Solved: Re: Host checker for disabled computers

NatashaW_ · ‎06-04-2013

Hi Guys,

We have a requirement to make host checker see if a computer object has been disabled on AD, and therefore should not be allowed to sign in to VPN. Can you please provide some suggestions on how I can get this working? If host checker cannot do this, is there perhaps another way?

Thanks

Natasha

jayLaiz_ · ‎06-06-2013

Yes Natasha,

We can accomplish this by configuring host checker policies for Predefined Rule : OS Checks and select what OS and minimum service packs can be allowed.

Regards,

Jay

View solution in original post

jayLaiz_ · ‎06-05-2013

Hi Natasha,

Host checker cannot do this as the HC is run on the end point and not on the AD server.

Junos Pulse cient has machine logon options, please refer admin guide in 7.2 and above.

When you boot up the machine, machine logon will happen and establish the VPN tunnel via Pulse client so if the computer object is disabled, the machine logon via Pulse will fail

The restriction is that with SA/ MAG box, the machine logon will, not work for windows 2008 r2 servers and above though there are plans to support the same in future releases.

Regards,

Jay

NatashaW_ · ‎06-06-2013

Hi Jay,

Thank you for the response...ok, coming at it another way, could we restrict based on OS version? So can HC see that the computer connecting has Windows XP SP3 (for example), then it won't let it in?

Thanks

Natasha

jayLaiz_ · ‎06-06-2013

Yes Natasha,

We can accomplish this by configuring host checker policies for Predefined Rule : OS Checks and select what OS and minimum service packs can be allowed.

Regards,

Jay