restrict non-domain computers

Unanswered Question
May 13th, 2008
User Badges:

Does anyone know if it is possible to restrict access based on domain membership or an AD Group?

The purpose is to restrict non-domain computers even if the client has a legitimate domain credential to use for authentication.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
jason.spangler Wed, 05/14/2008 - 15:13
User Badges:

I believe you could put these PCs into a different subnet and create a policy based on the subnet.

I think so anyway.


jowolfer Wed, 05/14/2008 - 16:07
User Badges:

That is correct. The only way to restrict these computers would be to make a rule (above your auth group policies), that states the specific IPs / subnets are granted certain / no access.

As long as the rule is above all your auth rules, it will trigger first and take precedence. Be sure to disable WBRS for this rule as well, since there is a potential for +6 sites to be allowed.


This Discussion