Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

How are people installing programs on my CTX SVRs?!?!

Status
Not open for further replies.
bran2235

bran2235

IS-IT--Management
Feb 13, 2002
703
0
0
US
Hello everyone...

I publish a desktop (PS4 farm of 22 servers) to about 600 users.

I have randomly noticed that users (not admins) are able to install misc programs like chat programs, coupon hunters, etc. HOW IS THIS POSSIBLE?

I don't want to disable the MS INSTALLER service...

ANY SUGGESTSIONS???


Thanks,
Brandon
 
Sort by date Sort by votes
This would be because the servers is not properly secured, or users are logging on with elevated accounts, i.e. power user or administrator. You'll find instructions on how to lock down your systems here:



Patrick Rouse
Microsoft MVP - Terminal Server
 
Upvote 0 Downvote
Hi Patrick- thanks for the reply...

I changed my NTFS settings to the following (SYSTEM ROOT):

Admin (Local) Full
Authent Users Read & Execute, List, Read
Creator Owner (blank)
System Full
TERMINAL SERVER USER (?)

The Terminal Server User has:
R&E, List, Read, and Write...

I also did the exact same thing on the Programs DIR...

Should I remove the Term Svr User from the ACL? The article / URL you posted above does not mention the TERMIANL SERVER USER account (win2003)...


MANY THANKS!
Brandon
 
Upvote 0 Downvote

Ok,

After all the NTFS permission changes- nothing worked until I changed the Security Configuration settings in the Terminal Server Configuration to FULL.

Many thanks for the URL Reference... It's great!!


Brandon
 
Upvote 0 Downvote
I would be very careful about doing any of this to a production server, as you're bound to break things that used to work w/ relaxed security. What is normally done is to start with a locked down system, install and test one application, relax security or alter the application as needed to run that one application, install another application... Once everything is tested and certified, make a system image (even better to make incremental images, so you can go back a step if something goes south during your build process)

On 2000 it was very easy to get applications to work on TS, as everyone had full control permissions to the root of the system drive by default. This however allowed users to install applications, delete files.... break your server.

Patrick Rouse
Microsoft MVP - Terminal Server
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

gazonk.del
  • Locked
  • Question
How to Copy save_set from Tape to Disk -- Continuation
Replies
0
Views
65
gazonk.del
gazonk.del
SBTBILL
  • Locked
  • Question
How to get to files
Replies
1
Views
71
Provogeek
Provogeek
DreemaGurl
  • Locked
  • Question
Can't log on to Citrix through emote access portal
Replies
1
Views
120
ntinlin
ntinlin
topdabadawg
  • Locked
  • Question
External USB drive on XenServer
Replies
0
Views
50
topdabadawg
topdabadawg
Hfnet
  • Locked
  • Question
Office 2010 KMS stoppped working on PVS Citrix
Replies
0
Views
47
Hfnet
Hfnet

Part and Inventory Search

Sponsor

Back
Top