Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

restrict AD user to access from only one PC

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> Access Policies >> restrict AD user to access from only one PC Page: [1]
Login
Message << Older Topic   Newer Topic >>
restrict AD user to access from only one PC - 19.Jun.2008 7:05:16 AM   
z_haseeb

 

Posts: 169
Joined: 15.Jun.2005
From: Karachi,Pakistan
Status: offline 		if we have a network :
ISAEE2006.
1000 SecureNAT client.
authentication via Active Directory.

1.) how can we restrict each SecureNAT client who can only authenticate from his particular PC
2.) is it possibe that

_____________________________

MCP, IT ADMINISTRATOR
Interest ISA Server2004
Post #: 1
RE: restrict AD user to access from only one PC - 19.Jun.2008 11:09:07 AM   
elmajdal

 

Posts: 5024
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: online 		Hi,

SecureNet clients can not authenticate. You will need to set your clients as WebProxy and/or Firewall Client .

_____________________________

Tarek Majdalani

MS Forefront Edge Security MVP
Website : http://www.elmajdal.net/ISAServer
New Section : http://www.elmajdal.net/Win2k8

(in reply to z_haseeb)
Post #: 2
RE: restrict AD user to access from only one PC - 19.Jun.2008 12:08:37 PM   
z_haseeb

 

Posts: 169
Joined: 15.Jun.2005
From: Karachi,Pakistan
Status: offline 		ok but how can we make SecureNAT clients to get authenticated from ISA2006

_____________________________

MCP, IT ADMINISTRATOR
Interest ISA Server2004

(in reply to elmajdal)
Post #: 3
RE: restrict AD user to access from only one PC - 19.Jun.2008 12:42:25 PM   
pwindell

 

Posts: 744
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline 		SecureNet clients can not authenticate.

_____________________________

Phillip Windell
www.wandtv.com

(in reply to z_haseeb)
Post #: 4
RE: restrict AD user to access from only one PC - 20.Jun.2008 7:34:57 AM   
elmajdal

 

Posts: 5024
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: online
quote:

ORIGINAL: z_haseeb

ok but how can we make SecureNAT clients to get authenticated from ISA2006


read again

quote:

You will need to set your clients as WebProxy and/or Firewall Client .


_____________________________

Tarek Majdalani

MS Forefront Edge Security MVP
Website : http://www.elmajdal.net/ISAServer
New Section : http://www.elmajdal.net/Win2k8

(in reply to z_haseeb)
Post #: 5
RE: restrict AD user to access from only one PC - 20.Jun.2008 8:50:56 PM   
ferrix

 

Posts: 358
Joined: 16.Mar.2005
Status: offline 		With the Captivate filter you can auth SecureNAT clients..

but your original requirement.....how do you expect ISA to know which is the "correct" workstation for each user?  You'd have to maintain a database of IPs and users.  I could do it with a filter.  Still a really strange requirement.

(in reply to z_haseeb)
Post #: 6
RE: restrict AD user to access from only one PC - 22.Jun.2008 2:19:37 AM   
z_haseeb

 

Posts: 169
Joined: 15.Jun.2005
From: Karachi,Pakistan
Status: offline 		is there any hardware device of cisco or linksys who can authenticate?
is there any hardware device for bandwidth control(aprox for 1000 users)

_____________________________

MCP, IT ADMINISTRATOR
Interest ISA Server2004

(in reply to ferrix)
Post #: 7
RE: restrict AD user to access from only one PC - 22.Jun.2008 3:29:30 AM   
elmajdal

 

Posts: 5024
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: online 		Hi,

what the problem if you set the client as both SecureNet + WebProxy and/or Firewall CLient ?

Why you do not want to set the client also as a firewall client and/or web proxy client ?



_____________________________

Tarek Majdalani

MS Forefront Edge Security MVP
Website : http://www.elmajdal.net/ISAServer
New Section : http://www.elmajdal.net/Win2k8

(in reply to z_haseeb)
Post #: 8
RE: restrict AD user to access from only one PC - 22.Jun.2008 5:17:15 AM   
z_haseeb

 

Posts: 169
Joined: 15.Jun.2005
From: Karachi,Pakistan
Status: offline 		i want to use ISA2006EE in a enviroment where i have 2000 users who will be SecureNat clients and i dont want to go at 2000 users and configure the firewall client or Web proxy client.



_____________________________

MCP, IT ADMINISTRATOR
Interest ISA Server2004

(in reply to elmajdal)
Post #: 9
RE: restrict AD user to access from only one PC - 22.Jun.2008 5:48:42 AM   
elmajdal

 

Posts: 5024
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: online 		You dont have to go to each pc to  accomplish this.

check this article : http://www.isaserver.org/tutorials/Configuring-WPAD-Support-ISA-Firewall-Web-Proxy-Firewall-Clients.html



_____________________________

Tarek Majdalani

MS Forefront Edge Security MVP
Website : http://www.elmajdal.net/ISAServer
New Section : http://www.elmajdal.net/Win2k8

(in reply to z_haseeb)
Post #: 10
RE: restrict AD user to access from only one PC - 23.Jun.2008 12:19:05 AM   
z_haseeb

 

Posts: 169
Joined: 15.Jun.2005
From: Karachi,Pakistan
Status: offline 		thanks for your article elmajdal but i am not being satisfied why i install additional software (firewall client).
so you mean that i have to install the firewall client software if people are comming at my office with laptops and want to use internet.

2nd thats mean i cant use ISA in a corporate enviroment


thanks

_____________________________

MCP, IT ADMINISTRATOR
Interest ISA Server2004

(in reply to z_haseeb)
Post #: 11
RE: restrict AD user to access from only one PC - 23.Jun.2008 4:39:30 AM   
elmajdal

 

Posts: 5024
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: online
quote:

so you mean that i have to install the firewall client software if people are comming at my office with laptops and want to use internet.

If these laptops are for the company, then first of all these machines should be domain members and yes Firewall CLient should be installed on them , along with the Corporate Antivirus and other corporate software !

If these laptops are guests/visitors, then you should not trust them and attach them into your Internal Network, you should create an untrusted Wireless DMZ for these laptops , check this article : http://www.isaserver.org/tutorials/2004wirelessdmzpart1.html
http://isaserver.org/articles/2004wirelessdmzpart2.html

Its all about best practice in the end.

I have a client with more than 6000 client. I dont need to install the Firewall Client software on all these 6000 client. I have some machines as SecureNet , others as Web Proxy and/or Firewall CLient.

And when i do want to install the firewall client, i use Group Policy or SMS, and it installs FWC silently and with no user interaction.

Check this article : How to automatically deploy the Microsoft Firewall client

_____________________________

Tarek Majdalani

MS Forefront Edge Security MVP
Website : http://www.elmajdal.net/ISAServer
New Section : http://www.elmajdal.net/Win2k8

(in reply to z_haseeb)
Post #: 12
RE: restrict AD user to access from only one PC - 26.Jun.2008 3:24:52 AM   
elmajdal

 

Posts: 5024
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: online 		Hi,

You might be interested in this : http://www.collectivesoftware.com/Products/Captivate

_____________________________

Tarek Majdalani

MS Forefront Edge Security MVP
Website : http://www.elmajdal.net/ISAServer
New Section : http://www.elmajdal.net/Win2k8

(in reply to z_haseeb)
Post #: 13

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> Access Policies >> restrict AD user to access from only one PC Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts