[THIN] Re: Registry Key to deny internet access
- From: Jeremy Saunders <jeremy.saunders@xxxxxxxxxxx>
- To: thin@xxxxxxxxxxxxx
- Date: Thu, 21 Sep 2006 19:36:02 +0800
This method does not have those issues, as we are not setting an antomatic
configuration script within the browser itself, we are just telling the
browser to use DHCP and/or DNS to locate the proxy.pac (wpad.dat), which
makes it all automatic and seamless, and removes any such issues like this.
Cheers.
Kind regards,
Jeremy Saunders
Senior Technical Specialist
Infrastructure Technology Services
(ITS) & Cerulean
Global Technology Services (GTS)
IBM Australia
Level 2, 1060 Hay Street
West Perth WA 6005
Visit us at
http://www.ibm.com/services/au/its
P: +61 8 9261 8412 F: +61 8 9261 8486
M: TBA E-mail:
jeremy.saunders@xxxxxxxxxxx
"Andrew Wood"
<andrew.wood@gilw
ood-cs.co.uk> To
Sent by: <thin@xxxxxxxxxxxxx>
thin-bounce@freel cc
ists.org
Subject
[THIN] Re: Registry Key to deny
21/09/2006 07:20 internet access
PM
Please respond to
thin@xxxxxxxxxxxx
g
Just to clarify - I wasn't thinking of ntfs permission, but by using the
GPO
to block access to iexplore.exe: I should have said realy.
.pac file would be the best way - just remember the ctx article re: pac
files referenced with the file:// format -
http://support.citrix.com/article/CTX102407&searchID=30002963
-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf
Of Jeremy Saunders
Sent: 21 September 2006 12:12
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Registry Key to deny internet access
Hi David,
You need to setup a proxy.pac file and leave IE set to "Automatic Detect
Settings". You also lock down the Connections tab so that no one has access
to it. The proxy.pac can control exactly what you want. It's the perfect
control mechanism. When someone tries to access the Internet, it can send
them to a "bogus" proxy server that is actually an IIS web site that will
display a page saying that "This workstation cannot access the Internet",
although you can still access all Intranet sites. I've just implemented
this
for a client and am most of the way through writing a whitepaper on this,
as
there is little information out there on how to do it correctly.
Can you wait a couple more days and I'll send it to you?
Cheers.
Kind regards,
Jeremy Saunders
Senior Technical Specialist
Infrastructure Technology Services
(ITS) & Cerulean
Global Technology Services (GTS)
IBM Australia
Level 2, 1060 Hay Street
West Perth WA 6005
Visit us at
http://www.ibm.com/services/au/its
P: +61 8 9261 8412 F: +61 8 9261 8486
M: TBA E-mail:
jeremy.saunders@xxxxxxxxxxx
David
<dmauri@xxxxxxxxx
> To
Sent by: thin@xxxxxxxxxxxxx
thin-bounce@freel cc
ists.org
Subject
[THIN] Re: Registry Key to deny
21/09/2006 06:59 internet access
PM
Please respond to
thin@xxxxxxxxxxxx
g
Andrew Wood escribió:
> You could either disable access to iexplore; or set the proxy to a
> value that doesn't exist - then disallow the user from changing the
value.
>
Yes, I did it.
But, some applications (our intranet) use Iexplore.exe....so the NTFS
permissions is not the best solution.
I would like to find this registry key and set the 'false' value in it....
I have found this key:
HKusers\....sid.....\Software\Microsoft\Windows\Currentversion\internet
setting
and the value:
Defaultconnectionsettings: Type Reg_binary
but I don't what is the value to change. If it's possible,of course.
************************************************
For Archives, RSS, to Unsubscribe, Subscribe or set Digest or Vacation mode
use the below link:
//www.freelists.org/list/thin
************************************************
************************************************
For Archives, RSS, to Unsubscribe, Subscribe or set Digest or Vacation mode
use the below link:
//www.freelists.org/list/thin
************************************************
************************************************
For Archives, RSS, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
//www.freelists.org/list/thin
************************************************
************************************************
For Archives, RSS, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
//www.freelists.org/list/thin
************************************************
Other related posts:
