I have a computer on my network that I want to allow the ability to download large files (patch files and software updates etc). All other computers on my network are not granted the ability to download anything.
Is it possible to whitelist a particular device, perhaps using its MAC address or something, to download particular types of files (.exe's etc)?
I would appreciate some advice.
the MAC address is not available within the policy.
You could configure your DHCP server (in case there is any) to give a specific IP address to the MAC address of this computer. Then in MWG you can use Client.IP to allow this specific client IP address.
is there any new feature or information available? Today two customers want to build special policies for some clients.
The goal should be to assign a ruleset wo clients located in a given Active Directory OU.
what does "clients located in a given Active Directory OU" mean?
Is there a OU in Active Directory and the computer object are moved there like this:
okay, I think this should be possible, however I think there is much work left for you to do, but I think I can give some hints to get started.
To do this we need two pieces of information.
Information 1: Hostname
Usually it should be possible to get it with DNS.Lookup.Reverse(Client.IP). In a windows environment the IP address should resolve to the computername. If it does not we won't be able to correctly access the hostname and you need to find a good way to get the computer name and send it to MWG somehow. Maybe this can be done with Java Script.
I did a small test and for my (very simply) AD structure the DNS property returned "winxp-1.securelabs.local" as my hostname. With the split properties I was able to cut the ".securelabs.local" part, so I had the computer name as it is stored in AD in a user-defined property.
Information 2: Machines in OU
In my test all I did was resolving all computers from one OU and store their names into a list of strings. So basically I have a user-defined property (list of strings) which contains the computer names. For my screenshot above the list contained:
To get this list I used the external list feature:
So MWG talks to the AD via LDAP and retrieves the "CN"s of all objects in my OU "MyTestComputers". This is basically a simple list of all computer names. I have one rule which stores the result of the list lookup into a user-defined property with the type "list of string".
Now you have a user-defined property containing the hostname and another one that contains a list of all computers in "MyTestComputers". It should be fairly simple to apply rules based on those properties.