I've used AppSec many times and not had any problem forgetting an exe that is a Windows sub-component. It seems to just require that you specify EXE's associated with programs that the user initiates. > -----Original Message----- > From: thin-bounce@xxxxxxxxxxxxx > [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Nick Smith > Sent: Thursday, 27 May 2004 10:52 p.m. > To: thin@xxxxxxxxxxxxx > Subject: [THIN] Re: Safe fiel uploads > > Jeff, my concern with (2) is that we are likely to forget > some .exe or .dll that is an important windows sub-component. > > I wasn't aware of TSDropCopy; looks interesting. Thanks. > Nick > > -----Original Message----- > From: Jeff Durbin [mailto:techlists@xxxxxxxxxxxxx]=20 > Sent: 26 May 2004 22:45 > To: thin@xxxxxxxxxxxxx > Subject: [THIN] Re: Safe fiel uploads > > 1. Use antivirus software on the TS with realtime file > scanning 2. Use group policy and Appsec to restrict the users > to only executing the programs that you explicitly specify, > in explicit locations (i.e. > c:\program files\Internet Explorer\iexplore.exe). Or, if you've got a > 2003 domain, you can accomplish this with Software > Restriction Policies. > 3. Give them TSDropCopy to upload files to anywhere they want > (you said TS, not Citrix, so I'm assuming you're using straight TS) > > jD > > > -----Original Message----- > > From: thin-bounce@xxxxxxxxxxxxx > > [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Nick Smith > > Sent: Wednesday, 26 May 2004 10:50 p.m. > > To: thin@xxxxxxxxxxxxx > > Subject: [THIN] Safe fiel uploads > >=20 > > We want to allow some of our users to upload files into our TS=20 > >environement from their Thick Client PCs. Some of these will be=20 > >properly maintained corporate PCs; some of them will be home PCs=20 > >probably full of viruses, spyware, executables and general nastiness. > > =20 > > Our thinking is that we shouldn't just allow them access > thorough=20 > >standard TS Drive Mapping to their local drives, as they will,=20 > >mailiciously or not, upload nasties. > > =20 > > We are therefore planning to develp a small web-based app which > >will=20 allow upload otuside the TS session into a > quarantined, safe > >area (By > > > http or ftp). We will then scan this safe area for nasties > before=20 > > moving the files into the user areas. > > =20 > > 2 related queries; > > 1) Is anyone else doing something similar? Does it make > sense? Is=20 > > there some gaping flaw in the stratgey? > > 2) Does anyone know of an engine that can scan a file store > in this=20 > > way for generic 'nasties' - not just for viruses, which is easy, > > but=20 for executables(For preference something that > doesn't just look > > at the > > > '.xxx', but actually analyses the file) , known spyware, etc. We > > can=20 probably chain together a script which calls NAV then SpyBot > > then=20 AdAware etc, but that feels messy. Any thoughts? > > =20 > > Nick > > ******************************************************** > > This Week's Sponsor - Tarantella Secure Global Desktop > Tarantella=20 > > Secure Global Desktop Terminal Server Edition Free Terminal > Service=20 > > Edition software with 2 years maintenance. > > http://www.tarantella.com/ttba > > ********************************************************** > > Useful Thin Client Computing Links are available at: > > http://thin.net/links.cfm > > *********************************************************** > > For Archives, to Unsubscribe, Subscribe or set Digest or > Vacation mode > > > use the below link: > > http://thin.net/citrixlist.cfm > >=20 > > ******************************************************** > This Week's Sponsor - Tarantella Secure Global Desktop > Tarantella Secure Global Desktop Terminal Server Edition Free > Terminal Service Edition software with 2 years maintenance. > http://www.tarantella.com/ttba > ********************************************************** > Useful Thin Client Computing Links are available at: > http://thin.net/links.cfm > *********************************************************** > For Archives, to Unsubscribe, Subscribe or set Digest or > Vacation mode use the below link: > http://thin.net/citrixlist.cfm > > > ******************************************************** > This Week's Sponsor - Tarantella Secure Global Desktop > Tarantella Secure Global Desktop Terminal Server Edition Free > Terminal Service Edition software with 2 years maintenance. > http://www.tarantella.com/ttba > ********************************************************** > Useful Thin Client Computing Links are available at: > http://thin.net/links.cfm > *********************************************************** > For Archives, to Unsubscribe, Subscribe or set Digest or > Vacation mode use the below link: > http://thin.net/citrixlist.cfm > ******************************************************** This Week's Sponsor - Tarantella Secure Global Desktop Tarantella Secure Global Desktop Terminal Server Edition Free Terminal Service Edition software with 2 years maintenance. http://www.tarantella.com/ttba ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm