These are all good points and I appreciate your recommendations on all of them, however having been bitten by the screw with something you shouldn't in the past I am cautious not to make the same mistakes. These servers are already deployed, have been, and I am a bit weary about going and screwing with permissions after the fact. So we have decided to rebuild and lock down before deploying. Thanks for your insight Niel. -----Original Message----- From: Braebaum, Neil [mailto:Neil.Braebaum@xxxxxxxxxxxxxxxxx] Sent: Thursday, September 09, 2004 10:03 AM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: Users installing programs Well I've been working in IT since 1990, and deploying Citrix servers since late 97, and have always worked on read-only servers - so he isn't just being a know-it-all, and it certainly *isn't* a huge mistake. Not securing servers because it's a little tricky, is a mistake - it's techies are paid to do. When you use servers, that have communal usage, you can't afford to treat them like over-blown PCs that users can do anything on. You need to consider that it's likely that *you* are accountable for the stability, security, and robustness of them. If a user trashes a PC, they just likely affect themselves - therefore it's unquestionably a better approach to not allowing them the same degree of carnage on communal server resources. Neil > -----Original Message----- > From: thin-bounce@xxxxxxxxxxxxx > [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Abshire > Sent: 09 September 2004 15:35 > To: thin@xxxxxxxxxxxxx > Subject: [THIN] Re: Users installing programs > > My point exactly, thanks. I have been working in IT since > 1992 and have plenty of certs and experience to back me but > this is one of those young know it alls and I am just getting > too old to argue these days. > > -----Original Message----- > From: Luchette, Jon [mailto:JLuchette@xxxxxxxxxxxxxxx] > Sent: Thursday, September 09, 2004 9:17 AM > To: 'thin@xxxxxxxxxxxxx' > Subject: [THIN] Re: Users installing programs > > ...that would be fine, as long as you have about 3 weeks to > work on each server... > > /jL > -----Original Message----- > From: Jim Abshire [mailto:Jim.Abshire@xxxxxxxxxxx] > Sent: Thursday, September 09, 2004 10:12 AM > To: thin@xxxxxxxxxxxxx > Subject: [THIN] Re: Users installing programs > My colleague wants to set read only permissions on the root > and try to go back and allow what needs write access on the > servers. I have told him doing so will be a huge mistake > because there are so many files in different places that > finding them all would be a nightmare. I wanted to share > this with everyone so I am not alone when I approach my boss > and colleague with more emphasis on using a more logical > approach. Any input will be greatly appreciated. *********************************************** This e-mail and its attachments are confidential and are intended for the above named recipient only. If this has come to you in error, please notify the sender immediately and delete this e-mail from your system. You must take no action based on this, nor must you copy or disclose it or any part of its contents to any person or organisation. Statements and opinions contained in this email may not necessarily represent those of Littlewoods. Please note that e-mail communications may be monitored. The registered office of Littlewoods Limited and its subsidiaries is 100 Old Hall Street, Liverpool, L70 1AB. Registered number of Littlewoods Limited is 262152. ************************************************ ******************************************************** This Weeks Sponsor triCerat: Have you had your fill of printing support calls, unauthorized apps running on unsecured Terminal Servers, profile headaches, and application performance problems? Join us and learn how you can have a less demanding on-demand enterprise! http://www.tricerat.com/?page=events#register ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm ******************************************************** This Weeks Sponsor triCerat: Have you had your fill of printing support calls, unauthorized apps running on unsecured Terminal Servers, profile headaches, and application performance problems? Join us and learn how you can have a less demanding on-demand enterprise! http://www.tricerat.com/?page=events#register ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm