Citrix and Internet access


Active Member
Does anyone know how to disable a user from using the internet from inside OW on terminal server only. Seems some of our more knowledgeable users have opened IE and shelled out to the citrix desktop which is not a good thing.

B733.2 SP11.2
As400 Central Objects
You can achieve this by changing the JDE.ini file on the Citrix server. In
the [INTERACTIVE RUNTIME] section, comment out the following line:


I was told the menu item for internet is hard coded into oexplore.exe and
there is no way to remove it. As a result, I changed NT permissions on the
iexplore.exe file to
administrators only. This seems to work ok so far as long as your users
aren't administrators. The user can select 'internet' but nothing happens.

To change the permissions, locate the file using Explorer.
Right click on the file and select 'Properties. '
Select the 'Security' Tab
Select 'Permissions'
Select 'Add' and add Administrators
Once Administrators is added, highlight the Everyone group and select

Both of these solved are access issue. Good luck.
Rename the Internet Explorer executable to something other than
Iexplorer.exe. This will break any file association links between JDE and
The only way that I know is by taking the Default Browser in the JDE.INI
file. This other guy I work with did this and was successful. He made a
batch file that took it out of the JDE.INI file. That is a quick way to fix
the problem.


Greg Cotten
Information Technology
Virginia International Terminals
Re: RE: Citrix and Internet access

My network guy told me they have Languard and can disable specific machines from accessing the internet.

Thanks for all the ideas.

B733.2 SP11.2
As400 Central Objects

My first questions is - what are you trying to accomplish?

Your questions needs to be a little more complex.
Are you trying to block them from using the Citrix IE from getting to the Internet? If that is the case, disallow the Citrix Server from getting to the Internet (via firewall or rights).

Are you trying to block them from using their client's IE from getting to the Internet? Pretty much the same answer - disallow the client from getting to the Internet.

I wouldn't go to the drastic means of renaming, protecting or securing the IE application itself. More and more Microsoft Applications (and CITRIX) are becoming dependant on the browser.

Let us know what your goal is and more detail what your users are doing - and we can be of better help. Keep it online, so the rest can learn..

Daniel Bohner
[email protected]