This method does not have those issues, as we are not setting an antomatic configuration script within the browser itself, we are just telling the browser to use DHCP and/or DNS to locate the proxy.pac (wpad.dat), which makes it all automatic and seamless, and removes any such issues like this. Cheers. Kind regards, Jeremy Saunders Senior Technical Specialist Infrastructure Technology Services (ITS) & Cerulean Global Technology Services (GTS) IBM Australia Level 2, 1060 Hay Street West Perth WA 6005 Visit us at http://www.ibm.com/services/au/its P: +61 8 9261 8412 F: +61 8 9261 8486 M: TBA E-mail: jeremy.saunders@xxxxxxxxxxx "Andrew Wood" <andrew.wood@gilw ood-cs.co.uk> To Sent by: <thin@xxxxxxxxxxxxx> thin-bounce@freel cc ists.org Subject [THIN] Re: Registry Key to deny 21/09/2006 07:20 internet access PM Please respond to thin@xxxxxxxxxxxx g Just to clarify - I wasn't thinking of ntfs permission, but by using the GPO to block access to iexplore.exe: I should have said realy. .pac file would be the best way - just remember the ctx article re: pac files referenced with the file:// format - http://support.citrix.com/article/CTX102407&searchID=30002963 -----Original Message----- From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Jeremy Saunders Sent: 21 September 2006 12:12 To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: Registry Key to deny internet access Hi David, You need to setup a proxy.pac file and leave IE set to "Automatic Detect Settings". You also lock down the Connections tab so that no one has access to it. The proxy.pac can control exactly what you want. It's the perfect control mechanism. When someone tries to access the Internet, it can send them to a "bogus" proxy server that is actually an IIS web site that will display a page saying that "This workstation cannot access the Internet", although you can still access all Intranet sites. I've just implemented this for a client and am most of the way through writing a whitepaper on this, as there is little information out there on how to do it correctly. Can you wait a couple more days and I'll send it to you? Cheers. Kind regards, Jeremy Saunders Senior Technical Specialist Infrastructure Technology Services (ITS) & Cerulean Global Technology Services (GTS) IBM Australia Level 2, 1060 Hay Street West Perth WA 6005 Visit us at http://www.ibm.com/services/au/its P: +61 8 9261 8412 F: +61 8 9261 8486 M: TBA E-mail: jeremy.saunders@xxxxxxxxxxx David <dmauri@xxxxxxxxx > To Sent by: thin@xxxxxxxxxxxxx thin-bounce@freel cc ists.org Subject [THIN] Re: Registry Key to deny 21/09/2006 06:59 internet access PM Please respond to thin@xxxxxxxxxxxx g Andrew Wood escribió: > You could either disable access to iexplore; or set the proxy to a > value that doesn't exist - then disallow the user from changing the value. > Yes, I did it. But, some applications (our intranet) use Iexplore.exe....so the NTFS permissions is not the best solution. I would like to find this registry key and set the 'false' value in it.... I have found this key: HKusers\....sid.....\Software\Microsoft\Windows\Currentversion\internet setting and the value: Defaultconnectionsettings: Type Reg_binary but I don't what is the value to change. If it's possible,of course. ************************************************ For Archives, RSS, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: //www.freelists.org/list/thin ************************************************ ************************************************ For Archives, RSS, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: //www.freelists.org/list/thin ************************************************ ************************************************ For Archives, RSS, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: //www.freelists.org/list/thin ************************************************ ************************************************ For Archives, RSS, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: //www.freelists.org/list/thin ************************************************