A couple of weeks ago, Citrix released XenApp 5.0 to the web. Rest assured, I was really eager to be one of the first to download this new major release and immediately set up a new box with it. Of course, I wanted to know how the RTW compares to the Early Release of Project Delaware which I wrote about in Delaware Test Drive. Continue reading ‘Where is my XenApp 5.0 for Windows Server 2003?’
Monthly Archive for September, 2008
In an earlier article about the XmlServiceExplorer, I explained how to obtain the access list of all published applications in a farm from the XML service.
As this information is offered without authentication, it can be considered a security issue. The XML service should rather offer the resulting list of published applications based on the access lists instead of the access list themselves.
Fortunately, this behaviour of the XML service can be suppressed by changing a registry key on the Presentation Server / XenApp server:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Citrix\XML Service]
“ExposeAccessLists”=dword:00000000
Using the same settings as in the example of my earlier article, the XML service only returns an empty tag called Details.
This configuration option should also be able to settle the discussion in the security forum of Brian’s site.
Please note that this switch is not documented (as far as I know). Be sure to have tested this before deployment in a production environment.
