Disable logon script from executing on Citrix

[gojoerun]

Does anyone know how to disable domain logon scripts from executing on Citrix Metaframe XP.

My issue is this...we have discovered a resourceful user who has managed to find a "round-about" method of starting a non-approved application within an approved application via the File->Open menu of any published application. Applications can be launch by command line, shortcut or simply by selecting the application exe from another application File-Open menu.

What I have done so far is this...

We use drive re-mapping, therefore C drive is K drive...I have hidden K drive from view via any application. This however will not stop users from creating batch files to launch application (assume user has access to their home directories on the domain)

To resolve the batch file issue above, i have done the following in the local system policy:

User Configurtation/Administrative Templates/System/Prevent Access to Command Prompt ->> Enable (also select Yes to “Disable the command prompt script processing also”)

This setting will resolve the issue, however when the domain logon script is executed on Citrix, the command window appears with a message indicating the command script access has been disabled. This is what I want but I don't want the command window to pop up everytime an application is launched. I don't need domain scripts to run on Citrix but I don't know how to prevent them from executing.

Does anyone know if domain logon scripts can be restricted from starting on Citrix ?

Thanks !

Joe

 

[enigma99]

gojoerun,
What kind of a script is it? (ie...kix or something else)
Here is what I've done in the past.
Place a folder on all your Citrix servers and name it something like "noscript" or something.

In your login script, tell it to look for a folder named "noscript" under the c or d or k drive.
If the "noscript" folder is there...then go to end.

That should tell it to look for the folder and if the folder is there then don't run the domain login script.

Hope that helps.

 

[gojoerun]

It's the standard netlogon script (user logon script). We need the script for our domain users but we don't need it to run in a citrix session. Allowing the scripts to run poses a serious security risk. I need to supress the script from initiating. To do a lookup for a folder on the server would mean that the script needs to initiate....or maybe I don't fully grasp your idea. Would your idea be the same as doing a "If %computername%={name of citrix server} goto end" ? This still requires a batch (logon script) to initiate.

Joe

 

[enigma99]

that is correct gojoerun.
Here is an article I found about doing the same thing in a different way.


"Set an environment variable, for instance SRV=CITRIX on every Citrix Server, after that you have to reboot the Servers. In the NT/NDS login script add the following line

IF /I %SRV% EQU CITRIX GOTO :eof

as the the first command."


Hope that helps.

 

[gojoerun]

Thanks but we may be misunderstanding each other. I would like to "supress" the script from running. Your suggestion is to "quit" the script after it has initiated. I am looking for a solution that will prevent it from initiating all together.

Thanks for the effort anyway !

Joe