"rickpier" wrote:
> I want to authorise users to connect to our VPN only if they are using our
> computers.
> I create two groups one with the users and one with the computer.
>
> How can I write these conditions in the remote access policies? (I don't
> know how to write AND operator)?
>
> Rickpier
>
>
>
this is not my speciality, but.....
if i understand correctly you are trying to specify in the "Policy
COnditions" that access is granted if COMPUTER is a member of
domain\Computers and the USER is a member of domain\Users ?
I dont believe this will work because the "Windows-Groups" attribute only
evaluates the groups the USER is a member of.
I think there are at least three approaches:
take a look at the "Client-Friendly-Name" attribute - i think you can use
this to match .+mydomain (you might need to find a primer on regular
expressions first)
this is not fool proof (if users join their computers to their own
"whoever.dom" domain)
read up on remote access quarantine control -
http://www.microsoft.com/windowsserv...uarantine.mspx
this is not fool proof (technical users will be able to get around this if
you use all the supplied MS sample components)
if you have a certificate infrastructure (or can deploy and maintain one)
then look into using L2TP VPN ports (short overview and links
http://www.microsoft.com/technet/com...uy/cg0101.mspx) - in
this way all client PCs have to have a PC certificate issued by your domain.
This probably is the most secure (assuming it is set up correctly) but will
likely require the most work
ewan
Similar Threads
Linear Mode
