I am trying to set it up so they must be on a company machine to use network connect. I think limiting access to only machine connected to our domain would work but when I go into resource policies/ network connect and detailed rules I add a rule for ntdomain = "PB_MT" and it saves but doen't show up in the list and doesn't seem to work. Any suggestions or ideas?
Think that you can use the following with Host Checker Policy to check whether the device is joined the domain and think that user has to logon with domain account as well to get this value.
--------------------------------------------------- Please mark this post as 'accepted solution' if my input answers your question! A kudo would be nice if you think I deserve it. --------------------------------------------------- 2 A/P clustered 6500, 7.2R9 2 A/P clustered 2500, 7.4R2 LAB
i would also make a fake file name it something like mouse.dxp and put it in windows folder and hide it as a system file and use MD5 hash match to check for this file as well as the above.
SA-6500 (7.0R6) Production SA-6000 (7.0R6) Sudo Production SA-2000 (7.1R4) Lab
Have you thought about using client certs? That would tighten up.authentication. enforce client certificates in configure/security. ad can publish and maintain the certs. Mark the keys non exportable in your template and now only ad boxes can associate.
If your detailed rule is ntdomain, that is an attribute from when users login to the IVE; it will always be true since it is based on the AD/LDAP value.
The suggestions for use of Host Checker (any of the ideas posted will work great, singly or in combination) or certificates are the best ways to do this as it relies solely with what is on the PC for access. And then require that policy on the role (making sure to enable the evaluate option on the realm)
