Post to Twitter |
Comments (3) |
Views (1874) |
Citrix XenApp 5 Feature Pack 2 for Windows Server 2003 has a very cool feature called Secure Clipboard Control. The technical folks may know this feature as "Read-Only Client Drive Mapping and Clipboard", but the end results are the same: it further mitigates risks of data leakage.
Granting remote users CDM access is great because they can open local files with server published apps. But they also have the ability to save server documents locally thereby increasing the probability that confidential data leaks out beyond the enterprise. Some customers have tried to tackle this problem by disabling CDM and clipboard altogether, but that does not offer users flexibility - what if administrators want to only let users save documents back on the server? This is where the new Secure Clipboard Control setting can help. It is a really simple feature for administrators to configure, yet provides an added level of flexibility (users can save documents to the server, but cannot save documents to the local device) administrators didn't have before.
To enable the feature in the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdm\Parameters, create a DWORD value with value name ReadOnlyMappedDrive and value data 1.
To enable one way clipboard In registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Citrix\wfshell\Virtual Clipboard, create a DWORD value with value name ReadOnly and value data 1.
After rebooting the server all users that connect will only be able to read documents from their mapped drives and will only be able to copy and paste text into a published application. Data that is copied into the published application clipboard (via CTRL-C) will not show up in the client's clipboard paste buffer. Whenever the user tries to save a file to a mapped drive they will get an error saying they don't have permission to write to the location because XenApp has the drive open in read-only mode.
For now both settings are server wide so remote users will have to be confined to specific machines where the settings are enabled. You can find out more about this feature at CTX123002 and in Citrix eDocs here.
Learn more about Citrix XenApp 5 Feature Pack 2
- Official Press Release - http://citrix.com/English/NE/news/news.asp?newsID=1857726
- XenApp 5 Feature Pack 2 release Web Site - http://citrix.com/xenapp/featurepack2
- XenApp 5 Feature Pack 2 Executive Video - http://citrix.com/xenapp/fp2/video
- XenApp 5 Feature Pack 2 Release Webinar - http://citrix.com/xenapp/fp2/techtalk
- XenApp feature matrix by platform, version and edition - http://citrix.com/xenapp/comparativematrix
- XenApp Expert Series videos for this release - http://citrix.com/xenapp/fp2/expertseries
- XenApp 5 Feature Pack 2 Blogs- http://community.citrix.com/blogs/tag/xa5fp2
- Download XenApp technology previews - http://citrix.com/xenapp/techpreviews
- XenApp Product Page - http://citrix.com/xenapp/
Follow XenApp on 
| 
| 
| 
Comments (3)
Oct 24
Alastair Cunningham says:
Nice feature, although the way it must be applied to an entire server is not ver...Nice feature, although the way it must be applied to an entire server is not very granular. Any possibility this will be managed via Citrix Policies in a later update?
Oct 24
Nick Holmquist says:
Agreed, fantastic idea. That being said, with it being in the polices and ...Agreed, fantastic idea. That being said, with it being in the polices and controllable dynamically via Smart Access it is a niche solution.
Not complaining though as these are awesome features that continue to move forward with the needs of customers.
Oct 27
Cris Lau says:
Nick/Alastair, Great ideas! Integration with SmartAccess is something that we ...Nick/Alastair,
Great ideas! Integration with SmartAccess is something that we can support once this feature is part of the Citrix policy (suggested by Alastair). I would be interested in hearing from the community the interst level for these enhancements. Nonetheless, definitely good suggestions!
Add Comment