Citrix & win2k policy problem...

  • Thread starter Thread starter John
  • Start date Start date
J

John

Hi all,
I have this problem that I can not find any sollution for, maybe you know
how to solve this?

I have a published application on citrix metaframe 1.8.
I do not want users to access the local drives, so I disabled access to
local drives in the policy. This works well....
Now I want users to have some space on the server for storing and working
with Office files, but that is not possible, because I disabled access to
local drives. Now to me it seems that the only sollution is to enable it
again. But that causes trouble, because users are then able to access the
drives and parts of the drives where they do not belong, which I do not want
to happen.
So the problem is that I want them to be able to acess a part of the drive
but I do not want them to be able to access the whole drive. I have already
used drive mapping to a network share, but that does not work. I also
played with user rights on file-level, but that is not good enough, because
the users also must be able to access the files in the application path to
start the application of course....
There is also a problem that users can manually specify a location in the
published application and when users are smart enough they can specify the
drive that is not visible in "my computer", when local-drive access is
enabled.

If anyone knows how to deal with this I would be very pleased.

Cheers,
John
 
Hi all,
I have this problem that I can not find any sollution for, maybe you
know how to solve this?

I have a published application on citrix metaframe 1.8.
I do not want users to access the local drives, so I disabled access
to local drives in the policy. This works well....
Now I want users to have some space on the server for storing and
working with Office files, but that is not possible, because I
disabled access to local drives. Now to me it seems that the only
sollution is to enable it again. But that causes trouble, because
users are then able to access the drives and parts of the drives where
they do not belong, which I do not want to happen.
So the problem is that I want them to be able to acess a part of the
drive but I do not want them to be able to access the whole drive. I
have already used drive mapping to a network share, but that does not
work. I also played with user rights on file-level, but that is not
good enough, because the users also must be able to access the files
in the application path to start the application of course....
There is also a problem that users can manually specify a location in
the published application and when users are smart enough they can
specify the drive that is not visible in "my computer", when
local-drive access is enabled.

If anyone knows how to deal with this I would be very pleased.

Cheers,
John
Click to expand...

Their is a policy that disable access to specified drives. Use it and
users will not be able to access again drives: this allow them to click
shortcut but doen't allow them to browse specified drive even their are
or not hidden.
Create another partition to store application data.
Redirect every default path of application to this partition: a lot of
application already use "My Documents" (redirect via GPO or potch the
user registry), for others, edit registry (ex: WinZip) or make
application compatibility script like existing scripts.

If you don't disable access to drives, any user will be able to access
any drives or run any system EXE like CMD.EXE ......: Running write.exe
is suffisant to start any EXE of any drive.

The most difficult is to scan every published application to find
possibilities to open a browser on default system drive.

Another solution: Use AppSense Application Manager.

Tristan
 
Hi Tristan,
Thank you for your information, I will sure use it in my R&I .
We use AppSense Performance Manager somewhere else, and I have been told
that it is very expensive and unfortunately I am not in that luxurious
position.

Cheers!
John
 
Back
Top