I am trying to lock down UNC pathing for applications hosted through citrix sessions on 2003 server. For IE I implemented the GPO to disable the run command on the server, which in turn disables UNC pathing in IE. Users are still able to open apps off server and go to file open and then enter UNC path in file name and get error message to file name but the directory in the background takes them to the system share on the server. Even through local policy rights prevents immediate tampering, you can create a new folder, then back out, then save file to the folder you created and inherit rights as owner to, and it proves to be a sercurity risk. So simply put, how can I disable UNC pathing locally or globally to applications or users on the server without disabling NetBIOS over TCP/IP?