Just to clarify, why do you cling to the belief that users need some sort of write ability to program files? Or even all the local drives? Do you have some specific application that requires this? And if you do, could it not be installed / deployed differently so that this could be avoided? Neil -----Original Message----- From: Lutz, Ken [mailto:KLUTZ@xxxxxxxxxxxxxxxxx] Sent: 15 December 2003 19:06 To: 'thin@xxxxxxxxxxxxx' Subject: [THIN] Re: Yahoo messenger That will block the site, but how do I set up my Citrix servers so that the users can't install software, yet have the level of access they need to Program Files? I always thought that basic users couldn't install software. Ken ... -----Original Message----- From: Jim Kenzig http://thethin.net [mailto:jimkenz@xxxxxxxxxxxxxx] Sent: Monday, December 15, 2003 10:58 AM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: Yahoo messenger Point all of the yahoo messenger servers to 127.0.0.1 in your hosts file or dns. JK -----Original Message----- From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx]On Behalf Of Lutz, Ken Sent: Monday, December 15, 2003 1:27 PM To: Thin - List (thin@xxxxxxxxxxxxx) Subject: [THIN] Yahoo messenger I just found Yahoo messenger on one of my Citrix servers. I thought that I had the server locked down tight enough that users couldn't install their own software. None of my users have any elevated rights. They are not power users. It looks like one user loaded the software, and then another was able to access it. What is the best way to lock this down so that my users can't install any software? Do I need to remove the Creator Owner setting from the ACL for the Program Files folder to keep users from installing software? How are others preventing the loading of software by users? I install the software that I want loaded, and I install as an administrator. Windows 2000 SP3 MetaFrame FR2/SP2 in a Windows 2000 AD domain. *********************************************** This e-mail and its attachments are confidential and are intended for the above named recipient only. If this has come to you in error, please notify the sender immediately and delete this e-mail from your system. You must take no action based on this, nor must you copy or disclose it or any part of its contents to any person or organisation. Statements and opinions contained in this email may not necessarily represent those of Littlewoods. Please note that e-mail communications may be monitored. The registered office of Littlewoods Limited and its subsidiaries is 100 Old Hall Street, Liverpool, L70 1AB. Registered number of Littlewoods Limited is 262152. ************************************************