[THIN] Re: Yahoo messenger
- From: "Andrew Rogers" <Andrew.Rogers@xxxxxxxxxxxxxxxxxx>
- To: <thin@xxxxxxxxxxxxx>
- Date: Tue, 16 Dec 2003 10:08:32 +0000
You'd absolutely bawlk at our servers then, it sounds like these are the
absolute opposite of yours :)
Is there any script you run to lock everything down, or some sort of process
you run through?
Andrew
--o--
>>> Neil.Braebaum@xxxxxxxxxxxxxxxxx 16/12/03 09:39:40 >>>
They (the users) can only install software locally to a terminal server,
if they have the ability to modify HKLM (normally) and frequently HKCR.
Also, if they have write access to the local filesystem(s).
If they can't modify the server, they can't install software on the
server.
Personally, I've always used mandatory profiles, so my users can't
permanently modify their profile. And as they have read-only access to
the local filesystems and registry, they can't install software - even
if I gave them the facility to be able to get software (well I suppose
they could be emailed something, but their mailbox quotas aren't too
huge, and they don't get internet access).
Not all software installation follows the path that you can easily block
via GPOs (ie MSI based installers).
If you cannot secure the local server (ie filesystem(s) and registry),
then there is the other option of tightly controlling the applications
they are allowed to run.
Neil
********************************************************
This Week's Sponsor - 99Point9.Com Emergent Online
EOL Universal Printer 4.0 Has arrived!
http://www.99point9.com/public/products/
*********************************************************
Useful Thin Client Computing Links are available at:
http://thethin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm
Other related posts:
