And that is why you test your applications and know how they function so you can properly lock down the environment.
Jeff Pitsch Microsoft MVP - Terminal Server Provision Networks VIP
Forums not enough? Get support from the experts at your business http://jeffpitschconsulting.com
Keep in mind that the policy settings are simply registry values. A program has to be written to read the registry values and perform the requested restrictions.
Explorer has been written to hide and prevent access to drives when these registry values are present. This extends to the common open/save dialog boxes.
Some programs offer other means of browsing drives and these policy restrictions are usually ignored.
-----Original Message----- From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Joe Shonk Sent: Tuesday, August 29, 2006 4:53 PM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: Windows Explorer on citrix
You may want to reread the thread... Philip states there are 2 options... One hides and one restricts access. You can even combine in some cases.
Joe
-----Original Message----- From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Rick Fogarty Sent: Tuesday, August 29, 2006 2:47 PM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: Windows Explorer on citrix
IIRC, this just hides them, doesn't block access to them.
-----Original Message----- From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Philip Walley Sent: Tuesday, August 29, 2006 2:50 PM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: Windows Explorer on citrix
user configuration -> administrative templates -> windows components -> windows explorer
2 different options:
Hide these specified drives in My Computer or Prevent access to drives from My Computer
HBooGz wrote: > out of curiosity, which GPO settings can be used to block access to > the local drives ? > > On 8/29/06, *Jon D* <rekcahpmip@xxxxxxxxx > <mailto:rekcahpmip@xxxxxxxxx>> wrote: > > Yeah I have GPOs in place to block access to the local drive, and > I followed the MS TS best practice white papers. Is there anything > else? > > > > On 8/29/06, *Jeff Pitsch* <jepitsch@xxxxxxxxx > <mailto:jepitsch@xxxxxxxxx> > wrote: > > you must ALWAYS treat published applications as if you were > publishing a desktop. Security by obscurity in TS is way to > easy to get around. > > > Jeff Pitsch > Microsoft MVP - Terminal Server > > Forums not enough? > Get support from the experts at your business > http://jeffpitschconsulting.com > <http://jeffpitschconsulting.com/> > > > > > On 8/29/06, *Jon D* <rekcahpmip@xxxxxxxxx > <mailto:rekcahpmip@xxxxxxxxx>> wrote: > > I'm thinking about publishing windows explorer on citrix > via the internet explorer like this: > "M:\Program Files\Internet Explorer\IEXPLORE.EXE" -e k: > > Can anyone think of any potential issues, or reasons why > this would be a bad idea? > > I tried to access the M: drive on the server through this > app, and even with domain admin rights, it doesn't seem to > allow you to do it, so I feel somewhat safe in regards to > that.... Not sure if I should feel safe, or if theres a > way around it. > > > > Thanks in advance, > Jon > > > > . > > > > > > > > -- > HBooGz:\> ************************************************ For Archives, RSS, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: //www.freelists.org/list/thin ************************************************
************************************************ For Archives, RSS, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: //www.freelists.org/list/thin ************************************************
************************************************ For Archives, RSS, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: //www.freelists.org/list/thin ************************************************
************************************************ For Archives, RSS, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: //www.freelists.org/list/thin ************************************************