Learn how to a build a cloud-first strategyRegister Now


How to disable UNC pathing in applications' open and save dialogs?

Posted on 2008-10-10
Medium Priority
Last Modified: 2013-11-25
I am trying to lock down UNC pathing for applications hosted through citrix sessions on 2003 server. For IE I implemented the GPO to disable the run command on the server, which in turn disables UNC pathing in IE. Users are still able to open apps off server and go to file open and then enter UNC path in file name and get error message to file name but the directory in the background takes them to the system share on the server. Even through local policy rights prevents immediate tampering, you can create a new folder, then back out, then save file  to the folder you created and inherit rights as owner to, and it proves to be a sercurity risk. So simply put, how can I disable UNC pathing locally or globally to applications or users on the server without disabling NetBIOS over TCP/IP?
Question by:ehesik
LVL 63

Expert Comment

ID: 22689725
I don't think that you can, but maybe someone else has more info.


Author Comment

ID: 22690060
Ok, instead of trying to selectively disable UNC to apps.. What about a solid GPO I can apply to the users to specifically prevent drive or share access on the specific server?
LVL 10

Expert Comment

ID: 22691338
Maybe I've not grasped what you're asking, but if you don't want the users to be able to have "Owner" permissions on files, don't give them "Full Control" NTFS permissions. If you only give "Modify" they will never be able to change permissions of the files, thereby negating the rights associated with file ownership.

I don't believe there is a GPO that will disable drive or share access.

Accepted Solution

Ron9909 earned 1500 total points
ID: 22693818
Try the Login Consultants True Control Templates - these are some custom ADM templates for Citrix/TS.  I think its the W2003 template that includes options to force explorer settings - Display the full path in the address bar & Display the full path in title bar  - set both to disabled.  This is a great template and worth a look, but the following code will do the same job:


CATEGORY Addressbar

POLICY "Enable full path in address bar"

KEYNAME "Software\Microsoft\Windows\CurrentVersion\Explorer\CabinetState"

EXPLAIN !!Address_Bar_Help

VALUENAME "FullPathAddress"






Address_Bar_Help="Enable displaying the full path in the address bar by selecting ENABLED. To disable, select DISABLED."

 Its also possible to modify the behaviour of the common file/save dialog in the Microsoft white paper entitled W2003_Terminal_Server_Lockdown (http://www.microsoft.com/downloads/details.aspx?FamilyID=7f272fff-9a6e-40c7-b64e-7920e6ae6a0d&DisplayLang=en)


Author Closing Comment

ID: 31505137
there was a link to a MS white paper on terminal services grou ppolicy settings that put me on the right track to lockdown explorer acces on the machine and user to prevent any pathing or tampering with directory files... thanks for the help..

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Configuring network clients can be a chore, especially if there are a large number of them or a lot of itinerant users.  DHCP dynamically manages this process, much to the relief of users and administrators alike!
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

804 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question