|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: Location Aware GPO question
From: Jannie Hanekom (j_hanekom
hotmail.com)
Date: Sat Apr 17 2004 - 13:59:41 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I believe the functionality you're looking for is supported through Active
Directory's notion of "sites", where a site is a collection of IP subnets.
You can assign group policies to a site. These will apply to all computers
within that site. If you want to set user settings based on physical
location, use the same technique and enable GPO loopback processing mode.
All of this functionality is exposed through the Active Directory Sites &
Services console.
So yes, it's entirely possible and fairly easy to set up, once you know
where. The major difference between this solution and the ICS one you refer
to, is that the client must be able to connect to a DC for changes to take
effect, which the ICS function seems to be specifically designed to NOT
require (for understandable reasons.)
Jannie
-----Original Message-----
From: Drew Simonis [mailto:simonismyself.com]
Sent: 16 April 2004 18:03
To: focus-mssecurityfocus.com
Subject: Location Aware GPO question
Hello all,
I have a question regarding the ability to block certain behaviors based on
the DNS domain. Presently, one can use Administrative Templates to block
ICF, ICS and bridging based on the DNS domain.
I want to use this same location aware logic to disable services. I wonder
if it is even possible. Can anyone shed some light on this topic?
-Ds
---------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]