Outlook Anywhere Filter by SmartDirectory Computer objects

[microIT]

we are thinking about using outlook anywhere but need to somehow restrict it to only pcs that are company pcs (AD objects) attaching to the server externally. we use checkpoint ngx r65 and have smart directory.

what would be nice is to have the rules say "LDAP Group" which is really the Organizational Unit for computer objects as the source and our CAS Exchange box as the destination, https as the service... I can't do a typical "Accept" for action due to authentication rules do not allow that. The source works fine with "Any" but we are looking for more information on how to only allow if the user is using a computer which is an object in the domain or part of that LDAP group. Is this even possible? Any suggestions at all are greatly appreciated. Feel free to ask more questoins back to obtain the proper detail needed.

[mcnallym]

This is what Integrity/End Point Security is for.

With this you can check the machine for a registry entry, or a file to ensure that the machine is a corporate machine.

SMARTDirectory is only for User Groups in LDAP, it won't do groups that aren't users.

[dsb.nepo]

I don't know if this is possible but maybe ...

- Setup Windows CA
- role out certs for computer (not exportable)
- create auth rule wich asks for the computer (and user) cert.

If you switch to Microsoft IPSec/L2TP the machine and the user needs a cert.

Problem for verify Reg. values and other parameters is that technical users can track this down with regmon, filemon ...