05-13-2008 06:52 PM
Does anyone know if it is possible to restrict access based on domain membership or an AD Group?
The purpose is to restrict non-domain computers even if the client has a legitimate domain credential to use for authentication.
05-14-2008 03:13 PM
I believe you could put these PCs into a different subnet and create a policy based on the subnet.
I think so anyway.
-
Jason
05-14-2008 04:07 PM
That is correct. The only way to restrict these computers would be to make a rule (above your auth group policies), that states the specific IPs / subnets are granted certain / no access.
As long as the rule is above all your auth rules, it will trigger first and take precedence. Be sure to disable WBRS for this rule as well, since there is a potential for +6 sites to be allowed.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: