Has anyone ever implemented something like this or have another suggestion as to how we can accomplish this without using a secondary/third party authentication means? Any help or suggestions would be appreciated. _________________________________________ Alex Marguth AVM Technical Solutions, Inc. 503.799.3372 alex@xxxxxxxxxxxxxxxx ******************************************************** This weeks sponsor triCerat Inc. triCerat makes your job easier by offering essential applications to eliminate your printing, policy and profile, and your application management problems. http://www.triCerat.com=20 ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm *********************************************************** For Archives, to Unsubscribe, Subscribe or=20 set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm ******************************************************** This weeks sponsor triCerat Inc. triCerat makes your job easier by offering essential applications to eliminate your printing, policy and profile, and your application management problems. http://www.triCerat.com=20 ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm *********************************************************** For Archives, to Unsubscribe, Subscribe or=20 set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm ******************************************************** This weeks sponsor triCerat Inc. triCerat makes your job easier by offering essential applications to eliminate your printing, policy and profile, and your application management problems. http://www.triCerat.com=20 ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm *********************************************************** For Archives, to Unsubscribe, Subscribe or=20 set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm ******************************************************** This weeks sponsor triCerat Inc. triCerat makes your job easier by offering essential applications to eliminate your printing, policy and profile, and your application management problems. http://www.triCerat.com ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm