Block FFCE access to local drives

Post Reply
shoobox
Posts:3
Joined:Fri Jul 06, 2007 4:52 pm
Block FFCE access to local drives

Post by shoobox » Fri Jul 06, 2007 5:02 pm

I have FFCE installed in a terminal services environment with roaming profiles. I use GPO's to lock down the servers. I am currently blocking access to the local drives.

Is there any way to block FFCE access to the local drives? I do not want my users to have this type of access. :( I have poured through the mozilla and firefox adm's with no luck.

Any help would be much appreciated.

User avatar
DraconPern
Site Admin
Posts:1218
Joined:Thu Oct 30, 2003 11:47 pm
Location:Texas
Contact:

Post by DraconPern » Sun Jul 08, 2007 7:28 am

Doesn't roaming profiles requires local drive access since Windows copy the profiles locally when the user logs in? What type of access are you trying to block? eg., read, browse, write? something else?
FrontMotion Lead Developer

shoobox
Posts:3
Joined:Fri Jul 06, 2007 4:52 pm

Post by shoobox » Sun Jul 08, 2007 8:36 pm

Using GPO's I redirect the 'Application Data' , 'My Documents' folders to the users Home Directory located on a remote storage SAN. The user has access to these areas. The user does not need access to any part of the local drives or the remaining portion of the local profile before it is copied back to the SAN upon logout.

The access that I am trying to block would be read and view access. If the user simply types C:\ in the Firefox address bar, she will have full view and read access to all files on the c drive.

If I cannot block this access, there is a good chance that I will be forced to remove Firefox from these terminal servers.

Is there something that I am missing?

User avatar
DraconPern
Site Admin
Posts:1218
Joined:Thu Oct 30, 2003 11:47 pm
Location:Texas
Contact:

Post by DraconPern » Thu Jul 12, 2007 6:43 pm

Short answer: There's no easy solution from the browser side short of a customized firefox.

The user won't have read access to all files on the computer because of NTFS permissions. Ie. they won't have access to other people's files.

btw, are you using citrix?
FrontMotion Lead Developer

shoobox
Posts:3
Joined:Fri Jul 06, 2007 4:52 pm

Post by shoobox » Thu Aug 02, 2007 10:42 am

I am using server 2003 terminal services. :)

User avatar
DraconPern
Site Admin
Posts:1218
Joined:Thu Oct 30, 2003 11:47 pm
Location:Texas
Contact:

Post by DraconPern » Thu Aug 02, 2007 1:06 pm

Can you tell me why you hide the C: from users? I know that feature was from the days of 95/98 when it was used to stop bad users from messing up other people's files, but now with NTFS, it's not really a problem.
FrontMotion Lead Developer

Post Reply