Folder access to external users with Citrix

mpssasan used Ask the Experts™
We have Citrix Presentation server farm. It is working internally for all users. We need to publish a file share (Folder shared on a file server) to allow access to external users connected via internet.
The present set up I have is
Published share as an application with command line c:\windows\explorer.exe "\\servername\sharename" and working directory as %homedrive%%homepath%

It is opening up the share as far as user logged in from within the network but not externally.
However, another conern, even if user is logged in from the withing the network, he can accessed the share and at the same time he can navigate the network which we don't want. Example, after share is opened in a new window, click on "up" icon and it goes to higher level. User may not be open any doucment but it still give visibility to other resources on the network.
From outside of the network, it error out with "path not found" error because itis looking for the resource on the local disk.

Our objectives are:
Provide access to a share for users from outside of the company netwrok, accessing citrix server via URL (Cannot give external IP to file server, and not prefer to use log on scripts)
Make sure user cannot browse through  the network.

Any help is highly appreciated
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
The easiest way I know how to do this is to use the NetScalers file share utility.  When a user logs in through the netscaler you can present them with file shares, and they are unable to click up to up an additional level.

I do not know if this is possible in Windows because you are limited by Windows itself.  Any share you open in windows will give you this option.
The only way I could see this happening is by using GPOs, login scripts, and NTFS/Share permissions. GPO to hide all local drives (except the mapping) and prevent users from browsing the network, and a logon script to map a drive.


Hello mouseware
Please elaborate on GPO and login scripts, if you can give example or steps that will be great and appreciated.
GPO (based on your needs apply to domain or OU, maybe need to create a new group and assign read permission to this GPO for that specifc group and then add uses?):

Administrative Templates -> Windows Components -> Windows Explorer
Configure (all or some):

"Remove "Map Network drive" and "Disconnect Network Drive""
"Hide these specified drives in My Computer"
"Prevent access to drives from My Computer"
"No computers near Me" in My Network Places"
"No "Entire Network" in my Network Places"

Administrative Templates -> Desktop
Configure (all or some):

"Hide My network Places icon on Desktop"

Logon Script would just be something to map the drive:
net use X: \\server\share\path

Or you could create the user's home drive in active directory for this location, then no logon script needed.


You would just need to setup permissions to ensure only users with Citrix access have permission to the "mapped drive"/network path. This way if they attempted to go elsewhere they would get access denied errors.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial