Solved

Server 2012 R2 File Explorer

Posted on 2016-11-10
5
66 Views
Last Modified: 2016-11-14
Hi,

We are just starting to roll out Citrix XenApp Desktops and have noticed that if you allow access to 'File Explorer' the users are able to open a 'Command Prompt' from the 'File' menu on the ribbon.  Is there a way we can either turn off the ribbon or disable the 'Command Prompt' shortcut on the ribbon?  We have already set the ribbon to start minimized but this does not stop the users from clicking on the links at the top and opening the menus.

Thanks
Chris
0
Comment
Question by:Moto_Systems
5 Comments
 
LVL 25

Expert Comment

by:Sekar Chinnakannu
ID: 41881930
You try same using gpo User Configuration\Administrative Templates\System or you can try the same via registry...
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System -> Select  DisableCMD and set value to 0.
0
 

Author Comment

by:Moto_Systems
ID: 41881940
Thanks for the suggestion but due to some software that we use we are not able to disable the CMD, so would just like to hide the link.

Thanks
Chris
0
 
LVL 8

Expert Comment

by:James Rankin
ID: 41881945
You could use appsense environment manager's lock down tool to disable this entry point, but there is a licensing cost involved.
0
 
LVL 7

Assisted Solution

by:Andy
Andy earned 250 total points
ID: 41881996
Hiding it won't help, there are other ways to break out such as:

create a shortcut on the desktop to cmd.exe
using task manager file open to run cmd

anyone looking up 'breakout citrix' will find numerous ways to run cmd or other tools (such as powershell) as well as bypassing other restrictions:
https://www.pentestpartners.com/blog/breaking-out-of-citrix-and-other-restricted-desktop-environments/

It's risk vs compromise

I  agree, AppSense can help a lot but it's pricey.
1
 
LVL 8

Accepted Solution

by:
James Rankin earned 250 total points
ID: 41882002
If you need the command prompt, but don't want users to be able to run it - what are you worried they will do from the command prompt? As long as they're not administrators, then most of the damaging functions should be unavailable.
2

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Speed and CPU issues with RDSH Windows 2012 R2 Farm 8 27
DNS zone 3 27
Grant drive/folder change permissions to VPN user 6 13
IR 1023 Scanning 4 24
Citrix XenDesktop 7.6 Citrix Policies Graphics
Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
In this Micro Tutorial viewers will learn how to use Windows Server Backup to create full image of their system. Tutorial shows how to install Windows Server Backup Feature on Windows 2012R2 and how to configure scheduled Bare Metal Recovery backup.…
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question