Not necessarily…..especially Microsoft Excel.

Applications still run in the user context on the Xenapp server however all the user is seeing is the application UI.

Excel and other apps which allow you to write macros pose an interesting problem…you can write a macro to spawn processes/applications from the server, here is some example code;

Sub Testing()

Dim RetVal

RetVal = Shell(“c:\windows\system32\cmd.exe”, 1)

RetVal = Shell(“c:\windows\explorer.exe”, 1)

RetVal = Shell(“C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe”, 1)

RetVal = Shell(“C:\Windows\System32\regedit.exe, 1)

End Sub

So if the Xenapp server isnt locked down using group policy then you’ve just opened yourself up for a whole world of “comeandhackmyass”.

A good resource for group policy is Group Policy Center.

Credit to Dave Taylor for giving me the information for this macro code 🙂

Advertisements