I've been tasked with the following project... Provide access for partner company personnel to a LOB app and our intranet via a terminal server session [1]. The IE session should allow access to the intranet site and nothing else, no internet, no local machine, no customization.
Plan is to create a VM with the appropriate restricted desktop access and the LOB app. That part's ok; however, I'm having trouble finding good info on securing IE so that it can only get to our intranet. I can set a non-existent proxy and add our intranet to the proxy bypass sites; that's easy enough. What I can't remember is how to lock down IE so no one can type "c:\" or some other folder name and get to the local file system. I tried the NoFileURL setting under HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, but it's not restricting the test user. Anyone remember a good way to prevent local file system access through IE? A good ADM file that chokes IE to the bone would be nice, too, but I haven't found one of those lately either. My Google Mojo isn't working today... Thanks! [1] I know; running IE on a server is bad juju. That's why it's going to be in a snapshotted VM I can wipe daily. :-) You don't want to know how ugly the other alternatives were... ********************** Charlie Kaiser W2K3 MCSA/MCSE/Security, CCNA Systems Engineer Essex Credit / Brickwalk 510 595 5083 ********************** List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
