￿￿￿￿￿ 0HWD)UDPH￿$GPLQLVWUDWRUªV￿*XLGH

Click the Advanced tab to adjust the importance of advanced factors when calculating overall system load. The Importance factor for each parameter can be adjusted independently of any others.

0HWD)UDPH￿6HFXULW\￿7RROV

In addition to the security issues common to Microsoft Windows NT Server, Windows Terminal Server has additional security issues related to remote control; that is, its ability to allow remote users to logon and execute applications remotely. This means that any remote users who logon to the server must be allowed to access files and directories in a secure fashion.

The MetaFrame security tools enhance the standard Windows Terminal Server security features by providing additional methods for securing file systems.

8VLQJ￿$FOVHW￿WR￿6HFXUH￿WKH￿)LOH￿6\VWHP

Aclset automatically secures all files and directories on all hard drives. Aclset secures all files, directories, and drives. After the file systems are secured, use the Security Configuration utility and other tools to selectively enable user access to files and directories. This method makes sure that there are no file system security holes. Aclset sets all file and directory Access Control Lists (ACLs) to grant Full Access rights to the Administrators and System groups only; the Users group is denied access. This step is also referred to as “locking down” the file system.

:DUQLQJ Running Aclset denies user access to all files and directories on the Windows Terminal server. After running Aclset, users may not be able to logon and run any applications. Use Aclset only when a high security environment is required.

ÃTo use Aclset to secure the file system

1.Start a Command Prompt session. Make sure no other programs or users are active.

2.At the command prompt, type aclset and press ENTER.

3.When Aclset is complete, the command prompt returns. There is no success message but any errors encountered are reported.

After Aclset completes, the file system is locked down. The Users group has no access to any drive, directories, or files. Running the Security Configuration utility unlocks selected system files and gives users limited access to selected directories (including users’ home directories and temp directories).

Page 120
Image 120
Citrix Systems 1.8 manual 0HWDUDPH6HFXULW\7RROV, 8VLQJ$FOVHWWR6HFXUHWKHLOH6\VWHP, To use Aclset to secure the file system