Doug, If you allow your users to run executables they will. Via email, web, ftp, from their fat disks, hey, telnet; someone will find a way. Use GPO to allow only approved executables to run and you don't need to worry about the rest. I found this quite scary until I actually tried it, and then I just breathed easier. Nick From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Kenzig http://thin.ms Sent: 11 November 2008 18:22 To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: Terminal Session security question Nope just dhl.com<http://dhl.com> will suffice. Yeah they might be able to circumvent with an IP but if the site is set up right it should convert it to a domain and lock it out. Jim Kenzig Blog: http://www.techblink.com On Tue, Nov 11, 2008 at 1:13 PM, Doug Rooney <Doug@xxxxxxxxxxxxxxxxxxxx<mailto:Doug@xxxxxxxxxxxxxxxxxxxx>> wrote: Jim, I was thinking of doing that, but for example DHL has several valid IP addresses for www.dhl.com<http://www.dhl.com>, do I have to figure out and enter every valid possibility, and then how do I tell it everything else goes to 127.0.0.1<http://127.0.0.1>, also if they type in an IP, I am guessing this will not work? Thank You -Doug Rooney Sonoma Tilemakers IT Systems Administrator 7750 Bell Rd. Windsor Ca, 95492 (707) 837-8177 X11 (707) 837-9472 FAX it@xxxxxxxxxxxxxxxxxxxx<mailto:it@xxxxxxxxxxxxxxxxxxxx> From: thin-bounce@xxxxxxxxxxxxx<mailto:thin-bounce@xxxxxxxxxxxxx> [mailto:thin-bounce@xxxxxxxxxxxxx<mailto:thin-bounce@xxxxxxxxxxxxx>] On Behalf Of Jim Kenzig http://thin.ms Sent: Tuesday, November 11, 2008 9:20 AM To: thin@xxxxxxxxxxxxx<mailto:thin@xxxxxxxxxxxxx> Subject: [THIN] Re: Terminal Session security question Use the windows hosts file to control which urls they can and can't get to. Point the rogue sites to 127.0.0.1<http://127.0.0.1> and they will never get there Jim Kenzig Blog: http://www.techblink.com On Tue, Nov 11, 2008 at 12:11 PM, Doug Rooney <Doug@xxxxxxxxxxxxxxxxxxxx<mailto:Doug@xxxxxxxxxxxxxxxxxxxx>> wrote: ************************************************