&KDSWHU$GYDQFHG7RSLFV
The Aclcheck utility is used to display file and directory permissions that give
excessive access to users and groups The Aclcheck utility can be used to verify
the security of the MetaFrame server. See Appendix A, “MetaFrame Command
Reference” for more information on using Aclcheck.
See the Windows Terminal Server documentation for information on using the
Security Configuration utility.
8VLQJWKH$SSOLFDWLRQ([HFXWLRQ6KHOO$SS
Many applications require write access to temporary files or directories to operate
properly. Also, some applications use .INI files to define settings and preferences
that are retained after the application terminates. Users may be able to change
these preferences in undesired ways so that the next user who runs the application
sees the settings left by the previous user instead of the standard settings.
One way to create a secure, standardized environment while allowing write access
to files and directories is to use the Application Execution Shell utility (App). App
lets you write execution scripts that copy standardized .INI files containing default
settings to user directories before starting the application and that perform
application-related cleanup after the application terminates.
App can also be used to create an execution script that is used in an .ICA file so
that hackers cannot modify the execution parameters (for example, working
directory or execution directory) because the parameters do not appear in the .ICA
file, only the name of the App script file.
See Appendix A, “MetaFrame Command Reference” for more information on
using App.
$XGLWLQJ/RJRQV
The auditlog utility is used to generate reports of logon and logoff activity.
Auditlog can also display logon failures and session duration.
Auditlog processes the Windows NT Event Log. To use auditlog, you must enable
Windows NT logon/logoff event logging with User Manager for Domains. See
your Windows NT documentation for information on event logging.
See Appendix A, “MetaFrame Command Reference” for more information on the
auditlog utility.