Re: IPsec rules per User
- From: boomboom999@xxxxxxxxx
- Date: 29 Jun 2006 10:24:25 -0700
Steven Umbach a écrit :
That is not possible in Windows 2000/2003/XP. Ipsec policies are only machine
aware [computer configuration] and only authenticate to the other computer. ---
Steve
<boomboom999@xxxxxxxxx> wrote in message
news:1151594376.896576.26200@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Is it possible to create a GPO that assign IPSec rules per user and not
per computer?
Thank you
We have found a way to do that with a bit of scripting.
The main idea is the following.
1. Create user groups like IPSecPolicy1, IPSecPolicy2 etc.
2. Create one GPO that covers all computers that need IPSec
3. Run a startup script within this GPO which :
- creates a Scheduled Task
- configures this task to run as Local System
- configures this task to run at logon only (for any user)
- configures this task to execute the following script:
if the current User belongs to IPSecPolicy1
run Ipsecpol.exe <Policy1>
if the current User belongs to IPSecPolicy2
run Ipsecpol.exe <Policy2>
etc.
4. Assigns users to appropriate groups.
Done.
:)
.
- Follow-Ups:
- Re: IPsec rules per User
- From: Roger Abell [MVP]
- Re: IPsec rules per User
- From: Steven L Umbach
- Re: IPsec rules per User
- References:
- IPsec rules per User
- From: boomboom999
- Re: IPsec rules per User
- From: Steven Umbach
- IPsec rules per User
- Prev by Date: Re: IPsec rules per User
- Next by Date: Re: IPsec rules per User
- Previous by thread: Re: IPsec rules per User
- Next by thread: Re: IPsec rules per User
- Index(es):
Relevant Pages
|
