[THIN] Re: STA and the IISLOCKD tool

• From: "Chris Lynch" <lynch00@xxxxxxx>
• To: <thin@xxxxxxxxxxxxx>
• Date: Tue, 13 Aug 2002 16:31:49 -0700

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cool.  That is what I thought.  I had installed IISLOCKD, but with
ASP.  I even put the dll and config file in another folder and
deleted the SCRIPTS folder.  Of course, I did make the modification
on the CSG and Nfuse.

Thanks,

CHRIS LYNCH -  MCSE, CCNA, CCA
NETWORK ENGINEER - INFORMATION TECHNOLOGY
NRT Incorporated, 27271 Las Ramblas, Mission Viejo, CA 92691
Chris.lynch@xxxxxxxxxx  Tel 949.367.3406


- -----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Drazen Vidakovic
Sent: Tuesday, August 13, 2002 3:55 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: STA and the IISLOCKD tool



Yes, I just did it 10 min ago and it works.
There is an article about that on Citrix user group from Edward R.
Chu I followed what he wrote and I have it working.

After much experimentation, I found the answer to my own question.
Here it 
is for any readers.

Assuming that you have a dedicated STA server and don't want to use
the IIS 
for any other purpose, you need to run IISLockD and choose the
following items:
1) Choose the "Other" template. This basically means custom.
2) Allow only the base web service.
3) Check ALL the script maps. STA doesn't appear to use ANY scripts
at all.
4) In "Additional security" check everything except the Scripts
virtual 
directory (STA puts a config file and a .DLL in this folder) and
"writing 
to content directories" (I'm guessing STA needs to write its tickets
to a 
folder).
5) You can install URLScan with all default settings. Like I said,
STA 
doesn't use any scripts so you can lock this down severely if you
want.

Drazen


At 14:06 13/08/2002 -0700, you wrote:

>
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>Anyone?
>
>Thanks,
>
>CHRIS LYNCH -  MCSE, CCNA, CCA
>NETWORK ENGINEER - INFORMATION TECHNOLOGY
>NRT Incorporated, 27271 Las Ramblas, Mission Viejo, CA 92691 
>Chris.lynch@xxxxxxxxxx  Tel 949.367.3406
>
>
>- -----Original Message-----
>From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx]
>On  Behalf Of Chris Lynch
>Sent: Monday, August 12, 2002 4:57 PM
>To: TheThin. net
>Subject: [THIN] STA and the IISLOCKD tool
>
>
>
>
>- -----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>Has anyone used the IISLOCKD tool on the Secure Ticket Authority?  I
> know that the STA is internal with no outside world access, but I
>just  wanted to know if anyone has gotten this to work.  I have been
>asked by  our Information Protection department about this, since
>the server is  an IIS server, they don't want any exploited services
>on the internal  network.
>
>Yeah, I know.  Then don't run IIS.
>
>Thanks for any and all input,
>
>CHRIS LYNCH -  MCSE, CCNA, CCA
>NETWORK ENGINEER - INFORMATION TECHNOLOGY
>NRT Incorporated, 27271 Las Ramblas, Mission Viejo, CA 92691 
>Chris.lynch@xxxxxxxxxx  Tel 949.367.3406
>
>- -----BEGIN PGP SIGNATURE-----
>Version: PGP 7.1
>
>iQA/AwUBPVhLUPl56xfvzmMfEQKL7QCgn3KiguTfIMhm2vVKuEM+d1HujesAoLlz
>ZEagJFw9/lLGplv48sySk7Id
>=zbts
>- -----END PGP SIGNATURE-----
>
>
>
>===================================
>This weeks Sponsor:
>ThinPrint
>- - High resolution, DRIVER FREE PRINTING with no loss of quality in
> color.
>- - Removes print spooling and rendering tasks from your terminal 
>server. http://www.thinprint.com ===================================
>For Archives, to Unsubscribe, Subscribe or
>set Digest or Vacation mode use the below link.
>
>http://thethin.net/citrixlist.cfm
>
>-----BEGIN PGP SIGNATURE-----
>Version: PGP 7.1
>
>iQA/AwUBPVl01Pl56xfvzmMfEQLwTwCeMf9/7wnD+tr+VU4IX/ozMWlcTKcAoOpt
>R7DPQdPX9c04N3l2iDbEVIWJ
>=YWZJ
>-----END PGP SIGNATURE-----
>
>
>
>===================================
>This weeks Sponsor:
>ThinPrint
>- High resolution, DRIVER FREE PRINTING with no loss of quality in 
>color.
>- Removes print spooling and rendering tasks from your terminal
>server. http://www.thinprint.com
>===================================
>For Archives, to Unsubscribe, Subscribe or
>set Digest or Vacation mode use the below link.
>
>http://thethin.net/citrixlist.cfm

Drazen Vidakovic
Technical System Architect
LegislationDirect, Blue Start Print Group
Drazen.Vidakovic@xxxxxxxxxxxxxxxxxxxxxxx
Drazen.Vidakovic@xxxxxxxxxxxxxxxx
+64 4 495 2802
+64 274 530 876



===================================
This weeks Sponsor:
ThinPrint
- - High resolution, DRIVER FREE PRINTING with no loss of quality in
color.
- - Removes print spooling and rendering tasks from your terminal
server. http://www.thinprint.com ===================================
For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link.

http://thethin.net/citrixlist.cfm

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1

iQA/AwUBPVmW5Pl56xfvzmMfEQIJNQCgvDzDPG43+Wpve2g7DtvwGjQoWjcAn2Tb
gQf5OUQP6woT6KkIv3jkvcsa
=1YxE
-----END PGP SIGNATURE-----



===================================
This weeks Sponsor:
ThinPrint
- High resolution, DRIVER FREE PRINTING with no loss of quality in color.
- Removes print spooling and rendering tasks from your terminal server.
http://www.thinprint.com
===================================
For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link.

http://thethin.net/citrixlist.cfm

• References:
  • [THIN] Re: STA and the IISLOCKD tool
    • From: Drazen Vidakovic

Other related posts:

• » [THIN] STA and the IISLOCKD tool
• » [THIN] Re: STA and the IISLOCKD tool
• » [THIN] Re: STA and the IISLOCKD tool
• » [THIN] Re: STA and the IISLOCKD tool

1. Home
2. thin
3. Archive
4. 08-2002

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---