How to disable all web links in a Citrix Xenapp76 published outlook 2007 apllication

We want to prevent out users from accidentally clicking on a link in an e-mail and opening a potentially dangerous virus. instead they should be forced to copy the "hyperlink" and paste into their local machine's browser.
We are running Citrix Xenapp76 with published apps (not desktops). We have one Controller and two VDA application servers. (Mail server is Exchange 2007 standard)
Note: we do not want to affect users using locally installed outlook clients, only the published app version.
Thank you
Wayne
wlasnerDirector, ITAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Dirk KotteSECommented:
i see 3 options:
- set a ntfs-access-list to the iexplore.exe prohibit executing these app for users
- use a proxy-file disabling external access (or set proxy to 127.0.0.1)
- redirect http requests to the client browser (combine with option 1 or 2 to prevent local IE usage as fail-over)
0
wlasnerDirector, ITAuthor Commented:
Can you provide more details on how to accomplish each of the above suggested steps.
We have tried the third - redirect and were successful for links in MS word redirecting to client but where we needed it most to work is in the published outlook application. Links there still open using the local server's browser.

Redirect would be the optimal goal but if that will not work then we want to disable all links for published apps. (not affecting users local computer browser). Is there a local group policy that can be applied?
0
Dirk KotteSECommented:
1. ntfs-rights
- search the iexplore.exe file; right click; security ... deny execute rights for all users (but admins) ... the default file-permission options from the OS
2. set a policy (GPO) overwriting the proxy settings at the server with a non existent proxy or a "auto-proxy-script" pointing to a black-hole.

sorry, can't provide a step by step guide at the moment ...
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
wlasnerDirector, ITAuthor Commented:
not applicable in our situation - but thanks for the try
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Citrix

From novice to tech pro — start learning today.