Solved

Allow read-only access to Thumb Drives via Program Neighborhood and Web Client in Citrix?

Posted on 2010-09-09
6
512 Views
Last Modified: 2012-05-10
We are trying to lock down our Citrix environment. We have users with thumb drives that copy data up to servers via Citrix. We are fine with that. However, we want to prevent them from copying company data back down to the thumb drives. Is there any way to lock this down in Citrix? As far as I can tell, all local drives and thumb drives just show up as mapped drives with no way to define things as read only within Citrix. I'm sure there must be a solution!
0
Comment
Question by:Tanders1
  • 3
  • 2
6 Comments
 
LVL 13

Expert Comment

by:Greg Hejl
Comment Utility
0
 

Author Comment

by:Tanders1
Comment Utility
Unfortunately, this will prevent our sites from deleting data from their Thumb drives. If, for example they are using a camera card, they still need to be able to delete photos that might be on the card and not allow them to copy new data to the card...
0
 
LVL 13

Expert Comment

by:Greg Hejl
Comment Utility
if you give the application service read/write permissions,  your application should be able to remove files

 i believe read only permissions will only apply to your user.

is company data different than images?

put all workers that should not have access to company data into a group and use ntfs permissions to deny access to the group


0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:Tanders1
Comment Utility
They all have access to company data. We have sites where the managers need to take photos of apartments and upload them to the servers. We still need them to be able to remove those photos from the card. However, we do not want them copying data from the server back to that same thumb drive.
0
 
LVL 13

Expert Comment

by:Greg Hejl
Comment Utility
use ntfs file permissions to block access to the company data

put all workers that should not have access to company data into a group and use ntfs permissions to deny access to the group
0
 
LVL 6

Accepted Solution

by:
TreyBcool earned 500 total points
Comment Utility
Actually this is very possible. Its a registry setting on your XA servers. You can also set the clipboard to read only.
----------------------------------------------------------------------------------------------------------------      
      POLICY "Secure Client Drive Mapping"
                  EXPLAIN "Allows client drive mapping but does not allow users to save data back down the ICA channel. Users can open files from thier client mapped drives only. If a user tries to write to or save to a client mapped drive, they will get an error."
                  KEYNAME "SYSTEM\CurrentControlSet\Services\Cdm\Parameters"
                  PART "Enabled" CHECKBOX
                  VALUENAME "ReadOnlyMappedDrive"
                  VALUEON NUMERIC 1
                  VALUEOFF NUMERIC 0
                  END PART
            END POLICY
            POLICY "Secure Client Clipboard Mapping"
                  EXPLAIN "Allows clipboard mapping but does not allow saving or transfering of clipboard data outside the XenApp sever. Users can copy from their local PC and past into a XenApp session but can not copy from a ICA session and past to a local application."
                  KEYNAME "SYSTEM\CurrentControlSet\Control\Citrix\wfshell\Virtual Clipboard"
                  PART "Enabled" CHECKBOX
                  VALUENAME "ReadOnly"
                  VALUEON NUMERIC 1
                  VALUEOFF NUMERIC 0
                  END PART
            END POLICY
      END CATEGORY; ICA control
  END CATEGORY; XenApp
END CATEGORY; Citrix
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

#Citrix #XenApp #Citrix Scout #Citrix Insight Services #Microsoft VMMAP #Microsoft ADEXPLORE #Microsoft RAMMAP #Microsoft TCPVIEW #Microsoft AUTORUNS #Microsoft PROCESS EXPLORER #Microsoft PROCESS MONITOR
This article is an update and follow-up of my previous article:   Storage 101: common concepts in the IT enterprise storage This time, I expand on more frequently used storage concepts.
This Micro Tutorial will teach you how to reformat your flash drive. Sometimes your flash drive may have issues carrying files so this will completely restore it to manufacturing settings. Make sure to backup all files before reformatting. This w…
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now