• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Computer Groups

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> Access Policies >> Computer Groups Page: [1]
Login
Message << Older Topic   Newer Topic >>
Computer Groups - 7.Mar.2007 7:08:00 AM   
Arkane78

 

Posts: 27
Joined: 9.Dec.2005
Status: offline
Is it possible to use computer groups (as in AD Security Groups) with ISA 2006 access rules?

I know it works with User Groups but when I try with Computer Groups, it doesn't trigger the rule and seems to bypass it.

If it does work - can anyone supply me with an access rule example so I can see what I'm doing wrong?

Thanks.

Kris
Post #: 1
RE: Computer Groups - 11.Mar.2007 12:21:15 PM   
matheesha

 

Posts: 23
Joined: 11.Mar.2007
Status: offline
can you give some details of what you are trying to achieve?

(in reply to Arkane78)
Post #: 2
RE: Computer Groups - 12.Mar.2007 10:44:14 AM   
Arkane78

 

Posts: 27
Joined: 9.Dec.2005
Status: offline
I'm trying to apply specific access rules to specific groups of computers, the computers are DHCP-based so adding them all as static IP addresses is not an option.

Thanks for any ideas or help you can offer.

Kris

(in reply to matheesha)
Post #: 3
RE: Computer Groups - 12.Mar.2007 1:17:55 PM   
matheesha

 

Posts: 23
Joined: 11.Mar.2007
Status: offline
I was actually hoping for a little more detail than that. I'll explain why.

asssume you had a service running on a PC as localsystem. The service will attempt to authenticate as machinename$ to network resources it accesses. But I have no idea if the traffic you are controlling is system generated or user generated. Hence the inquiry into what you are trying to do.

Incidentally I have never configured computers in an AD security group to use with ISA. But I am interested in trying it out in a lab to see if its doable. Maybe someone more expert has done this already. If possible please provide more details of what you are trying to do with those DHCP clients.

(in reply to Arkane78)
Post #: 4
RE: Computer Groups - 13.Mar.2007 10:39:43 AM   
Arkane78

 

Posts: 27
Joined: 9.Dec.2005
Status: offline
Ok, what I wanted to do was group PCs by groups of computers - so that via a remote control we can enable/disable a rule which directly correlates to the group of computers.

Suite1 - Enabled - ComputerGroupSuite1
Suite2 - Enabled - ComputerGroupSuite2

So that if I were to disable rule 'Suite1', it would disallow that group of computers (and therein, users logged onto them) from accessing the internet.

My attempts have so far failed as it seems to ignore the computer groups entirely.

(in reply to matheesha)
Post #: 5
RE: Computer Groups - 13.Mar.2007 1:18:08 PM   
matheesha

 

Posts: 23
Joined: 11.Mar.2007
Status: offline
All that traffic is not system generated; its user generated. So I dont think it will authenticate as you intend.

I think your best bets are to configure access rules based on source IP or client username. You could use netsh and dump a list of leases on the DHCP server(s) and then you could create reservations for all those workstations again using the same MAC and IP. As the whole thing can be scripted I think its worth investigating.

HTH

M@

(in reply to Arkane78)
Post #: 6
RE: Computer Groups - 14.Mar.2007 5:14:29 AM   
Arkane78

 

Posts: 27
Joined: 9.Dec.2005
Status: offline
Thanks for the info, that's the same conclusion we came to.
Reorganising our network to be DHCP with reservations has already been dismissed by management so this means they can't do what they wanted.

(in reply to matheesha)
Post #: 7
RE: Computer Groups - 15.Mar.2007 6:57:35 PM   
matheesha

 

Posts: 23
Joined: 11.Mar.2007
Status: offline
FYI.

Please read this http://blogs.technet.com/isablog/archive/2006/06/29/439329.aspx 

HTH

M@

(in reply to Arkane78)
Post #: 8

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> Access Policies >> Computer Groups Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts