[THIN] Restricting application/plugin installs in IE5
- From: "Shaw, Matthew" <Matt.Shaw@xxxxxxxxx>
- To: "'thin@xxxxxxxxxxxxx'" <thin@xxxxxxxxxxxxx>
- Date: Thu, 30 Jan 2003 10:09:04 -0400
Hey folks,
I've been given the task of administering a Windows NT4 TSE/Metaframe
1.8 installation with 8 servers, 2 of which are configured for publishing
IE5 (seamless). The previous owner did not secure the environment at all and
I've been working to improve on the security without impacting the
functionality for the users too much. I'm at somewhat of a disadvantage
because I'm coming from the UNIX world primarily and am a little flaky with
NT4 stuff.
One of my oustanding problems is that of users installing applications
and/or plugins via Internet Explorer. For instance, user goes to
www.yahoo.com <http://www.yahoo.com> and installs the Yahoo bar or email
plugin. I know that I can partially lock this down with file permissions,
but there are always directories that must remain writable for the user. For
instance, they have installed this stuff in their profile on the server or
in the temp directory. I'm wondering if there's anyway to completely lock
out the functionality of a user being able to install an application and/or
plugin? Does anybody have any pointers to info that would specifically deal
with the inherent security problems with publishing IE (seamless or
desktop)?
I appreciate any help and I apologize in advance if this is a newbie
question. Please flame in private (to my email address, not the list) if you
must.
Thanks,
Matt
matt.shaw@xxxxxxxxx <mailto:matt.shaw@xxxxxxxxx>
----------------------------------------------------------------------------
This communication (including all attachments) is intended solely for the
use of the person or persons to whom it is addressed and should be treated
as a confidential xwave communication. If you are not the intended
recipient, any use, distribution, printing, or copying of this email is
strictly prohibited. If you received this email in error, please
immediately delete it from your system and notify the originator. Your
cooperation is appreciated.
***************************************************************************
This Week's Sponsor: New Wyse(R) Expedian(TM)software maximizes your server
capacity--cost-effectively. Now you can dramatically increase the number of
users on a server by as much as 40%--and reduce the number of servers you have
to manage. By optimizing memory usage, Wyse Expedian software allows the
terminal server to support more applications and more concurrentusers. Download
your 30-day free trial today at:
http://www.wyse.com/expedian/eval.cfm?promo=US-Ad-0103TheThinNetNewsletterEM
****************************************************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm
Other related posts:
