?
Solved

How to disable UNC pathing in applications' open and save dialogs?

Posted on 2008-10-10
5
Medium Priority
?
1,808 Views
Last Modified: 2013-11-25
I am trying to lock down UNC pathing for applications hosted through citrix sessions on 2003 server. For IE I implemented the GPO to disable the run command on the server, which in turn disables UNC pathing in IE. Users are still able to open apps off server and go to file open and then enter UNC path in file name and get error message to file name but the directory in the background takes them to the system share on the server. Even through local policy rights prevents immediate tampering, you can create a new folder, then back out, then save file  to the folder you created and inherit rights as owner to, and it proves to be a sercurity risk. So simply put, how can I disable UNC pathing locally or globally to applications or users on the server without disabling NetBIOS over TCP/IP?
0
Comment
Question by:ehesik
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 63

Expert Comment

by:SysExpert
ID: 22689725
I don't think that you can, but maybe someone else has more info.

0
 

Author Comment

by:ehesik
ID: 22690060
Ok, instead of trying to selectively disable UNC to apps.. What about a solid GPO I can apply to the users to specifically prevent drive or share access on the specific server?
0
 
LVL 10

Expert Comment

by:JaredJ1
ID: 22691338
Maybe I've not grasped what you're asking, but if you don't want the users to be able to have "Owner" permissions on files, don't give them "Full Control" NTFS permissions. If you only give "Modify" they will never be able to change permissions of the files, thereby negating the rights associated with file ownership.

I don't believe there is a GPO that will disable drive or share access.
0
 
LVL 2

Accepted Solution

by:
Ron9909 earned 1500 total points
ID: 22693818
Try the Login Consultants True Control Templates - these are some custom ADM templates for Citrix/TS.  I think its the W2003 template that includes options to force explorer settings - Display the full path in the address bar & Display the full path in title bar  - set both to disabled.  This is a great template and worth a look, but the following code will do the same job:

CLASS USER

CATEGORY Addressbar

POLICY "Enable full path in address bar"

KEYNAME "Software\Microsoft\Windows\CurrentVersion\Explorer\CabinetState"

EXPLAIN !!Address_Bar_Help

VALUENAME "FullPathAddress"

VALUEON NUMERIC 1

VALUEOFF NUMERIC 0

END POLICY

END CATEGORY

[strings]

Address_Bar_Help="Enable displaying the full path in the address bar by selecting ENABLED. To disable, select DISABLED."

 Its also possible to modify the behaviour of the common file/save dialog in the Microsoft white paper entitled W2003_Terminal_Server_Lockdown (http://www.microsoft.com/downloads/details.aspx?FamilyID=7f272fff-9a6e-40c7-b64e-7920e6ae6a0d&DisplayLang=en)


0
 

Author Closing Comment

by:ehesik
ID: 31505137
there was a link to a MS white paper on terminal services grou ppolicy settings that put me on the right track to lockdown explorer acces on the machine and user to prevent any pathing or tampering with directory files... thanks for the help..
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Several part series to implement Internet Explorer 11 Enterprise Mode
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question