2 Replies Latest reply on Nov 15, 2017 2:23 PM by tsb80

    Workgroup environment - how can I send group information with MCP?

    tsb80

      jscholte

      Looking at deploying McAfee Client Proxy / WGCS in a workgroup environment (no AD available).

      How can I customise web access policies for different users?

      I've had advice from McAfee support to simply enter a desired group name as a AD group filter 'include' in the MCP policy, and manually create matching groups in WGCS - this would be an ideal solution but it doesn't work.

        • 1. Re: Workgroup environment - how can I send group information with MCP?
          Jon Scholten

          Hi tsb80!

           

          What directory are you using by chance? Is the username sent by MCP to WGCS or MWG correct?

           

          For this situation I only see two possible ways of solving it.

          1) Username to group mapping in the policy

          2) Creating a local group on the workstation assuming these arent shared workstations

           

          For 1) this will only work if the username is actually valid. So when a user logs in, its a unique username (MCAFEE\jonscholten) and not something generic (MCAFEE\edirectory-generic). This would also require Web Hybrid mode as WGCS doesnt have the ability to map a username to a set of groups.

           

          For 2) MCP works by sending the groups found on the local machine (from a command prompt type "whoami /groups" -- its very similar to that). So if each user has their own workstation, then it'd be possible to add that user to a local group on the machine, and filter based on that.

           

          Also, do you have the SR number? The include and exclude filter will, filter groups, not add them.

           

          Best Regards,

          Jon

          • 2. Re: Workgroup environment - how can I send group information with MCP?
            tsb80

            Thanks Jon.

             

            This is a very small business, so no directory service is in use.

             

            I've tried your second option, which seems to be working well. Thanks for your help!

             

            Cheers

            Gary