|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: Doubleclick programs entry on start menu
From: Bhavani Suresh (bhavani.suresh
adnoc-dist.co.ae)
Date: Sat Jun 12 2004 - 00:52:20 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi
I have a few qs/suggestions:
1.If u have citrix r u implemnting Nfuse..in this case RDP is not
allowed..allow ICA and publish only apps reqd by the users..in this way
they don't see full desktop which is controlled; --does this help???
2.If u have win2k Policy to disable access to M drive--in this case do u
want them to save files here or no??is a questin..
For me ;;;
Im looking around more or less the similar I want to disable access to C
and D Drives(of the terminal server itself..) from the system so users
don't c these drives...i cant do it thru GP for users objects..have
anyone tried to hide drives for servers as server policy or any other
comments..
thanks
-----Original Message-----
From: James D. Stallard [mailto:jamesleafgrove.com]
Sent: Saturday, June 12, 2004 1:02
To: focus-mssecurityfocus.com
Subject: Doubleclick programs entry on start menu
Folks
A client has asked this of me and I am looking for a little best
practice
guidance:
We have a W2K/Terminal Server/Citrix policy implemented to restict users
from accessing the systemdrive. (M:)
The systemdrive is also hidden and not accessible because of this
policy.
Eveything works fine BUT we discovered that when a user opens his START
menu and he/she doubleclicks on "Programs" the windows explorer opens
M:\Documents and Settings\%username%\Start Menu\Programs. From that
point the user can navigate up to the systemroot.
OS is Windows 2000
I don't believe that a policy exists in Windows 2000 that will affect
this behaviour.
Any thoughts around policies or NTFS rights that I can use to stop or
mitigate this?
Thanks in advance
Cheers
James D. Stallard
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
************************************************************
Please note that our domain name has been changed to:
adnoc-dist.ae; Hence please change the email ID to reflect
the new domain name.
This communication may contain confidential information.
If you are not the intended recipient, then please inform us
immediately.
Adnoc Distribution-Tel:02-6771300 Fax:02-6722322
Email:webmasteradnoc-dist.ae Website: www.adnoc-dist.ae
This message was scanned Adnoc distribution
************************************************************
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]