Re: ISA > ISA Client > Configuring laptops
From: Chad A. Gross [SBS MVP] (chad.gross_at_laytonflower.nospam.com)
Date: 06/30/04
- Next message: Frank McCallister: "Re: RWW & OWA"
- Previous message: Javier Gomez [SBS MVP]: "Re: ISA > ISA Client > Configuring laptops"
- In reply to: Chad A. Gross [SBS MVP]: "Re: ISA > ISA Client > Configuring laptops"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 29 Jun 2004 23:09:59 -0500
Something you could play with if you wanted to automate this . . .
In Active Directory, create a new OU named Laptops under the SBSComputers
OU. Now, using the Group Policy Management Console, create & link a new GPO
to the Laptops OU. In the GPO settings, under Computuer Configuration |
Windows Settings | Scripts, add the enable_fwc.vbs script as a startup
script and disable_fwc.vbs as a shutdown script. I haven't tried this, but
in theory, the GPO scripts should only run when the laptops are connected to
the network. If that holds true, then as long as the users plug in their
network cable before they startup the laptop, the startup script should run
and enable the firewall client & configure the proxy settings. Likewise, as
long as users shut down before unplugging from the LAN, the shutdown script
should run and disable the firewall client & remove the proxy settings.
Startup / shutdown when not connected to the LAN would be uneventful. Of
course, you'd want copies of the scripts stored locally on the laptops for
the inevitable case where the user simply unplugs from the LAN & heads home
without shutting down, then wonders why he can't get on the internet at home
. . . ;^)
-- Chad A. Gross - SBS MVP SBS ROCKS! www.msmvps.com/cgross www.gosbs.org Chad A. Gross [SBS MVP] wrote: > Ok Guys - > > Here's a few scripts I used with VPNs on SBS2k. With SBS2k, I used > the CMAK to create my own custom VPN connectoids - and included these > scripts in the connectoid. As a result, the connectoid would enable > the firewall client once the VPN was connected, and disable it once > the VPN was disconnected - so it was completely invisible and > transparent to the end user. > Change the .txt extensions to .vbs and you're good to go . . . > > > Les Connor [SBS MVP] wrote: >> I'm pretty sure Jeff will have this on the YCST SBS Powertools list, >> but please send it to him just in case ;-). >> >> >> "Javier Gomez [SBS MVP]" <javier_gomez@remove.this.engineer.com> >> wrote in message news:e2mK%230kXEHA.2664@TK2MSFTNGP09.phx.gbl... >>> I like Chad's idea better... but, anyway: >>> >>> I researched this a while ago and I guess if you know how to make >>> scripts, ect. you can do this easily (actually, I would like to try >>> it with GPOs and a logoff script, so it would be completely >>> transparent to the user). >>> >>> For disabling the firewall client-> >>> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Firewall Client\Disable >>> Set the vaule to 1 for disable and 0 for enabling it. >>> >>> For disabling the proxy client-> >>> [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet >>> Settings\ProxyEnable >>> Set the vaule to 0 for disable and 1 for enabling it. >>> >>> When I tested this I just had an ugly reg file which was loaded "on >>> demand" :-) >>> >>> If you do something nicer... please post it. >>> >>> -- >>> Javier [SBS MVP] >>> >>> << SBS ROCKS !!! >> >>> >>> "Jeff L" <newsgroupsremoveandunderscore_jeff@availabletech.net> >>> wrote in message news:eT22o8iXEHA.2408@tk2msftngp13.phx.gbl... >>>> Excellent post... the options are so many... I guess you could >>>> create a logon script that would conditionally turn on proxy >>>> clients. >>>> >>>> Have you created any scripts I might look at? >>>> >>>> "Chad A. Gross [SBS MVP]" <chad.gross@laytonflower.nospam.com> >>>> wrote in message news:u7PggKhXEHA.376@TK2MSFTNGP10.phx.gbl... >>>>> Hi Jeff - >>>>> >>>>> Anymore, I don't configure laptops as firewall clients if they're >>>>> out of the office all the time. What I do is to create a DHCP >>>>> reservation for each laptop, then create a Client Address Set in >>>>> ISA which contains the IPs of the laptops. I then create a >>>>> Protocol Rule that allows the necessary protocols for the Client >>>>> Address Set I created. You still get activity logging - but you >>>>> only get the laptop IP, not the username. If you want to go one >>>>> step further, you can edit the HTTP Redirector Filter to forward >>>>> web requests from SecureNAT clients directly to the web instead of >>>>> the proxy service. This will allow your laptops to browse the web >>>>> without configuring proxy settings as well . . . >>>>> >>>>> Or - you could have two scripts, one that enables the firewall >>>>> client and configures proxy settings, and one that disables the >>>>> firewall client and clears the proxy settings. Put shortcuts on >>>>> the desktop, and have the user run the first script when they need >>>>> internet access at the office, and the second when they need >>>>> internet access outside the office . . . >>>>> >>>>> -- >>>>> >>>>> Chad A. Gross - SBS MVP >>>>> SBS ROCKS! >>>>> >>>>> www.msmvps.com/cgross >>>>> www.gosbs.org >>>>> >>>>> >>>>> Jeff L wrote: >>>>>> Hello, >>>>>> >>>>>> Want to use ISA internally but the ISA client interferes with the >>>>>> mobile nature of the organization. Is it possible to use ISA >>>>>> client on Laptops that not always connected to the LAN. >>>>>> >>>>>> The use of VPN is often blocked. >>>>>> >>>>>> Thanks for any help, >>>>>> >>>>>> Jeff Loucks >>>>>> Available Technology ® >>>>>> Solutions For Professionals ® >>>>>> www.availabletechnology.com
- Next message: Frank McCallister: "Re: RWW & OWA"
- Previous message: Javier Gomez [SBS MVP]: "Re: ISA > ISA Client > Configuring laptops"
- In reply to: Chad A. Gross [SBS MVP]: "Re: ISA > ISA Client > Configuring laptops"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
