RE: Citrix Client Access VerificationFrom: Robert Collins (firstname.lastname@example.org)
- Previous message: sween: "Citrix Client Access Verification"
- Maybe in reply to: sween: "Citrix Client Access Verification"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Subject: RE: Citrix Client Access Verification Date: Mon, 24 Sep 2001 12:57:11 +1000 Message-ID: <EA18B9FA0FE4194AA2B4CDB91F73C0EF08F1BC@itdomain002.itdomain.net.au> From: "Robert Collins" <email@example.com> To: "sween" <firstname.lastname@example.org>, <email@example.com>
> -----Original Message-----
> From: sween [mailto:firstname.lastname@example.org]
> Your professional opinions are appreciated.
> About a month ago I had posted the below as a Citrix Client Access
> Advisory and got several responses to the fact that it either
> it was not a
> valid vulnerabilty or that it was a default configuration problem.
> which may be true.
> but consider this. The "only allow users to launch published
> applications" checkbox only works in an environment when you are only
> serving published applications and not in an environment where you are
> serving desktops AND applications. You can visually tell by the
This is not correct. You can server desktops _as_ published applications
simply by serving "explorer.exe". Then you can turn on the checkbox for
"only allow users to launch published applications". IMO that does make
this a purely configuration issue.