• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 956
  • Last Modified:

Blocking access to Server drive in Citrix

Hi All

I have just installed my first Citrix 4.5 app - Notepad.

All working fine, however when I try to save the file, I am able to browse the drives on the server that the app is published...anyone know how to stop this?

Secondly, is there a 4.5 equivalent of the Citrix Connection Tool in 4.0?

Thanks
0
kam_uk
Asked:
kam_uk
  • 4
  • 3
  • 3
2 Solutions
 
HerrmannatorCommented:
A couple things you can do:
1) Use a GPO to hide drive letters A-D or whatever is appropriate on your servers, and
2) Use NTFS permissions to prevent people from browsing the areas your don't want them browsing.  For example, you probably created an AD group for each published app allowing users to see that published app.  Just use that same AD group at the file/folder level to allow them ability to launch that app.

Also, regarding the Citrix Connection Tool:
http://support.citrix.com/article/CTX107136
0
 
HerrmannatorCommented:
PS: method #1 just hides the drive letters so users can still type "C:\" in the save box and get to it if they know to try that.  If you want to lock it down, you need to use NTFS for that.  Method #1 prevents most people from saving stuff on the server drives, but does not really lock anything down if they know what to look for.
0
 
Carl WebsterCommented:
In Group Policy:

User Configuration | Administrative Templates | Windows Components | Windows Explorer | Hide these specified drives from My Computer

User Configuration | Administrative Templates | Windows Components | Windows Explorer | Prevent access to drives from My Computer
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
kam_ukAuthor Commented:
Hi Guys

Thanks..

For the moment, we are just in testing so will look at GPO's soon.

Regarding the NTFS permissions - I'm a little bit confused....I don't want them to be able to browse the C: drive at all...is this possible?
0
 
Carl WebsterCommented:
NO - if you do that they will not even be able to run the programs installed on the server's C drive.  Been there, done that and got the 3rd degree burns to prove it.
0
 
kam_ukAuthor Commented:
Ok - no worries.

So the only option is GPO - there is nothing within Citrix to hide server drives?

Also - I see the Citrix Connection Tool (not Citrix Connection Test Tool) has disappeared in 4.5 - do you know where you set config for client drive mapping etc on the server?
0
 
Carl WebsterCommented:
There is nothing native to Citrix to hide server drives.

Citrix Best Practice is to use a Citrix Policy to set you client drive mappings.
0
 
kam_ukAuthor Commented:
Ok - so just to confirm...

Citrix Policy for client drive mappings
GPO for server mappings

That's the best way to go?
0
 
Carl WebsterCommented:
Yes - Best practice on both counts

Also, take a look at this cool utility:

http://www.petri.co.il/gpdrivesoptions.htm
0
 
HerrmannatorCommented:
You can alternatively use a GPO specified TS login script to do the drive mappings especially if they are based on AD groups (for example, if they are in this AD group then they get these drive mapping, etc).

And although you certainly would not want to lock people out of the entire C drive, you definatelty can definately use NTFS permissions to lock users out of specific program execuatbles and/or directories to ensure you comply with your licensing restrictions.
0

Featured Post

 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

  • 4
  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now