-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cool. That is what I thought. I had installed IISLOCKD, but with ASP. I even put the dll and config file in another folder and deleted the SCRIPTS folder. Of course, I did make the modification on the CSG and Nfuse. Thanks, CHRIS LYNCH - MCSE, CCNA, CCA NETWORK ENGINEER - INFORMATION TECHNOLOGY NRT Incorporated, 27271 Las Ramblas, Mission Viejo, CA 92691 Chris.lynch@xxxxxxxxxx Tel 949.367.3406 - -----Original Message----- From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Drazen Vidakovic Sent: Tuesday, August 13, 2002 3:55 PM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: STA and the IISLOCKD tool Yes, I just did it 10 min ago and it works. There is an article about that on Citrix user group from Edward R. Chu I followed what he wrote and I have it working. After much experimentation, I found the answer to my own question. Here it is for any readers. Assuming that you have a dedicated STA server and don't want to use the IIS for any other purpose, you need to run IISLockD and choose the following items: 1) Choose the "Other" template. This basically means custom. 2) Allow only the base web service. 3) Check ALL the script maps. STA doesn't appear to use ANY scripts at all. 4) In "Additional security" check everything except the Scripts virtual directory (STA puts a config file and a .DLL in this folder) and "writing to content directories" (I'm guessing STA needs to write its tickets to a folder). 5) You can install URLScan with all default settings. Like I said, STA doesn't use any scripts so you can lock this down severely if you want. Drazen At 14:06 13/08/2002 -0700, you wrote: > >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >Anyone? > >Thanks, > >CHRIS LYNCH - MCSE, CCNA, CCA >NETWORK ENGINEER - INFORMATION TECHNOLOGY >NRT Incorporated, 27271 Las Ramblas, Mission Viejo, CA 92691 >Chris.lynch@xxxxxxxxxx Tel 949.367.3406 > > >- -----Original Message----- >From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] >On Behalf Of Chris Lynch >Sent: Monday, August 12, 2002 4:57 PM >To: TheThin. net >Subject: [THIN] STA and the IISLOCKD tool > > > > >- -----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >Has anyone used the IISLOCKD tool on the Secure Ticket Authority? I > know that the STA is internal with no outside world access, but I >just wanted to know if anyone has gotten this to work. I have been >asked by our Information Protection department about this, since >the server is an IIS server, they don't want any exploited services >on the internal network. > >Yeah, I know. Then don't run IIS. > >Thanks for any and all input, > >CHRIS LYNCH - MCSE, CCNA, CCA >NETWORK ENGINEER - INFORMATION TECHNOLOGY >NRT Incorporated, 27271 Las Ramblas, Mission Viejo, CA 92691 >Chris.lynch@xxxxxxxxxx Tel 949.367.3406 > >- -----BEGIN PGP SIGNATURE----- >Version: PGP 7.1 > >iQA/AwUBPVhLUPl56xfvzmMfEQKL7QCgn3KiguTfIMhm2vVKuEM+d1HujesAoLlz >ZEagJFw9/lLGplv48sySk7Id >=zbts >- -----END PGP SIGNATURE----- > > > >=================================== >This weeks Sponsor: >ThinPrint >- - High resolution, DRIVER FREE PRINTING with no loss of quality in > color. >- - Removes print spooling and rendering tasks from your terminal >server. http://www.thinprint.com =================================== >For Archives, to Unsubscribe, Subscribe or >set Digest or Vacation mode use the below link. > >http://thethin.net/citrixlist.cfm > >-----BEGIN PGP SIGNATURE----- >Version: PGP 7.1 > >iQA/AwUBPVl01Pl56xfvzmMfEQLwTwCeMf9/7wnD+tr+VU4IX/ozMWlcTKcAoOpt >R7DPQdPX9c04N3l2iDbEVIWJ >=YWZJ >-----END PGP SIGNATURE----- > > > >=================================== >This weeks Sponsor: >ThinPrint >- High resolution, DRIVER FREE PRINTING with no loss of quality in >color. >- Removes print spooling and rendering tasks from your terminal >server. http://www.thinprint.com >=================================== >For Archives, to Unsubscribe, Subscribe or >set Digest or Vacation mode use the below link. > >http://thethin.net/citrixlist.cfm Drazen Vidakovic Technical System Architect LegislationDirect, Blue Start Print Group Drazen.Vidakovic@xxxxxxxxxxxxxxxxxxxxxxx Drazen.Vidakovic@xxxxxxxxxxxxxxxx +64 4 495 2802 +64 274 530 876 =================================== This weeks Sponsor: ThinPrint - - High resolution, DRIVER FREE PRINTING with no loss of quality in color. - - Removes print spooling and rendering tasks from your terminal server. http://www.thinprint.com =================================== For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link. http://thethin.net/citrixlist.cfm -----BEGIN PGP SIGNATURE----- Version: PGP 7.1 iQA/AwUBPVmW5Pl56xfvzmMfEQIJNQCgvDzDPG43+Wpve2g7DtvwGjQoWjcAn2Tb gQf5OUQP6woT6KkIv3jkvcsa =1YxE -----END PGP SIGNATURE----- =================================== This weeks Sponsor: ThinPrint - High resolution, DRIVER FREE PRINTING with no loss of quality in color. - Removes print spooling and rendering tasks from your terminal server. http://www.thinprint.com =================================== For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link. http://thethin.net/citrixlist.cfm