01-12-2012 12:41 PM
I am trying to set it up so they must be on a company machine to use network connect. I think limiting access to only machine connected to our domain would work but when I go into resource policies/ network connect and detailed rules I add a rule for ntdomain = "PB_MT" and it saves but doen't show up in the list and doesn't seem to work. Any suggestions or ideas?
01-12-2012 09:50 PM
Think that you can use the following with Host Checker Policy to check whether the device is joined the domain and think that user has to logon with domain account as well to get this value.
- For Windows 7
- For Windows XP
Key/Subkey: Software\Microsoft\Windows NT\CurrentVersion\Winlogon\DefaultDomainName
01-13-2012 12:15 AM
I think this key works on both Win XP and Win 7:
01-13-2012 09:20 AM
this is what we are using and it works for windows xp, vista and 7
i would also make a fake file name it something like mouse.dxp and put it in windows folder and hide it as a system file and use MD5 hash match to check for this file as well as the above.
01-16-2012 11:56 AM
01-19-2012 11:21 AM
If your detailed rule is ntdomain, that is an attribute from when users login to the IVE; it will always be true since it is based on the AD/LDAP value.
The suggestions for use of Host Checker (any of the ideas posted will work great, singly or in combination) or certificates are the best ways to do this as it relies solely with what is on the PC for access. And then require that policy on the role (making sure to enable the evaluate option on the realm)