restrict AD user to access from only one PC

restrict AD user to access from only one PC (Full Version)

All Forums >> [ISA 2006 Firewall] >> Access Policies

Message

z_haseeb -> restrict AD user to access from only one PC (19.Jun.2008 7:05:16 AM)
if we have a network : ISAEE2006. 1000 SecureNAT client. authentication via Active Directory. 1.) how can we restrict each SecureNAT client who can only authenticate from his particular PC 2.) is it possibe that

elmajdal -> RE: restrict AD user to access from only one PC (19.Jun.2008 11:09:07 AM)
Hi, SecureNet clients can not authenticate. You will need to set your clients as WebProxy and/or Firewall Client .

z_haseeb -> RE: restrict AD user to access from only one PC (19.Jun.2008 12:08:37 PM)
ok but how can we make SecureNAT clients to get authenticated from ISA2006

pwindell -> RE: restrict AD user to access from only one PC (19.Jun.2008 12:42:25 PM)
SecureNet clients can not authenticate.

elmajdal -> RE: restrict AD user to access from only one PC (20.Jun.2008 7:34:57 AM)
quote: ORIGINAL: z_haseeb ok but how can we make SecureNAT clients to get authenticated from ISA2006 read again quote: You will need to set your clients as WebProxy and/or Firewall Client .

ferrix -> RE: restrict AD user to access from only one PC (20.Jun.2008 8:50:56 PM)
With the Captivate filter you can auth SecureNAT clients.. but your original requirement.....how do you expect ISA to know which is the "correct" workstation for each user? You'd have to maintain a database of IPs and users. I could do it with a filter. Still a really strange requirement.

z_haseeb -> RE: restrict AD user to access from only one PC (22.Jun.2008 2:19:37 AM)
is there any hardware device of cisco or linksys who can authenticate? is there any hardware device for bandwidth control(aprox for 1000 users)

elmajdal -> RE: restrict AD user to access from only one PC (22.Jun.2008 3:29:30 AM)
Hi, what the problem if you set the client as both SecureNet + WebProxy and/or Firewall CLient ? Why you do not want to set the client also as a firewall client and/or web proxy client ?

z_haseeb -> RE: restrict AD user to access from only one PC (22.Jun.2008 5:17:15 AM)
i want to use ISA2006EE in a enviroment where i have 2000 users who will be SecureNat clients and i dont want to go at 2000 users and configure the firewall client or Web proxy client.

elmajdal -> RE: restrict AD user to access from only one PC (22.Jun.2008 5:48:42 AM)
You dont have to go to each pc to accomplish this. check this article : http://www.isaserver.org/tutorials/Configuring-WPAD-Support-ISA-Firewall-Web-Proxy-Firewall-Clients.html

z_haseeb -> RE: restrict AD user to access from only one PC (23.Jun.2008 12:19:05 AM)
thanks for your article elmajdal but i am not being satisfied why i install additional software (firewall client). so you mean that i have to install the firewall client software if people are comming at my office with laptops and want to use internet. 2nd thats mean i cant use ISA in a corporate enviroment thanks

elmajdal -> RE: restrict AD user to access from only one PC (23.Jun.2008 4:39:30 AM)
quote: so you mean that i have to install the firewall client software if people are comming at my office with laptops and want to use internet. If these laptops are for the company, then first of all these machines should be domain members and yes Firewall CLient should be installed on them , along with the Corporate Antivirus and other corporate software ! If these laptops are guests/visitors, then you should not trust them and attach them into your Internal Network, you should create an untrusted Wireless DMZ for these laptops , check this article : http://www.isaserver.org/tutorials/2004wirelessdmzpart1.html http://isaserver.org/articles/2004wirelessdmzpart2.html Its all about best practice in the end. I have a client with more than 6000 client. I dont need to install the Firewall Client software on all these 6000 client. I have some machines as SecureNet , others as Web Proxy and/or Firewall CLient. And when i do want to install the firewall client, i use Group Policy or SMS, and it installs FWC silently and with no user interaction. Check this article : How to automatically deploy the Microsoft Firewall client

elmajdal -> RE: restrict AD user to access from only one PC (26.Jun.2008 3:24:52 AM)
Hi, You might be interested in this : http://www.collectivesoftware.com/Products/Captivate

Page: [1]