?
Solved

Allow read-only access to Thumb Drives via Program Neighborhood and Web Client in Citrix?

Posted on 2010-09-09
6
Medium Priority
?
520 Views
Last Modified: 2012-05-10
We are trying to lock down our Citrix environment. We have users with thumb drives that copy data up to servers via Citrix. We are fine with that. However, we want to prevent them from copying company data back down to the thumb drives. Is there any way to lock this down in Citrix? As far as I can tell, all local drives and thumb drives just show up as mapped drives with no way to define things as read only within Citrix. I'm sure there must be a solution!
0
Comment
Question by:Tanders1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 13

Expert Comment

by:Greg Hejl
ID: 33641081
0
 

Author Comment

by:Tanders1
ID: 33645540
Unfortunately, this will prevent our sites from deleting data from their Thumb drives. If, for example they are using a camera card, they still need to be able to delete photos that might be on the card and not allow them to copy new data to the card...
0
 
LVL 13

Expert Comment

by:Greg Hejl
ID: 33646092
if you give the application service read/write permissions,  your application should be able to remove files

 i believe read only permissions will only apply to your user.

is company data different than images?

put all workers that should not have access to company data into a group and use ntfs permissions to deny access to the group


0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 

Author Comment

by:Tanders1
ID: 33646160
They all have access to company data. We have sites where the managers need to take photos of apartments and upload them to the servers. We still need them to be able to remove those photos from the card. However, we do not want them copying data from the server back to that same thumb drive.
0
 
LVL 13

Expert Comment

by:Greg Hejl
ID: 33650055
use ntfs file permissions to block access to the company data

put all workers that should not have access to company data into a group and use ntfs permissions to deny access to the group
0
 
LVL 6

Accepted Solution

by:
TreyBcool earned 2000 total points
ID: 33665096
Actually this is very possible. Its a registry setting on your XA servers. You can also set the clipboard to read only.
----------------------------------------------------------------------------------------------------------------      
      POLICY "Secure Client Drive Mapping"
                  EXPLAIN "Allows client drive mapping but does not allow users to save data back down the ICA channel. Users can open files from thier client mapped drives only. If a user tries to write to or save to a client mapped drive, they will get an error."
                  KEYNAME "SYSTEM\CurrentControlSet\Services\Cdm\Parameters"
                  PART "Enabled" CHECKBOX
                  VALUENAME "ReadOnlyMappedDrive"
                  VALUEON NUMERIC 1
                  VALUEOFF NUMERIC 0
                  END PART
            END POLICY
            POLICY "Secure Client Clipboard Mapping"
                  EXPLAIN "Allows clipboard mapping but does not allow saving or transfering of clipboard data outside the XenApp sever. Users can copy from their local PC and past into a XenApp session but can not copy from a ICA session and past to a local application."
                  KEYNAME "SYSTEM\CurrentControlSet\Control\Citrix\wfshell\Virtual Clipboard"
                  PART "Enabled" CHECKBOX
                  VALUENAME "ReadOnly"
                  VALUEON NUMERIC 1
                  VALUEOFF NUMERIC 0
                  END PART
            END POLICY
      END CATEGORY; ICA control
  END CATEGORY; XenApp
END CATEGORY; Citrix
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If your vDisk VHD file gets deleted from the image store accidentally or on purpose, you won't be able to remove the vDisk from the PVS console. There is a known workaround that is solid.
The business world is becoming increasingly integrated with tech. It’s not just for a select few anymore — but what about if you have a small business? It may be easier than you think to integrate technology into your small business, and it’s likely…
This video teaches viewers how to encrypt an external drive that requires a password to read and edit the drive. All tasks are done in Disk Utility. Plug in the external drive you wish to encrypt: Make sure all previous data on the drive has been …
This Micro Tutorial will teach you how to reformat your flash drive. Sometimes your flash drive may have issues carrying files so this will completely restore it to manufacturing settings. Make sure to backup all files before reformatting. This w…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question