5-15
Cisco Secure Desktop Configuration Guide
OL-8607-02
Chapter 5 Setting Up CSD for Microsoft Windows Clients
Configuring the Secure Desktop for Clients that Match Location Criteria
Note If you click this radio button, change the alternative group policy setting for the WebVPN
tunnel group to a group policy that has access rights that are different than the default group
policy. To do so, choose the Configuration > VPN > General > Tunnel Group >
Add/Edit Tunnel Group > WebVPN Access > WebVPN tab. Change the policy assigned
to the Alternative group policy attribute to apply a policy to all clients who match this
location.
• Always use Success Group-Policy if you want to apply the default WebVPN group policy to any
remote client matched to this location.
This option is the default group-based policy setting. If you click this radio button, CSDM dims the
attributes in the Criteria area; you cannot change other settings on this tab. Your configuration of a
group-based policy ends with this step.
• Use Success Group-Policy if criteria match if you want to apply the following group policy to the
remote client matched to this location:
–
WebVPN default group policy if the client PC satisfies the criteria specified on this tab.
–
WebVPN failure group policy if the client PC fails to satisfy the criteria specified on this tab.
Note If you click this radio button, choose the Configuration > VPN > General >
Tunnel Group > Add/Edit Tunnel Group > WebVPN Access > WebVPN tab. Change
the policy assigned to the Alternative group policy attribute to apply a policy to clients that
fail to satisfy the criteria.
If you click this radio button, CSDM activates the check boxes in the criteria area.
Note A “Use Success Group-Policy if criteria match,” setting without criteria is equivalent to
“Always use Success Group-Policy.”
Continue with the following steps.
Step 3 Check Location Module if you want to require the presence of Secure Desktop or Cache Cleaner as a
criterion for assigning the success group policy, then choose the module to require: Secure Desktop or
Cache Cleaner.
Note If the feature you choose is not active, the client fails the VPN feature policy criteria check.
Step 4 Check Anti-Virus, Anti-Spyware, Firewall, and OS if you want to require their presence as conditions
for assigning the success group policy.
If you enable more than one category, the end user's computer must pass in each category to pass the
System Detection check. An “AND” relationship is present among the enabled categories.
The options within each category have an “OR” relationship. For example, you can specify that any one
of a list of antivirus software programs be running, and even if you have checked all of them as possible
candidates, having just one of them running is enough to satisfy the antivirus software requirement.
The security categories are as follows:
To Next Page
Loading...
Need help?
General