Protecting Citrix: Hardening the OS Configuration
- Details
- Category: Hacking Citrix
- Written by Elliot
| Method | Info | Notes |
| Restrict access to files | regedit,runas,rundll32,wordpad,notepad ,cmd,rdp,ftp,wmic,telnet,net |
|
| Restrict older applications | reg.exe,command.com,regedt32,Debug.exe | |
| Create SRP | "Disallow All, Allow Exceptions" mode | |
| Restrict execution folder | Only allow from C:\Windows\ and some programs in C:\Program Files\ | |
| Prevent clipboard use | Disable Client Clipboard Mapping | |
| Disable cscript & wscript & vbscript.dll | Technet link | |
| Assign permissions to registry | Technet Link | |
| Remove shell folders | HKEY_CLASSES_ROOT\CLSID\{CLSID HERE}\Shell | |
| Disable macros in Excel/Word | ||
| Disable all help dialogs | ||
| Remove control panel applets | Most of them are in C:\windows\system32\ | |
| Disable hotkeys | "Explorer HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion \Policies\Explorer (DWORD: NoWinKeys)" |
|
| Prevent users from mapping network shares |